Confidence

Although I feel a little weird using sports and martial arts analogies (haven't done either in years. Decades?  Other than friendly little volleyball games and the like) but I think the examples hold true.

In one memorable but of training, our martial arts instructor had each of us take turns standing in the center of the mat. If it was your turn, you stood in the center of the mat and waited for someone to approach you.

They came one at a time, and each had been given a different instruction. They might just wave 'hi', they might try to grab you...

The point was that you didn't know what was coming, but you had to react according to the situation.

Most of what I remember is that state of readiness. And focus. You can't assume the person coming is a threat, but you have to be ready in case they are.

And you have to pay attention to the signals they're giving. Have to try and decide when that hand coming up is a friendly wave or attack. ('decide' is a bit misleading since it's not exactly conscious. Happens too fast.)

There's something similar in volleyball. In standing loosely, on the balls of your feet, ready to move in whatever direction the volleyball comes from.

Its not about control. Or perhaps it's about control of yourself and your abilities. You don't get to dictate where the ball goes, or (in the martial arts example) what the other person is going to do.

But whatever it is, you are ready.

...

I was reminded of that because I was trying to explain something about my job. That is, I very often get given errors to fix that I know far too little about. But, Idk. I know how to look things up, have some sense of what various error messages might mean, have more experienced team members to ask (in the volleyball example, your team helps handle the balls that are too far for you to reach), know how to read through scripts (and sometimes code, depending) and puzzle out what something is trying to do...

And by and large we figure it out.

I'd like to learn more, of course. And every time we figure something out I learn a little, and it's easier to fix next time.

Anyways, I wanted to highlight that sort of ready state, and the confidence that comes from knowing you can figure out whatever.

I don't seem to see that as often...

People either don't have any confidence at all, or try to gain confidence by controlling what comes at them. What other people do, where the ball goes...

Not confidence in their capabilities and their team. 

Also -

The growing covid disaster (especially in India) and the self-centered focus of Western powers on keeping vaccines for themselves is sickening.

I don't really disagree here. It's just that I don't really know what we can do to change it. 

Food for Thought

https://twitter.com/emollick/status/1385688044972478464?s=19

Jotting Down a Link to Mull Over

https://hegemon.substack.com/p/defining-decadence-down

I Want to Know if This is True

Saw this today and hope to see some verification and/or more details.

If true, it's very depressing that in this day and age community leaders are still doing shit like this.

Why is it so fricking hard for them to do the right thing? 

Addendum

My previous post was long enough, and the topic different enough, that I decided to add this separately.

Whether it's my Catholic upbringing or my political science undergrad, I agree with the rather lofty ideal set out in our Declaration of Independence - 

"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness." 

With the understanding that it was a gender-neutral term, and that we are right to insist that applies to everyone, regardless of race or gender or sexuality or disability or whatever.

Like, I'm not sure why this is so hard for people to get?

Every. Single. Person. Is a person worthy of dignity and respect.

I'll admit sometimes that's harder to remember than others. Yes, homeless guys (and gals) are worthy of dignity and respect. As are felons. And Nazis. Figuring out how to stand for your beliefs and not enable or condone things you disagree with, while continuing to treat them as a person worthy of dignity and respect... Well, I don't claim I'm perfect at it. But that's pretty much the goal, and the more you practice it the easier it is to do.

I do, however, think that anything that falls short of that tends to have unpleasant side effects. (ie God has pretty much rigged the game in favor of treating each other well.)

Speaking of rigging, I also think that when we are honest with ourselves 'pursuit of happiness' doesn't lead to conflict.

That is, we focus a lot on the 'have nots' screwed by our current system, but even the 'haves' are not actually living their best life.

I'm not sure where that notion first started, but I do remember an early example.

I took a class on African literature in college, and one of the books was set in North Africa, dealing with a woman whose husband decided to take on a second (much younger) wife. It might have been So Long a Letter?  Anyways, we naturally focus on her struggle to deal with it, and the system allows men to do this. We think, naturally, that of course a, man would take a pretty young wife if he thought he could get away with it. But you can see in the story, sometimes, that he really wasn't happier.

Like, getting a 'pretty young thing' is all about that. They have to be young, and pretty. 

But it says nothing of an emotional connection. You don't have a meaningful relationship with your pretty young thing, because that's not what you're there for.

They're a trophy, a marker, not a life long partner you can turn to when things are awful.

They're someone to protect and be strong for, not someone you're able to be vulnerable with.

And then people wonder why men are so lonely and more likely to commit suicide.

The dramage may be felt more strongly on one side, but the system doesn't really benefit either. 

And I kind of trust that if people learned to listen to themselves (their higher self, or sit with that sense of inner peace and quiet where God resides on all of us, or whatever your preferred terms are for that sort of experience) they'd find that out for themselves. 

Update

I wasn't sure what to write, because as has been all too typical of the past year the news and current events seem pretty awful but my day to day life is... Okay I guess?

I think I'll start with daily life, mostly because anyone can read the news and know what's going on (with a little slice of 'there's not a lot I can do, personally' , about some very worrisome trends) so here goes.

I'm still playing around with the new laptop, and so far it's been kinda fun. If a bit tedious. I decided to go ahead and try setting up a little virtual sandbox on my machine. I mean, I had started doing that on the desktop I built - and I plan to incorporate that more later. But now that I'm vaccinated I'm planning to visit the fam, and I really liked the idea of having all the tools on my laptop.

Plus what was the point of getting all that RAM if I don't use and abuse it?

So. Taking lessons learned from the earlier experience, I downloaded and installed a virtual firewall (pfSense), then downloaded and installed a couple of windows virtual machines. The downloading took a bit of time because my internet is only so fast, and since I didn't want to get sucked into this while officially at work I just did what I could in the evening.

Which meant I was pretty much ready to dig into the next challenge today. I wanted my little vm setup completely isolated from my personal laptop. That is, if I'm about to start playing around with malware I want as little chance of infecting my actual machine as possible. (I think I might have run into my first known bit of malware in the wild, btw. But that's a story for another time.)

So anyways, I connected the new virtual machine to the pfSense, which was fine. Except it wasn't connecting through that to the internet at large. (I will probably keep that off when act doing some analysis, but I wanted the capability. First of all for downloading updates and tools and things, but also because it might be necessary.)

Took a bit of messing around to discover the connectivity was there, it just wasn't resolving DNS. (for the less tech aware - if I put in 'www.google.com' it didn't know where to go because it wasn't converting the name to an IP address. And computers need the IP address to route all your internet traffic.)

I finally sorted that out, but then I needed to configure it so that I couldn't connect to my laptop from the virtual machine. That just required creating the right rule for the firewall. I mean, it took a bit of work to get it configured correctly but at least I had a pretty good sense of what needed to happen.

Voila! I know have a virtual machine on my computer that can connect to the internet, but can't connect to my computer. (pfSense can, but that's different).

Right now I mostly am getting everything updated and various tools installed (ie there are PE viewers and debuggers and IDA and maybe I'll take a gander at the NSAs Ghidra. I don't know, I'm just sort of poking around a bit.)

I think this is such a vast field that I can't possibly learn it all, and will probably settle in a particular area. But I'm not entirely sure which area that is yet, and I kind of like the idea of seeing something operate through all the various levels at least once. That probably doesn't make a lot of sense? I don't feel like explaining it right now though.

Of course, this does somewhat relate to some personal frustrations, because as of right now that's got nothing to do with my job. And I'm not really sure how or when to transition to that possible career. I mean, learning is a good start... Though it could take decades to master. But right now it's basically a hobby, and that's kind of frustrating.

It might be time to start job hunting again, though I am reluctant to deal with all the frustrations and uncertainty that goes with that. Oh, and trying to convince people that yes, I really am the most awesomest candidate and you really ought to hire me. Pretty, pretty, please?

Ugh. I'll probably have to do it eventually, the dissonance between current job and desired work is too great, but I'm not really looking forward to it.

What a crappy world though. Because I know I'm not the only one who feels that way. Who gets frustrated because the things that pay the bills aren't really the things we're passionate about. (and maybe we shouldn't always get paid for things we're passionate about. I've heard people talk about how hard it is to continue to love making art, for example, when it becomes their career. And it does kinda seem like a recipe for burnout. But, Idk. It'd be nice to have that option. And if it's not something I really want as a career, it'd be nice to have the experience before moving on. It's not ever having the chance to see for myself that rather sucks.) 

This applies in other ways, btw. I mean, if it's this frustrating for me as a white woman imagine how much harder it is for the minorities living here. 

This is getting into the larger things. How many more police shootings came just this week (and how many mass shootings on top of that). 

And the news out of Minneapolis is rather disturbing, especially the constant low level flights by helicopters. 

Someone on Twitter argued that its not actually worse now, but rather that we have cameras in our pockets making it harder to ignore. 

But still... It's getting ugly. And the people who really ought to be handling this better - aren't. 

They seem to be doubling down, actually. Doubling down on hate. Doubling down on being assholes. Doubling down on seeing the protests and disgruntlement as a threat instead of clear warning signals that the status quo is not okay. (or maybe they agree that the status quo sucks, but are trying to push for something even worse. As if history hasn't repeatedly proven how terrible their ideas are.) 

Yes, I am looking at all the short-sighted and rather moronic wealthy people who seem to think they can fund outright lies and conspiracy theories without any real blowback. Or that they can squelch any attempt at making a more equitable system without it costing them even more in other ways. And the sheer arrogance of thinking they really know what's best, when they take anything that challenges that view as an affront and a threat. 

That is, I think, the worst of it. That people like that have the power and influence to really warp things. 

Whatever. They're trying to dam a river, but they aren't all that good at constructing floodgates and levees, and they pretty much create the surge that makes those necessary in the first place. 

Feeling Productive

Okay, so. When I first started at this job I was dmso busy learning DevOps that I didn't really have the energy to explore the infosec/computer security things I'd started messing around with while job hunting.

Now that things are better (still a lot to learn, but not to the same degree) I'd been wanting to get back to it.

The problem though, or so I realized, was that I didn't have the right tools.

That is, there's a ton of resources, both online and with various books I'd picked up, but it's best to get hands on experience. It just makes it sink in better. And I'd borrowed my Dad's laptop to get through school. It did the job fine, though it had programs I didn't want to remove since he actually uses them... And I'd returned the laptop some time before covid hit.

I waffled around a bit at the expense of a new laptop. I figured it needed a lot of RAM and a good cpu to do the various things I was interested in, but I finally decided to take the plunge. (My tax return definitely helped with that decision.)

I finally got the new laptop Thursday and have been messing around with a few things ever since. For example, I have a copy of Practical Malware Analysis, and it's been really nice to have my laptop up and running while I work through the book. So far I haven't done too much that was new (I'd taken a class on malware analysis, and we'd used some of the tools for static analysis. That is, I knew you could get a hash of a file and use it to see if it was known malware, and we'd used the strings program to look for strings of text in a file - URLs or function calls and the like. We'd also used PEiD and the dependency walker tool, though I don't know if it's that I've got more experience in general or if it's this book, but I have a much better understanding of why we use those tools and what we're trying to find.)

Since the book is a little old and technology changes fast, I'd been looking up info on the various programs to see what the current best tools are. For example PEiD is no longer supported, and although it's still apparently the best for some things. There's a newer bit of software that does something similar, and it's sometimes good to use multiple tools because they can find different things.

Oh, and I know I'd heard that windows made some very useful changes. It's got its own built in tool to get the file hash, for example.

I've been looking at a couple of other things as well. For example OWASP has some great resources on web security that I want to play with. Some of them can run on docker containers, and since that's a useful thing to know I've been looking at using the docker images as well.

I still think I'm just at the very beginning here, but it's a good start.

It's nice to feel like I've moved from talking about it to actually doing it. 

Tech Infrastructure

Stumbled on this discussion from Twitter today.

It's a bit technical, but I'll try to give a brief explanation of the issue (and it apparently relates to far more than this particular problem).

Tech has evolved a lot in the past few decades, but there is still a lot of legacy code. That is, code that was written back in the day, and that you think would have been superceded by some of that new technology, but for whatever reason (generally associated with the costs of making the change, plus a, desire not to disrupt critical processes now that most of bugs have been worked out, etc) it isn't.

xkcd has a tongue-in-cheek comic on it.

This is a rather well known issue, I think. It's also somewhat related to the concept of technical debt, because companies will often take the quicker solution of just layering new tech over the old rather than taking on all the challenges of redoing everything.

Anyways, the other interesting piece to this discussion is that this widely used and super important code is part of the open source movement. That is, nobody is really being payed to maintain it. Any improvements and fixes are pretty much done by volunteers.

There's a lot of great discussions on the importance of open source software, and I've only touched the surface of it so I don't think I can really do it justice.

It is... Complex. For profit companies like Microsoft and Google actually do use open source resources, so they aren't always strictly opposed to each other. Ummm, and quite a number of businesses use open source software for their application servers. (I, for example, was given a company laptop that runs windows. But I use it to connect to our various servers that are almost all running some version of Linux or Unix).

Anyways, the infrastructure bill and the debate over what counts as infrastructure (which makes my position in our infrastructure team somewhat amusing) got me thinking about this a bit.

Like, some people argue that broadband internet should count as infrastructure, or as a utility. (Given the benefits of making it easier to use the internet - for people and businesses - and it's growing necessity for modern life I think there's a compelling argument there. Or at least room to encourage private businesses like the way we encouraged telephone companies to provide access to rural areas).

But, is it just about running the fiber cables and routing traffic? Are we just talking about the infrastructure that an internet service provider offers? (and don't we have some national interest in making sure that's secure, and resilient in the face of whatever sorts of disasters might come our way?)

Or should we also consider the protocols we use to access the web.

Not saying yes or no for sure, there'd be a lot of tough questions about the role of government, private industry, and more. Just something to start thinking about.

Adding the original Twitter link, the discussion is a little broader here. 

An Interesting Article on ETFs

I'm not sure what I think about this yet. It touches on something I noted earlier (that most people don't really understand the markets, so when saving for retirement they have 401ks that are managed by other people. And so quite a bit of the market is decided by the people managing those funds), though the focus is more on Echange Traded Funds (ETFs) which I'd heard about before. And in a positive way, since actively managed accounts don't tend to beat the market. That is, getting a share in a fund that reflects the market tends to do better - and diversify your investments in the process - but I can see how that ultimately excaberates the problem of giving more power to the few people actively evaluating and trading based on knowledge (as opposed to 'this is going up, so I need to get in on it now'. Which honestly sounds like a crappy way to invest. I mean, it can work. But it's more about reading what everyone else is doing than actually paying attention to the companies at hand. I sometimes wish I knew an investor who's judgement I trusted. Who knew the businesses inside and out and could evaluate a company's potential not just on that, but also on how good company leadership is. By which I mean they don't get sucked into 'charisma', but identify the ones leading with the traits Jim Collins noted in his books. People good at building teams that consistently make good product, one sign of which (btw) is servant leadership and identitying and promoting talent. And clearing out the plumbing problems that push out those who have talent but aren't necessarily conforming to the status quo.)

Anyways. As an individual ETFs make sense. And most people just want to make sure their retirement isn't whittled away by inflation.. So matching the market is just fine. (The average American is less concerned with becoming millionaires, though the money would be nice ofc, than being able to have a reasonable standard of living. Able to pay their bills, live in a decent house, not stress about the basics, and able to take a nice vacation every once in a while. That's part of why there's so much condemnation for billionaires. When they've got more money than they could possibly spend in their life, why are they so stingy? And why make it even harder for the average American to make a living? For what? To have an even fatter bank account when they've already got more money than they know what to do with? You can't take it with you.) 

So. Short term incentives make sense, but there's definitely reason to be concerned about the long-term consequences. Maybe. 

I'm sure there will always be people who go back to the fundamentals, assess a business based on its actual financials rather than people's perceptions, and possibly can outperform the market. Isn't that what Warren Buffet did? 

And all the people who are just following what everyone else is doing will probably notice and follow their lead. Which will add quite the extra weight to their judgments. 

Hmmm. 

The real problem is - well, there's a couple of them. Market manipulators can still influence things (incorrectly, since they don't actually care about the fundamentals of a business), and it can be hard to identify who's accurately evaluating a company and who isn't. 

And there's still the issue of a few influential players essentially setting market value. 

In an ideal world, everyone would do their own research and invest on that basis... But it's just not reasonable to expect mom and pop to do what's essentially an entirely different career just to make sure they can retire comfortably. (Again, an honest-to-God safety net would address that issue and they'd probably be content to stay out of the markets entirely. But God forbid you suggest that in today's political climate.) 

The Tech Side of Behavioral Science

https://www.theverge.com/2013/8/29/4640308/dark-patterns-inside-the-interfaces-designed-to-trick-you

Framing is definitely important.

https://hbr.org/amp/2017/06/how-you-define-the-problem-determines-whether-you-solve-it?utm_medium=social&utm_campaign=hbr&utm_source=twitter&tpcc=orgsocial_edit&__twitter_impression=true