Arts Majors

I’ve long maintained that many of the people working as corporate recruiters are Arts Majors who spell too well to work at Starbucks.

This morning’s bit was a call from a 703 number with no name displayed in the caller ID.

Are you in the market?

Not really, but I’m always willing to listen. What do you have?

You need to answer a few questions before I tell you.

((Technical questions from someone who clearly doesn’t know WTF she’s asking))

What is your current salary?

I’m not at liberty to say.

Okay, then, well, we’ll keep your resume on file.

Nono, wait a minute, you haven’t let me ask my questions.

You wouldn’t answer mine.

Please don’t keep my information on file.

My initial inclination was to release this disreputable company’s information. Then it was to call and complain about this cheery employee.

But I’m not going to do that.

I just want people to stop doing that shit.

You can leave

That’s the phrase that’s been floating through my scarred brain lately.

And I am/have.

Faceboook. Google. Twitter might be next if I can find something that I find to be an adequate replacement.

Sometimes, it’s the only thing left.

On Moving

I did go see a psychologist a few weeks ago in response to a few issues I’ve been having.

Since probably November, I’ve been having these very disturbing dreams. She thinks I have OCD, which seems to be a bit more common in people with my condition.

My, now years’, of writing every day of a month, is a compulsion.

(As an aside, I moved my 2015 and 2016 archives off the main page; I’m not sure I meant them to be there, anyway.)

Yesterday, we spent most of the day looking at places to rent in the District of Columbia.

Though I’d like to be closer to where I’m working (only one day per week, the rest remotely), and where I’m receiving my medical care, I’m scared that we won’d be able to afford it should something bad happen to me.

Paranoia
Paranoia
Everybody’s coming to get me

And a diversion to watch stuff on YouTube.

But back to writing. I don’t even know. Perhaps it’s something that keeps me humming along.

Today’s thought, after a sleep ended by a dream I’d been thoroughly roughed-up by the security staff at some conference I was attending. It wasn’t something that was terribly of interest to me, but I was there for someone else. (Perhaps this was triggered by my wife mentioning something she wanted to see that’s not of particular interest to me

And delete speculation on the cause of the dream.

On the bright side, however, the compulsions for risk have really dropped off since I spoke to her.

I need to listen to the book she recommended.

And maybe write in May instead of the month leading up to my birthday this year, separate things by six months.

My inclination towards the end of last summer’s writing period was to just not do it again.

But the urge is there, and it’s probably better for me than worrying about where I can find something dangerous to do.

When I say, “dangerous,” it’s rarely something that’s potentially fatal, but just reckless. Where can I find some raw oysters to eat? No, I don’t want to put in my seatbelt in the back of this car.

But odd times, to say the least. My scarred brain is calming down some, thankfully. We shall see. And maybe I express my compulsion in May, instead of July and August.

Presidents’ Day Weekend

I’ve been kind of productive this weekend.

I was going to complain about being exhausted, but I’m actually really not. Do I like the roll in every day? Not in the least. Is it really kicking my ass yet? No, not so much.

The urge to find some place new to stay, however, is much stronger than it was even last weekend. I want to be closer to the city and work. This needs to happen sooner, rather than later.

We can do this; just need to refocus on what’s available.

So that’s the goal in the next couple of months. Hopefully my employer will be willing to work with me on things.

Get off the stage, sweetheart

Headline reference. Reactions to this week’s nonsense with Virginia.

My former Representative, and Virginia’s two senators, called for that yesterday.

.I disagree. Ralphie is a horrible governor, and politician, that’s to be sure. There’s a reason why more than once I set out specifically to vote for his opponents, and against him in Norfolk Democrat primaries. (Norfolk has been a single-party city since the Northern occupiers left in the 1870s.) I do admit that that was more about his undergraduate stint at a state-funded military academy that didn’t admit women until twenty years after the Federal service academies. I also, professionally, cannot name a single Keydet I’ve worked with whose presence didn’t actually detract from the mission at hand….

But, no, I don’t think Ralphie is racist. I think he’s a typical well-to-do Virginia Democrat. Until very recently, proper admiration of the racist party overlords was required to advance.

You can’t just erase that history.

The statues the racists in Charlottesville were concerned about — those were erected by Virginia Democrats.

I almost said I can’t believe that there’s efforts to pretend otherwise. No, it makes complete sense. Erase the past completely, and maybe people won’t point fingers. Nope. Didn’t happen. There’s no record of it.

And even if there was a record of it, all of those racist Democrats, like Fritz Hollings from South Carolina, all became Republicans, right? Erected the Confederate flag over the South Carolina statehouse, went to the Senate, and switched parties.

Oh he didn’t switch parties? My mistake.

But parts of the party’s history, and personal histories of adults involved in it don’t disappear dow the Memory Hole, by just pretending that it never happened because it makes your party look bad.

(Yes, I have a legitimate excuse for whatever I did in 1984; I was a very young child.)

Six

This talk wasn’t any better than the sixth.

I understand the idea of encrypting all traffic, but it relies on two assumptions:

  1. All traffic needs to be private, and;
  2. End-user connectivity is every-expanding.

Let’s look at those assumptions one-by-one.

What’s the problem if I fetch Facebook’s favicon.ico? Why does that need to be private? There’s lots of things that people do online that aren’t the least bit objectionable. Does it matter to anyone that I ordered Pizza Hut for dinner last night? Whatever. I brushed my teeth twice yesterday, too, and used different brands of toothpaste. (The tube I took to Shmoocon was still in the suitcase, so I used the other one in the bathroom.)

Perhaps if I was looking at some nice, wholesome porn, I wouldn’t want people to know about it, but for the vast majority of my Internet use, I really couldn’t care less who could see. That that favicon.ico gets fetched multiple times per day by multiple people on my network is not a problem. Maybe there should be a way to cache that common content, so it doesn’t have to be fetched from the source every time. Like a shared cache? Squid, perhaps? Oh, but that doesn’t work when all content is encrypted. My professional experience shows that there’s many times when bandwidth availability does not increase, which brings me to point two.

There’s lots of instances where, despite your cable company bumping your cable modem speed, significantly that bandwidth has not increased.

In one of my not-too-distant past projects, we had remote sites connected by a 9600bps satellite connections. Much of the bandwidth available on these fifteen-minute-per-hour connections was spent just sending and receiving SMTP traffic How much less traffic would have been exchanged with the encryption overhead? Yes, maybe, there’s faster methods of communication available that would enable encrypted communications, but there’s also contracts in place binding payment of the slow services for years to come. Even on the ground, there’s contracts with telcos that can’t be broken, even in light of faster options. So maybe having cashe-friendly web content, and unencrypted email makes sense there? Maybe?

The EFF, and the blind promotion of arcane “net neutrality” rules don’t take any of that into consideration; they assume everyone is using a fast cable modem, or US-based cell network. No, there’s tons of people who aren’t.

So the solution is to hand the decision-making process over to an unelected group of bureaucrats relying on technology from the middle of last century?

GMAFB.

But, then, I guess I’m just not woke enough to know that I’m paying less for my mobile phone with far better data than I was before NN was repealed. Sorry ’bout that. I suppose, also, that the places with defined contracts also got faster with the FCC controlling things. Oh, they did. Totally. Those 9600bsp connections are now 10M full-duplex. Guess I missed that.

Five

I went in to this one with a fair amount of skepticism. My worries were more than verified.

IPv6 isn’t insecure because you don’t understand it, and your antiquated tools don’t work with it.

ZOMG, there’s a separate deprecated Linux firewall tool for dealing with IPv6!!1!

So write rulesets that deal with that difference.

WTF, my segment scanning tools don’t work the same way they do with the one-true-IP ™.

The v4 network stack was introduced in the Nixon Administration. My parents, half of whom are now dead, weren’t even married.

YHGTBFKM; you can alias almost any address.

Really.

One of the guys actually tried articulating that PAT (probably not NAT, guy. Maybe if you’d paid any attention in your networking classes, you’d know that).

What PAT does do is allow you to effectively wall-off your enclave to “protect” the assets inside it. You can do the same thing with a v6 netblock, too. One of the things I frequently listen to is very concerned about the “5G revolution,” and how it might allow the Chinese to control everything inside the US. Um, no. Any network security guy who’s paying attention can block things going out just as easily as he blocks things coming in.

I guess my message is: learn how to track things other than IPv4, and write your filtering rules on traffic both ways.

Four

So, Sunday’s talks.

First up was this one.

The concept is good, I suppose. The discussion of how to do something like this, dealing with manufacturers, VCs, etc..

During the talk, however, all I could think about is whether you needed to write in LISP to get funded by Y-Combinator.

After thinking about it more, however, I have to wonder how long this will be viable. Yes, it’s a good solution right now, but what about two years from now? Will this USB device be at all useful in the future. (Snark: Maybe there’s something I can look up with my CueCat to determine…)

All that said, it certainly has potential to be more secure, and useful than, say, an RSA token.

Interesting talk, though.

Three

This was perhaps the most thought-provoking talk I’ve seen so far.

That said, it wasn’t probably because of the reasons the presenters wanted.

A family member is a data scientist. He and I have had discussions about using data in the decision-making process.

Yes, this presentation presented a ton of data. That said, in my opinion, however, little of the data they collected really matters for either decision-making, or product quality.

The third speaker was from a well-known group that uses data to drive its recommendations. Much like this unnamed organizations automobile and computer recommendations, I don’t place a lot of weight in those recommendations.

In a lot of circumstances, even with all the collected data, the recommendations are really just personal preference.

I’ve run into that, too, with some of my professional experiences. A recommendation was preferred, and it was my job to doctor things so the pre-determined winner actually won.

A former customer, specifically a former GS-14, didn’t like that sort of engineering.

Perhaps I’ll find something more compelling to write about this, but things aren’t really coming together at this point. My head is swimming from all the talks today.

Two

Watched this one.

Overall, a good speech, and I swung around to speak to the speaker afterwards to see if she might know someone looking for a quick govvie hire. (I am Schedule A Disabled, Purportedly, that’s a good way to find a Federal job. Given that I’ve been looking for something like four years now, I’m not sure about that.)

She ran through a lot of the numbers about InfoSec job prospects. She did touch on the thing that I’m seeing far too often, people with store-bought degrees or “certifications,” who can’t do much of anything other than play Minesweeper. Memorizing things, then taking a purely multi-choice test says nothing about your ability to figure out how to deal with something that isn’t a lab example.

She did change my mind, a bit, on certifications that check up on current knowledge.

I can’t say, though, that the CompTIA family does that. Every time I study to win their latest Minesweeper release, I have to unlearn so many things just to pass the damned test.