I have been following the following plan to read through the Old Testament once every year and the New Testament 5 times each year. I’ve been following this plan over the past 12 years or so and it has served me well as it tends to keep in sync OT and NT readings where appropriate. It was taken from Matthew McMahon’s, “A Puritans Mind” website, so all the credit goes to him. I think this format will serve readers better as the one in its current form is someone cumbersome due to each months readings being broken down in to different web pages.
Continue readingBuying Ammo Online
Since firearms sales have been skyrocketing since March 2020 due to the Rona and riots in some of the US larger Democrat controlled cities, I routinely hear, “Where can I get Ammo online? The local gun shopshave been cleaned out?” A perfectly legitimate concern as a firearm isn’t going to do you much good if you don’t have either any ammo or enough to fight off 25 Antifa thugs surrounding your house.
So here’s a list of places I’ve bought from online that I haven’t had any issues with.
https://www.freedommunitions.com/
Pushing The Antithesis – Part 6 – Worldviews in Collision
In the sixth chapter the focus is on the practical antithesis between the worldviews discussed up to this point. As was the case in previous posts, I’m going to be documenting notes from the chapter that I think are worthy of attention.
Presuppositional Apologetics requires that you recognize the antithesis (there’s that word again, make note of it) between Christianity and all variations of the non-Christian worldview, whether religious or secular.
Faith is the the necessary framework for rationality and understanding.
Unresolvable conflicts exist between the two outlooks on:
Redemptive Historic Examples
- Adam in Eden – After our first parents sin, the antithesis began
- Cain & Abel
- Days of Noah
- The Exodus from Egypt
- Satan vs. Christ & Christians
Hell is the final and eternal antithesis.
The unbeliever must be made to realize the stark difference between his worldview and the Christian faith so that he can be made to see the utter meaningless in his own outlook.
Recommended Reading
Van Til’s Apologetic
Apologetics in Practice
https://www.cmfnow.com/articles/pa103.htm
Christianity and the birth of Science
http://www.ldolphin.org/bumbulis/
Does God Love the Sinner and Hate Only His Sin
https://www.the-highway.com/lovesinner_Gerstner.html
What’s In a Name?
https://creation.com/whats-in-a-name
Birth and Death of an Atheist
http://faithandreasonforum.com/index.asp?PageID=37&ArticleID=179
The Biblical Doctrine of Hell Examined
http://www.reformedonline.com/uploads/1/5/0/3/15030584/the_biblical_doctrine_of_hell_examined.pdf
Pushing The Antithesis – Part 5 – Alternative Worldviews
The fifth chapter of the book focuses on comparing and contrasting various worldviews outside of the Biblical worldview of Scripture. The purpose for doing this is to demonstrate different characteristics that some of the more popular worldviews hold to and how they contrast to the Christian one.
There are two central tenets that are the focus of this chapter:
- Examples of several worldview options.
- The presuppositional cores sustaining those worldviews
Particular Worldviews
Hinduism
The author expounds that Hinduism is a family of merged religions arising out of a thoroughly pagan backdrop. One source describes Hinduism as, “Scholars regard Hinduism as a fusion or synthesis of various Indian cultures and traditions, with diverse roots and no founder.” Another key attribute of this worldview is the belief in millions of deities that are typically derived from objects found in nature. Hinduism aligns well with the New Age movement and mysticism and views all reality as relative since Hinduism believes that reality is an illusion.
Behaviorism
Behaviorism is school of psychological thought developed by B.F. Skinner. The key concept in this school of thought that all human behavior can be attributed to the concept of “operant conditioning”. This basically says that human behavior is the result of of response to pure environmental factors such as our experiences and our senses. The material world is the ultimate endgame and all our motivations revolve around getting the most fulfillment from the material world. Since man is simply the result of his conditioned environment, there is no responsibility for actions taken since there is no moral code attached to this system of thought.
Marxism
The next world view is the infamous worldview of Marxism. Marxism is an atheistic, socio-political belief system that teaches the material world is the ultimate reality and that religion is an illusion. The author quotes the American Heritage Dictionary’s definition of dialectical materialism on which Marxism is based as,
“The Marxian interpretation of reality that views matter as the sole subject of change and all change as the product of a constant conflict between opposites arising from the internal contradictions inherent in all events, ideas, and movements.”
Adam Schaff summarizes the maxim of Marxism as, “Mans is a product of society…it is society that makes him what he is.”
Existentialism
The last worldview system that the author examines in this chapter is existentialism. Existentialism is concerned above all else with freedom and self-expression. This system essentially boils down to feeling over thought, experience over logic, and the like. The author leaves some valuable quotes:
- “To kill God is to become god oneself: it is to realize on this earth the eternal life of which the gospel speaks.” –Albert Camus
- “If God exists man cannot be free. But man is free, therefore God cannot exist. Since God does not exist all things are morally permissible.” –Jean Paul-Satre
The author is trying to get the Christian apologist to think through the foundational beliefs of these various systems to understand how they oppose Christianity and how they are internally inconsistent.
Recommended Reading
Bahnsen, Greg, “Prolegomena To Apologetics“, https://www.cmfnow.com/articles/PA002.htm
Ravi, N.S.R.K, “Hinduism“, https://www.namb.net/apologetics-blog/hinduism/
Cultivating Infosec Knowledge
I often get asked through both work and social media channels how and where do I obtain all of the Information Security knowledge that I routinely share. So I though I would share my own personal workflow for how I cultivate Infosec knowledge and others can use what I’ll describe in this blog post as a framework to build their own. I should point out that my workflow is dependent upon using a Linux distro that supports specific packages such as Weechat. If you are primarily a Windows user, you may need to make some adjustments
I often get asked through both work and social media channels how and where do I obtain all of the Information Security knowledge that I routinely share. So I though I would share my own personal workflow for how I cultivate Infosec knowledge and others can use what I’ll describe in this blog post as a framework to build their own. I should point out that my workflow is dependent upon using a Linux distro that supports specific packages such as Weechat. If you are primarily a Windows user, you may need to make some adjustments such as start using Ubuntu.
Step 1: Twitter
By far the best source for cultivating knowledge is Twitter. First there are tons of Information Security professionals from pretty much every domain of knowledge within Infosec. This involves of course obtaining an account(make sure you leverage 2FA) and following users who specialize in the area that your interested in. Another great feature are ‘Lists’. These are groups of Twitter users for a specific area. This one is a good start: https://twitter.com/DanielMiessler/lists/infosec. So got get yourself an account if don’t have one and start searching using hashtags such as #cybersecurity or #infosec.
Step 2: IRC Client That Logs Locally
You may be asking what is IRC and why do I need an IRC client to cultivate Infosec knowledge? This will become obvious as this post progresses, but IRC was an Internet standard draft created 20+ years ago to create a real-time chat network. The reason you want a modern IRC client that supports logging locally is that there is an IRC gateway called Bitlbee that enables you to integrate with Twitter and the like into the IRC client, which enables you to log all of that content for later reference and searching.
I personally use Weechat due to all of the plugins available for it and being able to leave it running 24X7 in a Tmux session. Think of Tmux as a means of running persistent terminal sessions.
Step 3: Bitlbee
As mentioned earlier Bitlbee is an IRC gateway that acts as a relay between your IRC client and the platforms it supports such as Twitter and Facebook. For my purposes the Twitter integration is key, because it basically turns your IRC client into a Twitter client and most importantly your Twitter timeline is logged locally as long as you have it running. This is where Tmux comes in so even if you log out your sessions are still running. This becomes advantageous when you want to pull out a bunch of links or content, all you have to do is grep through your Bitlbee Twitter logs.
Step 4: Slack & WeeSlack
Slack is a modern attempt to displace IRC utilizing web based API’s and pretty looking integrations such as emoji’s and integrations with a large number of automation technologies such as Splunk and devops apps. There is one Slack channel that has LOTS of Infosec peeps on it and it’s called Brakesec and is run by Bryan Brake. Follow him and send him a Tweet asking for access.
I use a very cool Weechat plugin called, WeeSlack that integrates with WeeChat and gives you the same great benefits that Bitlbee does with Twitter. WeeChat is turned into a full blown Slack client with logging.
Conclusion
With this setup I have a perpetual feedback loop that stores everything locally for referencing when ever you need to and with the content in plain text files you can query and extract it however you want.
Training An Autistic Child In The Way They Should Go
Proverbs 22:6: Train up a child in the way he should go: and when he is old, he will not depart from it.
Our youngest son was diagnosed on the Autism spectrum when he was 3 years old. There were various signs leading up to this that were giving myself and my wife concern that something was not on the same development path as our older son was on. First there was the delayed reaction to physical stimuli; he would get his finger pinched and wouldn’t react to it until a good 30 seconds later. His speech was severely delayed when compared to his brother and the “normal” developmental cycle. Then there was the traditional patterns associated with children on the spectrum; for him it was stacking objects in perfect symmetrical patterns. When we finally had him diagnosed by a professional, he was diagnosed as PDD-NOS – Pervasive Developmental Disorder – Not Otherwise Specified. This is basically a category that doesn’t fit into any of the other autistic classifications.
The focus of this blog is specifically around raising a child on the autism spectrum in relation to the Reformed Christian faith; for us it would specifically the Reformed Presbyterian faith. The reason for calling this out is that there are some specific distinctions around the faith that determined how we ended up training our son in the faith. In traditional Protestant Christian worship, young children are typically kept in a nursery or children’s Sunday school class that is kept segregated from the adult worship. With Reformed Presbyterian worship this is not the case typically; the model of worship is that the whole family is part of the same worship service as we do not believe there is a biblical warrant for separating children into their own form of worship. This presents a challenge for any parent with young children be trained in this model, but more so for autistic children.
The key to having success with this is consistency and getting the child into the habit of following an orderly pattern. Patterns are vitally important for those on the spectrum as they use these patterns to build dependable working models in their heads giving the chaos that their brains are constantly being flooded with. For us the first few months were a challenge, but after that the pattern or habit was established and our son became perfectly content going through all of the elements of the worship service. Not to say there were not challenges at times, there were and will always be in one way or the other, but the once you get the habit formed and *remain* consistent your well on your way.
The journey doesn’t stop there though as the next step is educating the child in the core tenants of the faith. Since our son has always struggled with language and speech this presented a unique set of challenges around his Christian education. We had to start off very basic as to who God was and who Jesus was, what the Gospel is, what Sin is, etc. What was most interesting at least in our case was that our son understood a lot more than what he was able to communicate at the time. One time I asked him, “What happens when you die?”, to which he responded, “We go to Heaven if we love Jesus.”.
One of the long held practices of Reformed Presbyterians for teaching the doctrines of the faith is through catechisms, which is simply teaching through question and answer format. The core documents that encompass this came out of the Protestant Reformation in the form of the Westminster Standards, which include the Shorter & Larger catechisms. Even focusing on the shorter catechism for our son would not be sustainable, because though it takes in form a less detailed approach in content than the larger catechism, it’s still pretty much non-viable for a child with language challenges. This is when I ran across what would turn out to be a huge blessing called, “Special Catechisms for Special Kids: Teaching Autistic Children About God“. In this work the author condenses the language used in the Westminster Shorter Catechism into a language that is more suited for children on the spectrum. So I ordered the book and spent every night with our son doing a page of question and answer on the various core doctrines of the Reformed Christian faith when he was around 5.
It’s now 9 years later and what is the result of those labors? This Sunday (Lord’s Day) our son became a communicant member of the PCA church we attend. To be honest I wasn’t sure this day would ever come let alone when he was 14 given all of the challenges he has faced. Another key factor in this success was the support of our church session, which is comprised of the Pastor (Teaching Elder) and one or more ruling elders. Their support is key as they need to make the decision around setting the minimal requirements around granting communicant membership to anyone who wants to become a member of the church.
My motivation for writing this was to share the process for other parents that have children on the spectrum that there is hope and that if you are faithful to leverage resources that are available to you to train your child through non-conventional means that can give them a successful framework for growing up in the fear and admonition of the Lord. It was also intended to help the Reformed Churches address the ever increasing number of children diagnosed with Autism.
Sola Dei Gloria
The Necessity of Security Standards
Having been working in the Information Security industry for almost two decades, I’ve seen what has and has not worked well for organizations approach to Security. One of the biggest pitfalls I’ve seen is a type of insanity in repeating the same mantras over and over again to supporting groups and stakeholders and then wondering why this incessant repetition keeps returning full circle. Guidance that is provided tends to be slightly different each iteration enough to make each case sound like it’s unique, but it isn’t.
One project manager approaches someone on the security team and asks, “Hey, our vendor says they can only support DES encryption, is that OK?” Few hours later another PM from a different project approaches a different security team member and asks, “What encryption algorithms does our vendor need to use?” To which the security analyst replies, “We cannot use anything weaker than AES-128.” In this short, but all too common scenario we have two distinct answers to the same question one of which could have serious repercussions in that DES has been broken since 1976!
This is where the need for adopting organizationally sanctioned security standards come into play. The the earlier could have been solved by having an established Cryptography standard that would mandate the approved encryption algorithms to be used in the organization. Thus, when Larry the project manager swings by the Information Security area to ask what are acceptable encryption algorithms you just point them to the Cryptography security standard that documents those requirements. When Joe the other project manager stops by asking the same question for a different project the same guidance is given and then you have a consistent standard from which the entire organization works from.
Over the years I’ve found that there is a minimal list of security domains that you should have security standards for to formalize security standards across the organization:
- Access Control
- Asset Inventory
- Authentication
- Cryptography
- Certificate Management
- Data Protection
- Incident Management
- Logging
- Malicious Software
- Monitoring
- Network
- Operating System – You should have a standard for each OS deployed.
- Remote Access
- Virtualization
- Vulnerability Management
Your mileage will vary depending upon the organization your working for and how they are leveraging the security domains outlined, but the important first step is getting them drafted and ensuring senior management supports not only their content, but their enforcement across the organization or they will end up becoming suggestions instead of requirements. Security standards are just one component of the overall Information Security ecosystem; you still need to have security policies to drive them and security architectures to ensure they are being adhered to.
Arminianism & Church Revitalization
Ed Stetzer has a new blog entry in which he describes the five necessary characteristics that are needed to be an effective church revitalizer. Now on the surface there doesn’t seem to be anything wrong with the characteristics that he lays out in his article. The big question I have is: Why is church revitalization even necessary?
The main theme in this article if you read it is the church should be treated the same way you treat a fortune 500 business that is losing its edge. You need to focus on leadership, organizational ability, and relational patience to name a few that he mentions.
He states, “At one church I served at, the leadership team had been elected to their positions and many were business leaders.”
So the first question I’m going to raise is: Is such a position warranted in Scripture? To answer this question we goto the Scripture
itself and the well known, ‘Great Commission’ verse in Matthew 28:16-20 [KJV]:
“Then the eleven disciples went away into Galilee, into a mountain where Jesus had appointed them. And when they saw him, they worshipped him: but some doubted.
And Jesus came and spake unto them, saying, All power is given unto me in heaven and in earth. Go ye therefore, and teach all nations, baptizing them in the name of the Father, and of the Son, and of the Holy Ghost:
Teaching them to observe all things whatsoever I have commanded you: and, lo, I am with you alway, even unto the end of the world. Amen.”
So we can see from this section of Scripture that the role of the Church is to teach the nations, baptize them in the name of the Trinity, and ensuring the observance of said teaching and all of Christ’s teaching. What you see is Stetzer’s Arminianism coming out that silently asserts that Scripture and God’s providence and grace is not enough and that in order for the Church to be successful man’s ingenuity and efforts are needed to ensure that the church continues to be revitalized and not to grow stagnant.
When most Christians think of Arminianism they usually think of it just in terms of of the doctrines of grace and not in terms of how you define what the Church is and what it’s role is within the bounds of Scripture. Like Calvinism it permeates all facets of the Christian life, so if the root is corrupt, so will its branches be.
Stop Referrering to TLS as SSL!
Having worked in the Information Security field for close to 20 years now, one of my biggest pet peeves is when Security professionals use technical terms that no longer comport to current realities. So as a word of warning this blog post is going to be a rant.
It is first important to understand some basic history around the progression of the protocol from SSL to TLS. As is the case with most security protocols each new version is created to address security defects in the previous version.
SSL/TLS Implementation Timeline – SSL First Introducted in 1993-1994 by Netscape – SSL 1.0 was never released due to serious security flaws – SSL 2.0 released in 1995 to address the security flaws found in SSL 1.0 – SSL 3.0 released in 1996 as a pretty much rewrite of the protocol to address defects found in SSL 2.0 – TLS 1.0 released in 1999 to address some “minor” issues identified in SSL 3.0 – TLS 1.1 released in 2006 to provide additional security enhancements – TLS 1.2 released in 2008 to provide enhancements around SHA-256 along with support of additional authenticated encryption ciphers.
SSL/TLS Vulnerability Timeline – 2011 – SSL 3.0 and TLS 1.0 found to be vulnerable to BEAST attack – 2014 – SSL 3.0 found to be vulnerable to the POODLE attack
As can be deduced from the above timelines, no one should be using “SSL” as defined in the RFC’s since 1999, but absolutly not since 2011 due to BEAST. Information Security professionals certainly should not be referring to TLS as SSL as I’ve observed time and time again over the last decade.
What is the big deal you may ask? Certainly everyone knows what you are talking about when you tell a client or a customer, “Just secure the HR website with SSL and you’ll be fine.”. Your client or customer then does a proverbial Google search and they find that anyone securing their site with SSL is without doubt a psychotic. They then call you and ask you why you would configure their highly sensitive HR website with a protocol that has been exploitable for the past 7+ years. To which you respond, “Oh no, we would never configure your site with SSL as the security best practice is to only enable it with TLS 1.1 or above.”.
You have know learned why terminology that reflects actual reality matters.
References
Cybersecurity Podcasts
I was recently asked to give recommendations for Cybersecurity Podcasts to students in college that are majoring in Security. The usual problem with security podcasts (and podcasts in general) is that they frequently become static and in some cases a year or more goes by before they are updated.
There are actually a large number more of Cybersecurity related podcasts than what I have listed here, but these should keep your mind update enough without getting overloaded.
Here are some of the main ones that I know that are kept up to date.