, , , , , ,

The AI Feast

, , , , , ,

Before we discovered fire to cook our food, we spent a significant amount of time chewing. Consider gorillas, who, according to a nature show I watched, chew for hours each day. Some mountain gorillas even spend half their day gnawing on their food. But introduce fire, and you have a barbecue. The food is prepared quickly, and our bodies don't have to expend nearly as much time and energy breaking it down for digestion.

This is how I view AI technologies like ChatGPT. They're revolutionizing how we consume and process information, aiming to foster knowledge. They encourage us to think about thinking, and in doing so, they can help us better understand ourselves. Indeed, before we can effectively communicate with others, we need to comprehend ourselves. By gaining a clearer sense of our own worth, we're more likely to treat others as though they hold similar value.

However, there's always the risk of veering off course, even with the best intentions. This happens easily when we mistake the model for reality. We've been gnawing on leaves, and suddenly, we're presented with an all-you-can-eat buffet. Considering the current state of global health—with many countries, if not the entire world, struggling with obesity and poor health—the implications of this new cognitive feast could be substantial. It has the potential to amplify both benevolent and malevolent powers.

In AI and the future of humanity | Yuval Noah Harari at the Frontiers Forum , Mr. Harari breaks down some of his concerns. He’s not worried about terminator robots, he’s worried about how easily people are persuaded to do things that aren’t in there best interest. He makes a compelling point about the transformation of algorithmic functions from attention capturing to intimacy. Ultimately, he appeals to us to appreciate the power of language and leaves me wondering how little we even understand the degree to which language (a technology, and the very thing that makes up all the blocks for all our models of the universe) can be hacked, and us along with it. Now go chew on that for a couple hours.

, , , , , , , , , ,

AI Alignment: First Principles

, , , , , , , , , ,

The Intersection of AI Alignment and Self Alignment: A Case for Physical Practices

I’m not going to beat around the bush, I’m just going to say it plainly. Achieving AI alignment is a goal that first requires self-alignment. We cannot expect to correct an external relationship until internal balance is maintained. Otherwise, we will quickly find ourselves adrift in our own delusions. So here’s my belief: teaching physical alignment through practices like martial arts (Tai Chi specifically) will help individuals mentally and emotionally prepare themselves while seeking AI alignment solutions.

Developing Self-Awareness and Self-Regulation

Physical alignment practices help individuals develop greater self-awareness and self-regulation. By practicing mindfulness and present-moment awareness, individuals can develop the ability to recognize and regulate their own biases, emotions, and thoughts. This can help them approach their complex work with greater objectivity and clarity.

Fostering Empathy and Compassion

Physical alignment practices can also help individuals develop greater empathy and compassion for others. This is not only a critical skill for effective AI alignment but also for just being a kind person. Acknowleding our imbalance, our biases, means being vulnerable. Being vulnerable doesn’t take courage, it builds courage. A deeper understanding of this helps develop a deeper sense of connection and understanding with others. This allows us to take on and better appreciate the perspectives and values of different stakeholders. I’d say that was important to the development of AI systems.

Building Discipline and Resilience

Physical alignment practices can help individuals develop discipline and resilience. These are valuable traits for cybersecurity teams and other professionals working in the tech industry where burnout seems to be a critical issue. By developing the ability to focus and persevere in the face of challenges and setbacks, individuals can better navigate the complexities and uncertainties of AI alignment and cybersecurity.

Reframing Power and Conflict through Tai Chi

Practicing Tai Chi specifically means learning to approach conflict differently. The use of power is redefined because what power is and where it comes from is transformed. There is no clenched fist, there is no seeking of power. There is plenty of power all around, and more importantly within us. The problem is that we have been told that there is something wrong with us and something must be added. When in fact, it is the opposite. There is more to us than we can imagine and power is not force, but control, and knowing the minimum effort necessary is the best possible policy. Strength isn’t in the breaking, but in the holding up, learning to support ourselves and each other.

Conclusion: The Benefits of Physical Alignment Practices

Overall, by teaching physical alignment practices like martial arts to employees and cybersecurity teams, organizations can help develop the skills and perspectives necessary for effective AI alignment and cybersecurity. These practices can help individuals develop greater self-awareness, empathy, discipline, and resilience, which can ultimately contribute to more ethical and socially responsible AI systems. Additionally, promoting physical and mental wellness among employees can also contribute to a healthier and more productive workforce, which can benefit the organization in many ways.

I encourage you to consider incorporating physical alignment practices into your own life or workplace. The benefits are manifold and the impact on AI alignment could be profound. Oh, and if you need someone who teaches Tai Chi and is into cybersecurity- I know a guy.

, , , , , ,

Default State of Mind

, , , , , ,

This little rant comes from a reply to conversation I was having with my Mom:

I trust that I am easily fooled. I fool myself all the time. Maybe fool is too harsh a word, but surely I am easily confused and misdirected. As much as anyone else.

I'm very curious about how people become aware of their blind spots. Everybody has a story in their head that's playing out while the real world is ticking away in front of them.

Where do people go when they are on autopilot? Do they know they've checked out? By that I mean, what story is being told- what narrative is unfolding- while the real world streams on by.

The problem I see here is that most people don't know they live in a story and don't believe they are easily confused. Maybe there is a disconnect in that having a thought isn't what I would consider thinking.

Thinking is a directed action. Having a thought is more like having gas. It just bubbles up.

What I am most curious about is the stimulus for expanded perspective and objective reorientation to an internal narrative.

What is it that helps people go, "Oh, well that's just silly."

I trust people when they display the capacity to scrutinize their own thoughts, language, and actions. This character trait Is often noticeable by how good someone is at getting other people to relax and smile.

Remember what the Buddha said, "Enlightenment arises from the realization that we are all full of shit most of the time".

, , , ,

Hacking Reno: WebApp Pentesting

, , , ,

Four days in Reno was cerebral overload. 

Attending the Wild West Hack’n Fest presented by Black Hills Information Security, I tried to squeeze as much data into the ole’ brain-box as possible. It’s a small box as far as brain-boxes go, so I’m pretty sure I tore something, and now my personal data is leaking out all over the place. 

The first night there I dreamed I was at a diner and the waitress asked me, “How would you like your brains: Compiled, compressed, encoded, hashed, or salted? When I woke up I discovered I had developed a stutter that lasted most of the day. 

By the time it was all over my brain felt like it had been in a pie-eating contest that never stopped. One of those last idiot-standing contests. Skull stuffed to near bursting and face a slaughter of smeared blueberry confusion. I wonder what drives me. This blog post is the inevitable regurgitation of that cerebral gluttony. 

This is part one of my sloppy attempt at summarizing the 4-day info feast.    

The Nugget Casino hosted the conference. The ringing bells and whirling whistles of the casino floor opened up my dopamine receptors as I walked through the door. The blinking and twirling lights aroused my limbic system which started pumping adrenaline into the mind-mix. My lower brain wasn’t sure if it was supposed to fight, flee, or poop. Casinos have to be one of the apex environments for social engineering. I felt a little like I was about to get on a rollercoaster. Kinda sick to my stomach, kinda excited, I realized the siren song of beer and slot machines were calling to me. I hovered a second or two before managing to gather my withering wits and turn my nose to the scent of nerd and find my flock.

I followed the odor of burnt neurons to the second floor where I heard the enigmatic chatter of cryptologists debating blockchain. My class was in a large conference room that could have fit a hundred people easily, but physically present only ten were seated in front of the giant screen displaying pdf slides of the inner workings of websites. I won’t pretend that I understood everything. In these classes, I often feel like a monkey punching buttons as fast as I can. All the time hoping for a banana that never comes. But at least I keep notes and hope with repetition comes familiarity and competency. 

The very first thing mentioned was situational awareness. 

Be still my sweet martial art heart. He had me at “situational”. I knew no matter how techie this got, the instructor was connected to a narrative I could follow. 

The instructor’s name: BB King. He provided a master’s class in more than just pentesting the delicate membranes between user-input and website interface. This was also, for me at least, a dissection of the complexity of language and its primordial underpinnings. It was a study in the history of technology and communication.

Let me say upfront, I was intimidated by the technical material. I was also very anxious about the travel after being in my Covid bubble for a year and change.  So as was wound uptight. BB’s presents helped melt that away. It felt ok to be in the deep end of the technical pool with BB as the intellectual lifeguard. 

I paraphrase liberally, but he said: One of the keys to mastery of cybersecurity (and life in general) is curiosity. The hunger to know how everything works offers unique leverage. As BB put it, all tools have uses beyond their original design. What can a tool do that it was not intended to do? Ask, what would MacGyver do? For this class, that meant testing the user input fields with a tad bit of sql injection, a dash of URL manipulation, and a smidge of fuzzing.

 BB set up a great VM with Juiceshop and Burpe. He walked us through developer tools in web browsers and the functionality of Burp’s tools to examine websites and by-pass WebApps. BB made multiple rounds around the room to check on each of us individually. He never seemed rushed by the fact that we were stuffing 24-hrs worth of information into 16-hrs. I just tried to keep up as we blew through a dozen labs picking apart the vulnerabilities inherent to the system.

Something that was super valuable was that the class broke down the Top 10 OWASP list into just 3 issues. Not 10 issues. 3 issues. Aside from 1) Malicious Input, there was only: 2) Insufficient Logging and Monitoring; and 3) Sensitive Data Exposure. 80% of attacks are some form of malicious input. The other portion of OWASP is basically people shooting themselves in the foot. 

Midst all that tech talk, BB had a couple of comments about bird songs and body language that really stuck with me. 

The sound of birds chirping, that sound we find lovely and melodic, it’s actually a bird’s warning to other birds. It’s a declaration of territory. I own this tree. This is my branch. Keep your distance. BB added, that the reason humans like the sound of bird songs so much is that the sound informed our ancestors that they were safe in the woods from predators. If the birds ever went silent, if the bird song stopped, then that was a very bad sign. It meant predators were near. Big ones.

The key takeaway: you don’t need to know the whole language to decode useful information. We had no idea that the bird song was a warning to other birds, but the lack of its pattern was a warning to us about nearby threats.

Another nugget BB shared: there are 21 culturally universal emotions that can be communicated with body language. Did he say body language? Totally speaking my language. This was when we were talking about encoding information and it made me wonder about the pros and cons of language. How easily things can be misconstrued or miscommunicated. Use the wrong word in the wrong context, things can get ugly quickly. It matters what you put into the system. 

Or simply put for defenders: Input Sanitization matters. 

The first rule of apps is that they are made for people to use. There must be an interaction between the person and a program. Requests are made. Responses occur. Anywhere a user can add information into the system, and possibly poison the ecosystem, that spot is a dangerous place to be short-sighted about security.

Imagine WebApp testing as a tiger sniffing out a good place to execute an ambush. Once the tiger knows where the animals go to get water (information crossing a boundary), they have discovered a vulnerability in both the environment and the prey’s behavior that can be exploited.

It’s now a matter of just watching and learning the patterns. Lying in the tall grass, hiding in wait for the bird song to return and all the little animals think it’s safe to come out again. Or maybe tigers aren’t the best analogy, but I do like tigers a lot. And if you’ve never read Tiger, you’re missing out. 

Anyway, in my case, it means to sit and practice hacking labs taking advantage of cross-user privacy invasion; client-side controls; faulty assumptions; unlinked items; directory indexing; insecure direct object references; and redirect filters. And that was just the beginning. Did I mention, I developed a muscle tick in my right eye? 

By the end of the 2nd day, the stutter was gone. But on the 3rd day, my right eye started randomly winking closed. I think that means my left brain wasn’t completely up and running just yet.

I grabbed coffee, kept my head down, and got ready for round 2. The final 2-days of lectures included: Red Team Automation, Gamification of MITRE ATT&CK, Cracking Cloud Security, Network Defense Modeling, and Offensive Deception. 

Ever read A Scanner Darkly? The protagonist is a detective hunting a drug dealer. Spoiler: the detective discovers he is the drug dealer. Or Fight Club, in which the unnamed protagonist discovers he alter ego is a cult leader of an anti-civilization urban-guerilla terrorist organization. That’s the feeling I was getting. I was two different people. A double agent moving between the good guy and the bad guy until there was no difference between the good and the bad just knowledge, tools, and leverage. It’s not ethics, it’s actions along a barrier. There is attack and defend the barrier.

Cyber is about controlling the flow and the mastery of the space between all things. Even the space and flow between the many minds that make up our minds (A Thousand Brains Theory).

, , , ,

Tribe of Hackers

, , , ,

Tribe of Hackers, by Marcus J. Carey, collects a wide range of seasoned infosec specialists to discuss the cybersecurity world from an insider’s point of view. My favorite question out of the dozen asked is: What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture? Studying the 60-plus answers, I broke them down into three categories that resonate with the self-defense instructor in me:

  1. Invest in awareness

  2. Assume compromise 

  3. Application over theory

There are three common aspects of martial arts all around the world. The basic breakdown of martial arts is competitive (sport), performance (entertainment), and self-defense (mortal danger). Competition can teach you how to fight, but you are always learning to fight with rules. There is a ref, a set time, and a chosen place. Performance is about entertaining a crowd and displaying grace, power, and drama.

The portion of the martial art world we are concerned with here is self-defense.  The training one does for surprise attacks. Nothing fancy, first just learn to cover your groin and face. This is a very good reflex around monkeys and big cats. 

Boiled down, martial arts is situational awareness and the more time I spend studying the cybersecurity field the more I think of it as an offshoot of martial the world. Hand-to-hand and weapon-based systems each have their context for when they are useful.  I like thinking of cyber as the martial art of network conflict.

In the walk-around world, awareness often simply means understand your environment and become conscious of how you make yourself vulnerable. Predators rely on distraction and surprise. The more aware you are, the less of a target you are. Don’t make yourself more vulnerable than you have to be. How big is your threat landscape? The bigger it is, the harder it is to secure and whoever has the weakest perimeter gets eaten first.

These rules of conduct coincide with cyber defense rules, like limit employees’ access and privileges. There is no reason to increase the overall threat landscape any more than necessary. When you give someone access, you put them at risk of being exploited. Every admin privilege is a target on someone’s back. They will be hunted for their access. Actually, I’m the only one mentioning the hunting of people. Nowhere in the interviews does anybody recommend hunting people. 

According to the professionals, companies building security-minded cultures should start with the low-hanging fruit: multi-factor authentication, complex password policies, and up-to-date patches go a long way. It’s not full-proof, but covering the basics eats recon time and time is money even for criminals. The longer it takes to get inside the more likely they will move on to an easier target. No one is perfectly secure, but don’t be the only guy without a bulletproof vest in a gunfight. I’m paraphrasing of course. There was no mention of firearms nor discussions about kevlar in the interviews at all.

Investing in awareness also means understanding how your assets are vulnerable. Is it really tech that is vulnerable? Or are people vulnerable? Creating a security culture that captures the attention of employees is essential. All the fancy AI interfaces in the world (which I love) aren’t going to save you from an uninterested or emotionally distracted employee. A narrative (mission) that elicits vigilance (situational awareness) is key. Everyone is seeking a “better way” and people, in general, adopt great standards that lead to personal growth. No one actually said people seek personal growth either. I’m reading between the lines and maybe being a little idealistic, but I stand firm on the idea that people want to be heroes.

The second concept: assume compromise, also illustrates martial principles. As in, you don’t get to pick the fight you want. For companies, it means an attack isn’t an if, it’s a when. And, most likely, you aren’t going to see it coming. Predators like to hit their prey from behind, not head-on. Unfortunately, the first hint of attack is often the sight of your own data leaking out all over the internet.  Assume compromise means: “the phone call is coming from inside the house!”, so it’s best to build impact resilience into the system. A panic room, if you will. Again, I’m being a little hyperbolic, but I’m trying to paint a picture. 

For an organization, assuming compromise means exploring postures that increase opportunities to fight as you roll and recover to your feet. Remember, this is close-quarters combat. You don’t get to hold them off at arm’s length. They are already inside your defenses and a strategic counter is required. But, before you can counter, you must locate. Check the endpoints, scan the logs, find the beacons, and isolate. Get good at finding the intruder. Too much time is spent on playing wack-a-mole rather than setting honeypots and canary sensors. That’s right, I’m talking about tripwires and tiger pits.

If you have followed the basics from invest in awareness, then the pathways into the system are limited and your team is straight-up tracking the interlopers. There are only so many endpoints probable. You must be able to detect if you are to defend. Imagine Sherlock Holmes presented with Star Trek’s Kobayashi test. Model, model, model. Test, test, test. Invest in failure, because failure brings insight.  

Lastly, application over theory. As the great fist-philosopher, Mike Tyson once said, “Everybody’s got a plan until they get punched in the face.” Steps 1 & 2 have been followed. Your situational awareness is high and you’ve created not 1 or 2 plans for possible sneak attacks but a dozen. But does your plan work when it’s not your friend throwing the punches? 

Unfortunately, the only way to get comfortable with people trying to hit you is by doing such. It’s not everyone’s favorite pedagogy, but it gets results. Catch a few on the nose, and everybody covers up and starts rolling with the punches. This is another good place to point out, no one discussed punching and kicking people in the interviews.

For organizations, application over theory means regularly attacking their own systems not only internal testing but external testing. It means investing in outside consultants who can give an objective perspective. Test the process and adapt accordingly. Then, test again. This is not a static game of Battleship. The opponent is not waiting for you to come to find them. They don’t have any rules, but they do have limitations. Don’t let experience be your limitation, because experience is the key for both sides. It’s a simple calculation, if you have had more time learning to fight your way out of a corner than your opponent, chances are they make the first mistake when pressured. 

To recap and summarize the guidance from the interviews it goes something like this: 

1) Awareness = What Matters x Why it Matters 

2) Plan for the worse 

3) Test the plan objectively

I really enjoyed reading Tribe of Hackers, and I appreciate Mr. Carey putting it together. There is much more wisdom to parse through in the interviews than I have offered here and I hope my violent paraphrasing and comparison (beat a dead horse) to martial arts doesn’t diminish his efforts or their advice. Carey has other books of interviews specific to Blue Team, Red Team, and Security Leaders.

However, before diving into those, I’m headed to Reno for the Wild West Hack’n Fest. This will be the first in-person conference for me (and possibly a whole bunch of people) since Covid. It’s time for me to meet more of the tribe.

, , , , ,

Cyber-Sorcerer-Ninja-Detective

, , , , ,

The world that is emerging from our electronic interactions needs a lot of patches. It’s growing and in need of constant adjustment, reconfiguration, and stabilization. For my part, this week was dedicated to learning how to hide, lure, track and trap bad guys for 4 days and a total of 16-hours of training on Active Defense and Cyber Deception with Black Hills Information Security. This was one of three courses they offer for the very affordable price of pay-what-you-can. Don’t let the generosity fool you. John Strand provides these courses as a mission. He believes we are all far behind in the cyber security game and there is lots of ground to make up. After 15 years as a SANs instructor, he has lots of value to offer. Plus, his energy is contagious. He does seem to truly be possessed with a desire for the greater common good we all share.


What did I learn? Illusions, traps, and other cyber-bending ninja-detective tricks. Unfortunately, a good cyber-sorcerer-ninja-detective never reveals the mechanics of their tricks (that’s not true, they don’t mind sharing at all). 


1st day was strategy and defining what active defense is and isn’t. It’s not waiting for the SIEM (monitoring system) to tell you something is wrong. The SIEM is designed to find threats that are known. We are looking for very sneaky people. They will find a new way in, something the SIEM can’t detect. 


The key to stopping the attacker is understanding the path of the prey. Where do they need to go? Know this and you know where to lay the traps that suck up their time. The illusions that lead them down the wrong rabbit hole to infinite nothing. And this may be the key takeaway. Make it a time suck to mess with you. Make it not worth the hassle to hustle ya. 


Show’em something pretty. Something they have to look at. Delay them, obfuscate the prize, and frustrate their basic efforts. Don’t be the low-hanging digital fruit, just dangling out on the internet waiting to be easily exploited. 


How do you slow them down? Honey, and lots of it. Your main weapon is a long list of honey: honey-pots, honey-servers, honey-networks, honey-users, honey-files, and yes Honey Badger! What are all these honey-techs? They’re big fake data burritos wrapped in alerts, stuffed with traps, and trackers. These techniques and tools draw the attacker into a fake world with sweet-looking data. A juicy-ripe text file with a bunch of sexy financial information and contacts that can’t be resisted. 


2nd day we talked about the legal issues that come with the territory. This is a whole new frontier as far as the law is concerned. Stand-out thought is how far behind the legal concepts of property and privacy are in relation to the digital dimensions of our lives. It’s an 8-bit paradigm trying to govern an Oculus world. It would do me some good to study up search and seizure law. The question to answer: when are you a detective and when are you the interloper violating someone’s rights? 

  Day 3, the slide reads “Don’t Get Shot!” and the class focuses on your safety as an investigator. As in, you may find yourself dealing with bad people. You might play a big part one day in locating said bad people and putting them in prison. Sometimes bad people hold grudges. You don’t want your name on anything bad people can reference. You want to be a ghost, a shadow warrior. That’s right, John added to my practical knowledge of how to make people disappear and attack from the shadows. Always happy to add a little more ninja to my bag of tricks.


Day 4, how far does defense go until it becomes offense? We learned techniques that trapped our network baddies in infinite loops that “inadvertently” shut down their systems. Is that wrong? Well, it’s complicated. How far is too far depends on your warrant and what 3-lettered agency is writing the check. But that’s the justice side. Maybe you’re not working for the government. What about private clients? What would you do for the cash? What wouldn’t you do for cash?


In some cases, your client might not be interested in taking any of this to court. As in, they aren’t concerned with the legality of your work and whether it might stand up in court. That’s when you have to decide for yourself what kind of InfoSec operator you are. Are you a mercenary, a kinda cyber-gun-for-hire? Or are you going to be an agent of justice? Or chaotic good and you just can’t help yourself because of some twisted extreme perceptions of fair and foul play? Or maybe your just smart enough not to get involved in clandestine cyber-pissing contests.  


It’s easy researching and studying security to get paranoid; to think that there is a never-ending wave of threats. And while that might be true, there are ways to limit vulnerability. For a business or an individual, it’s not that difficult to avoid being easy pickings. Remember you don’t have to be faster than the bear, just faster than the rest of the campers when the bear arrives.


My CompTIA Security + certification test is coming up in a few weeks. Time to buckle down and memorize an ocean of acronyms, hashes, ports, and protocols. But while that test is important, my mind will still be on the terrors of a Spider Trap and the devious capacities of Honey Badger. I look forward to building a digital hall of mirrors and digging cyber-tiger traps filled with my own assortment of deadly links. That’s right folks, two can play at the sneaky link game. Actually, we should all be learning how the game is played. 


After all, ya got be a cyber-sorcerer-detective-ninja to catch a cyber-sorcerer-ninja.


, , , ,

What Holds Us Together?

, , , ,

7 months ago I saw the world differently. 

When it came to technology, I was worried about all the wrong things. For example, is my phone listening to me? Yes. Absolutely it is. But in so many more ways other than just listening to your voice. To appropriately quote the Police, it measures “every step you take and every move you make.” Listening isn’t the issue. 

Whether or not my phone is listening to me isn’t even on my top 10 list of sci-fi-future fucked-up shit I worry about now. We live in a world with an electric heartbeat. Digital pulses and near-psychic interfaces link us instantly to each other. We are caught as much in the technological net as a fly is trapped by a web. But we are also as much on the web like the spider as caught like the fly. Complete and full immersion. Hunter and hunted. Most of us think the internet is an amusement park when it’s actually a hunting ground. IoT (Internet of Things) isn’t a luxury, it’s a hunter’s blind. And is it me or does anybody have a problem with the use of the word “Things”? “Things” sounds like the sequel to John Carpenters alien horror film (probably my favorite horror movie, ever).

Technology has made each of us more powerful and more vulnerable simultaneously. Any one of us with just a little training could create chaos with a few clicks of the keyboard. For instance, I spent last weekend on the Department of Homeland Security’s website taking classes on Infrastructure Control Systems and cyber security. ICS monitor and control systems that often require real-time info and are extremely sensitive to delay, systems in which shutdowns can be catastrophic. Think dams. Think power plants. Think runaway trains. Think nuclear centrifuges. Big stuff that needs to work really well or all the lights go off, shit explodes, glows and fragile ecosystems are destroyed.

After 6-hrs of videos and tests about the Vulnerabilities, the Risks, the Threats, the Methodologies, IT Mapping, and the Consequences of cyber security issues with ICS, I was not optimistic. Nope, I was more like, “Sweet Mother of Burning Circuits, we are in trouble!”  Don’t trust my hyperbole, check out the links below.

Water Plant Hack in Florida-Oh, Florida...

Hackers in Electric Grid-Yep, this is no joke. 

Easy Access Tools-It’s way too easy for the bad guys.

Or go read Sandworm.

But don’t worry, I got a plan to save the world.


Next up: Cyber-Sorcerer-Ninja-Detective


, , ,

Dawn of the Bot Hunter

, , ,

It’s raining and the morning sky is still dark, but the light is slowly shifting from ebony to blue. 

I’m thinking about Bladerunner as I listen to the rain. Harrison Ford narrates my near-future dystopian fantasy as a billion drops per second shower the world. I imagine each drop a malware-loaded bot, a digital armada with greater power than humanity has yet amassed but smaller than an atom, slamming against my firewall. 

Good morning, it’s a great day to hunt bots.

The information security company WhiteOps is the genesis of this daydream. Claim to fame: authenticating trillions of online interactions. The service: determine if it’s a bot or not. 

That’s what reminds me of Bladerunner, the Voight-Kampff test from Ridley Scott’s cyberpunk masterpiece. A digital detective tasked with identifying bots imitating humans. Sounds like another way of saying non-human investigations. So spooky and suspenseful, I’m definitely going to need a trench coat.

Detecting and defending against bots isn’t the future. It’s now. These bots are the new tanks and the next-generation super-cyber bombers. Consider how devastating the German u-boats were to the battles in the Atlantic. Bots are cyber-dimensional submarines exploiting the trade routes of the internet. They are electric ideas driven by algorithms with ambitions. And one of their greatest powers is passing as human.   

WhiteOps has a position open: Threat Intelligence Investigator. That sounds slick enough to me. If there is an AI that loves me, then there will be a bright and shiny circuit-badge with this gig. Just once, I want to unfold my wallet, flashing my ID, and say, “I’m Investigator Twitchell, this is my partner, we’re looking for some bots that were spotted in the neighborhood.”

I sent in a resume and cover letter a few days ago. Not just because Threat Intelligence Investigator sounds badass, it does, but also because figuring out what is human online is essential.  

If you find my words dramatic, well then don’t read this report on fraud and definitely don’t read this article on the AI-containment problem. And most definitely don’t read this one about Facebook being a Doomsday Machine with 90 million bots lurking around trying to friend the planet to death.

I hope to hear back from WhiteOps, but if not, I’m still going to hunt bots! 

And once I find them, game on. Ding ding goes the boxing-ring bell, let the match begin. In this corner hailing from 3-dimensional space fighting for humanity and weighing in at 170-pounds of bravado and hyperbole, Jay “The Bot Hunter” Twitchell. 

Well, like my grandfather used to say, “If you’re going to fight robots, you need to go to robot fighting school.” So, before my certificate of completion as a Digital Detective (artistic license with title) arrived, I was already signed up for a 4-day SOC analysis course with Black Hills Information Security taught by John Strand. 

SOC is short for Security Operations Center. It’s where the cybersecurity team responds to possible intrusions into the network. Picture a cyber-war room. Kinda like a NASA launch control room, with a two-story wall covered in screens, flashing red and green lights, maps from missile command, and graphs and dashboards keeping the score of the living and the dead. In the heat of it, sweat flowing from every brow, a dozen people furiously typing on keyboards, faces aglow in the wash of screen light, whispering battle commands into their microphones. 

SOC Analyst Level 1...gets that team’s coffee. Everybody’s got to start somewhere. As a coffee-dog and bot spotter, you let the team know about a flashing alarm and then Level 2 and 3 deal with capture, containment, and neutralization. You survey the network like a bushman on the savannah scanning for evidence of predators’ digital skat, dissecting packets, and looking for paw prints of persistent connections in silicon. 

Information security is totally hunting the hunter, spy vs spy. Just not the fast cars and jet packs, but instead SQL injections and rootkits. And If you're going to hunt down the enemy, you have to learn how to read the threat landscape and appreciate the tactics. To hunt a fox you must become a fox, yes? You need to know the methods so you can spot the signs that you are being stalked. 

John Strand is a great resource for honing cyber-safari skills. John is formerly a SANs institute instructor (15yrs) and runs BHIS, a cadre of devious cyber ruffians. 

A quick summary of the 4-day course:

There is no one product or strategy that is foolproof. Anything, given time and persistence, can be bypassed. The trick is layering the network with enough security gambits that it costs too much time and/or sets off enough alarms that an attack can be prevented or quickly resolved. The idea is to create a layered web. A spider uses more than one string to catch a fly. 

Endpoint analysis and common command-line magic tricks combined with a slew of open-source network monitoring tools and Shazam, you can respond to an incident. Right?   

Hmmm...not so fast. Even a good plan won’t help you if you aren’t used to responding to threats. There are a couple of fun quotes about this,  “Everyone has a plan until they get punched in the face.” and “No battle plan survives meeting the enemy.”

This is why you hire penetration specialest-teams like BHIS, and run attack simulations. If you can’t afford that, then attack your own system and test the defenses. Sounds like martial arts to me. Seeing as how I’ve paid professionals to beat me up most of my life, I totally get this principle. When you're getting your ass kicked isn’t the time to discover you're not ready for an ass-kicking. No one has time to think when they are getting pummeled. It takes practice to learn to roll with the punches. 

And if you're going to pay someone to cyber punch you, John and his team seem like the right kinda people. 

My takeaway from the 4 days: John is a passionate and generous instructor. The class was pay-what-you-can. So, the cost wasn’t an obstacle for the education. And I’ve rarely seen someone outside of a Pentecostal tent so evangelized about their work. It’s great to see that this field can keep a fire alive in the belly. Borders on inspiring.

My favorite quotes from the course were:

“You don’t get paid for the good days, you get paid for the bad ones.”  

and

“You don’t train until you get it right, you train until you can’t get it wrong!” 

To get your own dose of John, listen to this Darknet Diaries podcast where he shares stories about all kinds of penetration testing. One story involves his mother popping shell on a prison system. Below is the podcast and an article from Wired for the extra curious (it’s totally worth it).

Darknet Diaries - 67: The Big House (google.com)

(Darknet Diaries is my favorite podcast)

How a Hacker's Mom Broke Into a Prison—and the Warden's Computer | WIRED

I signed up for another course in March: Active Defense & Cyber Deception. I also enrolled in BHIS’s Cyber Range where you can build your cyber skills and supposedly compete for a position on the BHIS team. I also bought a t-shirt. I know it’s not quite a trench coat, but it’s a good start for the newest bot hunter on the block. Watch out, robots. I’m coming for you.


, , , ,

Matthew Holland talks about Cyber Security

, , , ,

The Knowledge Project Ep #93

Top 10 Cyber Security Tips

  • Use Multi-Factor Authentication (MFA) with all email/cloud/web accounts

  • Use a Password Manager (with strong passwords, no password reuse)

  • Use a Virtual Private Network (VPN), make sure the VPN vendor is based in a friendly country!

  • Make sure all devices/computers are fully patched (operating system/software/apps are always updated)

  • Reboot your mobile device(s) every morning

  • Use a microphone/camera blocker on all devices/computers when not in use

  • Don’t post addresses, phone numbers, or email account information on social media

  • When traveling, don’t use airport/plane/hotel Wi-Fi networks unless absolutely necessary (and use a VPN if you do!)

  • At home, don’t use the Wi-Fi network provided by your ISP modem (use a separate Wi-Fi router)

  • Keep home IoT (smart speakers, TVs, etc) on a separate Wi-Fi network from devices/computers

Next up: Dawn of the Bot Hunter

, , , ,

Digital Humanism

, , , ,

Sam Harris and the inventor of Virtual Reality, Jaron Lanier

This podcast is from 2018, but don’t let that fool you. This is still important ground to consider. It provides a measure for what kind of changes have taken place since this conversation.

One of the biggest points here: the value of creative ideas. Ideas act as the building blocks for shared values. And culture emerges from shared values.

, , , ,

AI and the Great Filter

, , , ,

Lex Fridman & Max Tegmark discuss AI and the future of Humanity. I came across this podcast researching machine learning. What a treasure. These guys cover a lot of ground in three hours. Here are my favorite topics:

(08:15) – AI and physics
(21:32) – Can AI discover new laws of physics?
(30:22) – AI safety
(47:59) – Extinction of human species
(58:57) – How to fix fake news and misinformation
(1:59:39) – AI alignment
(2:05:42) – Consciousness
(2:29:53) – AI and creativity
(2:41:08) – Aliens

After you make it through the whole thing, please share with me what you think about the concept of the big filter?

, , , , ,

Letting Go

, , , , ,

Just about every morning at 8 AM, I practice Tai Ch with a partner I’ll call B. B and I have practiced together on and off for 5 years. For 9 months, B and I have met at a local elementary school. B is same age my mother would be. My mother and I never did Tai Chi together. Don’t get me wrong I don’t think of B like she’s my mom. I just can’t help but wonder what it would have been like if I could have done Tai Chi with my Mom. It’s a thought that makes me smile.

B and I are always outside. Being Portland. sometimes it rains lightly, but most mornings we’ve been blessed with a clear sky. Most often there are crows perched high in the tree branches watching us. Locals from the neighborhood bring out their dogs to run and play fetch on the wet field. Some mornings the sky is pink and orange and some days its grey. Regardless we slip into our form and gently move through the morning trying not to wake the world.

Today after practice she gave me this poem. I can’t read it aloud without choking up.  Maybe I’m holding on too tight to something.

She Let Go

She let go.

She let go. Without a thought or a word, she let go.

She let go of the fear. She let go of the judgments.

She let go of the confluence of opinions swarming around her head.

She let go of the committee of indecision within her.

She let go of all the ‘right’ reasons.

Wholly and completely, without hesitation or worry, she just let go.

She didn’t ask anyone for advice. She didn’t read a book on how to let go.

She didn’t search the scriptures.

She just let go.

She let go of all of the memories that held her back.

She let go of all of the anxiety that kept her from moving forward.

She let go of the planning and all of the calculations about how to do it just right.

She didn’t promise to let go. She didn’t journal about it.

She didn’t write the projected date in her Day-Timer.

She made no public announcement and put no ad in the paper.

She didn’t check the weather report or read her daily horoscope.

She just let go.

She didn’t analyze whether she should let go.

She didn’t call her friends to discuss the matter.

She didn’t do a five-step Spiritual Mind Treatment.

She didn’t call the prayer line.

She didn’t utter one word.

She just let go.

No one was around when it happened. There was no applause or congratulations.

No one thanked her or praised her.

No one noticed a thing. Like a leaf falling from a tree, she just let go.

There was no effort. There was no struggle.

It wasn’t good and it wasn’t bad. It was what it was, and it is just that.

In the space of letting go, she let it all be.

A small smile came over her face. A light breeze blew through her.

And the sun and the moon shone forevermore…

by Reverend Safire Rose

, , , ,

Having No Head

, , , ,

Sam Harris podcast has a fun conversation with Richard Lang. Nicest dude ever. The quote below provides preview.

“The best day of my life—my rebirthday, so to speak—was when I found I had no head. This is not a literary gambit, a witticism designed to arouse interest at any cost. I mean it in all seriousness: I have no head.

It was eighteen years ago, when I was thirty-three, that I made the discovery. Though it certainly came out of the blue, it did so in response to an urgent inquiry; I had for several months been absorbed in the question: what am I? The fact that I happened to be walking in the Himalayas at the time probably had little to do with it; though in that country unusual states of mind are said to come more easily. However that may be, a very still clear day, and a view from the ridge where I stood, over misty blue valleys to the highest mountain range in the world, with Kangchenjunga and Everest unprominent among its snow-peaks, made a setting worthy of the grandest vision.

What actually happened was something absurdly simple and unspectacular: I stopped thinking. A peculiar quiet, an odd kind of alert limpness or numbness, came over me. Reason and imagination and all mental chatter died down. For once, words really failed me. Past and future dropped away. I forgot who and what I was, my name, manhood, animalhood, all that could be called mine. It was as if I had been born that instant, brand new, mindless, innocent of all memories. There existed only the Now, that present moment and what was clearly given in it. To look was enough. And what I found was khaki trouser legs terminating downwards in a pair of brown shoes, khaki sleeves terminating sideways in a pair of pink hands, and a khaki shirtfront terminating upwards in—absolutely nothing whatever! Certainly not in a head.

It took me no time at all to notice that this nothing, this hole where a head should have been was no ordinary vacancy, no mere nothing. On the contrary, it was very much occupied. It was a vast emptiness vastly filled, a nothing that found room for everything—room for grass, trees, shadowy distant hills, and far above them snowpeaks like a row of angular clouds riding the blue sky. I had lost a head and gained a world.

It was all, quite literally, breathtaking. I seemed to stop breathing altogether, absorbed in the Given. Here it was, this superb scene, brightly shining in the clear air, alone and unsupported, mysteriously suspended in the void, and (and this was the real miracle, the wonder and delight) utterly free of “me”, unstained by any observer. Its total presence was my total absence, body and soul. Lighter than air, clearer than glass, altogether released from myself, I was nowhere around.

Yet in spite of the magical and uncanny quality of this vision, it was no dream, no esoteric revelation. Quite the reverse: it felt like a sudden waking from the sleep of ordinary life, an end to dreaming. It was self-luminous reality for once swept clean of all obscuring mind. It was the revelation, at long last, of the perfectly obvious. It was a lucid moment in a confused life-history. It was a ceasing to ignore something which (since early childhood at any rate) I had always been too busy or too clever to see. It was naked, uncritical attention to what had all along been staring me in the face - my utter facelessness. 

 In short, it was all perfectly simple and plain and straightforward, beyond argument, thought, and words. There arose no questions, no reference beyond the experience itself, but only peace and a quiet joy, and the sensation of having dropped an intolerable burden.

Douglas Harding, [extract from] On Having No Head

, , , ,

Cult of the Dead Cow

, , , ,

Under the flickering lights of our Christmas tree, I wrap presents and think about a system file check of my prefrontal cortex. It’s the part of the brain that modulates social behavior. I want to confirm the hashes on all my psychic attributes because my mind is a swarm of acronyms and random strings of numbers. Once they get in there, it’s not easy to get them out. The numbers I mean. Cryptography has scrambled my axons with my dendrites.

I refocus and fInd some tape and scissors and while finishing the gifts I think about Santa coming down the chimney as a penetration test. Perimeter check. Santa is the perfect pretense to test our physical security. Going to need a new policy. Nothing like mitigating Christmas. 

Certification is now the focus of Bootcamp. No more technical training. Now it’s review and career prep. I am a walking-talking flashcard. I’m in constant dialogue with myself. Me in my head explaining security threats to a panel of enthusiastic me. I’m describing my plan to defend employees against Social Engineering. I look back at me very impressed

Hanging ornaments, I think of all the holiday cards we got this year, and next thing I know a phishing email begins to type itself out on the screen behind my eyes. A voice whispers in my ear, “Rapport building and framing psychologies create tribal bonds, these are our goals.” I stop myself, take a deep breath, and look around at my family.  

Freeze frame for the postcard moment: Christmas tree, everyone wearing wonderfully hideous Xmas sweaters; my wife has a tiger ornament in her hand; son, headphones on, reaches high above his mother to hang basketball ornament; daughter laughing with her head back and eyes closed, whatever it is it’s so hilarious it hurts. Cats attacking ribbons and bows, rolling in liberally scattered catnip. My tribe. My love. My treasures.

The Muppet Holiday album is playing, I’ve got hot cocoa, and I sink into a deep sense of gratitude. What a crazy ride. I pray everyone is as safe and warm and loved as I am. Happy Holidays. Let’s talk about Joseph Menn’s Cult of the Dead Cow  (CDC). 

Before we jump in, here’s a little background. Academically, there are 5 basic threats in CS: APTs (Advanced Persistent Threats-national interests), criminals (it’s about $), hacktivists (philosophically motivated), pranksters (fun-power), and mistakes (distracted minds).  While Sandworm focused on the history of APTs, CDC focuses on the history of the hacker activist trying to save the internet from itself.

My instructor is fond of saying, “In the beginning, there was no security.” Simply put, the internet’s infrastructure has vulnerabilities. What kind? Well very it’s technical, so let’s try this.   If the internet was a boat, it would a paper boat headed for the street’s rain run-off drain where the clown from IT is waiting. And if the internet has vulnerabilities, then so do we. Take notice, in that story with the paper boat, we are the little kid chasing the paper boat into the street drain and we are about to reach down into the dark to find sharp teeth.

Similar to It, CDC is the story of a bunch of kids who discover that beneath the normal world there is an underground system stalked by an otherworldly predator. Ok, maybe I’m pushing the comparison. I’ll stop there but if you’re a Stephen King fan at all, you can see how ugly this could get. Let’s try a different tac.

At the dawn of the digital age, the prehistoric version of the internet was built for nerds by nerds to share information. They weren’t worried about anyone listening, cause the idea was to be able to listen or at least hear. The main point was sharing. 

Quick note: Kopimism is an official religion whose faith it is to copy and share information. They believe that information is holy and to share it is to take part in that sacred process. I mention this because sharing on bulletin boards is how CDC was born. It all begins with people sharing ideas through text files and trying to make phone calls on the cheap. But that small (dare say meager or mild) attempt at fan fiction and manifestos might just have saved us all. For now.

CDC is a history lesson of the internet and the people who grew up with it, love it and are afraid of what could happen if our grand experiment goes wrong. Put simply the Internet of things, IoT, the Web, our phones, every application, and service they provide has not been planned well. 

Well, it wasn’t planned at all. It was co-opted. Repurposed. You might even say, hacked. Because now the Internet is actually an ATM. The biggest wealth maker ever seen in the history of humanity. So much wealth we could feed, clothe, shelter, educate, and provide medical care to the entire world. But we don’t. So the CDC has been trying to hack the hack and give us the Internet back. 

I keep using the word hack. Before the Bootcamp what did I know about hackers?

Hackers. The movie War Games introduced me to my first hacker. Remember the 1980’s: VCRs, Miami Vice, John Hughes. Then maybe you recall a young Mathew Broderick almost starting a nuclear war by hacking into a government war simulator.  “Would you like to play a game?”  

Cult of the Dead Cow is kinda like what would happen if Mathew’s character was actually represented by a dozen or so hackers who grew up with the internet, made it their habitat, learned to forage and hunt, found treasures, discovered pitfalls, and then rushed back to the outside world to warn us of what lurked in the digital forest. There are highwaymen, rickety rope bridges, hidden passages, boobytraps, spies, pirates, swindlers, and more. Oh so much more.    

Think IT meets Mr. Robot and the show runs for 50 years.  

You don’t know it yet, but we owe them big. Because while we were sleeping, they held the great glowing neon firewall. They snuck behind the GUI and took a look at the code holding the data-world together. What they learned scared them. They could have said nothing. They could have robbed us blind. Instead, they played David vs Goliath and set about hacking the world. 

They went up against Microsoft, mass media, and terrorists. Along the way, they crafted code, political philosophies, mayhem, and modern-day security analysis. Not all of them are heroes. The truth is complicated. They hacked for good, for fun, for country, and sometimes merely for chaos. They are at times activists, inventors, mercenaries, vigilantes, pranksters, soldiers, spies, and even Presidential hopefuls. Ugly warts and all CDC doesn't try to hide the flaws of the community. Instead, it gives enough space to let things be as they are and the reader to make their own judgments. 

My takeaway: The future is coming and we are going to need a bigger boat.

What do I mean by that? It’s the line from Jaws. That moment when they are chumming the water and Scheider’s character sees the shark for the first time. That’s me after 6 months of CS training. We are going to need a much bigger boat than the paper one we are in now.

That translates into: we need a much broader understanding of what we are dealing with.


Next: Matthew Holland talks about Cyber Security


, , , ,

Hello Cybersecurity World

, , , ,

The world has changed. In the face of Covid, the ensuing shutdowns, and social distancing, I’ve made a change as well. I’ve been an in-person kinda guy all my life. Massage is literally a hands-on job. Martial arts also involves a fair amount of physical back and forth with another person. Since working face to face with people isn’t as easy anymore, I decided to retrain myself and transfer my skillset into another field of expertise. I landed on cybersecurity.

Just before covid, I was working my way through a javascript tutorial and dabbling in some python when I came across a bug bounty video. The process of hunting down flaws in programs and networks hooked me.  I couldn’t follow the particulars to save my life, but the process was thrilling: recon, identify vulnerability, exploit, entry, cripple, exit.

It struck me how similar this was to my pain management system. Pain management is about understanding flaws in the system and building programs to improve resilience. And martial arts is the study of conflict strategies. Thus, when the world shut down, I dove into a VM rabbit hole and enrolled in the University of Oregon’s Cybersecurity 6-month Bootcamp. 

I had found a way to continue identifying weak points, building up hardened systems, and fight bad guys.

In Bootcamp, everything is remote and we (my 15 person cohort) were thrown into the deep end of the digital pool immediately. You get a machine and you load it up on your own, and then go. You better be able to follow directions, even if you don’t know which way you are going or where you are. I have been three virtual machines deep and unsure of what window I was in because my cursor was lost between interfaces.

It’s impossible to describe concisely how much material we have covered in so little time. It can break a brain. Neural networks can only take so much. I have had some serious cerebral-buffer overflow issues.

I’ve heard Bootcamp experiences described as learning by firehose. I agree and at times this has even felt a little more like learning by flame thrower. I would recommend this program if you don’t mind feeling overwhelmed. 

Many nights, my mind melted from being on the command line trying to grep answers. 40-hrs a week studying just to keep up with each new offensive, defensive, or forensic application that is introduced. I tried short cuts that were long ways back to the beginning to do it all over again and again. My rig crashed, looped, rebooted, and eventually fried its battery. I learned to live in the glow of at least three screens at all times. It’s like playing missile command but they are checking for good grammar as well your strategic aptitude.

Supposedly speaking another language in your dreams is good evidence the language is really settling in. A move toward unconscious competence. Asleep, I find myself searching for the password to my dreams, unaware I am already asleep.  It would appear my subconscious is concerned with the abstract syntax of a deeper logic. It’s trying to hack its own psychic login and get root access.  Data denied the waking me, the user.  Am I running hot or just getting warmed up? Not sure, but I am totally fascinated.

Why cybersecurity? I have thought about it and there are a whole bunch of answers. OMG, have you heard of Nerdcore? There are so many answers that I can’t put them all in this post. The next few posts should really start to give a fuller picture. 

That said, one of my favorite responses to “why cybersecurity?” is found in an analysis of three movies:  Bladerunner, Tron, & The Matrix. 

You didn’t think this could get any dorkier, did you? Grab your favorite nerd, cause it gets so much dorkier. But I digress.  Why these three movies? Long story short, they explore the perils of accelerated technological growth and the consequence to humanity.

Why cybersecurity? Because I like big ideas and what’s bigger than the transformation of humanity? Wait, but what does cybersecurity have to do with the transformation of humanity? Well, I’m glad you asked.

I will be exploring just that. In the simplest sense, cybersecurity patrols the infrastructure that makes the information-world work. Every electronic communication, bank account transfer, social media post, email, link, app, and or website/game. None of it works without cybersecurity.  

Next: Sandworm


, , , , , ,

Homo Deus

, , , , , ,

Notes on Homo Deus

Homo Deus: A Brief History of the Future by author Yuval Noah Harari makes you reconsider what you think you know about being human.

Here is my quick review of the book: I loved it! Just like his last two. But instead of just reviewing the book, I want to share my thoughts on some of the things that stand out for me in relationship to pain management.

Real quick though, this book isn’t for everyone. If you’re uncomfortable having your political, religious, philosophical, and general concepts of self challenged, then you will find this book disturbing on more levels than the author intends.

This book is a warning. It is trying to get us to pay attention, Like a passenger in car asking the driver to slow the hell down. You can’t take the turn you need at this speed.

I believe it also is a celebration of how far we have come and how far we can go. So let me throw this out there, if you cling to your belief structures like a life vest in an ocean of myths, this book is going to make you very upset, and it is going to deflate the concepts that keep your ego afloat. However, if you are looking for a better understanding of what are real challenges are right now, then buckle up because the twists and turns of history, science, psychology are going to make your head spin.

For those with short attention spans, below is a glimpse at the highlights of the book. For those who would prefer listening, here is a link (Yuval Noah and Steven Pinker) to a conversation with the author and Steven Pinker. My thoughts on how this applies to pain management follow.

-We’ve conquered- War, Plague, and Famine as the major mortality issues for humanity and next on the agenda for we will conquer death or become God-like in the pursuit.

-Spoilers: There is no soul, self, or free will as far as science is concerned and to believe so is to live in a fantasy world where you will be easily manipulated.

-The brain contains more than one mind and none of them knows what the other is thinking or why; and most of what you believe about the world (which includes yourself) is a confabulation (bullshit rationalizations) of these minds independent operations.

-The religion evolution went kinda like this: from nature to gods to a single god to nationalism to humanism and now data. Long live Data! In algorithms we trust!

-All medical science leads to augmentation science. We will be upgraded. Or at least the rich will be.

-Algorithms are everywhere and will rule us and we will like it because we are blind to the deeper realities of our existence. 

-The AI of the future will know us better than we know ourselves and we will either be their pets (if we are lucky) or their pests (if we are not lucky).

-The next class system will be based on human and super human.


Part 1: 

Why Are We Killing Ourselves?


After reading Homo Sapiens and 21 Lessons for the 21st century, I felt prepared for the author’s diagnosis of the current state of humanity and prognosis for its future. It’s not all doom and gloom by any means, just the end of humanity as we know it. Technically speaking it could be seen more as the continued transformation of humanity.

The book’s opening argument is that humanity has conquered War, Famine, and Plague as the major factors of human mortality. That’s 3 of the 4 horsemen of the apocalypse. Who doesn’t think that’s a good thing? To make its point the book presents some disturbing information on mortality that I had to stop and look into myself. 

1. More people die from suicide then violent deaths.

2. More people die from poor eating habits than starving.

3. By 2050, 50% the population of earth will be considered overweight.

Here are some mortality per year (2017) numbers from the CDC.

Heart disease-647,457 

Diabetes-83,564 

Alcohol related deaths- 72,500

Suicide- 47,085  

Overdoses 47,450

Vs

Homicides- 19,510

Firearm Homicides- 14,542

Mass shootings- 335

The top half of these numbers are all self inflicted.  The CDC website reports: childhood obesity has tripled since 1970; alcohol related deaths have doubled since 1999; suicides have increased by 30% since 1999; and overdoses are up 137% (200% in relation to opioids). 

The articles I came across reported that the majority of criminal acts that lead to violent acts involve the sell or pursuit of drugs. That means for the purpose of buying drugs to alleviate pain or making money by selling drugs to people who are in said pain. What about mass shootings? I think the majority of mass shootings are perpetrated by people who are on one level or another mentally ill and suffering from some sort of psychological and emotional pain. 

The common denominator for all these fall on spectrum of pain management. Drugs are used for (I am including alcohol here) reducing some kind of pain. Mental (emotional or psychological) and/or physical pain. Sure, lots of people use drugs and alcohol recreationally, but if drugs and alcohol are the recreation or needed to have any recreation, then odds are high that there is a hidden suffering not being addressed. What we are really doing is self medicating.

It would seem that a large number of people are under a daily burden that is inescapable without chemical assistance. Drugs and alcohol for the most part are our escape. So is sugar, or in general bad eating habits.

Why are we so sad, anxious, and disturbed when we live in the least violent and most prosperous age of human existence?

How many cavemen do you think killed themselves? I’ve asked this question to a few people and the answer I get back is none (note none of those people were anthropologist). While not scientific, the question makes a point. When life and death were a daily concern, people were to busy figuring out how to stay alive to consider killing themselves. When purpose was easily defined as don’t die today, people worked hard at staying alive everyday.  

It can be argued now that we no longer hunt or are being hunted we are haunted by an inner nature that no longer fits our environment.

The natural state of humans is to be concerned about getting killed, about having enough to eat. So, we naturally worry about things. In fact, its a feature of the brain. When the mind isn’t engaged in a particular task, the Default Mode Network kicks in. This is the part of our brain that has a tendency to ruminate and make us anxious. Its the portion of the brain calmed by meditation and attention training (quick self promotion: this is what I teach).

Worrying is a survival feature. Those who didn’t worry, didn’t live long enough to reproduce. Unfortunately, just because the natural threats no longer stalk us, doesn’t mean this feature for survival is no longer working.

The exterior environment may have changed, but our inner environment hasn’t quite caught up. We were born to solve problems. I mena real concrete problems. As in identifying the best tree to climb to sleep in so your a late night snack. We didn’t evolve to solve math problems or philosophical problems. Those are abstractions made possible by leisure and extreme access to resources. Those are fairly recent add-ons to the humanities skill set. We evolved to solve physical issues.

Our emotional and psychological health is tied more to our physical capacity for adaptation than being able to think your way out of an emotional problem.

In a way, life has become too easy and we have lost our resiliency. Our ability to deal with challenge, discomfort and uncertainty has shriveled like an atrophied muscle. Much like cell deteriorating effect of zero gravity on an astronaut’s physiology, the lack of constant physical strain/challenge has made us mentally and emotionally weaker.  

We now suffer from pain that we do not understand how to properly address. We have evolved to solve problems in an environment that no longer exists.

Instead of staying alive as the main function, we now are struggling with staying happy.

Our culture that has provided us a safer world has not prepared us to deal with ourselves. We wrestle and struggle with our thoughts and feelings. This leaves us with deep questions about worth and purpose that need to be addressed.

We are the most resource rich culture in history and we are killing ourselves hand over fist. It would appear that the more prosperous we become, the more likely we are to lose hope. What could possibly save us from ourselves?

This is important to appreciate because Yuval’s argument for humanities next agenda (now that we have conquered war, famine, and plague) is that we are going to conquer Death itself and transform humans into gods. 

Considering how bad we are at handling our feelings now, I wonder what kind of gods we will become.

Part 2

Kill The Gods, Long Live Data (continued in a week or so)

, , , ,

Why Are We Yelling?

, , , ,

I recently had a falling out with a friend that I have known for many years. My friend had strong opinions and felt comfortable sharing them. I’m not known for my lack of opinions either. A fair amount of unspoken frustration had been building over various issues. We didn’t agree on a great number of items that our country now seems comfortable listing in the issues of the culture war. 

My friend and I live far apart so most of our communications existed on social media. Eventually there was the infamous back-breaking straw and I ended our digital connection. I didn’t like what they had to say nor how they believed they needed to say it. There was a quick back and forth that was more than enough for me to remove their access to my platform of choice. This led to intense name calling on their part and short derisive follow ups comments on my part. 

I don’t call people my friends lightly and considering how powerfully demeaning my friend’s responses were, I believe they were genuinely hurt by me shutting them out. Nobody won anything, and we both lost something.

I wasn’t proud of my part of the escalation and so I felt it was a positive step to try to learn how to better understand why arguments happen and how they transform into combative situations. Sense one of my vocations is teaching martial arts, I felt an added responsibility. Somebody once said, the best way to win a fight is not to have one. With this in mind, I felt arguing well was an important thing to study. Learning more about how to have a disagreement without creating an enemy would be helpful on a number of levels. 

Buster Benson’s book Why Are We Yelling?  Was the first book I competed for 2020. It helped me understand my own tendencies as well as increased my awareness of how other people are moved. Here are a quick set of notes from reading his important book.

-3 categories of argument: Head, Heart, and Hand. Sometimes we are arguing about very different categories. If we can’t identify what perspective we arguing from, then nothing can be resolved. Being right doesn’t change a persons heart. Not being able to appreciate where someone is coming from emotionally means we are blind to the reason they feel so moved by their point of view. Focusing on what is useful usually comes second to trying to change someone’s mind. 

-4 voices: Power, Reason, Avoidance and Possibility. The first three are our go to reactions. Power rarely solves the problems, but sure does make us feel safer. Reason makes us feel smarter, but facts can, no matter how many you find, don’t change minds and most figures and statistics can be argued to support a different point of view. Avoidance seems helpful when we are just tired of the same items of conflict that never change, so why bother, just ignore them. This leads to a festering issue that often becomes to big to handle. The last voice, Possibility, tries to move beyond narrow concepts of truth and tries to discover the person behind the argument and examining the unique events and personal experiences that lead us into positions we are compelled to stand our ground, even if that ground is quicksand.

-Cognitive Biases: There are 200-plus and they corral our brains ability to see past our own limited reactions to stress. You can’t escape them but you can learn to understand how they shape our patterns of thinking. 

CBs are mental strategies that help us deal with too much info and not enough time in a world where the more choices we have the poorer our decision making faculties seem to preform.   Rather than trying to discuss every single CB, Benson groups them in away that allows for us to see that CBs work as sets. 

-Benson covers big issues: immigration and gun control as well as abstract concepts like the belief in ghosts. He talks about creating safe spaces for discussion and the power of generous listening. And while it might seem obvious in bares repeating, the way a question is asked places us on better footing for the journey toward understanding what the best answer might be. The more open ended the better. Yes/No questions are moe likely to cause issues than they are to help resolve conflict.

The book covers a lot of ground.  Way more than I have glossed over here. I feel that whatever your personal opinion maybe, you owe it to yourself and the people you care for to consider how you might be wrong about needing to be right. Certainty isn’t as useful as actual problem solving. Being able to avoid deciding who is right allows to get to what will work. How is it we go about setting aside our need for a stark contrast of black and white and discover the world is made up of shades of grey? 

Just last night a friend and I were talking about climate issues and I listened carefully to the words he used to describe those who disagreed with him.  Much of what he thought about the people o the other side of the issue limited his capacity to work with those others who would be needed to make actually make the changes we all very desperately need. 

Much of the ammo we use to deride the other side comes from media. The media isn’t designed to make us better at solving our problems. One might argue that no matter what side of the argument you fall on about whatever argument you are having, most of our reasoning is given to us by a system that profits from escalating our differences into fears that produce conflicts that keep us from working together to help one another. 

Most of our talking points are not sought out to transform us, but to confirm what we already think.  Every opinion we have deserves to be examined with an awareness that we are afraid to be wrong. Benson’s book asks if we are brave enough to accept information that transforms how we think of ourselves. 

Ultimately we have to ask: what is the point of the argument? Isn’t it about being able to share the world we live in. Isn’t about living in a world that is worth sharing. Sometimes there may be no way around a fight, but before we get there, let's try to make sure we did everything we could to avoid it. 

I don’t believe mot of us want to make enemies, nor does anyone want to lose a friend.


 


  

, , , , ,

Cognitive Countering

, , , , ,

Sam Harris’ Making Sense podcast has a bunch of great conversations. Of particular interest are two that focus on how the mind is built to make mistakes and methods for overcoming our cognitive biases.

Maps to Misunderstanding is a conversation with Daniel Kahneman author of Thinking Fast & Slow. Discover System 1 System 2 and the difference between the remembering self and the experiencing self.

Mental Models is a conversation with Shane Parrish from The Knowledge Project podcast. Which looks like my next info-binge.

, , , ,

Vipassana Notes: Body, Change, Thought, Feeling

, , , ,

There are a whole bunch of different types of meditation practices. I believe these notes are from a lecture on Vipassana. Provides some thoughts and frame work for meditative exercises and how to work with your attention.

Mindfulness of the body:
Be aware breathing in
Be aware breathing out
Breathing knowing short and or long
Experience the whole body breathing
Experience the wholeness of the breath
Calm the breath
Calm the body

Identify other bodily feelings
Meditate on them
Notice their length, Can you sustain you attention there
Do they shift to other places
Does they intensify, or subside

Changing nature of elements
“I am” identifying
What calls your attention becomes the object of the meditation
Notice how things are
How long until it changes
How long until your attention drifts
Be aware of the drift
See if u can catch the drift
As u send your attention
Around the body
Drift and return
What remains
When u are gone
Sounds happen
Sensation is effortless
Return to the breath
Open to your changing sensations
When do you drift
How long have u been gone
Calmly,  softly, gently w humor return and breath and be aware of breathing, there is a body.
End

Mindless of Feeling
Pleasantness, unpleasant, neutral
Feeling tones, habitual desire
Neutral is delusion
Clear recognition of feeling no judgement
Feeling from the physical body
Pleasant and unpleasant and neutral feelings
Contemplating the disappearance
of those feelings

The mind free of wanting
Mindfulness of heart/mind
Be aware Mind states and emotions
conditions
Desire, Greed, aversion, delusion or absence of.

What is and is not skillful. Leads to happiness or suffering.  What to cultivate?
Noticing the mind states. What is the minds attitude right now. Receptive or rejecting, clear or delusional, wanting or not wanting?
Concentrated or directed? Joy, boredom.

When you drift
Return to the body and repeat

Mindfulness of thought
I am aware I am thinking
It wanders naturally
The wandering mind is not the problem but the attitude.
Not prevent thinking but recognize when it arises giving u more space to integrate them
Unaware we act our thoughts
They become our inclinations
Skillfull Mind habits
What is the content of my thoughts
What is a thought
A passing thing
Notice the patterns
Am I Planning
Am I Judging
Am I Remembering
Am I Fantasizing


, , , ,

The Search for Meaning

, , , ,

bigthink has an article discussing Joseph Campbell and Alan Watts thoughts on the modern crisis of meaning and purpose.

"More and more each one of us is thrown on to our own resources. This seems to me an excellent state of affairs. So that in a symbolic sense we are back in the forest like the hunter of old who has nobody around him to tell him how to feel or how he ought to use his senses. He therefore must make his own exploration and find out for himself."