Of Spiders and Sin

What follows is the definitive telling of my story about the Australian redback spider and its pedagogical employment in a theological context. This is a tale I have told many times in the company of friends but it has never been recorded for posterity, until now. I have included some notes below the story that might be of interest and will add more later as they occur to me.
.
The phrase ‘liberal Baptist church’ might sound like an oxymoron, but I grew up in Coventry, England, and the theology of some English Baptists is quite liberal. Indeed, I was raised by a congregation of souls so liberal that I became a Sunday school teacher even though I had never been baptized and had not yet – nor have I since – accepted Jesus Christ as my Lord and Savior. Back then, as the sixties were turning into the seventies, Sunday school was more about the geography of poverty, feeding the hungry, and boycotting companies that did business with the white regime in South Africa.

The person who leads the services in an English Baptist church is referred to as the minister, although said person might be addressed as Reverend. From time to time, our regular Reverend went on holiday and Sunday services were conducted by guest ministers, which is how I first encountered the redback spider.

The guest minister that Sunday was from the continent that is the home of said spider, Australia. The deacons who arranged his visit were apparently unaware that some Australian Baptists were much closer in spirit to their evangelical cousins in the southern states of America, and their manner of sermonizing more that of preacher than minister. Such was the case with this unfortunate fellow, as his address to our Sunday school children would reveal, quite painfully as it turned out.

“Good morning children,” this preacher began, “I come from Australia, a place some people call ‘the land down under,’ and in that land we have some amazing creatures.”

His unfamiliar accent, and his dramatic emphasis on the last two words, definitely got the attention of his young audience, which ranged from about four to fourteen. The preacher continued, “One creature, the redback spider, is no bigger than the nail of my little finger, but his bite is deadly.”

To my English ears, this last word, which should have carried a lot of weight, sounded like ‘diddly’ which may explain how this children’s sermon went astray.

He continued, “Although he is so small, just one bite from this little fellah can kill you … dramatic pause … dead.”

Again, the ‘dead’ sounded like ‘did’ to me but the preacher’s delivery left no doubt that death was what this small but fearsome creature delivered. One bite could end your life. I could see some of the younger children sitting up a little straighter, eager for whatever came next.

“Now then children, what does this remind us of?”

The preacher paused for an answer. Scanned the young faces. Nothing.

“Just one bite and you’re dead. What does this remind us of?”

More silence.

“Sin!” he proclaimed, apparently failing to detect in the faces before him the signs of confusion that this word caused.

The preacher took a deep breath and forged ahead, asking a question he assumed would solve the riddle: “How many sins does it take to keep you out of heaven?”

More silence with just a hint of embarrassed shuffling from the adults in the congregation. The preacher was undeterred.

“Come on children,” he continued, as though this was the first thing you learned in Sunday school, “How many sins does it take to keep you out of heaven? Is it two? Five? Ten? A hundred?”

The sequence of numbers was enunciated with what sounded to me like a mild but mounting sense of despair. It was at this point that young Mark Jacobs from my class shot up his hand. No more than seven years old, Mark was a bit of a handful, but very quick on the uptake. I could tell he was sure he had this one figured out.

“Yes!” exclaimed the preacher, extending his palms towards Mark, who loudly delivered his answer, a logical deduction from the clues provided, but also – I like to think – a reflection of the spirit of the church in which he was being raised:

“Infinity!”

My heart went out to the preacher as he stood there and said about all he could say at that point: “No. It’s one. Just one sin can keep you out of heaven. Now let us sing hymn number 127: “All Things Bright and Beautiful."

Notes:

1. The chorus of that hymn, written by Cecil Francis Alexander in 1848, goes like this:

All things bright and beautiful,
All creatures great and small,
All things wise and wonderful:
The Lord God made them all.

I have no idea if Alexander had the redback spider in mind when she penned line two.

2. Very few renditions of this hymn today include the third verse of the original, which goes like this:

The rich man in his castle,
The poor man at his gate,
God made them, high or lowly,
And ordered their estate.

In fact, several members of our congregation refused to sing the hymn at all, owing to the fact that its author held views so opposed to their own.

3. The English Baptists believe in adult baptism, a belief I greatly respect because it holds that nobody should take this step in life unless they make an informed decision to do so. I was never pressured to make this choice, again something I greatly respect. I remain unbaptized, but always welcome at that church.

4. Many years later I encountered redback spiders in Alice Springs, Australia. They were pointed out by the very gifted engineer who worked on my wife's off-road racing vehicle, in a dark corner of his garage. He had recently been bitten by one, causing a very nasty injury, but fortunately he survived.

5. My wife was living in Alice Springs at the time because she was in charge of network security at a place called JDFPG for Joint Defense Facility Pine Gap, which is probably one of the largest computing facilities in the Southern Hemisphere.

6. JDFPG has a rugby team called the Redbacks with an awesome emblem. I know because one of their shirts is a prized possession of mine.

7. Theologically speaking one can argue that both Mark and the preacher were correct. Hard line protestant thinking on sins is that just one is enough to keep you out of heaven -- and thus send you to hell when you die -- unless you accept Jesus Christ as your savior and are baptized, in which case your sins are washed away. Technically, if you committed an infinite number of sins, you could still get into heaven because God's forgiveness is infinite.

 
.

Fighting malware, cybercrime, and hemochromatosis = I've been busy

I enjoy reading a wide range of blogs. Recently, I was shocked to visit one of my own blogs -- this one -- and see that I had not posted anything since February. Surely I had written more than that? In fact, I have been doing a lot of writing, but on other blogs. So I decided to post a roundup of recent writings and presentations, for my own edification, and to show that I have not been slacking. Enjoy!

Living Security


A lot of my writing these days appears on We Live Security, the website that grew out of the Threat Blog at blog.eset.com. Here are some highlights:

Being Security


I have also been writing some posts about security and privacy on my first blog, Scobbs Blogspot. The idea is to put security pieces there when they are not a good fit for We Live Security, for example, a strong personal opinion, or a speculative piece. (In general, I want to keep this blog here, Cobbsblog, for non-security stuff.) Recent posts on Scobbs Blogspot include:

Security Slides and Webinars and Podcasts


You can find some of the slides from my security presentations at SlideShare under the zcobb account. These include slides that ESET graciously makes available for anyone who is working to increase security awareness in their organization. Here is a recent example from a webinar on cybercrime:



Some of my security education presentations are done as webinars and you can find these in the ESET channel on a service called BrightTalk. The channel requires a one-time registration process but is free and there are dozens of recorded webinars available from myself and my colleagues.

I have also recorded a lot of podcasts on security and privacy. These are available on this page but they are not marked as to author. All of the podcasts are worth a listen and feature my fellow researchers at ESET.

Earlier this year I answered several questions for a reporter while visiting the Latin America headquarters of ESET. Topics covered in the resulting video include the effects of Snowden's revelations about the NSA, the relationship between privacy and security, and social media issues for young people. Spanish subtitles are provided.



Fighting Hemochromatosis


My writings on hemochromatosis started here on this blog in 2008, with "dsgds". Then, in 2010, I created CelticCurse.org and post there when I have something substantial. Here are some recent posts.

In addition to Celtic Curse, I created another channel of communication about hemochromatosis, the Hemochromatosis page on Facebook. This has reached over 100,000 people so far this year and led to the publication of the first ever "Hemo Doc Stars" list of recommended hemochromatosis doctors from around the world.

So, the next time I am wondering to myself "what have I accomplished this year?" I can look at this page and refresh my memory. And the above is not everything. I also got accepted into a postgraduate degree program in security and risk management in the Criminology Department of the University of Leicester, in England. I hope to have time to share some instructive tales of distance learning here as the program progresses.

Alpha woman and the days of sail

Chey at the helm of Alpha, a Bristol Pilot Cutter built 110 years ago.
Although we live just 5 blocks from the Star of India and other fine sailing vessels in San Diego Bay, we do not get out on the water much because of Chey's health. However, 20 years ago Chey was an active sailor, studying for her Yachtmaster on the Isle of Wight and sailing historic wooden sailing ships around Scotland.

Chey's favorite was Alpha, a 52 foot Bristol Pilot Cutter. On one trip she sailed Alpha from Scotland to Portugal and back, straight up through the North Atlantic and around the western side of Ireland. Bear in mind that pilot cutters were the "built for speed" boats of their day, sleak, stripped of deck rails and any other impediments to pace. Why? Because pilots made their money guiding large cargo ships through coastal waters and into port. The pilot who was first to reach an incoming ship got the job!

How to find $168 billion in annual spending cuts while saving the world

Allow me to explain where the U.S. federal government can find $168 billion. That could be a $168 billion cut in annual spending from the current budget, or $168 billion of spending shifted to more worthwhile endeavors. It could even end world hunger while giving us all tax rebates.

Lately, I've been looking at a lot of numbers related to safety and security, like how much money we spend on fighting wars and cyber crime, how many people die from different causes, and so on. I was inspired to research such things by a comment made to the press by my friend and boss, Andrew Lee, CEO of ESET North America, who was asked what he thought of General Keith Alexander's keynote at Blackhat last year. (The General spoke about mass surveillance by the National Security Agency (NSA) as revealed by former federal contractor Edward Snowden.) Andrew said that we should be asking ourselves if the levels of surveillance now being revealed constitute a proportionate response.

Personally, and I stress that this is my personal opinion, I think that the $50 billion my country spends annually on spying is way too much (BTW, for new readers, "my country" = the United States of America, the country of which I have been a citizen for more than 30 years).

To put that $50 billion spend on spying in perspective, it dwarfs the total spend on life-saving health research by the federal government is $30 billion (that's funding for over 300,000 researchers at more than 2,500 institutions). I'm pretty sure that $50 billion is about the same as the operating expenses of Google and Microsoft combined. Aside from the sheer amount, the challenge of oversight and efficiency across multiple agencies is huge, leading to some terrible decision-making, as revealed by some of the Snowden papers.

But let's leave the spy budget aside and consider what we spend to defend our country. Suppose we were to decide that the appropriate annual budget for defending America is twice the total annual military spend of our two closest rivals, China and Russia. Those two countries spend $166 billion and $90 billion respectively, or $256 billion combined; double that is $512 billion, which is $168 billion less than the $680 billion that the U.S. spends.

military-spendingSurely we can adequately defend America by allocating twice what China and Russia spend combined. Still nervous? Want a comfort zone greater than 2X?

Consider the $272 billion annual military spending by our six strongest allies (UK, Japan, France, Germany, Australia, Canada). Figures are from SIPRI Yearbook 2013.

Want more perspective? With our $168 billion savings we could drastically reduce the deficit, lower taxes, and still have enough left over to END WORLD HUNGER (estimated cost of that is $30 billion).

So, let's recap, the Cobb budget plan for America would:

  • Spend more on defense than China and Russia combined

  • End world hunger

  • Reduce the deficit

  • Enable lower tax rates


What's not to love about that?

Happy Blogging New Year 2014!

Happy New Year! While it took me a few days to get around to this, I did want to mark the beginning of the new year with at least one blog post here on Cobbsblog. In fact, I have been doing quite a bit of blogging around the turn of the year.

Over on WeLiveSecurity.com I was privielged to present some of the 2014 security predictions from my fellow researchers at ESET. My colleagues in Latin America shone again this year, producing a 30+ page review of malware trends and predictions.

That report very rightly fingered privacy as a hot topic for 2014 and I am heading for Washington, D.C. in a few weeks to be on a panel about data privacy at a Data Privacy Day event at the Pew Charitable Trusts (January 28 is Data Privacy Day).

Predictions are one thing, but what practical good are they? What advice can they generate for IT security managers? I will try to answer that question in a free webinar happening January 15 on ESET's Brighttalk channel.

I made some information security predictions of my own, over on my security blog: scobb's information security blog. That blog was in fact my first, and lately I have been reviving it. My idea for 2014 is to use Cobbsblog for more personal posts, and put my security related posts on scobb's. Of course, in 2014 I will be writing about security on WeLiveSecurity.com as well, but sometimes I have things to say on the topic that don't quite fit there.

And sometimes my thoughts will migrate to other blogs. For example, Graham Cluley liked my prediction about the persistent misrepresentation of antivirus software, and reprinted it (with my permission) on his very information blog.

I wish you a safe and happy 2014 and pledge to do my best to provide you with informative and thought-provoking content all year long.

Bands to watch in 2014: NO doubt about NO

Warning! The link I am about to lay on you starts to autoplay some great music. It's by a band out of Los Angeles called NO and I think they are very good. Of course, this is an old guy talking, but an old guy who had enough love of good music to spend four days in the cold and rain to catch artists like Santana, Led Zeppelin, Frank Zappa, Pink Floyd, Pentangle, and Fairport Convention at the Bath Festival in 1971.

That said, here is the link to NO. And here is a photo of the band I snapped as they were performing "There's a glow" on the rooftop of the Rio in Las Vegas last summer.


The significance of the setting, high above the Vegas strip, comes partly from the opening of the song that goes:
There's a glow up over the city the city.
There's a glow up over us all.
The other aspect of significance, apart from the amazing view and the electrified atmosphere of the up-close performance, is that the band is playing at a party thrown by my employer, ESET.

And I have to admit this was not my first time seeing the band live. They played an ESET party in 2012 as well. None of which would matter if the band was just okay. But in fact they are awesome when they play live, managing to create a huge sound without it becoming noise, and often generating powerful emotional tension by restraining that big sound until just the right moment.

In February of 2014 the band releases its first LP, with 7 new tracks on top of the 6 you can hear live on the website. Stay tuned to their site for fresh tour dates and try to catch them live. You won't be disappointed.

Free professional security advice for Palestinian hackers

First of all, welcome. I am glad you found this page. Please don't hack it.

Who am I? I am one of many people in the computer security world who have great sympathy for the Palestinian people. We agree with you that the Palestinian people deserve to live in peace. We let our politicians know what we think. We use social media to spread news and awareness of the injustices suffered by the Palestinian people at the hands of Western governments and their allies in the region.

As computer security professionals, we also work hard to protect the privacy and cybersecurity of hundreds millions of individuals around the world. Some of those people are Palestinians. For example, I work at ESET, a company which protects the computers and smartphones of many millions of people in more than 180 different countries. I'm guessing some of them are Palestinian sympathizers.

Recently, some of you have been busy redirecting website traffic AWAY from sites that many people, including some Palestinian sympathizers, rely on for help in protecting their privacy and their data, and TO a page that calls for Palestinian rights. I have to say, I don't think this strategy is helping you, or the Palestinian cause; it hurts law-abiding human beings who use computers and smartphones to make an honest living, to connect with their families, and in some cases, to campaign for peace and justice.

[Note: When I say sympathy with the plight of the Palestinian people, or sympathy with the Palestinian cause, I mean that I think the people of Palestine have been, and are being, treated inhumanely, and that they deserve a secure homeland in which they are free to enjoy the rights and liberties that Americans take for granted. I do not mean that violence against civilians in pursuit of political aspirations is justified: it is not, ever, no matter what side you are on. Yet complacency and apathy in the face of inhumanity and injustice are equally objectionable.]

So, what is my professional advice? Use your computer skills to advance the cause in ways that don't impact innocent digital bystanders. Let me give you an example. This website you are reading right now is hosted on a web server that was hacked a few months ago in the name of freedom for Palestinians. The same web server hosts information about a potentially fatal genetic condition that doctors often fail to diagnose. That website helps a lot of people but it went down because someone thought hacking it would help the Palestinian cause. Did it help? I don't see any evidence that it did. Several kind and generous people had to give up their time to fix the website. Some innocent people in need of helpful information could not get to that information for days.

kdms-palestineDid the hack provide any benefit to anyone? Not really. Security experts already know that websites can be hacked, and it is well known that the DNS servers which direct traffic to websites can be messed with. But the more protection that is applied to protect sites and infrastructure, the more expensive and cumbersome the Internet becomes. And I'm guessing you use the Internet for more things than hacking. How about use of the Internet to organize humanitarian aid for Palestine? How about use of the Internet to raise awareness of, and sympathy for, the Palestinian cause? Why not apply your skills and energy to those efforts? Help the people who are trying, or may be persuaded to try, to help you.

No quest for peace and freedom can prosper without a critical mass of support that comes from many quarters. Annoying people who might otherwise be persuaded to support you just seems counter-productive.

Respectfully...Stephen Cobb, CISSP

Thank you Layla, for all that you gave to us, 2004-2013


A photo snapped in August: Layla Cobb, 2004-2013


This is just a short note to all who knew and loved our Layla.
Earlier this week she ended her journey here in San Diego,
peacefully and with loving hands upon her.


Layla was not only a joy to us and those who met her, she was an enormous comfort to us through some very tough times. She steadfastly refused to leave Chey's side whenever Chey was feeling ill, and faithfully presented me with a retrieved object whenever I came through the front door.

Only recently did we discover that Layla had stoically endured many years of arthritis so severe that the vets, when they got the X-rays, said they were amazed that she was able to walk at all. But Layla has always soldiered on stoically, despite everything, from Florida to New York, and then the long journey out to San Diego. Living out here, Dog Beach became her favorite place. When she stopped wanting to go onto the beach we both knew that we would not have her much longer.

So here's to you Princess Layla, Super Trooper, Snow Dog,
indefatigable source of comfort and joy.


Snow dog Layla

Layla's first snow, New York, 2007


Layla Cobb, 2004-2013

Do I really have to go back inside dad?


 

laylacc2

Hello world, my first portrait, 2004

Electric Car2Go is a Gas!

The all-electrtic Car2Go fleet in San Diego is not why we moved here, but we did sign up for the service as soon as we got here. Now, with nearly two years of experience, what do we think? It's a gas! Just take a look, and then read on...
Not all of these electric Smart Cars come with a highly-skilled driver like the one you see here, but they are all fun, whether you drive or are driven. Okay, we do have some quibbles that I will address in a moment, but basically this is a great service and the car is very impressive.

If I have to run errands involving more miles than I feel like walking then I often choose a Car2Go over our trusty old BMW 323. The iPhone app makes it very easy to locate nearby cars and reserve them.

At first, I tended to avoid Car2Go trips involving freeway miles, then my wife (the highly-skilled driver behind the wheel in the photo above) found the boost switch. You activate it with an extra push on the gas pedal when accelerating and it really helps with highway on-ramps and overtaking.

Of course, like all electric vehicles, the Car2Go can tap maximum torque at zero rpm, so it is always ready to leap off the line at the lights (great way to elicit gob-smacked looks from drivers of big sedans and hot hatches).

As for handling, the word is nimble. You can turn corners and cut U-turns where no other car would dare. I should point out that the ride is a little on the rough side over city streets, but most of the trips that I take in a Car2Go are too short for this to matter. The highway ride is acceptable. I did chat recently with someone who had ridden in her daughter's regular, bought-from-a-dealer, gasoline-powered Smart Car. She reported that it also had a somewhat rough ride on city streets (maybe someone should tell Mercedes Benz that America's city streets are not as well-paved as they used to be, and adjust suspension accordingly).

So far the electric-ness of the Car2Go has not been a problem. I have never run out of power. If the San Diego Car2Go fleet is short of anything it is cars-to-go. We can't always rely on there being one handy, and we live in the densely-populated Little Italy part of town. That would be one niggle. Another would be the length of time it takes to get the support folks on the line in the evenings.

Why would you need to call the support line? Well, it is possible to lock things inside these rentals. Yes, members have an RFID card that opens cars, but cars don't open to you if they are reserved by someone else or if they are out of service. So here's a scenario I encountered: Drove back from the supermarket in a Car2Go. Exited the vehicle with my groceries. Ended the rental. Then noticed that there was one more bag of groceries in the rear storage area. Tapped my card on the card reader but was told car out of service due to low battery. It took about 15 minutes to get through to an agent who could unlock the car.

Another problem I have encountered is missing cars. You see a car on the app, walk to its location, but it is not there. This may not be the fault of the system. Cars left in parking structures can give rise to this issue.

There are some restrictions on Car2Go, like not transporting our dog. I understand this policy: not all dog owners can be relied upon to keep the cars clean of dog hair, etc. And of course, only two people will fit in the car. However, they fit very well. I have a friend who is nearly seven feet tall and he owns a SmartCar. Not only that, his SmartCar was hit by another driver and protected him so well he got another.

So, bottom line: 9.5 times out of 10, my Car2Go experiences are 100% positive. So much so that they have allowed us to give our second vehicle to our daughter. So she likes Car2Go -- without ever driving one.

Sad Car2Go Postscript

At the end of 2016, Car2Go ceased operations in San Diego. Earlier that year it had converted the entire fleet from electric power to gasoline engines but it seems like Uber and Lyft killed it off. So, if you're visiting san Diego and wonder why you aren't see these cute little transport pods, that's why. Somehow this photo of our dog looking for something in the snow seems appropriate.


Adrenalectomy, from pain to promising signs of progress

This is a short note to record the successful execution of a laproscopic adrenalectomy by Dr. Allan Gamagami at Sharp Memorial Hospital on August 16, namely my left adrenalectomy. I talked about the need for this procedure in Cobb's Got Conn's, but not because I enjoy talking about myself. Okay, I do enjoy talking about myself, but the point of my writing about Conn's and primary aldosteronism is to help the many millions of people who might have this condition.

That's right, recent studies suggest that as many as 10% of people with high blood pressure could be cured by adrenal surgery. In the U.S. alone, where the number of people with high blood pressure is estimated to be 71 million, there could be over 7 million candidates for this procedure. And that's the funny thing about primary aldosteronism: you may be happy to find you've got it. Why? Because treating primary aldosteronism can lower the risk of heart attack and stroke. It can also mean lower blood pressure, or even an end to blood pressure medication.

A Gland Called Adrenal

When either or both of your adrenal glands pump out too much aldosterone your body:
  • retains sodium (we all know too much sodium is not good for blood pressure), and
  • leaches out too much potassium (while excess potassium can be deadly, too little can also have fatal consequences, like a stroke or heart failure due to atrial fibrillation). 
If you have primary aldosteronism you are likely to experience one of more of the health problems that I list down below.

If your doctor successfully treats your primary aldosteronism, then you may enjoy lower blood pressure with fewer or no medications, plus return to a regular heartbeat, and freedom from muscle cramps. You could well feel more energetic, given the reversal of your hypokalemia (low potassium).

Farewell My Left Adrenal

Thanks to some good old-fashioned medical work by my primary care physician (Dr. Adam Pacal) and gifted nephrologist (Dr. Jadwiga Alexiewicz) it was determined that I was a classic case of primary aldosteronism in which a growth on one adrenal gland is responsible for the over-production of aldosterone.

The culprit was my left adrenal and this was confirmed by some fancy testing, reinforced by my body's positive reaction to a drug called spironolactone, an "aldosterone receptor antagonist that causes the kidneys to eliminate unneeded water and sodium from the body into the urine, but reduces the loss of potassium from the body." (NIH)

Because the spironolactone was effective at lowering my blood pressure by several points, it seemed likely that removing the cause of the excess aldosterone would be beneficial. Surgery was scheduled.

Nine days after the surgery I can sense numerous positive changes in my body. For a start, I have not experienced any muscle cramps since the operation, despite not taking any potassium supplements.

Second, I feel either more relaxed or less stressed. (I'm not sure which term best describes my state of mind, and that state of mind might just be a temporary state, but so far I am enjoying it.)

My blood pressure seems to be better controlled, with fewer medications, although it is early days yet. Whether I can be weaned off HBP meds altogether remains to be seen. I am pretty sure that the trauma and lingering pain of the surgery elevates BP readings for days afterwards. I will report back at 15 and 30 days.

What Was Going On?

In the years prior to my operation I was dealing with all of these symptoms of chronic lack of potassium, despite a potassium-rich diet and supplements:
  • Palpitations, which are sensations of a racing, uncomfortable, irregular heartbeat or a flopping in your chest (that's language from the Mayo Clinic)
  • Atrial fibrillation
  • Weakness and fatigue
  • Leg and foot cramps
In addition, I suffered from excess sodium despite watching my salt intake. That meant high blood pressure which would sometimes spike and make me feel quite ill if I ate a particularly salty meal (something that is frankly hard to avoid when you travel a lot on business -- some restaurants simply lie about their use of salt, a phenomenon that includes some very fancy eateries). Throughout these years, my heartbeat was funky and my medication regimen included five pills a day.

And guess what? For years I had been attributing most of physical ills to an inverse trifecta of advancing age, plus the stress of the financial crash -- in which we lost our home and our life savings, plus my wife's illness and disability. Only when I was back on my feet and settled into a job that I really enjoyed did it occur to me to dig deeper into why I was continuing to have these symptoms. Now, despite the lingering pain of abdominal surgery, I am very glad that I did dig.

Now I need to write up my surgical experience to help folks who discover that they need one of their adrenals removed. A recent study suggests that five percent of high blood pressure cases could be like mine, curable through surgery. The operation is no walk in the park, but in my case it is proving to have been a positive step forward.