When is a "Hack" not a hack? How about fraud and negligence?

So... Was the "parler hack" a crime?

Was it even a HACK?

Well...There was almost certainly a crime comitted.... several in fact... but probably not what you might think... or by who you might think.

Because of the comprehensive incompetence and fundamental errors in architecture, design, development, and implementation of the Parler site, services, applications and infrastructure; technically, a very strong argument can be made, that none of the actions the people who accessed (or possibly compromised) the Parler data took in doing so, were actually illegal under U.S. federal law, and the laws of most states.

Effectively, there was no private or confidential data access, because none of the data was actually private or confidential, regardless of whether it was intended to be or legally required to be... the site admins allowed elevated privileged access to be created by unprivileged users, and allowed privileged users to query and retrieve all data within the control of the organization, without properly validated authorization or authentication  

Everything else those accessing the data did, was just scripting those authorized queries to run over and over until they had all the data.

That's not technically illegal, so long as they didnt eliberately circumvent or compromise a policy, wiith a deliberate technical control mechanism enforcing that policy, using an unlawful method. 

...And by any reasonable interpretation of federal law and definitions, and at least most state laws and definitions, the individuals accessing that data didn't so so... Because they didn't have to, because the site devs and admins didn't program or implement any ACTUAL privacy or security controls into the site or the database.... Anyone who knew how to do it, could have done it for themselves, at any time, without bypassing or circumventing anything, or using any outside tools etc... 

The researcher who discovered the data exposure, made her own privileged account, because the site devs and admins didn't implement account controls that would prevent any authenticated user from doing so if they knew how... and privileged accounts were never verified or properly authenticated, and had permissions to do everything else.

...At that point, I don't believe any actual access restriction ornother relevant policy enforcement control, or privacy control, was actually compromised or circumvented by unlawful means... Or for that matter, at all. 

Now... that wasn't the developers or administrators or owners INTENT... but you don't commit a crime for circumventing INTENT.

Its not even a crime to violate policies and terms of service... usually... maybe... depending on many details and variables.

It actually IS a crime to create a new account to circumvent policy, after you have been banned... at that point you are using a technical means to circumvent enforcement of your authorization removal and ban... Even though any user could do so, for any reason, and there isn't anything special about doing so, because you know that you have been banned and are no authorized, an are using technical means... making a new account... to circumvent a technical control... the blocking of your old account... and are accessing such systems without authorization through such circumvention. 

That is explicitly a federal crime "Knowingly unlawfully or improperly accessing a computer system or communications network, without proper authorization".

 If you use such circumvention to do more than a trivial amount of damage, or to intimidate or harass people or commit other crimes, its a fedral felony, under the telecommunications act (originally passed all the way back in 1934 but revised MANY times since) as modified by the computer fraud and abuse act, the USA patriot act, and other related acts and sections etc... etc...

But if a site admin/dev writes a policy that says "users won't use their accounts to gain more access and privileges than they are explicitly granted by admins' that policy won't actually have any force, and violating it won't be a crime... 

at least until you get caught the first time, and kicked, and then log in or make a new account, and try it again, at which case you are knowingly circumventing policy and controls via technical means. 

Even if it was clearly not intended for users to give themselves admin privileges, and gain access to other users daya... even if there's policies that say so explicitly... its not a crime, if the user can do it, without using technical means to circumvent technical controls enforcing those policies.

In this case, they never actually properly implemented such controls. Users were able to make privileged accounts and access other users data, without any technical circumvention... they just had to know job to do so. Nothing else would have stopped them. 

...That means it was almost certainly not a crime... But like I said, there is maybe a little wiggle room for charging something here... 

Oh... But here's the really fun twist...

The Parler site owners, admins, devs etc... ?

They had legal and regulatory requirements under various state, national, and international laws and regulations, to properly and effectively control, secure, and protect, the personally identifiable, private, secure, or confidential or higher data, of its users, employees, partners, and other corresponding entities.

They also had a lawful duty of care, to implement security and privacy controls, at least to the minimum prevailing industry standards of compliance, and generally accepted minimum proper practices, and minimum best practices, for operational protection of personally identifiable, private, or confidential or higher information. 

...In fact, they had state, federal, and international legal and regulatory requirements; as persons of responsibility for the care and protection of the security and privacy of such data; to legally certify, under penalty of perjury, and civil and criminal liability...

... on at least an annual basis (and possibly as often as every 30 days)...

... that they were in fact meeting such minimum standards and practices with policies,, processes, and technical controls, that were in fact effective in doing so.

...When, in fact, they did not have such policies processes and technical controls, that were in place and effective... Or at all...

Which means everyone who signed those certifications, was committing state, federal, and international fraud, breech of trust, and failure of duty of care (and by the by, violation of their own published and stated policies, and the public statements of their persons of responsibility, which extends the fraud, and may also be interpreted as breech of contract or breech of promise, depending on the exact data, the type or individual or organization, their relationship to the organization and the exact laws of the jurisdiction in question)

That...essentially automatically... makes what they did both tortuous civil negligence, and gross criminal negligence.

I say this as someone who does this for a living, advises clients on it professionally, has co-authored many briefs and provided support for many motions, and testified in both depositions and trials; both as an investigator, and as an expert witness on this subject.

All that said... I mean... you always have to take two major factors into account:

1. MOST jurisdictions that I know of, would probably agree with what I wrote above, most of the time, presuming what we now believe we know, holds true... But not necessarily all.

 Some states and other jurisdictions have different legal standards and definitions, under their own  laws and regulations, that could see these various individuals actions in accessing Parlers data,  interpreted by prosecutors and judges, as rising to criminal behavior... Or conversely could interpret the site owners, admins etc... as neither criminally or civilly liable, or that insufficient actual harms had resulted from those otherwise negligent actions such that they would meet thresholds for criminal or civil liability.

...AND...,

2. On any given day, given any particular set of facts, circumstances, and laws, any judge can decide almost any possible way, accounted for under the law... 

...and maybe some not contemplated by the law... 

Or may even simply act flatly outside the law; either because they believe the law is itself in error or improperly interpreted or applied, and that the courts should or must address this defect or defects...

...Or that regardless of any potential legal defect existing or not, that their actions outside the boundaries of the law are in the interest of justice... 

...Or sometimes they just think its the morally or ethically correct thing to do, regardless of the law... That they SHOULD or MUST take such action, regardless of the law, even if they are later reversed, because to do otherwise would be absurd,, obscene, or would tend to shock the conscience (and yes, all of those unusual words and usages are quotes from famous rulings where judges did exactly those things, for those reasons).

A Little Ramble about Liquor

I suppose I'm "lucky" as far as that whole "manly vs. Girly drinks" thing goes...

...Well... Firstly in that I really couldn't give the slightest bit of a damn what other people think about what I drink, or whether its "girly" or not. 

Here's a hint... If you are so concerned about whether other people think you're "a real man" or not... you aren't. 

That aside though... My actual preferences, and what I really enjoy, are on what would generally be considered the "manly" side of things, and I generally don't care for things that would be stereotypically girly.

...Mostly because I like sharper, spicier, more sour, more bitter, more savory, more earthy etc.... flavors, and I generally dislike sweeter and milder or mellower flavors. Though I love "creamy" and "rich" stuff... which I suppose some consider more "girly". 

My favorite alcoholic beverages are weissbiers, and brown, red, or amber ales; dry and sharp or full and buttery hard ciders; unoaked or lightly oaked dry whites or unoaked to moderately oaked (moderate body fruity or spicy, and not too astringent or too sweet) reds; and quality sipping spirits.

Of those, my default choices are hard cider, brown ale, a solid red wine to go with red meat,  and a high proof sipping whiskey.... and MAYBE, on occasion, a dry or sour cocktail or other mixed alcoholic drink

...All of those are pretty much considered "manly" by default...

 My preferred spirits are cask strength or overproof... Meaning they're all over the standard 70-90 proof of most spirits (legally, in the U.S., 80 proof is considered the default standard proof), generally ranging from around 100 proof (50% alcohol) up to 150+ proof (75% alcohol)... Though I'd say the majority of my favorites fall between 110 and 140 proof.

...And by most peoples judgement, that level of alcohol in a spirit, kinda "wins" the "manly vs. girly" test automatically. 

Just generally I don't like drinks that are particularly sweet...Hell, I don't even like my DESSERTS to be particularly sweet. 

As such, most standard proof rums, whiskeys (particularly bourbons, sourmash whiskeys, corn whiskeys, etc...), and tequilas are far sweeter than I like... Even some "dry" gins, are far too sweet for my taste (and almost all Dutch or French style gin/genniver/genevre is). Makers Mark and Jack Daniel's taste like alcoholic brown sugar syrup to me (and in fact my preferred use for either is in making caramels, ice cream, whipped cream, and other sweet sauces and confections). 

Oh... and the caloric content of those spirits bears out my perceptions of sweetness by the by. Bar syrup/bartenders syrup/cocktail syrup (a simple syrup made of sugar boiled in water, with or without some minor additions or modifications, or infused flavors) has appx. 75 to appx. 100  calories per fluid ounce (depending on the exact sugars you used, in the exact proportions you used, and the exact process you used... mostly how long you boiled it for and what temperature, dissolved solids {brix} and specific gravity you boiled it to). Makers Mark has appx. 70  calories per fluid ounce (100% from sugars), which is fairly typical of bourbons (and whiskies in general tend to run between 60 calories and 80 calories per ounce, again all from sugars). In fact, most standard proof brown liquors, distilled from a relatively sugary mash (any kind of molasses or corn based spirit for example), will be very close to a sugar syrup in calories and total sugars. 

All that said, even the driest of neutral spirits, at 80 proof, is going to have something like 52-55 calories per ounce, simply because of the calories in ethanol. 52 is just about the minimum possible calories per ounce, in a spirit that is 40% ethanol.

Pure ethanol itself has about 200 calories per ounce... about 7 calories per gram. Which is actually more than pure glucose, at about 4 calories per gram. Meaning the higher the proof, the more calories a given amount of alcohol is likely to have... But not necessarily more sweetness. 

...But its still a big difference between a very dry neutral vodka or gin at 52-55 calories per ounce, and the as much as 80 calories per ounce you can get in some of the sweeter corn whiskies for example, or the absolutely ridiculous sweetness of many rums, at anywhere from 100 to 140 calories per ounce (more than most liqueurs that have added sugar), at 80 proof.  Ever calorie an 80 proof spirit has over 52, is a calorie from either sugar, or from sugar alcohols formed alongside the ethanol in the mashing and distilling process... and as it happens many sugar alcohols actually taste sweeter than pure glucose. 

Also one should note that a lot of overproof spirits are fortified with extra sugar in their mash, so they can use special varieties of fast eating fast metabolizing yeast that will produce more alcohol in the initial fermentation, and survive longer in a higher alcohol concentration (most yeast will only survive to between 8% and 12% alcohol in the brew, but some varieties can survive to over 20%).  Yes, the yeast eat more sugar to make more alcohol, but its not an even balance, and you need to add more sugar than the yeasts can convert, to ensure they fully expend themselves making as much alcohol as possible. This results in a final mash with more sugar, and more sugar in the final spirit... as well as more of the natural digestible sugar alcohols that  go along with all ethanol production and distillation. 

-----A long but hopefully interesting aside-----

...All of the above actually reminds me of the few very sweet, and particularly very few explicitly sweetened with added sugars... alcoholic spirits I like.

As it happens, I have been makjng my own cordials and liqueurs, since several years before it was legal for me to buy the main ingredient thereof; having been taught both to enjoy them, and to make them, by a friend in the SCA who made many different kinds himself, and who always brought large supplies of them to society events (he also taught me brewing, mead and winemaking, and a fair bit of what I know about distilling).

Most often I make my own apple pie (and sometimes other types as well...Lemon, coffee, coconut, cinnamon, and vanilla bean are favorites for example. All share in being, strongly flavored, strongly sweetened and STRONGLY alcoholic) from my own secret recipes of sweeteners, spices, and flavorings, and from... lets say, available high proof spirits...

...By that I mean the best quality highest proof spirits I can get, that have either a truly neutral flavor profile, or a complimentary basic flavor profile, to my desired end products flavor profile... If I can actually get some of the true, I'll happily use that and prefer it to other options... but it's kind of hard to come by. Meaning that mostly I use something like Gosling Black Seal Overproof Bermuda Black rum, at 151 proof, or similar, and with a quite nice basic flavor profile of its own (its not harsh at all, in fact its quite smooth and pleasant. It's actually my favorite relatively low cost rum, even for standard rum drinks).

By preference I generally WON'T use Everclear (or its sister product goldengrain) even though its supposed to be 190 proof or 95% ethanol. Though I CAN use it, I generally don't because it doesn't make sense to do so... Because it is entirely unaged and unfiltered (more on that later), everclear has more of the nasty volatile aromatics, congeners, and fusil oils (all natural byproducts of distilling, that aging and filtering tend to reduce or eliminate in more expensive spirits). Thus, everclear ends up having unpleasant harsh flavors and odors that I have to compensate for, by dilute it more, having to use more stronger flavors and sweeteners, and cooking off more of the volatile and more of the alcohol with them, so it ends up not being the 190-ish proof it starts off at anyway. 

In fact, because of those factors,, by the time I'm done compensating and correcting the flaws in the base spirit, it ends up weaker than starting with an actual good tasting overproof liquor at 150ish to 180ish proof.

The same is true to a lesser extent for "lab grade", "medical grade" or "food grade pure" ethanol, which varies from 95% pure, to 99.75% pure, and is sold for making tinctures, extracts, infusions, flavor concentrates etc... in theory it should all be very close to truly neutral.and very close to 100% pure ethanol... But in the real world theres always a small percentage of undesirable elements mix in... and those tend to very WILDLY, from brand to brand or even lot to lot, based on the exact recipe they use, the process they use, even the equipment they use to distil and process the spirit. 

Because Everclear, other ultra high proof liquors (theres a 196 proof liquor on sale that calls itself high proof vodka for example, and several 180 proof rums and vodkas), "neutral grain spirit", and "XXX grade pure ethanol" are all.... to my knowledge, completely "unaged", and in distilled spirit terms "unfiltered" and  "unblended"...

--- Another not quite as long but still long aside about some spirit terminology ---

"Unaged" doesn't necessarily mean exactly what it sounds like. One batch of "unaged" spirit from one brand, may have been distilled, bottled, and delivered to you within a few days or a few weeks. Another brand may have spent weeks or months in "blending" and "mellowing" tanks... even a year or two... And then may have spent years sitting in bottles in "resting" or even ridding racks, in an aging warehouse or laagering cave somewhere... and it may be anywhere from 2 to 12 years old by the time its actually sold to you.... But in the world of spiritous liquors, none of that counts as actual "aging". 

In industry terms, aging requires the spirit be exposed to a slightly porous and permeable environment where solvents in the spirit can interact with soluble elements (almost always wood, or woody plant matter, of some kind in some state, but also may include paper or other textiles, and various minerals), and to a lesser extent the atmosphere and environment around the aging vessel, where volatile vapors can expand and contract, with some escaping and some entering... and with sufficient gas/vapor exchange flow to have some oxygen exchange, and some oxidation, but NOT so much as to have significant undesirable modes of oxidation occurring. 

Ideally this aging should occur in a vessel which allows for all of those basic factors, and which when exposed to air and ethanol and the other elements of the spirit, will absorb or modify or allow to evaporate on their own, harsh or unpleasant or unbalanced components of mouth feel,  aroma, and flavor; while also imparting the solvents and other elements of the spirit, with some of the essential aroma and flavor compounds from within the material of the vessel itself, or from other elements placed into the spirit... Again almost always wood, or pieces of woody plant matter, but it also may include those other elements listed above. 

"Unfiltered" spirits aren't... they ARE actually filtered, for particulates and contaminants that would make the base spirit not meet quality grading standards. But in distilling parlance, "unfiltered" actually means they ARE filtered (as noted above) but they're NOT "filtered" through the thick stacks of paper, charcoal, charred wood, various other textiles,, minerals, and relatively recently engineered polymers  (some componets of which may be soluble, some ion exchanging, some hydrophilic or hydrophobic, some oleophilic or oleophobic, some none of the above), and "botanicals" (distillers speak for any plant product used, in whole or minimally processed form, to infuse or filter a spirit in a manner which may notably alter the flavor and aroma of that spirit (and not always in ways you might expect). Usually its aromatic herbs and spices, fruits or bits of fruits including pith, pit, rind or skin, zest,  nuts, seeds, and dried leaves or bark; but it can be any plant matter really).

These "filter" elements are generally used in the distilling trade to "blend" (see below), "mellow" (reduce volatility, harshness, undesirable top notes of  pungency and astringency, and other potentially unpleasant, undesirable, poorly integrated, or poorly  balanced, and non-,complementary components; of aroma, mouth feel, and flavor overtones, undertones,, and highlights) and "sweeten" the spirit (which actually means removing or masking undesirable bitterness, undesirable basal astringency, excessive "earthy" or "grassy" or vegetal flavors, metallic flavors, "chemical" alkalai or basic flavors, and other unpleasant flavor components;, and improving the balance and integration of desirable and complementary flavor components.. It doesn't mean actually adding sweet flavors).

Similarly, "unblended" spirits ARE almost always actually blended as well, in terms of being combined from multiple batches, or even multiple different distilleries... But only for ease, convenience, and consistency in manufacturing, and to aid in improving quality control.  In distilling industry parlance "blended" means the distillers deliberately took several different batches of spirits from different distillation runs, different stills, different recipes, or even entirely different distilleries; that all taste and smell anywhere from slightly to entirely different from one another; and then blended fhem together in various and variable proportions to each other, and with water; in order to end up with a final bottled spirit that has a specific and consistent alcohol percentage, and a specific, consistent, and pleasant, aroma, flavor, and mouthfeel; matching the specific desired characteristics nd properties of the spirit they want to bottle. 

---- end aside on terminology for liquor -----

... As I was saying... Very strong overproof "unaged"  "unblended", and "unfiltered" spirits, can end up being so harsh, with such a high percentage of the nastier volatile aromatics (still a very low percent, but high enough to make it unpleasant), that you don't see much of the benefit of the higher alcohol percentage, because you have to boil off a lot of those volatile and that ethanol from the spirit, and mask the off flavors with dilution, sweetening, etc... 

That said, such "xxx grade" ethanol can sometimes be had quite cheaply in some states (I recently saw 99.97% pure "medical and food grade" ethanol selling for $40 a gallon, shipped, before quantity discount. That's compared to the $20-$40 per LITER you may see other high proof spirits sell for)  because it doesn't have to go through the standard liquor distribution channels, and may not have the extra state and local alcohol taxes tacked on...

Some batches of such high proof or high purity spirits, from some manufacturers and bottlers, may have very few actual flaws requiring specific correction, and may only have the basic issues caused by lack of aging and filtering to deal with. At prices like $40 per gallon, it may actually be worth buying some for use in more strongly flavored more heavily sweetened liqueurs, and taking the time to cook the harsh volatiles out longer, while infusing your flavorings longer and hotter, masking the remaining flaws in the base spirit.

Also, if the base spirit is mostly free of major flaws and defects as above, at prices like $40 a gallon, it very well may be worth experimenting with filtering and aging the spirit for yourself at home, and with doing infused spirits (rather than flavored and sweetened liqueurs). I have actually done so myself, and the results can be quite good... Sometimes, some batches may even be good enough to drink neat (especially strong infusions, and particularly when served ice cold from the freezer, or in strong punches, or strong grogs or toddies) or with some water and ice. Most of the batches I made were quite suitable for use in cocktails, and certainly more than good enough for use in cordials and liqueurs.

...And now I want to make some apple pie again...

----- End of long and hopefully interesting extended aside -----

My preferred mixed drinks are mostly dry, sour, or both... with the exception of some sweeter drinks that are sweet because of fresh fruit juice or fresh fruit... when the sweetness isn't the point, it's just a side effect of the fruit goodness (I LOVE pineapple based drinks, if they're not made overly sweet... which unfortunately they often are). 

If I just want alcohol for the sake of drinking, not to specifically enjoy a fine spirit... That's what double tall vodka tonic, double lime, is for... IF its unsweetened tonic, or I know and like the brand of tonic they're using. If not, then I sub soda water, because again, most tonic is sickeningly sweet (particularly because they usually sweeten it with saccharine). 

Or, being a native New Englander, I love cranberry juice (if they have REAL cranberry juice, not "cranberry juice cocktail" thats usually 3/4 apple or white grape juice, and again way too sweet), and I love dry and sour cranberry juice based cocktails. 

...But I don't go for that "test of manhood" level of bitterness, sourness, peat, smoke, whatever... A Lagavullin is nice every once in a while, or a Stone or Dogfish head IPA... but I don't think it's necessary to drink something overpowering and unbalanced, just for the sake of it. 

Some think that overproof spirits are like that... But to me they actually taste BETTER than regular spirits. Spicier, sharper, crisper...with an almost mint like refreshing bite, and a shorter, cleaner finish. Less sweetness or oiliness laying on the pallet after you sip.

...And cocktails that would be FAR too sweet made with a standard proof bourbon or rum (which might as well be a full measure of sugar syrup each shot), are suddenly refreshingly dry with an ovenproof spirit instead. 

...So yeah... do what you like, drink what you like and enjoy, and who the hell giives a half a  damn what anyone else thinks about it.

My personal best (and not so best) games of 2020(ish)

Might as well do a listicle... My best (or other than best) games of the year, by category...

AAA single player: "Cyberpunk 2077"... I really don't have any gamebreaking bugs or performance problems making it unplayable, and it's otherwise the best single player game I have played, at least since New Vegas, maybe even better than that.

Close runner up: "Final Fantasy 7 Remake"... Its honestly much better than the original, both game play and story and (it follows the same basic storyline but has 100 times the depth and detail...  and given the original is one of the greatest games of its genre, that's saying something. And its jaw droppingly gorgeous at certain moments.

And for additional... Flavor, as it were... "Game I wanted to love, and it was good enough that I still really liked it, but it has too many issues to actually make a "best of" list": that goes to "Control". Yeah it's not a 2020 release, but the "ultimate edition" went on super sale in 2020... and while its worth buying on sale, and worth playing... it was just a little more work, a little more polish on both crunch and fluff... away from actually being a great game. 

Indie single player: "Hades", no doubt. Love the aesthetics, love the game play, love the humor, absolutely brilliant game. No other indy game even came close this year... Though there were definitely a bunch of great indies this year ("Kentucky Route Zero" FINALLY finished releasing its last episodes this year, and it's a very interesting experience... not much like any other game you would think of off hand, but certainly worth experiencing... and I've heard very good things about "Cloudpunk" for example). 

AAA multi-player: Also easy, "Call of Duty Black Ops: Cold War". Without question the best  Call of Duty... or for that matter CODlike game... Oh... at least a decade or so. Though it is absolutely KILLER on your system resources. Getting playable framers on a 1070 in 1080p was difficult, never mind anything better. That said, its a VERY good looking game when you turn the settings up. 

Indie(ish) multi-player: For the... third year in a row now I think? It's "Warframe". They've completely overhauled the game over the last three years, even to the point of writing a new engine and new textures and shades, and of course major new content, for free, 4 times a year, with minor new content every 40 to 60 days.

Best mobile game: Well... that's kinda complicated and difficult at the moment... Hmm... Do you count Hades, which is on mobile platforms too (just the Switch for now, but likely it will be ports to iDevices soon, an android eventually), but is better on PC or heavier weight console? Do you count three of the best PC or Console games from decades ago...KOTOR and KOTOR-2, and "Castlevania Symphony of the Night"... which also released native mobile versions recently? 

...Maybe... "Sky" Children of the Light"? Its gorgeous, it's fun, its got a unique aesthetic and viewpoint... Well worth getting. I haven't played "AnimA" yet but I've heard its really great. Same for "Battle Chasers: Night War".... Both are installed and waiting to play. 

Worst mobile game AND worst game  that I actually paid money for: "Elder Scrolls Blades"... its a switch and mobile game... and its been in Beta and early access for like 3 years, and yet there's very little content, and whats there is shallow and repetitive. Also MICROTRANSACTIONS!!!!!... I bought enough of the in game resources to try to make the game more enjoyable... But there's just not enough content or game play no matter what. 

Biggest AAA (ish) disappointment: "Star Wars Squadrons"... It was... Just OK. Good even... But it had iffy controls, and just... not enough game. Both too short, and too shallow, with only OK game play. That said, you can often pick it up for $20 on sale, and it's worth the $20... Just not the original $40 release price. 

Biggest indie(ish) disappointment: that Vampire the masquerade Bloodlines 2 was delayed repeatedly... and now may not even come out in 2021 even. We'll see.

SolarWinds, FireEye, and Russian Intelligence Compromise the entire damn world...

Ok folks, this one is the real deal... I believe that the SolarWinds global supply chain compromise incident disclosed yesterday, is now the most severe, and most widespread information security comprise incident ever publicly disclosed. 

I can only think of one other that is even close... the RSA compromise... and from what was actually publicly disclosed (vs. what many of us in the field know to have been compromised but cannot officially confirm or disclose)... honestly... this may be worse. From all appearances, and the implications thereof, it may be MUCH worse in fact. 

SolarWinds is a major component of the infrastructure that runs... everything really. 300,000 organizations may have been compromised by this... note, compromised not necessarily exploited... SolarWinds is used by a lot of major service providers, ISPs, ASPs, SaaS providers, Managed Service Providers in the networking, security, and every other space... It's everywhere, and when you look at the details of the compromise... yeah, this could be EXTREMELY bad. 

For information and review... The various official notices and responses to the SolarWinds global supply chain compromise incident:

The emergency CERT alert issued appx. 2200est last night:

https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software

The DHS-CISA (Homeland Security Cybersecurity and Infrastructure Security Agency) Emergency Directive for the compromise.

https://cyber.dhs.gov/ed/21-01/

This is the solarwinds official advisory and recommendations:

https://www.solarwinds.com/securityadvisory

Here's the FireEye advisory and recommendations:

https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Here's the Microsoft Advisory and recommendations:

https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/

Here's the recommended detection and mitigation countermeasures, rulesets, and criteria... as published by FireEye and recommended by the CISA:

https://github.com/fireeye/sunburst_countermeasures

And the recommendations to detect persistence in a compromise event from MITRE-ATTACK

https://attack.mitre.org/tactics/TA0003/

Yes, rights ARE more important than lives

"The numbers don't matter. Every death is horrible. If it saves just one life, we should do it".

Yes actually, the numbers DO matter, and no, we shouldn't do "it" just to save one life.

Whether its COVID-19, or "safety" regulations, or "protection" regulations, or gun control... It doesn't matter. You can ban or strictly control everything, and it will make little difference to disease, or to violence and deaths... or any other bad things happening... but will substantially infringe on the rights of hundreds of millions.

... And yes, the rights of hundreds of millions, are more important than one life, or for that matter thousands, or tens of thousands, or hundreds or thousands, or millions... Because without rights, your life is not your own. Without rights, you are owned and controlled by others, and your life is worthless. 

Rights, ARE more important, than any risk to any life. 

... And for those rights that you value, you probably agree... Unless you are without principle or courage. 

You probably admire those who lay down their lives for free speech, or to resist oppression, or to fight for civil rights? 

Guess what... RIGHTS ARE RIGHTS, none greater or lesser than the other.

So, when there are rights in question, ANY infringement or burden upon them, must meet very stringent criteria. It must be overwhelmingly justified, and to be so it must present a compelling interest, it must be effective in meeting that compelling interest, it must be narrowly tailored to only impact those things contingent upon that compelling interest, and it must present as little burden as possible, to as few as possible. Even with compelling interest, if it presents undue burden, then it cannot be justified at all. 

Even if whatever miracle solution you think is a good idea stopped every murder, every accident, every injury, every whatever it is you want to stop... which is laughable... It would still not be justified, because of the negative impact, and undue burden, on hundreds of millions.

Just because you don't value those things you want to ban or control, doesn't mean that others do not, and you have no right to violate their rights just because you don't care about them.

... If you did, then others would have the same right to violate YOUR rights, on the things YOU care about, that THEY don't value, or THEY hate.

... And if you think the answer is "That's different, because I'm right and good, and what I want is right, and they are wrong and bad, and what they want is bad"... How exactly do you think they feel about YOU, and what YOU care about?

THAT, is why these things are RIGHTS...

You're welcome here

2020 has been one hell of a year... and I think that this year particularly, everyone should have friends and family... or chosen family... around them on the holidays if they can.

So... if you're a friend of mine (even if we've never managed to meet) and you don't have any family nearby to have thanksgiving with... or that you can STAND to have thanksgiving with... Or maybe you can't cook... or maybe you can't afford to put on a big special thanksgiving meal? You're welcome at our house.

Just you? Just you and your significant other? Just you and a housemate and neither of you can cook? Doesn't matter. If you want to be around cool people who you like, and have great food, and probably watch videos, listen to music, play games, and have great weird conversations, you're welcome here.

The only things I ask are:

1. If you can afford it bring beverages and/or desserts (because thanksgiving).

2. If possible, let me know you want to, or are planning to come over, so I can plan for how much food to cook (or rather, for how much TOO MUCH food to cook, because part of the joy of thanksgiving, is the leftovers for days afterwards).

... Trust me on this one, we lay out a damn good spread. I love to cook for friends and family, and thanksgiving is my favorite special meal to cook...

Plus, if we haven't managed to meet yet, it's a great opportunity to do so.

Pocket Preparedness

I have had a KelTec P3AT as a backup and pocket gun since a few months after they came out, back in 2003... In fact, it was the second handgun I bought for myself when I came back from Ireland, at the very end of '03.

I've had a pocket clip, a CT laser (because the sights are more... notional than actual let's say) and a 9 round extended mag with grip extension, since all of those products came out as well... Along with a DeSantis nemesis pocket holster with the "wallet flap". In that holster it really does look like a largish wallet in your pocket. 

After about 7 years of daily pocket carry, and range trips one to four times a month... between 1000 and 1500 rounds of +p carry ammo (two 9rd and one 6rd mag each range trip, for 7 years), and another 1500 or so rounds of practice ammo (I'd usually fire three full mags of practice ammo as well, plus the breakin and testing round count) it became my secondary pocket gun, as I had acquired and customized a Smith and Wesson 340pd (a titanium/scandium/aluminum ultralight .357 revolver, to which I added a full four finger grip sized CT laser grip, and an XS big dot front sight... both of which I strongly recommend). 

As it happens, I got the 340pd while the P3AT was out to KelTec for warranty repair. Unfortunately, KelTec chooses not to use stainless steel springs (to be fair, it is an under $300 gun, and stainless is 3 times the price of mild steel) and with 7 years of daily carry, and all the heat and humidity and salt that entails, the hammer spring broke, having corroded enough to weaken itself. 

From then on, I haven't shot the P3AT nearly as much... probably less than 500 additional rounds total (I shot 100 through it on return from repair just to make sure it was good to go, and only sporadically shot it after that).

Now... my remaining firearms spent two years in police storage in New Hampshire, and I only just got them back recently... And "somehow" in that two years, the two 9 round extended mags "disappeared", leaving just the 6rd standard mag... and "somehow", the hammer spring broke again. I got it back with the hammer spring broken clean through, and hanging out in space inside the grip frame. 

Oh, and my other holster, a hand made leather wallet style holster (not an aow, just really nicely made) was also missing "somehow".

...Well I no longer have the 340pd, and I still have need of a pocket gun and backup gun... 

..And I found out that someone makes a stainless hammer spring, stainless extra power recoil spring for +p ammo, and a stainless guide rod, to add some weight and rigidity at the front end.

...They're on order right now. Hopefully I'll get them next week. 

I also managed to find exactly ONE single grip extension mag in stock, anywhere in the entire country. That should be here next week as well... Because never mind the extra capacity, the grip extension nearly doubles the useful grip length, and makes the gun more pleasant and more accurate to shoot... making it worth the SUBSTANTIAL markup from MSRP.

I've added a couple pictures, so you can see just how small the P3AT is... its actually just about smaller than the palm of my hand... and how little grip I can get on it without the mag and grip extension. I also added a pic of the extended mag with grip extension, so you can see just how much it improves my grip on the gun... and what the heck, might as well include a shot of the new stainless parts I ordered (hammer spring, recoil spring, guide rod, and some wrap around sticker grips).

Anyway...all of this means that, hopefully, my pocket and backup gun will be up and running next week... Which is a good thing.

Well... Hell... Time for Round 5

 

I have been struggling with when and how to talk about this for a while now...

A few months ago, my blood sugar started rising again... after having been falling on its own without requiring insulin for almost 2 years. I also started having recurrence of other symptoms, which I had experienced 4 times before...

As it happened, I was starting a new job, and my new health insurance wouldn't be active until September 1st... and then I had to get a new endocrinologist and get the process of confirming the diagnoses started. 

I just got the ultrasound report back today... Its been an almost two month process to get here... and the cancer is definitely back.

Well... hell...

The good news... so far it doesn't look bad. Only 13 suspect masses, 10 of which are small and may not be cancerous. 3 larger ones are definitely cancer... they're all more than in inch in every direction.

That said, they are all round or ovoid, and they're free not implanted or infiltrated... I can actually move one of them around with my fingers its close enough to the surface... and the larger ones seem to be encapsulated well. 

Those are all good signs. 

I've also had supporting blood work, which was mostly good... my CEA, creatinine, calcitonin, and thyoid antibodies are all good... which means there is no recurrence of medullary or C-cell anomaly cancers. My thyroglobulin was pretty ridiculously high (1800) and theres some kidney damage that is probably leftover from the rhabdo and the paraneoplastic insulin resistance... but may indicate spread elsewhere. 

Next steps are biopsies of the masses, and then a full body contrast MRI to look for distant masses.... particularly on other organs. 

The good news is it looks like there was no spread into my chest... the cancerous nodes all seem to be among the few left in my neck after the last three radical neck dissections. None of them were in the mediastinal area, which would indicate direct spread... There's still a chance for distant spread, but hopefully it's just local lymph nodes... the MRI will confirm.

So... hopefully, the solution should be just another round of surgery... maybe another round of radiation after... we'll see. 

My work is 100% supportive of me, it should all be good there. And I should be able to work right up to the surgery, and be back working the next week.

Alternate Means of Communication

 

If anyone wants to arrange more secure messaging that respects users privacy, I'm on Signal, and I strongly recommend it to others. 

I've switched mobile providers and was unable to port my old number, so I've got a new Signal account. Message me directly to arrange contact transfer.

Oh, and in case anyone wants to connect there, I'm also on MeWe: https://mewe.com/i/cbyrneiv

And on Parler: https://parler.com/profile/Cbyrneiv

Though I don't really do much with either, since there isn't much to do, or many to do it with.

And of course, like everyone I'm still on facebook at: https://www.facebook.com/cbyrneiv/

And twitter at: https://twitter.com/chrisbyrne

Mirror Tribes

The alt right... and to a lesser extent even the more mainstream but still largely reactionary right... have become nothing more than a mirror of the far left; even so far as using the same rhetoric, and tactics, as the Gramscians and the alinskyites.

We have now reached a state where both the left, and the right, are actively trying to destroy western culture and society, in order to "preserve" or "perfect" it.. 

This is exactly what Gramscians, the Frankfurt school, and the other criticalists, set out to achieve in the early part of the 20th century; in their efforts to destroy western capitalism, and introduce "scientific socialism". 

The left have essentially always... and now much of the right have joined them... not just criticised, or rejected, but in fact actively worked to tear down; the individualist ideals of the enlightenment which made this country possible... 

...and which... while flawed and never living up to those ideals as we would like... made this country work reasonably well, most of the time, for most people, over the last 225 years (particularly the last 160 or so).

The left do so, because they fundamentally believe that the individualist ideal is not just false, but is morally wrong; instead believing in a model of collective identity, collective authority, and collective rights; defined by society as a whole, for the benefit of society as a whole. 

This is entirely antithetical to the individualist concept and ideals this nation was not just founded in, but which in fact this nation is an entirely a creature of. Our constitution depends on that concept, derives it's authority and legitimacy from it, and is entirely a creature of it.

Three of the four greatest political achievments of the enlightenment (the other, was the rejection of slavery and other involuntary servitude... which follows necessarily from the other three) were:

First, the elevation and enshrinement of the concept of inherent, fundamental, and preexisting individual rights (no right being greater or superior to any other; nor any rights of any individual being greater or superior to any other individual... be they titled king, or senator or president; nor any rights of any collective, organization, government, state or other entity, or its members, leaders, officers, or agents,  being greater or superior to those of any other individual).

Second... which follows directly from the first... the elevation and enshrinment of the concept that government derives it's legitimate powers and authority, by the consent and delegation of those rights by the governed. Rights which must be respected and protected by any government, and by any law, for any government or law to be legitimate; the powers and authorities of which , are not superior to, greater than, or otherwise exceeding, those of any individual.

Third... which follows directly from the first two... the development of the high trust society; where individuals and organizations, trust that regardless of any "identity" or other factor, or any individual or collective favor or disfavor, enmity or amity; their rights will be protected and respected both by their fellow citizens and by the government (and its agents), that contracts will be fulfilled, that the law will be written fairly and enforced as written, that the government will act as a disinterested arbiter of disputes and enforcer of laws, and that all will be treated equally under the law by the government and it's agents. 

These things are required, for our nation to exist at all... and certainly required for it to prosper. 

Some may say that none of these things were ever true... 

...and that is so... to some extent...

None were ever perfectly true, nor could they be, because people are imperfect, and governments are made up of people... and because the law is an ass...

...But that is not a reason to denigrate or destroy these ideals, or to reject them as false. It is a reason to work towards better embodying and living up to them.

Instead, we are doing the opposite.

The left have for decades, both in an attempt to correct actual or percieved wrongs and inequities, AND as a deliberate attempt to undermine and denigrate the very concepts of individualism, and individual rights as a whole; attempted to carve out specially protected classes and identities, both in law, and in our conception of society.

They have been incredibly successful in doing so, such that the words "protected class" are literally part of many federal, state, and local laws and regulations, and where individual rights conflict with societies or the states expressed desires regarding those "protected classes", those individual rights are abrogated by law.

Further, the left have long attempted to denigrate, dilute, and destroy, the very concept of rights; such that people no longer know what rights are, or why they are important; deliberately conflating state granted franchises, privileges, entitlements etc... with rights. 

They have been frighteningly successful in this as well... to the point where many no longer believe rights exist in any meaningful way at all; rather, that "rights" are actually just privileges collectively decided on by society, and granted, revoked, or modified as society sees fit, subject to the whim of the majority, prettied up as "the will of the people".

In fact, many simply do not believe it could possibly be any other way. They have fully internalized the collectivist concept and ideal... even if they believe themselves to be "conservative" or even "libertarian"; saying such things as "rights are whatever the law says they are" or "you don't have any rights, except what society let's you have, everything else is a fantasy"... or worst of all "rights don't actually exist". 

This, of course, is core to the concept of the collective society... and entirely counter to the individualist concept.

Just because rights are disrespected, violated, and abrogated doesn't mean they don't exist... Otherwise, you are simply accepting the pre-enlightenment notion, that force... might...makes right... It's just that now we have the tyranny of the majority, rather than the tyranny of the "nobility".

In reaction to this, rather than working to tear down such false and destructive notions, and fight for individual rights; many on the "right"... and even many of those who claim to be "libertarian"...  have simply adopted the lefts core conception... that we are all members of separate competing classes, interests, and  "identities", locked in a zero sum game of exploiters and exploited, victims and victimizers...  and that in order to avoid being the victims, we have to "beat them", and be the tyrants. 

It's disgusting... Frankly it's evil... It's a regression to strongman warlordism, dressed up as "identity politics". 

This is the embodiment of every bad parody  and false narrative the left has ever spouted about capitalism, individualism, "the right", and our country as Asa whole... all those lies they believed were true, because in their collectivist world view, they couldn't NOT be true... Every zero sum dog eat dog, all wealth is exploitation, in order for one man to get ahead five men must be trampled on lie, that they have been telling for not just decades, but centuries...

Rather than asserting the moral, ethical, and practical correctness and superiority of individual rights; and refusing to play the collectivist zero sum game...  

..."The right" are now simply trying to play the collectivist game... and unsurprisingly, they're losing badly... because that game is wrong, and false, and because the left have a hell of a lot more practice at it. 

Worst of all... they're doing it, because the large mass of undereducated and DELIBERATELY misinformed, socially and economically disappointed and sometimes disadvantaged; right reactionary populists... and no, they are in no way conservatives, they are identity politics driven reactionary populists...  

...Who say they believe in individual rights and insividualism, but in reality just want to be back on top of the zero sum pile, above the other "identities" and "classes"...

... are DEMANDING that they do so... Demanding they "take back our country", and "bring back our jobs" and "fight for us", and all the other false narratives they've been convinced they have to "fight" for, or else they'll be the ones exploited by "big business" and "special interests" and "political correctness".

It's disgusting... but entirely predictable. 

We are devolving from an individualist high trust culture, into a collectivist low trust culture... cultural regression to mere tribalism.

... and somehow, most people seem to not notice....

... and most of those who do, are either OK with it, or so worried about being  exploited and victimized by the other tribes, that they are too busy jockeying for position to care.

Do you want to know the secret knowledge?

Would you like some secret dangerous truth that they don't want you to know?

There are no big conspiracies. There can't be, because none of the people and organizations that would need to be so in order for them to work, are smart enough or competent enough, and they can't keep secrets.

It looks like there are, because everyone with any power is doing their damndest to keep it, and get more... and that's what it looks like when everyone "in charge" or "running things" does that. 

They all act in their own best interest, and that aligns with everyone else doing the same thing, making it look like there is some grand master control... when really it's an illusory house of cards, ready to collapse any second.

They aren't actually running things to their advantage...they're trying, but actually they aren't running things at all. The scarier fact, is that NO one is running things, because no-one can... But they keep trying and just making things worse.

The system isn't rigged for them and against you... It's just so horrible, inefficient, ineffective, and destructive, that it seems that way. Not that they wouldn't rig it if they could, but they can't control it enough to rig it.

The smart, the rich, and the connected don't get special treatment by the rigged system.... They just don't even try to work within the system when they need to get things done. They don't wait for approval, they don't ask for permission, and they don't let anyone stop them.

A short lesson on how to lie, with parts of the truth

"My god, this may be the worst disaster in history. You may lose your house and your children may die!"

... A short lesson on how to lie to get what you want... without TECHNICALLY lying...

This headline... while somewhat overblown... may look familiar if you've been reading news and social ,edit sites the last week or three... Or frankly, the last few years, particularly the last 3...

... If not the words, than the sentiment...

.. and that is the problem... it's about emotion and reaction, not information, and reason.

That notional headline, is not about informing you... it's not even specifically about getting your attention; which combined, are the primary purposes of headlines for actual news and information pieces. Or at least they're supposed to be.

Those words, that phrasing, is an editorial choice... the choice to use what is sometimes called "purple prose"... and is not designed to engage and inform you rationally and reasonably...

...  In fact, its a choice specifically designed to bypass reason and rationality, and to enflame and instigate REACTION, rather than reasonable consideration.

Specifically, they want you to react by sharing their links and spreading the irrational and unreasonable reaction to others.

The people who write these pieces, and the sites that publish them, have one job

That job is not to inform you... No matter how reputable a source they may be... 

Even formerly responsible "hard news" organizations, and outlets for serious editorial commentary and opinion; are caught up in the hamster wheel of the online content generation and consumption cycle.

That job is to generate currency... 

Both material currencies like ad revenues, and promotional considerations, and the even more valuable currencies of influence, social capital, and political capital. 

These currencies are generated by audience impact.

Audience impact is measured by traffic (and if they have advanced data mining, by gathering valuable metadata). 

Traffic is generated by getting people to share links.

To get people to share linksat sufficient scale scale to be effective at that one job, generally  requires one ( or more) of three things:

1. The least effective way is to create good feelings... being cute, or interesting or funny, or sweet... That generates the fewest shares and the fewest clicks and the least revenue.

2. More effective is to make people angry, or to inflame outrage. This is very effective for certain issues... politics and social issues, almost anything about children being abused, things about people being cheated... that sort of thing. These  stories get shared a fair bit, and generate a fair bit of revenue... but they tend to be self limiting, and there's a large percentage of people who just don't care about any particular subject... Even the most important possible subjects you can think of, many people will just tune it out. 

3. Most effective of all? Anything that scares people... especially if it scares people about their homes, their savings, their own life or death.... or absolute worst of all... anything which may seriously harm their children.

You might notice.. Natural disasters offer these outlets the best of all possible scenarios... Even better than the 2nd and 3rd place topics: war, and politics (crime and "justice", , celebrities and pop culture, business money and economics, health wellness and medical issues, popular science {often having little to do with actual science} and "family and children", and "human interest" round out the top ten "mass appeal" topics... Almost all other issues are considered "niche", "genre" or otherwise of limited appeal). 

 

They can write feel good stories about people helping people, and saving pets, and that sort of thing.

They can write stories to make you angry, about looting, and theft, and government failures, and government abuse... the worse the disaster the better...

...but... For either 1 or 2, they still need things to actually happen, so that they can write about them... or at least things need to feel tangible enough, or "real enough" that people will get mad about them.

The real goldmine though... better at creating emotional reaction than anything else...

...is the absolutely INFINITE  possibilities for scaring people... 

With fear, you get all the benefits of anger, combined with even greater likliehood of provoking unthinking reaction, and potentiallyfar broader impact. People are less likely  to ignore or tune out fear than anger, and more likely to react without thinking... or even reading more than the headline... and sharing the link....."just in case".

And the very best thing about fear based stories... even better than feelgood stories, or anger and outrage stories... is nothing needs to ACTUALLY happen.. or even be likely, or have any realistic chance of happening. 

In fact, the thing doesn't even need to actually be plausible in the slightest, so long as they can confuse people enough that they may believe it... or the headline is scary enough that people share without reading... and that uncertainty is even better for creating more fear, and driving more traffic, from everyone who clicked and shared "Just in case". 

So... step back, and look at the framing of the story... the phrasing and language and specific choices made by the author and editor. Look at the headline, and the included pictures. 

... Are there a lot of verifiable facts, or is there a lot of passive interrogative or passive speculative  voice.. maybes, mights, and hypotheticals, presented as if they were facts or certainties? 

Humans are inherently bad at evaluating risk... writers know this, and use it to lie, to create reactions, impressions, and emotions in the reader... while not TECHNICALLY lying. By properly  presenting a potentially catastrophic impact, with horrible unthinkable consequences, they know they can safely ignore the tiny likelihood of those unthinkable  consequences, because most most people, when forcefully and emotionally confronted with such unthinkable things... won't (...think that is... Most will either react with little or no rational thought, or if the feeling of threat or fear is great enough they will shut down both rationally AND emotionally do nothing at all).

 

When you examine the structure and language of a piece,  are  they using conditional or otherwise indefinite, but also extreme superlatives?  For example "this may be the worst thing ever" , or "If this happens, it will be the wost thing ever", or "if these conditions continue to worsen this may be the worst thing ever"... OR even sneakier and often more effective, establishing a set of speculative conditions earlier, then later treating them as if they are established fact; saying things like "the models show that this is the  biggest and worst disaster of all time". 

Is there  an attempt to lay blame, or focus negative feelings for the "bad thing" on some vague and ill defined bogeyman, a  faceless but disfavored or unpopular entity or group, or a much hated specific organization or individual; with little or no attempt to prove or justify such blame, or a provide any kind of plausible rational causal link, or other factual or reasonable justification for such blame, or any other association of such emotions (or the reverse... to give credit to, or associate positive emotions with, someone or someething; without factual causal link, proof, or other rational justification) ?

Are the characterizations emotionally charged, deliberately attempting to induce emotions andreactions, and to create emotionally linked impressions and associations using linguistic psychology; like fear forcing, motive forcing, outrage forcing, suspicion forcing, negative association forcing, tonal forcing, or personal appeal forcing (appeal to ego, appeal to idealism, appeal to altruism, appeal to guilt, appeal to shame, appeal to conscience appeal to prurient interest, appeal to schadenfreude,  appeal to spectacle, appeal to ideology etc...) ?  Does it employ the classical fallacies: ad hominem, post hoc, cum hoc, false dichotomy or dilemma, straw man and the like? 

How does the piece make you feel, rather than think intellectually and rationally? Go back and look at the text and other factors I mentioned above... Can you see these deliberate linguistic forcings, being employed to shape a narrative, specifically designed to create these emotions and reactions?

If the rhetorical content of a piece... written, spoken, or delivered through imagery... deliberately tries to make you feel or react a particular way, regardless of the facts... or even counter to them, or with facts being absent entirely; that piece is not news or information... It's not even editorial commentary or opinion... 

... it's propaganda.

A bit of Pi

 This is a 1.5ghz quad core, 4 gig of ram, full on 2x USB3 and 2x 4k HDMI capable workstation or server. It cost $69 for the computer, or $99 including the case, power supply, connection cables, extra fan and heat sinks, and a preloaded OS on a memory card.

...And about ten minutes later, theres two of them, assembled and ready to configure.

A hell of a world we live in.

Haven't done an EDC post in... uhhh... I dunno, 7 years? Ten?

 Since I haven't done an EDC post in approximately forever... this is what I just carried out to dinner with me, and represents my normal pants (and wrist and neck) Every Day Carry.

I also usually carry a small cross body bag with my medications, a 25000mah slimline USB battery bank, some chargers and cables,a USB/bluetooth DAC and headphone amp, some USB drives and little security tools, additional spare ammo, a multi tool and a multi screwdriver, a notebook, some pens, and my kindle.

I also usually go out with a collapsible but 600lb rated aluminum cane... which is a formidable piece of kit by itself (and it has another flashlight in the handle).

So, from top center, clockwise:

1. Soon to be replaced Samsung Galaxy S8 plus, with Linsoul KZ-ZSX in earmonitors, on a waterproof APTX bt5 cord.
   
   
2. Case Edifice ECB-900 solar smart chronograph (it syncs with phones and atomic clocks etc...
   
   
3. Kershaw Ken Onion S30V Blur
   
   
4. SureFire Stiletto Pro flashlight
   
   
5. KenaKai RFID/NFC blocking wallet. The wallet itself has a metal mesh faraday cage as its lining, and is opaque to x-ray. Inside, in addition to normal wallet items, are a concealed set of lock picks, a concealed knife, and a concealed handcuff key
   
   
6. Custom Springfield EMP (I did a full action, reliability, and trigger on it... it was a gift from my girlfriend), with a simple belt slide holster, and a spare mag... a total of 19 rds of Federal HST 9mm +p. I'm thinking of putting the green laser CT laser grips on it.
   
   
7. A microfiber cloth... it's what I carry instead of a handkerchief
   
   
8. CRKT Get-A-Way driver on a QD clip, to a QD web strap key chain, which attaches to a real 1600lb rated 80mm D-ring carabiner (I wear a rescue belt, which can be used with the carabiner to lift me or secure me to something if necessary).

The StilettoPro by the way is brand new today. Prior to that, and for the last almost 20 years, on my keychain I have carried this single AAA all titanium type 3 hard anodized 25 lumen LED light made by a local aircraft aluminum/titanium fabricator, called the ARC-P (the "premium" version of the ARC-AAA).

Arc went out of business 16 years ago, but the light itself is tiny, light, and indestructible. I will probably keep it clipped to the d ring in my daily carry bag.

Honestly... I cant think of much of anything I could do to improve this setup... I'm pretty happy with it... except I would like my 340pd back as a backup pocket carry gun.

Friction

It seems the older I get, the less tolerance I have for what user experience (UX) professionals call "Friction".

Friction, is simply anything that reduces the efficiency, effectiveness, or pleasantness of the user experience, as compared to the optimal possible, or intended experience.

When I was in my teens and twenties, I had seemingly infinite tolerance for things that were inconvenient, or difficult, or fiddly, or unpleasant; if doing so got me some kind of performance gain, or even an extra "cool factor"... Or just because I wanted something interesting or different.

I would put up with machines and systems that broke down frequently, only worked if you played with them just right, or took MANY hours of work to set up properly... In fact not just put up with them, but enthusiastically extolled their virtues and recommended them to others... Sometimes even passionately defending them when others complained about the inconvenience and irritation. 

...Frankly, I just don't have the time, energy, and patience for that anymore, unless theres some HUGE advantage to doing so, that makes the pain in the ass worth it...

...Some examples...

I haven't bought a pre-built desktop for use as my personal primary machine in... Literally decades. The last time was while I was in college, and my computer broke, and I had a project I absolutely needed to finish that weekend, and it was my only option.... I could fail that critical project and have to repeat the class, or I could buy a system from Sears (a packaged hell no less... but I was smart and bought the extended warranty, so they fixed it for free for 3 years... in fact they actually replaced it completely... twice... upgrading it to a higher model each time). 

I always build my own PCs, because even if someone else can build something for me to the standard I want, they charge a lot more for it than if I built it myself... Because of course they do. Skilled labor costs money. Integration costs money. Support costs money. Testing costs money. Warranties cost money. 

...But right now... I'm looking at some of the very high end prebuilt systems from specialty vendors, and thinking "Damn... that's really good. It's exactly what I would do"... and some of them have specialized cooling systems and cases that I literally could not buy and build with myself. In terms of system integration and industrial design, they're actually just plain better than what I can build myself. They're a few hundred dollars more than what I could build myself with the same basic specs... and they may be worth it... For the first time ever. I'm seriously considering just buying off the shelf, and thinking it may actually be better, not just more convenient or easier (though I'd still put more RAM and a bigger SSD in the machine after the fact... Because NO-ONE ever includes as much ram or storage as I want). 

Using Macs for work is another example... They're just very well integrated, well tested, polished solutions that significantly reduce friction. They give me the power of a real UNIX, while giving me great UI/UX, and physically excellent hardware and industrial design.

I'm still not at the point where a Bose or Bang and Olufsen stereo appeals to me... Or any kind of "home theater in a box" for that matter.  The performance you can get assembling your own properly matched components, for MUCH less money, is so much higher, and the inconvenience and friction of doing so is so relatively low, that the minimalist hyperintegrated hyperdesigned systems hold little appeal to me... But I can understand why someone might feelthe other way.... they just don't want to bother with it, and they want good sound, and don't care shout getting great sound. 

...And... dirty little secret? Just for watching TV, I am actually a fan of the better soundbars, which have satelite speakers and subwoofers (some even have wireless connections tot he tv, subwoofer, and surround speakers). They're simple, they're cheaper than a full stereo, and they actually sound pretty good, for most movies and tv shows. I still prefer to have a full home theater for my main TV, and for the best music experience... but I recommend soundbars to other people all the time, and for a secondary tv, I TOTALLY go for the soundbar.

Even with guns... and I'm an experienced gunsmith who builds long range precision rifles for fun... Some of the out of the box solutions available today for long range precision rifles from Ruger, Sako/Tikka, Savage, AI, and others, have real appeal to me. Well integrated, well tested, well designed systems that give better than 90% of the performance of a full custom solution, often for a lot less money.

That doesn't mean I don't still want to build the full custom rifles, to get the most possible performance and have the features and configuration EXACTLY as I want... But I also want to buy one of the standard offerings, to get back into things faster, and for practice, and to help get others into the pursuit of long range precision shooting etc...

This applies to almost every area of my life... I love building and modifying cars, and motorcycles... but buying a well designed, well tested, well integrated car, now has as much appeal to me as building my own hyper customized optimized car. 

I really wish I could find good commercial desks and workbenches that would actually work for me. I still build my own desks and workbenches and beds, and toolstands, because I just can't find what I want commercially... I want specific sizes and specific strength, and rigidity and features... But I wish I COULD just buy them off the shelf. 

...I still want to do the custom builds... but I find great appeal in buying the well integrated commercial solutions  first, just to have something that is 80% or 90% as good, so I can take my time and so the rest absolutely perfectly the way I want.

A digital bubble floating on an analog ocean

If you ever want to know about the best cabling for analog data transmission... remember it may be digital data to your router, your computer, and your monitor, but once it's on copper it's an analog signal... ask an amateur radio operator.

Believe me... there is no-one more particular about the characteristics of their analog cabling, than a ham. We use it ... generally multishielded coax these days... for antenna feed lines. The strength of some of the signals we use it to receive, are measured in femotwatts, at frequencies in the multighz ranges. The higher the frequency, the higher the attenuation of the signal per foot of feedline, and the more subject to spurious interference... so low attenuation and spurious signal rejection are kinda important to us.

Whether you're transmitting radio frequency analog transmissions, or internet data, or high resolution high framerate high def video... it's all analog once it's on copper, because the real physical world is analog. It's all high and low voltage values in a sine wave (or at least you hope it's a sine wave), and is subject to all the vagaries of the analog world.

For example, HDMI... 1080p at 60hz SDR color (HDMI-1.1) is a two channel analog signal at about 165mhz, transmitted over 4 shielded twisted pair... 8 signal wires wide effectively, plus clock sync, control channel, power, and ground pins (including one ground pin for each shielded twisted pair), for a total of 19 pins. For 1080p@ 120hz it's about 340mhz, as is 4k@30hz. 4k@120hz HDR color is about 1.2ghz, however as transmitted over HDMI including audio, and various overheads, the actual maximum data rate ends up being appx. 1.485ghz... and 1.485gigabits per second per channel. Again, that's all over HDMI, which is a bonded multi channel serial digital interface (not actually a parallel interface, though the difference between the two is somewhat esoteric at this point)... the total aggregate data rate is between appx. 4gps for HDMI-1.0 (3.96gbps technically the same as DVI by the way), and appx. 48gbps for HDMI-2.1 (actually its 47.52gbps, effectively the same as 12x DVI channels, or 32x 1.485gbit serial data channels bonded together)

The higher the frequency of an analog signal, the higher the signal loss over distance, and the more subject to electromagnetic and radio frequency interference it is... which is why when we make digital interfaces out of analog wires, we tend to limit them to about 1.2-1.5ghz, and when we need more bandwidth, we aggregate or bond more 1.2-1.5ghz channels together.

...Which is why high bandwidth stuff like 4k video, is always transmitted as digital signals if it has to go long distances. It has extremely high signal attenuation, and sensitivity to interference, in analog form (about 6db per 100feet at 1000mhz, over conventional rg6 coax for example... the stuff your cable company uses to get signal to your cable box and cable modem. 30db signal attenuation is generally considered the maximum, so 500 feet would be the maximum at 1ghz. The actual data rate for a 1080p60hz signal as actually transmitted over coax as SDI [serial digital interface] is 1.485ghz x2 channels, for a maximum run of about 140 feet at 30db attenuation, though SDI interface boxes generally extend that out to between 200 and 300 feet through higher power, and some tricks with frequency modulation and error correction. As a purely analog signal, including audio and overhead, it's almost 3ghz if it's a single channel, which would attenuate out at about 90 feet on RG6, which is why we never do that). Breaking it up into high bandwidth IP data is much easier, with much lower losses and greater error tolerance and error correction.

In analog data transmission, using a waveform structure... as most electrical and optical data transmission and cabling standards, and most radio standards do... there's basically two factors which can be used to transmit information. Frequency, and amplitude. We can modulate the frequency at which we transmit... the number of times per second the wave hits a peak... and the amplitude... how strong the signal is, which translates into how high the peak gets.

...(note: theres actually a third, called "phase", and it IS used in many data transmission systems... most of them actually... but it's a much more difficult and complicated thing to decode with precision, or to explain without further background, so I'm MOSTLY ignoring it for most of this explanation)...

The most basic way of doing that is with binary amplitude modulation... off and on, dot and dash. That's the easiest thing to detect.... and consequently those were our earliest forms of optical and electrical communications... the heliograph and the telegraph... and our earliest form of radio communications as well, using spark gap transmitters and cat whisker coherer receivers. We then converted those "off" and "on" states into useful information with thing like Morse code or Baudot code (where we get the word "baud" from).

You'll find that for... ease of explanation let's call it... most examples and illustrations of most communication methods simplify it to this binary representation.

A binary amplitude modulation system, is limited by how fast you can turn the signal off and on... or really, how fast you can precisely and reliably detect it being turned off an on. It can only encode 1 bit of data per time division, because it is always on or off referenced to off.

However, even without frequency modulation, amplitude modulation can be more complicated... and cary more data... than just off and on. In fact, it's actually a lot easier to create more precise signals by NOT using a binary "off" and a binary "on", but instead to use a "high" value, where every signal above a certain "high" amplitude threshold is a 1 and everything below a "low" value is a 0... Every computer logic circuit on the planet does this, but we pretend that "high" and "low" are really "on" and "off" to simplify it for logical explanation purposes.

Further, because we are talking about waveform transitions between high and low states, we can actually have FOUR states represented with basic amplitude modulation... "high", "low", "rising", and "falling" (this is called Quad Amplitude Modulation or QAM, which itself can be detected either by precise time reference, or by phase shifting an amplitude modulated signal wave in reference to a baseline carrier wave... I said I would MOSTLY ignore phase, not entirely).

So, before we even get into frequency modulation, we have the ability to represent 4 states of data. In reference to itself, that can mean 2 or 3 bits (depending on how you encode and how you detect the state), or in reference to a precise clock or a known baseline state such as an unmodulated carrier wave, it can mean 4 bits of data.. a useful increment.

...An important note... 2 different states of data, only in reference to that state change itself... a binary 0 or 1...is only ONE bit of data. 2 different states in reference to something else, like a high or low state in reference to a neutral carrier, or a precise time clock, can be just one bit, OR it can be used to represent TWO bits of data with proper encoding. Four states in reference only to themselves can be 3 bits, but in reference to an outside value can be 4 bits etc... This is because some state must always be null or neutral, representing no data, while all other states can encode data in reference to null or neutral. One can even do this with purely binary data with bitwise time encoding or bytewise sequence encoding, across multiple bits or bytes... Each bit is in reference to a time, or sequence of previous bits, or sequence within a byte, and therefore 0 or 1 are both information states. Without bitwise or bytewise encoding, 0 is the null reference and 1 is the only state with data, with it both states contain or transmit data.... This logical structure is generally ignored when this subject is explained, because it hurts peoples heads.

Now... we have figured out that over most transmission media... be it copper wire, optical fiber, or radio frequency transmissions through a vacuum... we can transmit additional data through two other means.

The first, is by modulating the frequency of a signal wave slightly, compared to either a very precise time clock, or to a reference carrier wave. This again can give us four discernable states of information in any given time division for a wave... any given discrete small frequency band... a peak state, a trough state, a rising state, and a falling state.

The second, is by combining multiple signals in different frequency bands, over the same medium.... Of which there could potentially be infinite divisions in theory... though in practice its difficult to generate and detect a lot of different bands simultaneously with any precision.

However, even before we reach that point, you should be able to see that for any given time division, using a combination of both amplitude modulation, and frequency modulation, we can actually represent.. and transmit and receive... 4 discrete states per frequency, and as many frequency states per time division as we can detect, with 4 states for each as well... 16 total states per discrete division... 16 bits... using purely analog signaling.

In fact, for any given division of time and any given frequency banding, we can use frequency modulation (4 states), amplitude modulation (4 states), and in theory both frequency phase modulation (2, 3, or 4 states, but the 3rd and 4th state are hard to deal with, so really 2 states), and amplitude phase modulation (again theoretically 4 states but really 2) within each discrete frequency band, to represent 64 bits of data.... though using both amplitude phase modulation and frequency phase modulation, is extraordinarily difficult to do with precision, so up until recently generally only one or the other has been used. And of course, it is technically possible to detect and use all four phase states for both amplitude and modulation, meaning you could theoretically represent 256 discrete states, or bits, within one discrete frequency band, in one discrete time division (or you can do it on the rising and falling of a clock cycle.. but it's not practical to do both clock and phase at the same time, because one is detected in reference to the other).

Then, by modulating within a small discrete frequency band, we can multiply those states by the smallest divisions we can discern within that band, times the total number of divisions, or width of that band.

That's where the term bandwidth comes from by the way. It's a measure of the number of discrete bits of data we can discern within a single time division, in a single frequency band, or an aggregate of channelized bands.... and it applies whether were talking about copper hardline, fiber optics, or radio waves.

Right now our highest frequency, and highest bandwidth, commonly used wireless systems are using the 5ghz RF band, and modulating across 80mhz channels within the band. Our highest bandwidth commonly used hardline video systems (HDMI 2.1 or CoaXpress CXP-X standards) use 1.485ghz frequency (anything higher causes severe attenuation of signal over distance... the higher the frequency the higher the attenuation), with HDMI 2.1 using 4 different states per conductor, and 8 conductors, to get 32bits times 1.485ghz, or just under 48 gigabits per second.... a similar standard is also used for our fastest common data networking over copper wire (currently 40gig ethernet), achieving a similar data rate.

The fastest data transmission over copper wire commercially available for mainstream computing applications, is currently 100gigabit ethernet. It uses four pairs of conductors moving 25gigbit each pair, but the frequency is so high that the signal attenuated to un-usability within just a couple meters, so almost all 100gbe is over fiber optics.

When you combine that with heterodyning, or multiplexing of different frequency banded signals over the same media (or as noted near the top, in phase or out of phase signals... the last time I'll mention it in this piece), for channelization within the same larger band, it should be clear that analog data signaling can do a hell of a lot more than just off and on, one and zero.

The most basic means we have used these properties for... for well over a century now... are audio transmissions over the telephone, and audio transmission over the radio.

Audio inherently transmits both frequency and amplitude modulated signals, in 1hz and 1db increments, across about 20khz of frequency spectrum, and 120db of dynamic range... Or at least human audible audio does (ultrasound goes much higher of course). Though to simplify transmission, and to multiply the maximum number of transmissions over a single medium, we have often "narrowbanded" audio to as little as 3khz and as little as 30db dynamic range.

Taditional telephone signals for example, drop everything below 300-400hz or above 3300-3400hz (depending on the region and standards of the particular telephone system) and compand -compress and expand- dynamic range down to 42db or less (+- 18db). We can then take those limited bandwidth "narrowband" signals, and combine them over a single wire, by shifting their frequency up and down in discrete bands, and then shifting them back to their original frequency at the other end... even with basic analog equipment (this is called frequency shifting or tone shifting).

That's how some long distance phone calls and trunk line calls worked for decades, before we switched to digital telephony systems... a process which took decades (and if you still have a land line, your home phone may still be connected directly to the neighborhood switching node over a single analog channel, or even to a local central switching office, depending how overdue your local infrastructure upgrades are... But in the U.S. most landline service is now digital to the neighborhood node, or even digital to the home, and is only analog from that switching box to the analog handset)

It's also how radio stations work. FM stands for "frequency modulation" and AM stands for "amplitude modulation" but in reality both types of radio do both things, its just a question of how each creates and recreates the signal at either end of the transmission. An FM radio station can modulate frequency and amplitude across a small defined band, to transmit appx 15khz and 48db dynamic range worth of audio signal. An AM radio station can do the same but with only a 10khz and 30db range. Thus we can theoretically fit about 200 local FM and about 120 local AM radio stations into a given area, in the FM and AM broadcast bands... But to avoid interference and crosstalk, it's actually more like about 100 fm and 60 am stations.

When we first started sending digital transmissions over analog phone lines, we did it in the simplest way possible... Essentially back to the days of the telegraph, only a little bit faster... We eventually got to about 300 bits per second, before we had to switch from purely binary amplitude modulation, to add the rising and falling signal states, and the frequency banding and heterodyning or multiplexing of signals. Within the limited 3khz and 42db dynamic range allocated to each analog telephone line, we managed to go from pushing just 300 bits per second, up to about 56,000 bits per second.

Now, we're using wideband 5ghz band wireless with QAM, to get bandwidth exceeding a gigabit per second per channel, and bonding multiple channels to get multi gigabit wireless.

...But still... digital data, becomes an analog signal, the second it hits a wire or a radio, and is subject to the capabilities and limitations of its transmission medium. We may live in a digital bubble, but that digital bubble floats on an analog ocean, in an analog universe.