The AnarchAngel : 2021

Monday, December 27, 2021

the Dubious Distinction of Being First?

So, what exactly was the first "cyberattack"? Of course as with any complicated question the answer is "it depends"... it depends on definitions, and context, and a heck of a lot of other things. Code attacks go back to prehistory. Cryptoattacks to the beginning of cryptosystems, shortly after the beginning or writing and the digital representation of math... But cyberattack in particular has a specific implication of it being a technological attack on information security, specifically exploiting the technology in question.

Again, there is no single definitive answer, but there is a very good candidate... if I were marking test questions on an exam, and a student came up either this answer, I'd give them full credit.

The Blanc Brothers heliograph/semaphore/optical telegraph (it depends on which source you read it from) market manipulation fraud, is actually a pretty good candidate for the first cyberattack. It may be the first exploitation of an explicitly technology based race condition for commercial fraud. Also the first exploitation of out of band/admin/side channel vulnerabilities, metadata, and steganography, in a technological system, for commercial fraud. That was appx. 1830-1834 (again some sources differ as to the exact dates). These links have a layman's explanation followed by a great deal of technical detail about it. It's really a fascinating story.

https://www.youtube.com/watch?v=cPeVsniB7b0

https://www.schneier.com/blog/archives/2018/05/1834_the_first_.html

https://www.economist.com/1843/2017/10/05/the-crooked-timber-of-humanity

https://nakedsecurity.sophos.com/2018/05/31/forget-vpnfilter-heres-backlash-a-networking-hack-from-way-way-back/

Wednesday, November 17, 2021

The trouble with Citrix

It looks for all the world like Citrix... One of the more important technology and services companies of the last 25 years... is in the middle of imploding...

... As many have expected would happen for quite a long time now...

...Not with a bang, but with several extended half hearted whimpers; a lot of corporate doublespeak, and a lot of very angry and disappointed people.

I still have a fair few friends working at Citrix... good people all of them, who for some reason had faith that the companies management couldn't possibly stay that bad and that dumb for that long, and somehow they'd reverse course.

They've been trying for years now, to get management to put REAL effort and support and investment and energy (For more than a couple quarters without reversing course or redirecting or "refocusing" or otherwise making it impossible not to fail) into the remaining useful and long term viable core technologies and solution sets; and into the interesting side developments with potential to become viable core, or substantial secondary or peripheral technologies, products, and solution sets...

...Critical things, that so many good folks have tried to make happen, and tried to make work,, and done their best to patch up around and make things work anyway when they didn't happen... for the last 10-15 years....

And of course, by far most importantly: they have tried their mightiest and best, to get management to invest in, develop, and fully support; all the PEOPLE absolutely necessary to make those technologies, and products, and solution sets; viable, and then successful,, in the marketplace.

The people to support enterprise sales, and to develop, implement, and support enterprise solutions; to be useful, successful, and EASY to integrate into the operations of every organization; across the breadth of the multi plarform, multi-environment, mixed local and remote, mixed physical.and virtual; mixed on prem, and hybrid cloud, and public cloud, and managed service, and infrastructure and software as a service environments... And every other possible environment and technology, and sector, and solution set...

Which is the only way that those technologies and products and solution sets... and Citrix as a technology and services company... can compete and be viable in that marketplace

The people, and the services they provide, that should be Citrixes REAL core business, and biggest source of revenue, and profit.

...But thats not happened so far... and Probably won't in the near future...

In fact... rather the opposite Is happening right now... and has been happening for... way too damn long now.

Ok...this is going to be a long one, because it needs to be, to illustrate the totality of the... it's not a failure as such, as it is just a total abandonment by management of an entire business, because they didn't know when they needed to change, and how they needed to change when they did... And just couldn't be bothered...

... The problem with Citrix...

A lot of folks have made sage pronouncements about Citrix like "Oh they stopped innovating, and once tech companies stop innovating they're done for"... which...yeah it's generally true, but it doesn't really capture the scope, breath, and depth of the issue...

Citrix didn't just stop innovating... Their business model stopped being viable; because the core technical and business operational functions their products and solution sets performed for their customers; either became no longer necessary or relevant; or they were eventually wrapped into the base functionality of the platforms and systems they used to provide those functions for.

Virtualization, remote access, published virtual desktops, and published virtualize applications; are now all included for free or very low cost, in every commercial server operating system or hyperion platform.

Virtualization, remote access, published virtual desktops, and published virtualized applications; are now all included for free or very low cost, in every commercial and most free server operating systems, and in every hypervisor platform (again, whether commercial or free); with enterprise class support commonly available at relatively reasonable premiums.

...Sure, Citrix generally provides a lot of additional functionality... usually in the area of enterprise management and support features, and actual enterprise support... that the stuff the other companies are giving away for free does not (or only does so in a more limited way)... But citrix ain't cheap, and it's awfully hard to compete as "expensive, but somewhat better" against "it's free and it works"... Especially when the product has become less and less "better" over time...

...And frankly... Citrix as an entity, and their core management, have really never dealt with this fact, never mind managing to find or invent a new business model for themselves... They're STILL trying to sell at a hefty premium, what everyone else is giving away for free...

...and in fact which they ALSO give away for free, in a somewhat decontented, and of course entirely unsupported form... With the message that "you already have the skills and knowledge and configurations ND tools to manage our stuff in your enterprise... why would you risk changing?"... A message that... Let's just say hasn't notably worked out for them so far.

Then, instead of figuring out a new way for a new business model to work, with the technology and people and intelligence to back it; Citrix management just tried to kinda tweak the old model, and announce BIG BOLD NEW things, that really weren't... They were just the old things repackaged and relabled and rejiggeed to sort of do something different from how they did it before, or to sort of replicate some other companies or some other platforms functionality... "Now in that good old citrix color and flavor you love" Never mind trying to actually do something new, or better, or otherwise provide some kind of actual competitive advantage and reason to chose their solution over others..

And just like they sorta kinda copied other vendors products and solutions... because "hey, the other guy is selling them pretty well,, we should be able to too right?"... they sorta kinda tried to copy the business models of SEVERAL other vendors...including multiple times trying to execute on multiple contradictory and mutually exclusive models all at once...

...Really...At least from the outside anyway... It seems like management just sort of closed their eyes,, crossed their fingers and pointed their heads down; and hoped that their (once huge but now rapidly and continually shrinking) legacy installed base and relationships... and basically, inertia...would carry them through...

Then, even once it was completely impossible to not know that idea... which could never have worked to begin with... was inevitably and unalterably failing; they continied to ignore reality, and pretend otherwise. Because exec bonuses maybe? Can't think of any other possible reason, unless those supposedly smart and successful people really CAN be that dumb, and that blind, for that long...

How bad is it, and how do I know it's that bad?.

I have spent almost the entirety of the last 25ish years, working variously as a Citrix customer, partner, or otherwise a contractor or consultant...

...Specifically in roles as presales, post sales, internal, and independent outside:

-- Solutions architect, solutions delivery team leader, and customer success team technical manager.

-- Infrastructure architect and operations manager (traditional on prem, mixed on prem and third party co-location; utility compute and high reliability exascale HPC and OLTP, on prem, distributed, and hybrid; hyperconverged, on prem, distributed, and hybrid; hybrid cloud, full private cloud, and full public cloud... In traditional, DevOps, MSP, and every other kind of operational concept).

-- Service delivery architect and operations manager (including traditional, devops, MSP, and every other kind of perational concept)

-- Information security architect and operations manager (traditional, devsecops, and otherwise); assessor, and auditor.

-- Policy Process and Audit, and Governance and Regulatory Compliance; architect, manager, assessor, and auditor.

-- Disaster prearedness and recovery, business continuity, emergency response, and incident response; architect, operations manager, tactical/emergency/response team, leader/coordinator; investigator and forensic analyst; and mitigation and return to operations coordinator/team leader.

... And I'm going into way too much detail and way too deep inside baseball, for a specific reason that I will get to in a minute...

...Almost all of these in high risk, highly regulated environemnts, including government, defense, medical and pharmaceutical, and financial; sectors, and legal and regulatory regimes and frameworks

I said all of that, to make it absolutely clear just how badly, and at what scale Citrix have failed in... basically everything they should have been doing for the last decade or more really.

Because, since 2009, in all of the roles I have mentioned above...

...All areas where prior to about 2005-2009ish Citrix had dominant market positions.

And they had those dominant market positions, in large part, because although they may not have had the best or the ideal technology or implementation out of the box; they had in house (and local regional in every region, including specialists for different markets and industries or sectors, and specialists for unique technical, operational, or legal/regulatory requirements) solutions and subject matter experts, and pre and post sales team support, including implementation and customer validation/UAT support before handing over to a sustaining engineering and support function; and real enterprise customer support from the help desk on up to real support engineers and sustaining engineers; who understood all of the above, and could be counted on to make things work, and solve problems with the customer, or reseller, or end user etc...

You had to pay fairly dearly for it.. But it when you did, at that time, it was worth it. They gave good value, and they made it work, often when others could not.

Hell.. prior to 2001, all of those markets I mentioned above... all very particular and challenging spaces to compete in... were just THEIRS period. Or at least they were if you had to deal at all with Windows or cross platform, cross environment, remote or published resources, in interactive graphical sessions... which almost every big company and a hell of a lot of small and medium sized companies did... and still do... to some extent or another.

... But since between 2005 and 2009... almost 17 years at the outside, and almost 13 years at the least...

...and across all those roles and environments and segments etc... All of which are core mission spaces for Citrix, and critical to the future of any company wanting to operate therein...

I have only seen TWO actual completely new, de novo blue sky, major implementations of core Citrix solution sets, in critical and core operational functions for the organizations in question.

Two... Yes, really... TWO...

In EVERY OTHER CASE... and we're talking hundreds of clients and customers and partners and employers; across thousands of sites... any growth in Citrix installed base in those organizations was essentially by default, or forced, or something they settled for because of mass and inertia and long term contracts; or was otherwise just something they had to accept, because for whatever reason, they had no other viable option, or any other option was just too difficult or not worth the effort etc...

In almost all cases they were either already in the process of getting rid of Citrix as much as they could (and often already working AROUND their existing Citrix solutions footprint); investigating the idea and what it would take to move to an alternative; or doing competitive evoluations of alternatives; or at the very least they WANTED to stop depending on Citrix solutions; just that for whatever reason they were stuck for now, and once they could, they'd be replacing or just removing Citrix as soon as it was practical to do so.

And dozens of them did... They either completely ripped Citrix out of their operations entirely, or they reduced them to minimal footprints, of things they absolutely couldn't get rid of or get a viable alternative for... and only until that limitation changed.

A lot of them TRIED to expand their Citrix solutions footprint... lot of them actually DID... AND AS I said there were exactly TWO large enterprise customers, with actual brand new, didn't have at least a moderately significant relationship with Citrix before, major core functionality solutions sets; purchased, architected, implemented, and put into operation...

...And both of them had projects to minimize dependency on Citrix, or rip and replace them completely, within two years of handover on these multi year, mulmillion dollar evaluation, architecture, implementation, and testing projects....

I saw seat counts for existing or replacement products/solutions grow, and expansions to existing products and side products piggyback off them... Almost always in organizations with major enterprise licensing and discount agreements and large longstanding preexisting Citrix footprints...

And occasionally, though rarely, I'd see new implementations of small solutions and systems... a few systems, with a few seats, for one or two products... Not major critical or core operations, or just for one or a couple critical but segmented off things, that were effectively one offs and exceptions, and Citrix was either the enterprise default solution, or for some reason it was either the cheapest solution (again usually an enterprise license agreement), or it was the only solution that supported a specific oddball edge case technology, product, configuration, process etc...

But that was it... It was as if they were running in place.... Or worse, running backwards...

Suee, they still had a lot of legacy customers... Whether it was because the customers had a huge installed base already and couldn't afford the license costs, training costs, support costs, down time etc...to move off of Citrix. Or they had specific contractual, legal, regulatory, supportability, or edge case technical requirements that prevented them. Or for whatever reason there simply wasn't any viable option to not use Citrix...

...In every single case, none of them wanted to be dependent on Citrix anymore, and most didn't want to use any Citrix solutions period...

Why did they not want to use Citrix anymore, after years... sometimes decades... of relying on them?

Mostly, it was because for the last decade or more, the experience of having to rely on Citrix, became more and more unpleasant for them... and less and less reasonable, supportable, viable, or even tolerable.

Sometimes, the product or solution was literally permanently and unfixably broken and they couldnt use it and had to buy or build and implement workarounds, or entire alternate systems.

Sometimes it became a bodge job of just barely functional barely supportable chewing gum and baling wire, but they couldn't make anything else work.

Sometimes licensing had become so stupid and harmful that they couldn't or wouldn't pay for it anymore.

Sometimes It was because the previously excellent support for weird solutions, edge cases,, unique environmwnts and requirements etc... disappeared, and they were replaced with offshore script readers and box checkers...

Whatever it was, over the past more than a few years,, there have been myriads of compelling reasons to NOT use Citrix, and not very many good reasons to do so.

...And then, they just stopped even pretending to try to have a viable plan or technology moving forward, and for some indecipherable reason,, decided to lean into the fact that they were now IBM from the 70s, after cannibalizing their own channel and their own customers, they were just going to try to minimize costs and roll those existing customer seat counts and license revenues up year to year...

...And that's kinda the ballgame in this industry folks...

That doesn't mean there aren't still plenty of good people hanging on... But that doesn't matter anymore ubfortunately... sadly...

Because a company with no business model; few relevant products they can actually sell into relevant markets, and operationally support for relevant customers requirements; and few, or zero, core technological, functional, operational, financial, or otherwise in any way compelling reasons, for any potential customer to select that companies products, solutions, and services, over those of any other vendor...

...Except perhaps by inertia, edge exception, or ignorance of other options...

...They aren't really a technology company anymore... They're just a contract servicer, cutting whatever costs they conceivably can, without impeding what is really the only meaningfully functioning part of the business: collecting whatever "dead money" revenues they can from their existing contracts and customer base, for as long as they can; making their quarterly earnings per share appear to be as high as they can plausibly make them appear...

Thus, "executive management" can squeeze the most possible cash compensation for themselves out of this one time great company; before finally breaking up the rusting hulk, to extract any last pennies of value, from whatever bits and pieces anyone might offer any money for; of the remains of what used to be Citrix.

Tuesday, November 16, 2021

Kafka got nothin' on Taxachussetts

In 1999, I had a Massachusetts drivers license, and officially a Massachusetts residential and mailing address, and I bought and registered a car... a Saturn SC2, the only brand new vehicle I've ever purchased for myself in fact... in the commonwealth of Massachusetts.

In 2000, I lived in California, with a California car registration for that same car (and another one that I purchased as a present for my first wife... A special edition Jeep Cherokee, in Kentucky wildcat Blue, as she was a UK Wildcat) and California driver's license. In 2001, 2002, and 2003, I lived in Ireland. In 2004 I moved back to the U.S, living in Arizona.

Subsequent to moving back to the U.S. in 2004, I've lived and had drivers licenses and car registrations in Idaho, Florida, and both Arizona and New Hampshire multiple times... moving back and forth a couple times for work, family, and health reasons.

In 2000, 2001, 2002, 2003, and 2004, Massachusetts attempted to charge me vehicle excise tax for a vehicle that was not registered in the state, nor was it present in the state... Nor was I resident in the state, nor did I have a driver's license in the state. In two of those years they also, somehow, issued me traffic citations, and cited me for allowing my registration to expire, and not having insurance on said car with said expired registration.

... Said registration was in fact CANCELLED in 2000 with the license plates turned back into the Massachusetts registry of Motor Vehicles. Not only that, but the vehicle itself was sold back to Saturn in April 2001, just before I moved to Ireland...

This didn't stop Massachusetts from tacking on fines and fees and interest and penalties... Then issuing a bench warrant for me, when I didn't pay those taxes and fines and fees and penalties I didn't actually owe, and suspending my drivers license which I didn't actually have... and of course not notifying me, as I hadn't actually lived in the state since 1999.

That process began almost 23 years ago, and every few years since then, it has caused me massive issues. Because other states have honored these fraudulently issued warrants, suspensions etc... And have then suspended my driver's licenses canceled my insurance and car registrations etc... Then I would get pulled over after years of no issues, and suddenly I'm driving on a suspended license and have a warrant... again...

Over the years I have paid Massachusetts more than $14,000 in taxes, and the associated fees, and penalties, and court costs, and fines,, and every other thing they could think of to extort money from me,, that I didn't actually owe them, to attempt to resolve this problem.

I have also spent thousands of dollars in fines and fees and reinstatement charges and appeals fees etc...in those other states in which I actually lived.

And then there's the multiple attorneys I've retained to try to deal with these issues, and THEIR fees.

Eventually I would end up having to go to an appeals process in each of the states I lived in that actually honored the suspension notices and warrants from Massachusetts, to get their motor vehicle and licensing department to ignore Massachusetts invalid and ultimately fraudulent attempts to suspend my drivers license over and over again etc... etc... Or I just happened to live in states like Idaho, Florida, and New Hampshire, that had had enough experience with Massachusetts that they did not honor their requests anymore.

...Massachusetts is well known among the other states for misbehavior like this... They do it over taxes, tickets, child support... anything they can do to try to extort more money from anyone they can. Many states now either simply ignore these notices from MA, or they automatically grant appeals to them, once you start the appeals process and can show they are not valid.

Unfortunately Arizona does still (or rather again, as for some years they stopped accepting and honoring MA suspensions,, revocations, and bench warrants, but a few years ago started honoring them again for some reason) accept and honor such requests from Massachusetts. So, when I moved back to Arizona three years ago, and I went to convert my New Hampshire drivers license over, I ended up having to start the whole long, painful, and expensive process all over again.

...Except once COVID hit, they stopped processing all appeals, and required appointments scheduled months in advance to do... anything basically... as did the MA Registry of Motor Vehicles, and the excise tax authority in Massachusetts, etc...

Except this time, after paying Massachusetts over $2500 more in fines and fees I didn't actually owe, using their newly instituted electronic expedited payments system, I was able to short circuit the fact that I couldn't go into an office to talk to a live human; and I managed to get them to find in their own records, why they kept charging me over and over again, suspending and warranting me over and over again, etc...

ONE of the court records, from ONE incident, 20 years ago... actually it was from 1996 but the mis-filing of the disposition was from 1999... had been misfiled with the wrong disposition and status. This had then been entered into a state computer incorrectly in 2004, and had never been fixed, and in 2006 the original paper record had been put into a box in a court basement....and thankfully said box had not yet been disposed of, as it had been scheduled to be destroyed in 2016.

I managed to explain all of the extended saga of pain and cost and inconvenience and trouble, to a sympathetic court clerk in one of the states court districts. That clerk was able to find the original record, and the proper disposition and status for the case, corrected it in the country courts computer system, and sent a fax of the correction to the states clerk who fixed in I the states computer system, and to the MA state police, and the registry of motor vehicles... and then she called each of those offices for me, and got them to get the correction off their faxes and fix it in their computers... At which point I was able to get the other two courts that had open dispositions which could not be closed until the first courts disposition was corrected, and the Massachusetts registry of motor vehicles suspension, revocation, and reinstatement office, to correct their records... and to credit me for the payments I had just made... though not the thousands in prior payments I had paid but was never credit for and which kept being marked as "not discharged" because of this ONE COMPUTER ERROR.

Oh, and MQ being MA and the RMV being the RMV... they still charged me another $1100 in a "reinstatement fee" from the registry of motor vehicles, to lift the "revocation of my driving privilege" and "reinstate my driving privilege".

I paid that $1100 last year.

I also had to talk to the Massachusetts state police office that dealt with warrants and "fugitive" records because they had officially been periodically reporting me to the FBI, NCIC and NICS as a fugitive. Which, of course, caused my NICS checks to be denied several times and forced me to go through multiple appeals on that level, as well as resulting in my being arrested several times as a fugitive with an active fugitive warrant (each time being let go once they actually got the details from Massachusetts that it was only ever a bench warrant for failure to appear for a traffic citstion and for unpaid civil traffic fines, not even minor misdemeanor criminal warrants, and that I wasn't actually a fugitive). They were able to immediately fix the problem once the court disposition record was fixed.

I then had to talk to the FBI to get them to fix the NICS records based on the correction from Massachusetts... that required some paperwork and some faxing... But the FBI is also long used to Massachusetts screwing everything up, and they actually had a standard process in place to fix the NICS records once I got the MA state police to fax them the right paperwork. The NICS official Inspoke to actually ranted about MA and their crap and how they've been screwing up NICS for years, and everyone was tired of it etc...

Then I had to pay Arizona another $500 to reinstate my driving privilege here in AZ after the out of state suspension and revocation.

All of that was over a year ago now... But I still wasn't able to get a new driver's license because of covid, making it take months to get an appointment to clear it all up on the Arizona end etc... etc...

Finally, six weeks ago, after YEARS AND YEARS AND THOUSANDS AND THOUSANDS OF DOLLARS... I thought I was finally done... I had checked every couple months to make sure that MA hadn't reentered me as a fugitive or entered another suspension etc... And I went to go get my now expired NH driver's license converted over to an AZ driver's license...

Except no... They still couldn't issue me a new drivers license, because even though I'd had a driver's license in state for years before this, and they knew I was who I said I was and had enty of documentation with multiple forms of acceptable ID off the list etc... etc...

...My current documents proving my identity, all listed my name slightly differently...

Some said Chris, and some Christopher. Some had my middle initial, some my full middle name, some had neither. Some listed my generational suffix the fourth, some did not... and because of RealID they couldn't issue me any new ID or DL without two documents from the acceptable list that both matched perfectly.... which, of course, I did not have.

Amazingly, absurdly, ridiculously, and of course arbitrarily and capriciously, there was no way for them to show some actual human judgment and discretion, or the most basic degree of sense... It all had to exactly match no matter what.

So, I had to go and apply to the social security administration for a new card, and pay the state registry of vital records in Massachusetts, yet another $100 for expedited processing and shipping, to get certified copies of my birth certificate; and to receive several pieces of mail at my current address from either a governmental agency, a utility, or certain acceptable financial institutions, all of which exactly matched how they listed everything, and had my name all the same way, with current address all the same way etc...

Last week, the final piece I needed arrived.

Yesterday, after over 20 years, and by now I believe well over $20,000 in accumulated fines and fees and penalties and assessments I never actually should have had to pay... and after having been arrested multiple times for warrants that never should have been issued, for offenses I didn't actually commit... and having had firearms purchases denied and had to appeal those.. and had my FFL denied and canceled and having had to appeal THAT... and after paying yet another $97 in licensing fees to the state of Arizona, for the actual license and ID etc...

...FINALLY...

I was issued a new drivers license, without having to go through an appeal, because Massachusetts is no longer trying to screw me for no good reason, after having extorted all the money they could out of me, even though I haven't officially lived there in almost 23 years.

I now have a new Arizona drivers license, with motorcycle endorsement... and hell, I even passed the eye test... and separately an Arizona state ID that is RealID compliant for federal purposes... and two Arizona disabled placards... Or at least I have the temporary copies thereof and the RealID digital mobile version (which is legal for use as ID in AZ and federally) on my phone; and in anywhere from 4 days to 4 weeks, I should have the actual permanent physical copies thereof.

... Oh and my car registration should be fixed and associated properly with my Arizona Motor Vehicle Department account, and driving record... Somehow either the dealership or the MVD screwed that paperwork up, and it ended up creating a duplicate record with all the same data but NOT associated with my actual identity or account... So I couldn't actually renew that registration without getting it fixed first... since my car was registered a year ago now, and needs renewal this month.

Kafkqesque doesn't BEGIN to describe this entire process... But at least for now, it finally seems to be fixed.

...Until the next time Massachusetts screws something up anyway...

Sunday, October 17, 2021

It might help you, or someone you know

I know at least one other person on my friends list has suffered from trigeminal neuralgia, and at least one other from glossopharyngeal neuralgia...

I have intermittently suffered from both since not long after my cancer began, over a decade ago; and much more frequently since my spinal and peripheral nervous system injuries 5 years ago... As my cancers get worse, my neuralgias get worse, as they cancers cause inflammation, swelling, and impingement on the nerves in my neck and face.

If you are unfamiliar with these two issues, look them up. They're among the most painful things a human being can experience. Thankfully my experiences with both have generally been relatively mild, with the worst episodes lasting less than 12 hours, of a few seconds to a few minutes, a few time an hour.... and most being much less severe than that.

The best I can describe it... Its like being stabbed by a red hot needle made of lightning and coated in liquid nitrogen ice, repeatedly, and deeply, inside your jaw, ocular orbit, cheek, and tongue... and sometimes down into your neck.... and the lightning makes your muscles seize and lock, or spasm repeatedly, including sometimes making your jaw snap shut then open frequently.

However, this time around the glossopharyngeal neuralgia has been particularly bad... Enough so my care team was suggesting surgery to literally burn out the nerve junction to my tongue to prevent me from biting through my tongue again (I've bitten cleanly through a portion of my tongue twice during the facial seizures caused by these neuralgia).

We are currently trying a last ditch combination of drugs that sometimes work for some people, to prevent these seizures, and generally reduce the frequency and severity of these neuralgias... They only work about 20% of the time, but its better than risking permanent partial facial and tongue paralysis or reduced mobility...

...And in my case, it seems to be working...

The drug combo is a maximum tolerated therapeutic dosage of a combination of gabapentin, amitryptilene, and nifedipine. Two of them in combination helped a little bit, but all three of them combined is DRAMATICALLY reducing the frequency, duration, and severity of neuralgia attacks.

The trigeminal neuralgia is almost completely gone... maybe a few seconds to a few minutes a couple times a week right now... and the glossopharyngeal is DRAMATICALLY reduced.

It had got to the point where it was happening almost every day at least a few minutes a day, and some days it was going on for hours and hours, every few minutes, to the point where I couldn't sleep, but was so exhausted I couldn't wake up. .... And so long as I remember to take all three in the proper dosages at the proper times, it's barely happening at all. Whereas if I miss a dosage of one of the drugs. I WILL be quite painfully reminded of it a few hours later.

But hey... it helps... a LOT... and its not neurosurgery on my face... so win win, and hopefully this can help someone else too.

Thursday, August 26, 2021

Been putting this off as long as I could...

Well... I've been putting it off as long as I could, both because I'm really needed at work, but also because it means a 40% pay cut, even if it's only temporary.... but last night, I finally had to file the paperwork for short term disability, due to my cancer, cancer treatment, and side effects.

At this point I just can't work. I can't maintain any kind of consistent times of being awake and functional, nor can I do so consistently for even 8 hours a day, never mind a "normal" 16 hours a day of wakefulness, and of course any kind of work schedule just isn't possible.

I've been working from my sick bed most of this year, and there's no way I'd have been able to work a "normal" office job or schedule, but working entirely from home with a flexible schedule, I've been able to manage it.

Up until this second infusion I was generally able to do 3 consistent days per week, and fill in the other hours as I could... But now, I just can't do it.... and likely won't be able to do so for the next 2-3 months...

...And that's presuming the treatments actually work... not a foregone conclusion at this point...

So, after I burn off my remaining sick days and vacation days, I'll start up to 26 weeks of short term disability leave, which as I said will mean a 40% pay cut, which is going to be more than a little bit tight. But at least I'll be able to stop worrying about work and focus on trying to stay alive, and maybe get better.

Wednesday, August 25, 2021

You have to pay attention

Remember, even the best doctors make mistakes, as do pharmacies.

On Friday I had my second followup with my Oncologist, before my second immunotherapy infusion.

During that followup, we added a new medication to my stack, nifedipine, which is sold under several different trade names, including nifiprim.

I have intermittent moderate to severe esophageal stenosis and esophageal spasms, moderate to severe vasospasms including reynauds syndrome, moderate to severe peripheral neuralgia, and moderate to intermittently severe craniofacial neuralgias including trigeminal and glossopharyngeal neuralgia; all of which can be ncredibly painful, and at times potentially life threatening (because they can cause choking, vomiting, and restriction of the airway); and all of which are due to nerve damage and nerve impingement by my tumors on the nerves going through my neck.

Nifedipine is a calcium channel blocker, whose primary purpose is to reduce blood pressure and tachycardia. Generally, the preferred calcium channel blocker drug for that purpose is Amlodipine, which is also sold under several trade names but most commonly in America its Norvasc. Secondarily however, nifedipine can significantly reduce the frequency and severity of vasospasms, esophageal spasms, trigeminal and glossopharyngeal neuralgia, and reynauds syndrome.

Norvasc is great at reducing certain expressions of high blood pressure and tachycardia. And I DO have tachycardia caused by a combination of pain, nerve damage, and side effects of my medications. However Norvasc also causes or dramatically worsens peripheral edema, and can worsen edema generally, and it can actually worsen the spasms I need the nifedipine to make better.

I already have SEVERE edema, both peripheral and central trunk edema, as well as some intermittent pulmonary edema often very significant lymphedema... Which combined can be severe enough to the point where Norvasc could actually seriously harm me, including potentially life threatening harm. Notably, it would also almost certainly make the spasms caused by nerve impingement MUCH WORSE.

At some point, between the docs notes, and the pharmacy, instead of Nifedipine, the more commonly prescribed Norvasc got filled for me.

...I noticed this was wrong review8ng the insurance claim in my insurer's web portal, before I even went to the pharmacy to pick it up, and immediately called the docs office. They're resubmitting the correct medication this afternoon, and it should be available at the pharmacy tomorrow.

No harm, no foul... mistakes happen...

However, If I had been a typical patient who just takes whatever the pharmacist gives them and maybe follows the instructions on the bottle... If I hadn't paid attention and double checked, and been my own informed and aware advocate for my own health, I could have literally induced congestive heart failure, from the wrong medication. At best, I would have made my pain much worse, without knowing why.

Tuesday, July 06, 2021

Papers and Letters and Keywords, Oh My!

"Hey your resume is really impressive, my client would love to have your experience on board, but you really need to have this one specific certification you don't mention, do you have XXXX?"

"Hey Chris, I noticed you don't have this particular certification that we sell. I'm sure it would be really valuable for your career"

As of this past April, minus a few digressions and diversions, I've been doing this for 30 years... Literally since high school. I have a masters and 95% of a PhD in this field (everything but the thesis defense, which I'm probably not going to bother with because my program got canceled and I don't feel like starting over somewhere else). I've been TEACHING professional certification classes in this field for more than 20 of those years, and intermittently teaching various topics in this field at the undergrad and graduate level for more than 15 of those 30 years. I have been a keynote speaker at events for other people with similar experience who do the same thing, and my list of talks and publications is in my resume... Or rather a short abbreviated list is, because the full list runs to multiple pages.

I NEVER stop training... I'm training myself both formally and informally, constantly. I've taken dozens of hours of training across a half dozen different vendors or subtopics in my field, in the last year alone. I haven't bothered taking the certification exam for any of them, because I haven't felt like paying the fee to do so.

The last time I actually NEEDED a cert, was well over 15 years ago. Anything I got since was either because I wanted it, or because an employer or client contractual requirement specified I have it... and I REALLY hate that. It's just silly frankly. Again... I literally TEACH these certifications, and probably have been teaching them since before most of you or your clients people have been in IT.

Hell... 95% of my job isn't technical at all... I just need to know the tech side, to even know what conversation to have with who.

Most of what I do, is act as a relationship counselor between multiple groups of people, most of whom are trying to do the right thing, and either can't figure out what that is, or have conflicting ideas about what that is, or just can't see how to get there from where they are.... Most of the rest of what I do, is making sure that my employers and clients can't be successfully sued, or screwed over by auditors or regulators.

The other 5% that actually IS purely technical, is what I was doing part of last week and the week before...

Which was working 6 days a week 20 hours a day, unbuggering a complex firewall and IDS infrastructure, including enterprise management and monitoring thereof, built across 19 international sites, and four different endpoint security platforms, that hadn't been built right in the first place, and hadn't been properly maintained since 2017... All without taking any production impacting outage. I had to get that infrastructure to a stable, current, and supportable state, so that I could ensure if anything went catastrophically wrong I could get vendor supoort; then decommission the existing on premises mangement and monitoring systems; building and deploying new management and monitoring cleanly, into a hybrid public private cloud infrastructure; all in time for the emergency shutdown of the primary management site for that infrastructure. And THAT had to be done in just over a week (instead of the two month I had been planning on taking to do the job) because they hadn't planned on shutting that site down down 'til September, but suddenly had to shut down by the end of June instead, because it was that or pay a year's worth of additional lease and contract penalties.

...And I was the one who had to do it, because I'm the only guy in the entire company who knows any two of the four platforms in question (all four actually but nobody else in the company knows more than one of them) well enough to actually unbugger it (and yes, it was well and thoroughly buggered)... and because having anyone else mucking about with it while I was unbuggering it, would have just buggered it up worse.

I don't HAVE the certs in those four platforms... I TEACH those four platforms... at WELL beyond the level required for any of those vendors certifications. I haven't bothered renewing any of those vendor certs in years, unless I had to to teach the certification class.

So yeah... Its always amusing when a recruiter says "Oh do you have this cert" to me... or even funnier, when someone is trying to sell me on a new cert.

Yeah... Did you ACTUALLY read my resume, or did you just do a keyword search and see I matched more than three of your keywords?

Sunday, July 04, 2021

Independence Day

Today is not veterans day, or memorial day, or remembrance day...

It is not a day of mourning, or of thanks, but a day of recognition, celebration, and exultation...

Today is the day we recognize, and celebrate our independence, as the only nation in all of history founded on the notion, that the only form of legitimate government, is that which is based on recognizing, securing, protecting, and defending; the fundamental, inherent, and pre-existing, unalienable individual rights of man...

... and deriving it's just powers from the same...

... a government of the people, by the people, for the people...

A government of the people, by the people, and for the people, AS INDIVIDUALS...

...all created equal, and with equal and unalienable rights...

...Not to secure, protect, and defend, society, or collective, or even nation...

...but the individual rights of man...

To my knowledge we remain the only nation so dedicated.

Our revolution began April 19th 1775, at Concord and Lexington...

...a day we in New England celebrate as Patriots Day...

Our independence was officially declared July 4th 1776...

...the day we celebrate today, as independence day...

Our revolution was won, with the surrender at Yorktown, October 19th 1781...

...six years and six months, of mud, blood, and toil, from the day it commenced...

Our new nation was made whole, and strode forth under our Constitution, March 4th, 1789...

In the last 242 years, millions of service men and women have fought, and over a million of them have died; fighting to secure, protect, and defend, those fundamental, inherent, and pre-existing individual rights of man.

...Every single day in this country...and around the world...

...millions still fight for those rights...

...in whatever way they can, according to their own gifts and abilities, and their own circumstances, whatever they may be...

...whether by bullet and blade, by badge or by ballot...

...whether by words on a page, or spoken on stage...

For all of my brothers and sisters who have fought, and all who have died...

For all who are still fighting today, at home and abroad...

Whether you're here today celebrating with family and friends...

Whether you're lost and alone out there...

... and if you are, rest assured we are coming for you brothers and sisters, to bring you home...

Whether we'll meet again the other side of the veil, and share this toast with those who live forever, on fiddlers green...

Today, I lift my glass, in honor of those who fought...

Today I lift my glass in honor of those still fighting, at home and abroad...

Today I lift my glass in honor of absent companions, and fallen comrades...

Today, I lift my glass, to celebrate our independence day.

Sunday, May 23, 2021

Invaluable Phone Rescue Tool

Did you know that you can discharge a smartphone so deeply, that it won't take a charge again, from any charger?

Or actually, almost any lightning or usb-c powered/charged device... Because they don't support completely dumb charging at all.

In order for a usb-c or lightning port to actually allow power to flow, there has to either be two way communication between the charger and the device, or the port controller has to at least detect that the cable is good, and doesn't have too much or too little resistance or impedance (meaning no dead loads or dead shorts). The port literally won't accept power, and the charger won't send it.

This is a safety measure, because USB-C and lightning, are both omnidirectional and water resistant ports. So the port and charger both try to make sure they arent going to short out, or cause a fire etc... before they let all but the tiniest test current flow.

Anyway... its possible to drain a battery enough, that when you plug in the usb-c or lightning cable, either the port controller just won't work period; or the battery or safety circuit can attempt to draw too much power from the port at startup, such that the communication is disrupted, or the port goes into safety shutdown.

Now, it's certainly possible for the designers to design around that... They just don't bother usually.

This means that if your phone dies completely, to the point where it won't light up at all, or register a button press at all etc... Then you leave it in that state for days or weeks... When you next plug it in, it may not take a charge at all, even on a theoretically completely dumb charger.

Now... Sometimes you can bring a device back from that state, by just plugging it in to a higher powered dumb charger (or a more intelligent smart charger) that supports your phones supported charging voltages and amperage (some phones can now draw as much as 28w in superlatives charge mode, but most top out at between 7w and 15w) making sure it doesn't get too hot when you do, and then let it sit for a while (as in hours and hours... overnight etc...).... But sometimes, it just won't work, period.

As it happens, my girlfriend, and one of my other housemates, have done this to multiple devices... They tend to run devices down to almost shutting odd before charging, and they also tend to lose devices for days at a time... Which in combination, tends to induce that "won't charge no matter what" state.

There is however, a workaround...

This little thing, is a USB testing device. It can measure electrical characteristics of a USB port, cable, or charger, in real-time.

I have several of this type of device, and I usually use them to test USB ports, chargers, cables, and devices, for their charging ability, power delivery ability etc... No new USB device gets plugged into anything I care about, without my checking it out on one of these testers first. Because USB kill devices exist, and because bad USB devices can kill a computer or a charger, right quick.

This one... an AVHzY CT-3 ($66 plus shipping from the company store, or about $70 prime at amazon) also has some neat additional functions, like 10,000 point data logging, external load testing, output of all measured parameters to your PC, an oscilloscope on the USB power lines; and critically, full protocol control and triggering for every common charging mode from every common vendor.

Which means you can plug it in to a high powered charger (I've got it plugged into a 100w MacBook charger right now), plug the output into a dead phone, go into triggering mode, and force a charge down the line without doing a safety shutoff or allowing communications to be disrupted and stop the charge etc...

Using this trick I have been able to resurrect two phones that were otherwise dead, in just the last few hours. And now, I can use them as spare phones, or do things like, convert them into media streaming devices, or remote monitored cameras and microphones... or trade them in on a new device and get as much as $200 credit... just off the top of my head.

Tuesday, May 11, 2021

The most important technological development in... wow

The most significant science and engineering advance in... Certainly my lifetime, and I would say... Probably the last 90ish years, if not the last 250 years... has just been announced.

Yes, really.

Here it is...

Stabilized Detonation for Hypersonic Propulsion

In a shockingly understated manner, almost deliberately minimizing the importance of the discovery, presenting it as important but limited to just the aerospace field (which it is absolutely not)... a team at the University of Central Florida, has announced that they have developed a way of shaping a lightweight, passive, reaction chamber, such that they can maintain stable control of hypersonic turbulent detonation of high energy explosive fuels.

This is potentially as significant a development as ANYTHING humanity has discovered or developed since the steam engine.... and may in fact be comparable to, and as significant as that.

Imagine that instead of powering your 4000 pound car with a 4 liter, 400 pound gasoline engine the size of a dishwasher, making 400 horsepower, with 400 miles of range, out of 14 gallons of petrochemical gasoline; that previously 4000 pound car is now a 3000lb car, with an 60lb engine the size of say... a toaster oven.... delivering that same 400 horsepower and 400 miles of range, out of 200cc displacement, and a single gallon of a self oxidizing synthetic liquid explosive.... Rocket fuel basically.

Yes, really.

I literally cannot describe to you, how amazing, important, fundamentally altering to human life and civilization, this development could be.

If it works as claimed... Even if the first few implementations don't work... or it takes the first few DECADES of implementations to get it right (as almost every other huge fundamentally transformative technology has) if the PRINCIPLE works... It COMPLETELY revolutionizes hundreds of fields, and categories, of engineering and science; and creates dozens of new offshoots of those fields.

This is not hyperbole... this discovery hhas the potential to radically transform almost every aspect of human life; as the steam engine, the electrical generator and motor, the internal combustion engine, the rocket motor,, and the steam and gas turbines have (including jet engines)... and in fact even more, because it can also be used for manufacturing and creation of new products and materials not previously practical or even possible to manufacture.

...The chemical processes alone... The mind boggles.

But the most important possibility?

This opens the way to controlling, and much more efficiently capturing, the energies released by fusion reactions.... More directly converting the heat energies of fusion plasmas (and other high energy heat fluids) into kinetic energy, recovering much more of that energy, than using it as waste heat to boil water for steam turbines... Because the heat bearing plasma.is the working fluid itself, without intermediate working fluids.

That is... So incredibly fundamentally transformative of our ability to create and exploit energy.... When I said it was the most important technological development since the steam engine, I may have been understanding it.

Yes... Really.

Wednesday, May 05, 2021

Potentially better news

I had my first meeting and first sample collection for the first series of genetic testing, with my new oncologist.

She's one of the leading oncologists in biologic and genetic immunotherapies. The good news is she thinks that yeah, the large defined mass circled in green is almost certainly cancer, but there's a good chance the orange stuff is either not cancer, or is not sufficiently advanced that it I wouldn't be a good candidate for immunotherapy, and that I have a good chance of responding well to it. Maybe double or triple the chance of surviving a year or more than my surgeon was thinking...

...If... and it's a BIG IF...

...the genetic testing comes back showing that I am a good candidate and the cancer is the right kind of cancer with the right genetic and molecular makeup.

Oh and yeah, there's apparently new kinds of pathology and new kinds of molecular testing of the cancer tissues that helps them tailor the treatment exactly to your cancer, with biologic or genetic immunotherapy.

I'm having a biopsy in the next few days or week and they'll send that tissue out for both genetic and molecular analysis, as well as conventional pathology. Those various series of tests are going to take 3 to 6 week.

So... yeah... I'll know more in 3-6 weeks

Monday, May 03, 2021

Time to go BACK to War

I had a consult with my oncological surgeon... and it was pretty bad news.

What it comes down to, is about an 85% chance that I'll be gone within a year, and about a 15% chance of survival.

I'm attaching two pictures here. These are frames from my PET scan with contrast. The hotspots circled in red are definitely cancer, that we already knew about.

Those are in my neck. The rest, are in my lungs, and that's the problem.

The hotspots in green, are almost certainly cancer... That we didn't know about until the PET scan. It's not confirmed, but it isn't just a hot spot on the contrast, there's also some visible structure in the CT... it's about 85% certain that its cancer.

... And this cancer would be inoperable.

The orange hot spots are potentially cancer, because of the hot spotting, but they don't have much or any structure visible in the CT without contrast. They're only about 15% likely to be cancer. However, if they are... then they're likely not treatable, and I likely only have a few fairly unpleasant and painful months left to live. Less than a year certainly.

If the only new cancer is the green, then theres a good chance that I am a good candidate for immunotherapy. My care team is consulting with several different oncology specialists now, and will get back to me soon with potential treatment options.

My next year is... likely going to be very difficult, and very painful. If the treatment works, great... but it's gonna REALLY hurt the entire damn time.

I'm not sure how much longer I'll be able to work... My plan is to work as long as I can, and then try to use my short and long term disability insurance... See how that goes.

But what it comes down to... is that I'm probably dying.

If that happens... I'm OK with it. I came to terms with that back in 2012 when I had just a 4% chance of surviving.

But my plan, is to survive, at least long enough to see my son graduate college... and he's got another at least 14 years to go... so... time to go back to war.

UPDATE:

I had my first meeting and first sample collection for the first series of genetic testing, with my new oncologist.

...If... and it's a BIG IF...

...the genetic testing comes back showing that I am a good candidate and the cancer is the right kind of cancer with the right genetic and molecular makeup.

So... yeah... I'll know more in 3-6 weeks.

Wednesday, March 31, 2021

Value for Money

On social media, every day, we are bombarded with requests to pay for subscriptions to various content providers... dozens, maybe hundreds even... Most of which I completely ignor, as I'm sure do most of you all.

For one thing, most sources aren't worth even the short money they usually ask for... certainly the idiots asking for $20 a month aren't worth a damn... and they're so annoying and there are so many of them, they just become background noise that you just condition yourself to tune out... Or they get annoying enough, you just stop fmvisiting those sites.

I have four exceptions... Or at least I used to... Sort of...

...And if you can afford it, and you're reading me, I think you should maybe have a couple as well...

The "sort of" is a subscription I get free with other subscriptions and products I already have and pay for anyway... the New York Times... because God knows I wouldn't pay them a dime of my own money.

That said, I do read and share a fair bit of their content (along with the Washington Post) being as they are the chief source of content for my social and political opponents.... And frankly shape the thoughts of the left generally to such a significant degree that NOT reading the NYT puts you at a significant disadvantage in trying to understand what the left is thinking and doing, and will be trying to do, and why.

...Oh and the other website I still read and share a lot of content from, but mostly disagree with on an editorial and philosophical basis (they used to be much less left than they have become over the past couple years)and also would never pay for (because in addition to having become lefty shills, they're criminal scammers. They use their "news" pages to try to manipulate markets and make money off them, as ZeroHedge does)...is Business Insider.

I strongly recommend no-one actually trust BI on anything regarding business, economics, or politics, and never give them any money, ever.

That said, I strongly recommend no-one trust ANY source, without independent confirmation... Preferably multiple independent credible and reliable confirming sources, and a lack of credible and reliable contradictory sources... and analyzing those sources against your own knowledge and experience, and your own independent research on the subject, so that you can better understand what is more likely to be true or not be true.

...Be hard to be lied to...

However, on the positive side, Business Insider still has a lot of great contributing writers, their "not deliberate leftist propaganda" stuff can still be great, and they'll often be the first, or only, non-niche specialist website, writing and publishing new content, or analysis, on a lot of odd subjects. Oj, and also make a lot of good video content (it's available on youtube).

The second, is the "used to" be an exception, and that was the Wall Street Journal. I USED to both read and share their content enough that I felt the $8 a month it was costing me was justified.

Recently however, they raised their price, and eliminated the bundles and the discounts and bundles they used to have, that kept my price at $8 a month through my last annual renewal. Unfortunately, it's now $174 a year, or almost $15 a month.

At the same time, both the quantity and the quality of the WSJs online content have diminished, and resultingly, I'm both reading and sharing their content far less. Still a fair bit, but maybe 1/3 of what it was just 2 years ago... certainly less than half.

...So I no longer feel it's a good value.... Which is too bad, as they WERE the single best newspaper in the country, and possibly the world. Frankly... they may still be... Its just the overall state of newspapers has degenerated that much.

That leaves the two website subscriptions I still actually make an exception for, and actually maintain my paid subscriptions... and have for years... And the two that I think many of my readers should also consider pay for, if they can afford it.

Not coincidentally, they're also the two sources I share the most content from, by a significant margin: National Review, and Reason.

I'm a libertarian not a conservative. As such, I probably disagree with about 50% of what National Review publishes...

...And hell, the divisions on the right mean that most people.who identify as conservative probably disagree with about 50% of what they publish, in four different tranches, who all disagree with a DIFFERENT 50%...

...but there is no better source of generally well reasoned, and generally well written, anti-leftist and pro western culture; content on the web. Full stop... And a subscription is less than $4 a month. Not even the price of a cup of coffee these days.

And as I said, I'm a libertarian... Which of course means I also disagree with a lot of what the... by far number one... libertarian website and magazine, Reason, publishes.

...But... and I'm mostly repeating myself here...

...There is no better source of generally well reasoned, and generally well written anti-collectivist, anti-statist, and pro individual liberty content on the web, period full stop. Not only that, but a Reason subscription is even CHEAPER... Its got to be the best value for content of any online magazine I know of... at just $1.35 a month.

Copy pasting from above... I want to support that, and it costs me almost nothing to do so. In fact, given how much benefit I get from reading their content, and how much I share their content, I absolutely feel some genuine sense of obligation to do so.

Combined, those two subscriptions cost me about $5 a month... And deliver dozens of hours of entertainment and intellectual stimulation, and dozens of pieces... maybe hundreds of pieces... that I share every month... and help me spread the arguments for individualism and individual liberties and individual rights, and against collectivism and anti capitalism, and authoritarianism.

...Thats real value to me... I hope it is to you...

Friday, March 19, 2021

Narrative Exploitation and Manipulation

A seriously mentally ill man, spent every dime he had or could steal, habitually frequenting several houses of prostitution.

He snapped, and murdered 8 people... most of them prostitutes... at those houses of prostitution.

Those houses of prostitution were Asian massage parlors.

Were those murders "anti-asian hate crimes and violence"?

Any sane person knows, of course not...

These murders absolutely WERE violence against women, and violence against sex workers. There is no question of that... and that was clearly WHY this piece of human excrement targeted those women for violence. .

That these women were Asian was entirely irrelevant to why they were murdered, or why they were targeted for violence; except in that that majority of organized prostitution in most parts of this country is run by Asian criminal networks, and thus the majority of prostitutes in massage parlors and the like, are Asian (many of them having been the victims of human trafficking).

But that is not supportive of the narrative the media and the left want to push right now. So you're not hearing about violence against sex workers... Which is ABSOLUTELY a MAJOR problem in this country...

...(Somewhere between 30% and 80% of sex workers... depending on what category of sex work they are involved in, where they are, and whether they are a citizen or legal.immigrant, or not... will experience violence against them in some significant way, because they are sex workers. That's not even counting the fact that the majority, or a significant minority, of sex workers involved in prostitution in many areas of the country, are themselves victims of human trafficking)...

... Instead, there is a hysterical hyping of this as an anti-asian hate crime, to push the narrative that there is a wild and out of control surge of anti-asian hate and violence... Supposedly because ignorant stupid unenlightened right wing white Americans, are all white supremacists, and hate all Asians because of Trump and China and COVID etc... etc...

Which is the most blatant and total BS the media and the left are currently pushing... which is really saying something.

Monday, February 15, 2021

Streamlight gets back in the game

Streamlight finally decided to properly compete against the Surefire Stiletto/Stiletto Pro (which I have, and love by the by):

https://www.streamlight.com/products/detail/index/wedge

I'd say it's positioned in between the Stiletto and Stiletto pro, and closer to the Pro in features, but closer to the base model in price.

It's not quite as feature rich as the pro, but in theory has the same light output on max and high... At least for short bursts at max anyway, which is really a HEAT limitation issue. There's just not as much mass of aluminum in the wedge to act as a heat sink, and the Stiletto Pro gets quite hot, surprisingly quickly.

The Wedge has considerably longer battery life than the Stiletto Pro on 300 lumens (double the run time in theory, probably a fair bit less than that in practice), it's 15% lighter (3.3oz vs 4oz or just 0.5oz heavier than the 2.8oz base model stiletto), and it's a lot narrower (less than half the width in fact), at very nearly the same thickness.

Also, it uses a waterproof USB-C port, which means you get a full IPX7 submersion rating (at least 1 meter for at least 30 minutes), without having to stick a rubber plug or cover over the port (the same mechanism for water resistance your phone probably uses now). It also means MUCH faster charging than the Stiletto or Pro... or at least potentially so... They'd be silly not to take advantage of that, but manufacturers are sometimes that silly.

That said, it's also about an inch longer, which may be a little too long for some folks pocket carry. It doesn't SOUND like much... just an inch at just under 5.5" total... But that inch is almost 25% longer; perhaps longer than a womans jeans pocket for example, where the 4.5" stiletto pro may fit perfectly.

I'd definitely like to get my hands on one, and compare it to my Stiletto Pro... Which happens to be the best pocket light I've ever had, and that's saying rather a lot, since I've had a HELL of a lot of very high end pocket lights (including many from both SureFire and Streamlight).

If the Wedge is even CLOSE to as good as the Stiletto Pro (or for that matter even the base Stiletto, since it's got much more light output at a longer runtime), then it's a home run; especially given Streamlight tends to price out rather a lot cheaper than surefire at a given feature level.

The announced MSRP is $150, so the street may be anywhere from $110 to $130 (which is only $20 msrp over the $129/$100 msrp/street base stiletto) and WELL below both the MSRP and the street price of the Stiletto pro ($229 and $200 respectively).

... And that's a GREAT value by any measure, presuming it lives up to the spec sheet, or even close to it.

UPDATE: There are a number of online retailers advertising it at between $85 and $99... which puts it BELOW the street price of the base model stiletto, and HALF or less than the street price of the pro. Which is INSANELY cheap for that capability.

Accordingly, I've got my pre-order in... $100 flat, after tax and shipping, expected ship date has been listed by several sites as April 15th, but a couple have it as March 21st. We'll see what the actual date ends up as.

That word? I do not think it means, what you think it means...

"Oh those RINOs and NEO-CONS won't do anything... we have to purge the party of these spineless unprincipled traitors"

It's kinda funny... I generally find most who use the terms neo-con or RINO, except ironically or as a joke, to be unable to define either in a meaningful way.

Much as George Orwell wrote about the term "fascism" in "Politics and the English Language", for almost everyone using the terms, "RINO" and "NEO-CON", are just signifiers for "things and people I don't like".

Thing is... The only current Republican members of congress (both house and senate) who can fairly be called "RINO", are Susan Collins, Lisa Murkowski, Brian Fitzpatrick, Chris Smith, John Katko, and Jeff VanDrew (who actually was a democrat until last year).

Everyone else, is absolutely within the "normal spread" of positions for Republicans... That includes Ben Sasse, Pat Toomey, Fred Upton, Mitt Romney, Liz Cheney, and most of the other congresscritters (not on the RINO list above) that voted to impeach Trump.

In fact, several of those that voted for impeachment, are notably far MORE conservative than Trump... The first couple I mentioned above have lifetime ratings over 90% from the American conservative union, and almost always vote with the party (they're available online from http://acuratings.conservative.org/acu-federal-legislative-ratings/ )

The first major mistake many make, is in thinking that loyalty to, or agreement with, Donald Trump; is any kind of criteria for being a Republican, or a conservative... Since Trump was and is, neither of those things. Trump is an ACTUAL Republican in name only, and always has been... He was officially a democrat, until he needed to be a Republican, at which point he officially signed up to be a republican... but he never actually changed anything other than the initial beside his name.

The second, and fundamental mistake however, is in thinking the republican party is actually conservative, or in fact has EVER been conservative, by any meaningful definition of the term (except perhaps, relative to the actual left).

The Republican party is, and since reconstruction mostly has been, a moderate centrist party about MOST things... Generally averse to change and risk, and generally collegial in reality, regardless of the rhetoric fed to the base for fundraising purposes.

Even Reagan wasn't ACTUALLY conservative... He talked a good game, but in reality, he was as much a "neo-con" as Bill Kristol.

Barry Goldwater was the closest thing to an actual conservative in the post war Republican party... and he was really more libertarian than conservative by modern sensibilities (though he of course considered himself to be conservative, and was mostly thought of as such in his time). Before Goldwater, you need to go back to Coolidge to get an actual conservative.... and before that... Ummm...

.... Yeah... Look at the history... The Republican party is NOT conservative, and never really has been.

Historically speaking, post reconstruction, the majority of the republican party, has been in the mold of Bush the elder, Nelson Rockefeller, Gerald Ford, Richard Nixon, Dwight Eisenhower, and Herbert Hoover... RELATIVELY conservative compared to "progressive" leftists in the democratic party, they're still for Big Government, just not AS big as Democrats. They're still just as paternalist as Dems, only about different things in different ways. They're in favor of plenty of control, intervention, and regulation, on both social and economic issues... because everyone has their "special" cases, and those "special pleadings" add up.

Reagan was a near literal revolution in the party, and he wasn't even actually that conservative... He was RHETORICALLY conservative, but in fact he governed as what most who identify as "conservative" today (who, mostly, are very definitely NOT conservative in any meaningful way), would call a RINO... Or if they actually knew what the term means, pretty close to a neo-con. He was a free spending, massive debt accumulating, heavily interventionist in domestic affairs, heavily interventionist in foreign affairs, massively intrusive, NON-conservative; by anything like a reasonable definition of the term. He just TALKED about being otherwise... and how that was better.

... Which it IS... but he didn't even try to actually govern that way...

In fact, the Reagan administration and Republican congressional leadership, essentially made what some might consider a "corrupt bargain" with the Democratic senate majority leader Robert Byrd (for the first and last years of his term... the Republicans had a narrow senate majority for 6 of Reagans 8 years) and Democratic speaker of the house during his presidency Tip O'neil (all but the last few months anyway); wherein the Republicans got most of THEIR spending priorities passed through congress and signed by the president, and in exchange, so did the Democrats... and both knew that was happening, so they were able to freely posture, to raise money off "fighting for their constituency", while in reality, there was always a deal to be made.

Which ACTUALLY meant that the government was doing FAR MORE than it had ever done since WW2... And not coincidentally SPENDING far more than it had since WW2, and accumulating FAR MORE DEBT than it had since WW2.

The fact is, Goldwater and Coolidge were major outliers, and exceptions to the general run of Republican candidates and presidents... and were largely unpopular within the party because of it.

For that matter, Reagan was also unpopular within the party, until he placated the southern religious social conservatives after his brokered convention loss in '76 (which happened in the first place, because he offended said southern religious social conservatives, in an attempt to gain broad centrist appeal, by selecting a more liberal Republican running mate, and saying a few things the leaders of that block didn't care for... Had he not pissed off the southern faction of the leadership, Reagan would have won the nomination in '76... but probably lost the presidency).

The social conservatives have never actually been a majority in the party... Only a plurality... A little less than 40% at peak... but they're a very LOUD plurality minority... and those opposed to them are very LOUD too, about how big and bad the social conservatives are; making them seem like they were and are much more powerful and consequential than they actually are... or for that matter, much more conservative, and much more principled and consistent than they actually are.

... But every national candidate in the Republican party has to make the southern religious social conservatives at least tolerate them, because said southern social conservatives have enough power and mass to BLOCK someone. They can't actually MAKE the king... as I said, they're less than 40%... but they can keep someone from being crowned, and no other single block is able to do so, because no other single block is more than about 25% of the party... Nor is any other single block motivated and organized enough to do so.

But that doesn't make the party actually conservative, or actually socially conservative, at the national level (local is an entirely different story... State and local level politics are a totally different beast).

One other thing the party has very firmly NOT been, along with "actually conservative" is POPULIST... In fact, they've GENERALLY been rather the opposite, at least when it comes to national and international issues and policies (local is a different matter entirely).

Until Trump that is...

Or at least the Republican party hasn't been populist since the FIRST Roosevelt... who was VERY firmly a populist progressive (Hoover wasn't a populist by nature, but he took some seemingly populist... and quite harmful... actions based on some truly epically bad advice from his cabinet and congressional caucus)...

Actually, TR would have been a quite "progressive" democrat in the post WW2 period up through the late 60s or so, and he had a disturbing tendency towards fascism (seems to have run in the family).

Hell... TR could easily have been LBJ, or his cousin Franklin...

...He wanted strong social safety nets set up and paid for by government, with socialized pensions and healthcare. He was for strong protectionist tariffs and strongly against free trade. He was pro-union and anti-corporation to a shocking degree, and he was pro-government regulation of almost everything. Read "The New Nationalism", and it's like postwar democrats fantasy platform...

...except that TR was personally moral and ethical, unlike the thoroughly unethical, amoral, and frankly evil, racist rapist that LBJ was.

So... if you're an actual conservative or libertarian or "conservatarian", guess what... YOU are the one who is a Republican in name only.

If you're one of those who is using RINO as an insult to describe Republican party members who aren't at all conservative, you've got the perspective reversed, because THEY ARE THE PARTY; not the conservatives and libertarians, who generally VOTE republican, because they are less awful than the realistic alternatives.

... If you think about what the party actually is, as opposed to what you think it SHOULD BE... Well... RINO... isn't an insult, or at least it shouldn't be. It's kinda like that line "Your boos mean nothing, I've seen what makes you cheer".

Wednesday, January 13, 2021

When is a "Hack" not a hack? How about fraud and negligence?

So... Was the "parler hack" a crime?

Was it even a HACK?

Well...There was almost certainly a crime comitted.... several in fact... but probably not what you might think... or by who you might think.

Because of the comprehensive incompetence and fundamental errors in architecture, design, development, and implementation of the Parler site, services, applications and infrastructure; technically, a very strong argument can be made, that none of the actions the people who accessed (or possibly compromised) the Parler data took in doing so, were actually illegal under U.S. federal law, and the laws of most states.

Effectively, there was no private or confidential data access, because none of the data was actually private or confidential, regardless of whether it was intended to be or legally required to be... the site admins allowed elevated privileged access to be created by unprivileged users, and allowed privileged users to query and retrieve all data within the control of the organization, without properly validated authorization or authentication

Everything else those accessing the data did, was just scripting those authorized queries to run over and over until they had all the data.

That's not technically illegal, so long as they didnt eliberately circumvent or compromise a policy, wiith a deliberate technical control mechanism enforcing that policy, using an unlawful method.

...And by any reasonable interpretation of federal law and definitions, and at least most state laws and definitions, the individuals accessing that data didn't so so... Because they didn't have to, because the site devs and admins didn't program or implement any ACTUAL privacy or security controls into the site or the database.... Anyone who knew how to do it, could have done it for themselves, at any time, without bypassing or circumventing anything, or using any outside tools etc...

The researcher who discovered the data exposure, made her own privileged account, because the site devs and admins didn't implement account controls that would prevent any authenticated user from doing so if they knew how... and privileged accounts were never verified or properly authenticated, and had permissions to do everything else.

...At that point, I don't believe any actual access restriction ornother relevant policy enforcement control, or privacy control, was actually compromised or circumvented by unlawful means... Or for that matter, at all.

Now... that wasn't the developers or administrators or owners INTENT... but you don't commit a crime for circumventing INTENT.

Its not even a crime to violate policies and terms of service... usually... maybe... depending on many details and variables.

It actually IS a crime to create a new account to circumvent policy, after you have been banned... at that point you are using a technical means to circumvent enforcement of your authorization removal and ban... Even though any user could do so, for any reason, and there isn't anything special about doing so, because you know that you have been banned and are no authorized, an are using technical means... making a new account... to circumvent a technical control... the blocking of your old account... and are accessing such systems without authorization through such circumvention.

That is explicitly a federal crime "Knowingly unlawfully or improperly accessing a computer system or communications network, without proper authorization".

If you use such circumvention to do more than a trivial amount of damage, or to intimidate or harass people or commit other crimes, its a fedral felony, under the telecommunications act (originally passed all the way back in 1934 but revised MANY times since) as modified by the computer fraud and abuse act, the USA patriot act, and other related acts and sections etc... etc...

But if a site admin/dev writes a policy that says "users won't use their accounts to gain more access and privileges than they are explicitly granted by admins' that policy won't actually have any force, and violating it won't be a crime...

at least until you get caught the first time, and kicked, and then log in or make a new account, and try it again, at which case you are knowingly circumventing policy and controls via technical means.

Even if it was clearly not intended for users to give themselves admin privileges, and gain access to other users daya... even if there's policies that say so explicitly... its not a crime, if the user can do it, without using technical means to circumvent technical controls enforcing those policies.

In this case, they never actually properly implemented such controls. Users were able to make privileged accounts and access other users data, without any technical circumvention... they just had to know job to do so. Nothing else would have stopped them.

...That means it was almost certainly not a crime... But like I said, there is maybe a little wiggle room for charging something here...

Oh... But here's the really fun twist...

The Parler site owners, admins, devs etc... ?

They had legal and regulatory requirements under various state, national, and international laws and regulations, to properly and effectively control, secure, and protect, the personally identifiable, private, secure, or confidential or higher data, of its users, employees, partners, and other corresponding entities.

They also had a lawful duty of care, to implement security and privacy controls, at least to the minimum prevailing industry standards of compliance, and generally accepted minimum proper practices, and minimum best practices, for operational protection of personally identifiable, private, or confidential or higher information.

...In fact, they had state, federal, and international legal and regulatory requirements; as persons of responsibility for the care and protection of the security and privacy of such data; to legally certify, under penalty of perjury, and civil and criminal liability...

... on at least an annual basis (and possibly as often as every 30 days)...

... that they were in fact meeting such minimum standards and practices with policies,, processes, and technical controls, that were in fact effective in doing so.

...When, in fact, they did not have such policies processes and technical controls, that were in place and effective... Or at all...

Which means everyone who signed those certifications, was committing state, federal, and international fraud, breech of trust, and failure of duty of care (and by the by, violation of their own published and stated policies, and the public statements of their persons of responsibility, which extends the fraud, and may also be interpreted as breech of contract or breech of promise, depending on the exact data, the type or individual or organization, their relationship to the organization and the exact laws of the jurisdiction in question)

That...essentially automatically... makes what they did both tortuous civil negligence, and gross criminal negligence.

I say this as someone who does this for a living, advises clients on it professionally, has co-authored many briefs and provided support for many motions, and testified in both depositions and trials; both as an investigator, and as an expert witness on this subject.

All that said... I mean... you always have to take two major factors into account:

1. MOST jurisdictions that I know of, would probably agree with what I wrote above, most of the time, presuming what we now believe we know, holds true... But not necessarily all.

Some states and other jurisdictions have different legal standards and definitions, under their own laws and regulations, that could see these various individuals actions in accessing Parlers data, interpreted by prosecutors and judges, as rising to criminal behavior... Or conversely could interpret the site owners, admins etc... as neither criminally or civilly liable, or that insufficient actual harms had resulted from those otherwise negligent actions such that they would meet thresholds for criminal or civil liability.

...AND...,

2. On any given day, given any particular set of facts, circumstances, and laws, any judge can decide almost any possible way, accounted for under the law...

...and maybe some not contemplated by the law...

Or may even simply act flatly outside the law; either because they believe the law is itself in error or improperly interpreted or applied, and that the courts should or must address this defect or defects...

...Or that regardless of any potential legal defect existing or not, that their actions outside the boundaries of the law are in the interest of justice...

...Or sometimes they just think its the morally or ethically correct thing to do, regardless of the law... That they SHOULD or MUST take such action, regardless of the law, even if they are later reversed, because to do otherwise would be absurd,, obscene, or would tend to shock the conscience (and yes, all of those unusual words and usages are quotes from famous rulings where judges did exactly those things, for those reasons).