Friday, 12 January 2018

Marriage

How many different ways can you say I love you? An uncountable infinity.
My wife has many qualities. One of the best is that she is a completely safe person to like. If you really see her, her personality and nature, it's really easy to see that it's completely safe to be friends with Delia and that she'll be a true friend where she can and do you no harm. Over the years and across the world in our adventures together I've met many of her friends that she's collected through the decades. They include some of the most extraordinary and impressive people I know. It seems that for them, at what was often a hard time in their life, they found someone they knew would be a friend. When I've been with them it's clear how much they love Delia and how much she's meant to them. That's such a precious thing, it makes Delia very beautiful. That's a quality of love I value very highly and will try to be true to as much as I'm able.

A big part of Delia's secret, as with many of the most beautiful people I know, is that she lives a life where she genuinely puts other people first. Often to her cost.

I've been thinking a lot about marriage recently. It seems to me that in the modern conception of marriage, or at least in the practise of marriage which is the reality of the conception of marriage, there is an aspect which enslaves women. I also see how that has been a part of my marriage. I'm very sorry Delia for where that's been true. I don't want slavery to be any part of my life or my marriage. Nor part of my friends lives either.

I can quite understand why any woman, or any man for that matter, would decide they didn't want anything to do with marriage. I personally still see great value in it but I don't mind if people don't get married, that's their business.

Slavery is a great evil. It appears that many people, both "conceptually" and in reality of course, live as slaves. How awful.

The good conception of marriage is, in as much as you're able and in as much as you're able is all you have to give, a lifelong commitment to love. This I think is such a good and powerful love, a love that says "I won't give up". It doesn't take a marriage to have that kind of love and you can have that kind of love for loads of people. In fact, I think that's the only real love anyway. Love is committed, love tries to never give up.

That can be really hard to work out sometimes, to work out in practise what it means to be true to love. But it's so beautiful and if you can get in the right groove so fun to work out.


"Ganesh is the archetype of the engineer. The remover of obstacles. You could see this as making the engineer a spiritual caste. The mathematician and the scientist may technically be smarter, but the engineer engineers them too and they are smart for good. Don't be concerned about engineering, it's just how humans work."

Leaving the Jesus Fellowship Church

Gloom. In the half light, where people forget themselves, you get to see who they really are.


I was part of the Jesus Fellowship for more than twenty years. I arrived as a broken man on the tale end of more than a year of homelessness and psychosis. Being at New Creation Farm and part of the Jesus Fellowship saved my life.

Part of the message of the church was love, commitment, the kingdom of heaven and sharing lives and possessions. Those values resonated in me as the things that I valued most in life and how I wanted to be.

Over those twenty years I've been on my own journey, as everyone is. I've arrived in a very different place, with very different beliefs (although many fundamentally the same depending on how you express it) than the beliefs I took on.

I've struggled with my involvement in the church for a long time. In practise a lot of it seemed so unloving and judgemental. The decision was finally made for me a few weeks ago when a preacher at the Jesus Centre on a Sunday morning stood up and preached a message saying that the root of depression was self pity and self pity was from the enemy.

I got up and walked out. Not the strongest of responses I know but I couldn't see to do anything else. Lots of of people saw how awful it was too of course.

An apology was made, about four weeks later by someone else and I wasn't present. The apology was for implying that self pity was the root of depression. The apology didn't match the events of course. That same preacher up until a few months ago would regularly preach hatred for Islam on his Facebook page. A few weeks on and he was preaching again at the Jesus Fellowship.

I just can't have anything to do with that kind of religion any more. It's not the whole story about the Jesus Fellowship. The values I fell in love with are still there and the most beautiful people I know are part of that church, or attend its meetings from time to time. That dead and horrible religion is part of the whole truth about the church though, and I can't be a member of a church where that's even part of its message.

That's why I'm no longer a member of the Jesus Fellowship. Getting to this point though just about broke my heart. I love to be committed and stay true to my word. It's just not always possible if you're really going to be true to love though.

I'm considering other churches in the area where we live. I've lived in and around Bugbrooke for more than twenty years now, coming up for fifteen of those years as a married man. I've made one brief visit to the Vineyard Church in Northampton, who seemed like such lovely people, I'm not entirely sure they'll cope with me, but they really looked like the sort of people who would give it a try. That's as much as can be asked I think, I'll see how it goes.

They're "bible believing" which is worrying, but of itself forgivable. I think I'll give it a go and see what happens. I don't think I'm likely to join another church as it goes, but I'd like to attend and make friends.

They seem like nice people. It's quite easy, and very pleasant, to be friends with nice people if you can be careful about their sensitivities. Particularly when it comes to religion, but generally too, it's not always possible to be careful with peoples' sensitivities. Sometimes people want to hang on to harmful ways of being or thinking and it's very hard for me not to confront that when I see it because I genuinely think people will be happier letting go of the nasty stuff and I really feel like I ought to show that to people. Sometimes that makes people very angry which is very hurtful because I don't mean anything bad by it.

Having lived, by my own measure, quite a difficult life I've learned to really appreciate the value of nice people. I didn't when I was younger, and to that extent (which was a large extent) I wasn't a nice person myself.

I don't consider myself a member of the Jesus Fellowship any more, but I'll still go to some of the worship events. The most beautiful people I know are part of that church or attend from time to time.


"No-one thinks that faith itself is a bad thing, the big question is what do we put our faith in? I'm a big fan of the application of the abstract. How about we have faith in faith?"

Friday, 5 January 2018

Fundamentally Speaking

I don't think you die if your heart breaks, I think you die if you don't let it break.
I've been thinking a bit about fundamentalist Islam, coming from the context of having grown up within a culture part of which identified as fundamentalist Christian. This had both good and bad meanings. Being totally sold out to what you believe in is not itself a problem.

It strikes me that fundamentalist Islam and fundamentalist Christianity, certainly in the bad elements, are basically the same religion just with some of the names and details swapped around a bit. The same conviction that they are right and others are wrong, and that because you're right anything you do in the pursuit  of that right must be right.

These religions, like any belief system, are a world view as well as a set of beliefs. Mostly people think they're good and not evil (except in their darkest imaginings of course, which we all have). So we rationalise our behaviour by forming a worldview in which our actions are good and right. Or, the way we see the world makes it seem like we're making the right choices. These two amount to the same thing anyway, we rationalise ourselves.

The thing is, in Western culture, we've mostly broken the power of the evil version of Christianity. The wildest of its claims have been shown to be so obviously false that more and more people have just seen it. It's harder to be taken in by it.

There is an evil Islam and there is an evil Christianity. I've seen them both. There is a good Christianity, and a good Islam that we can happily live along side of. I've seen them both and they're all just comprised of people. Normal people.

So the way to deal with fundamentalist Islam, like we're dealing with Christianity is to shed some light on it. We have to be standing alongside those in Islamic communities who are doing just this. That means people have to be able to listen to us, able to really see us and not be afraid of us. That can only happen if we're willing  to live alongside the good Islam. If we're not, if we're in a perpetual state of psychological war with Islam because "it's all bad" (actually because we're scared) then that will only happen more gradually.

It's a journey of course, it is actually quite a different culture and way of seeing the world than the one many of us are used to. That means there's stuff we can learn. New ways of seeing the world are useful.

Even if you disagree with me, the only way to win anyone in any meaningful way is to genuinely love them. So first stop caring about how much you disagree with them. That applies to me as much as to anyone else.


"You can be good without being right. You have to choose to let your goodness make you right. And it starts with accepting that you're probably wrong.

I know I am wrong in so many ways, but I'm willing to be right wherever it may take me and whatever it may cost me."

Tuesday, 2 January 2018

My Second Best Story from 2017, and other tales

The shadow self is still just you.

My Second Best Story from 2017

One of the things I learned from my failed experiments in adulting at university was the value of story telling. I don't mean in any mythological sense, nor folklore nor even small tribe oral tradition (those stories your mates tell which you've heard a hundred times but are still worth listening to). All of which I value. I just mean how much fun it is to have an appropriate story for a situation when you're with people. I learned from the best, a good friend who always had a good story to hand. I was inevitably torn between enjoying the story and being jealous of how much more fun it must be to be the one telling the story.

Better even than good story telling is story making. If you want to have good tales to tell you'll have to go out and make some stories. That's my one great consolation when really bad things happen, at least I'll probably get a story out of it. I think my best story of 2017, although there are a bunch to choose from, is my sort-of-gunpoint-encounter with the police in darkest Ohio, deep in Amish country with the hippies. My second favourite, useful for making any social situation awkward, is how my testes are so impervious to modern science that it took two vasectomies to silence them. The normal response to this story is to ask how I found out the first one had failed, was it Benjamin?

First of all he's nearly three, secondly how rude! Benjamin is almost entirely not a mistake thank you very much.

It doesn't work like that. Cutting the cables doesn't empty the tank, so to speak. So after the operation (pretty much entirely painless both times in my case) they check to see if it has worked. Even a year later I was still not firing blanks and the likelihood is spontaneous cable re-joining, which apparently whilst not common is still a thing.

There you go. My second best story of 2017...

Delia and the Mind Reader

Here's one of Delia's stories from the tale end of 2017. At least part of it anyway.

At Decompression, the London Burning Man event we went to, Delia spoke to a mind reader. And this mind reader told Delia her mind. She didn't tell her her fortune, her future or her thoughts but she told Delia who she thought Delia was, her heart and mind, and she was mostly right. The mind reader told Delia some of the secrets of her heart.

Delia asked me how I thought she does it. I think it's the most natural thing in the world, but actually being able to do the most natural thing in the world is so vanishingly rare that it seems like magic!

If you're willing to say what you see when it comes to people, to speak your mind and be an honest and faithful mirror, then as you practise saying what you see - being honest about who you think people are - then you simply get better at being able to see people. The more you trust your own mind and speak it out the better you get at knowing your own mind. You listen to yourself more and your doubts and fears less. The downside is that you have to be willing to be wrong, and you'll be wrong plenty, and speaking your mind in the face of disapproval from others (real or imagined) can require courage.

A big part to being able to really see people, to really see who they are, is giving people space to show and tell you who they are and being willing to believe them. That means dropping judgement, who are we to judge anyway? We don't know how people were shaped, the experiences they've had and the world they see, so we don't know their motives. What we do know is how often we've been wrong. The other part to being able to see people is liking people. There's not much better than good people and in my experience most people I meet are either good or want to be good, which is about the same really. We're all a funny mixture. If you like people they'll be much happier, much more able, to show you who they really are. Another way to put it is that compassion and love work. People are able to be themselves in the presence of love and compassion, and that's so healing because being able to be themself is about all most people need (psychologically speaking). This, incidentally, is the substance of how the truth will set you free. Truth, spoken as love.

When you really see people, when you're willing to tell people what you really see in them, it can seem like magic. It's not, it's completely normal, it's just that not many people do it.

The lovely consequence of this is that you can be understood, and in being understood you can understand. That's communication, true communion of the heart and spirit when we know and understand one another and have grace for each other for we know ourselves too.

If you see someone's heart you can tell them their heart.

Love at First Sight

On the topic of the heart, and in contrast to my beliefs in my younger days, I do now believe in love at first sight. Several times I've had the experience of meeting someone for the first time and thinking I've seen who they really are, and loving them and being loved back, and been right. I've been wrong plenty of times too, and there are many people hard to see at first (my failing and lack not theirs) that I've learned to see and to love over time. Falling in love with people, just about everyone I can, is one of the things I treasure most in life.

One of the greatest lessons of my life is how to love people without letting them hurt me, and how to deal with the pain when they do. Eventually you just go away, but you let it hurt you. If you feel the pain you can still feel your love and the love is worth it. Being able to love is the best thing in the world. If you're not afraid of the pain then it's safe to love.

The Shack

This is about a story from someone else that I enjoyed. Delia and I watched The Shack together last night. A rare evening where the kids were both in bed early enough for us to watch an entire movie. Overall I liked it.

It's fairly ideology heavy, which would normally be enough to make me react a great deal. However the ideology in The Shack isn't doctrine but is on the nature of the relationship between people and God.

I think it suffers from a problem I see generally in the Evangelical understanding of spirituality, in that it externalises God and the work of God too much. This is a misunderstanding that largely comes from not actually seeing a great deal of God. That's even allowing for the limitations of the screenplay format.

But I think that what they depict, and attempt to depict, isn't wholly wrong it's just that it's only part of the story. (The "judgement" scene stepped over the line on ideology and cheesiness I'm afraid, but hey nothing's perfect.) Within that there's beauty in the way they portray God communing with people. There's such a lot of genuine goodness in the movie. The people who made it clearly believe in and long for goodness, and it carries real warmth and compassion for the human condition. For our frailty and pain and our potential for beautiful love. It also seems like the film makers aren't trying to say that they have all the answers, it's an exploration and some ideas, and they'd like us to think. I don't have any argument with that. I liked the film.

Enemies

Be willing to have enemies, be willing to be angry. Life's more fun that way. If you're not willing to have enemies you limit yourself from experiencing the full richness of life.

The truth is that you probably have enemies anyway, people who are against you or speak against you, so you might as well be willing to recognise it and admit it.

Have compassion on your enemies, for then you will see their weakness.

Endless Hills

Everyone has a happy place, right? My happy place, only recently recalled, is from one my favourite to visit from my boyhood. A part of the Goyt Valley in Derbyshire, Buxton side I think.

After clambering down treacherous wooden and over-wooded steps we would reach a wide and bubbling river, bordered on one side by woodland. It was far enough from civilization that no cars could be heard and had stones washed smooth protruding from the river large and flat enough to be picnicked on. A tiny idyll.

Beyond the river were rolling green hills. As I scrambled up these hill, usually alone with myself, the only non-green in sight was an occasional sheep and the line of blue sky as the horizon above me. Because of the way the hills rolled and curved the horizon above was rarely the peak, but just another undulation in the hill. Finally reaching what seemed like the summit would reveal more identical hillside beyond. A never ending cascade of grass, only to be enjoyed never defeated.

I like to visit sometimes in my memory and feel again my happy place, endless hills.


"To all who I once loved, and who once loved me. I still love you. I mourn and I grieve for the ones I have lost."

Friday, 22 December 2017

Internet Security III: Salting Your Hashes

I dream therefore I Am.


Salting your hashes helps protect against rainbow attacks. No I'm not making this up, this is fairly basic web security.

If you waded through my previous rambles on this topic you'll recall that hashing is a way of protecting user passwords. A hash is an algorithm that generates a very large number from data (often text). The hash represents the data, kind of like a fingerprint. Hashing can be used as a way to verify that data hasn't been tampered with - if the hash is transmitted with the data then you can hash the data yourself and check it matches what is expected. Hashing is also a way to check passwords without having to store the password. When a user supplies a password the password can be turned into a hash and compared with the stored hash. If the two hashes match then the user has supplied the right password and this can be done without having to store the password. This improves security because if you don't store the password you can't leak the password.

Unfortunately however, as I explained, this is vulnerable to a type of attack called a "brute force" attack. If an attacker knows the hashing algorithm in use they can simply try every possible password until they find the one that matches the hash. One way to reduce the risk of this is to use a very slow hashing algorithm, so that trying every possible password becomes very difficult.

Alas, the bad folk are as intelligent as the good folk. Our saving grace is that being good requires less deception which in the long run makes it more effective, the problem then is trust and there are various ways to establish trust or to co-operate with people without having to trust. All topics for future ruminations.

Although slow hashing protects against brute force in theory, there's another class of attack it doesn't prevent and these are called "rainbow table" attacks. (Don't ask me why, but I bet google knows - probably because a rainbow has all the colours.) As well as computers getting vastly faster (I refuse to use the word exponentially because it actually has a meaning and this aint it) storage has become vastly cheaper too. There are only a finite number of common slow hashing algorithms and if you want to be secure you ought to be using a well understood one. Sadly that means an algorithm known to your attacker too. For those not in the know, which now doesn't include all UK schoolkids below a certain age, an algorithm is a series of steps to achieve a result. Like a cooking recipe. I love that children are now taught this.

An attacker who knows what hashing algorithm you're using can pre-compute all the hashes of every possible password. This is called a rainbow table. It takes a lot of time and a lot of storage space, but once it's done it's done and then your one way hash is broken! The point of a one way hash is that it's easy to turn a password into a hash but hard to turn a hash back into a password. If you've calculated all the possible hashes of all the possible passwords then it's easy to go from a hash back to a password - you just look it up in your rainbow table!

This incidentally is why password security nowadays is mostly dependent only on the length of the password you pick. Working out all the possible hashes for a five character password is mahoosively easier than every possible hash for a ten character password. The comic-and-generally-all-round-genius XKCD recommends that instead of picking a password you should use a pass-phrase, and maybe throw in a number and symbol to throw off dictionary attacks (passwords comprised of words in the dictionary are common, so attackers try these first). Added to this "my-horse-only-p33s-in-the-bedroom" is much easier to remember than "f&fadjsd!!00ffr". The pass-phrase is dramatically more secure, simply because it's longer and it would take a million more computers for a million more years to break it (uhmm, approximately). This is why websites that have a maximum length for your password are being stupid as well as lazy. They've made a security decision to make lives easier on their database rather than making a security decision for security.

The way round this is to salt your hashes. Instead of hashing just the password you pick a random salt (a word or string of characters) and hash the password plus the salt. You need to store the salt alongside the hash, and always use it when checking the password. Now a rainbow attack doesn't work because each password has a different salt, so they'd need a different rainbow table for each "password plus salt" combination. So even if your database of password hashes plus salts leaks the attacker still has to compute or already have a rainbow table for every salt. Effectively you just made every password a lot longer, and longer in a different way for each password, making the required rainbow table required to break it vastly (exponentially?) bigger. At some point, as computers continue to get faster and storage cheaper, this will not be enough, but at that point you can migrate your database to a different hashing algorithm and a longer salt. There are established techniques (annoying to do but well understood) for this migration process.

At this point it seems right to mention that it's not just salted hashes I'm a fan of, but the current fad of salted caramel is right up my alley (if you know what I mean) and Christmas is nearly upon us!


You may also be interested in the following programming related articles:




"It's not so much that I don't fit in a box, it's more that I really resent being pushed into a box that I'd probably fit into if I wanted."

Tuesday, 19 December 2017

Internet Security II: Slowing Things Down

"You will not be punished for your anger; you will be punished by your anger." -- Buddhist proverb




Here's an interesting geeky snippet you probably don't know. The substantial part of progress in computing technology over the last handful of decades has been about making computers, and computational processes, faster and more efficient. However, there is one very important area of computing technology where significant improvements have been made in deliberately making things slower and less efficient (and no it's not Windows startup time - that's just a coincidence). Making the process more "computationally expensive" as us geeks like to say, just so that you think we're clever and will hopefully pay us more money.
By now some of my geek friends will already know what I'm talking about, because this actually is a rarity. Normally when we make things slower it's by mistake, there really are very few things we *try* to make slower. What I'm talking about is a facet of computer security to do with the processing of passwords.
Basic web security says that you never (ever) store user passwords. If you store a user password, however carefully, there's a chance it can be found. If you don't store the password it can't. Standard practise, which reduces rather than eliminates risk, is instead to store a "one way hash" (actually a salted one way hash, maybe another day I'll explain salting). A hash of a password is effectively a very, very large number, and everything in computers is a number when it comes down to it, that represents the password. Given a password typed in by the user you can put it through the algorithm that turns it into a hash and compare it with the stored hash. If they match then the user has supplied the right password and if it doesn't they haven't, and yes this means there is an infinitesimally small chance that by coincidence someone could supply a wrong password that happens to hash the same way - this is a tiny but literally calculated risk. This way you can still check if the user has given you the right password without having to actually store their password. It's called a one way hash because you can go from a password to a hash easily but not easily back from a hash to a password. Genius, right?
Except modern computers are astonishingly fast, and what's more nowadays you can trivially easily (honestly) use cloud computing to perform similar calculations on hundreds of computers simultaneously. So even with hashing in place it's possible to just try every possible password until you eventually find the right one. This is called a "brute force" attack. (There are a whole class of computing problems where "brute force" is the only known way of finding the best solution, these are called "NP hard" problems and they include the knapsack problem and the travelling salesman problem, which are problems delivery drivers have to solve every working day. Delivery drivers solve these problems a similar way to how programmers solve NP hard problems that they can't actually use brute force on because it's too slow; take a best guess and get on with it.)
The solution to the problem of cracking passwords by force, or at least the best amelioration to date, is to use a hashing algorithm that is really expensive. i.e. to make the process of checking if a password is correct "computationally expensive", very slow and requiring a lot of memory. So a brute force attack, whilst still theoretically possible becomes effectively impossible in practise. There you go, slowing things down for the good of all humanity.

For the true geeks amongst you, up until recently the recommended slow hashing algorithm was one called "PBKDF2". The latest hotness, I believe, is called "Argon2". Slow hashing is a rapidly changing field.

The looming scary monster on the horizon is not the ordinary progress of computing technology we've seen so far, you'd still probably have to have a million computers churning away until the heat death of the universe to crack some of our codes. The scary thing is the maybe-real-maybe-not-who-knows quantum computing which is gradually emerging. This takes a completely different approach to solving this kind of problem, and if we ever get it right. Well, that's a whole different kettle of ball games. The bottom line is that no-one knows what scary terrors await us on the other side of the future, and the only sensible thing to do in the meantime is make sure you enjoy today and cuddle the people you love. A lot.


You may also be interested in the following programming related articles:

"There's an Islamic teaching that one of the prayers that is never refused or not granted is one for true guidance and truth. It is, after all, the only key to open the door. Just ask.

Friday, 15 December 2017

Twagging and the Garden Hip Hop

Non-magical thinking on magickal topics.
Twagging was the Northern English vernacular for cutting school back when I was a wee nipper. Something I never did, nor did I ever receive a detention. Signs of a seriously misspent youth of which I am appropriately ashamed.

A pasttime I did indulge in was garden hopping. This involved finding a row of suburban dwellings with adjacent gardens separated by fences, normally six foot high. Just high enough for a kid to shinny over. So long as the fences at the start of the row and the end of the row are bordered by roads or paths it's possible to scramble from start to finish with the only obstacle between being a series of fences in various states of disrepair and angry occupants similarly in varying states of disrepair. Even if the occupants were in the garden and could see you coming they were usually surprised enough that you could get across their garden and into the next before they'd even decided they ought to try and stop you. Looking back to see their faces was fun but ill-advised as once you start you better not stop until you get to the end.

I don't think we ever got caught, and we rarely demolished too many fences along the way, but we certainly had some near misses. Such a great form of exercise and a hearty adrenaline kick to boot.

Of course as a young adult at university we had moved beyond such childish pasttimes to much more sophisticated means of entertainment. Bridge hopping was one of my favourite. We'd hire a punt on the river Cam and load it up with beer and marijuana. Many of the bridges on the river cam are just low enough that standing at the front of punt it's possible to pull yourself up onto the bridge, dash to the other side and get back into the punt before it has moved out of range.

How hard this is depends on just how much of the beer and marijuana you've consumed, and just how much your friends want to see you dunked in the cam by getting the punt far enough out of reach before you can get back in.

Such fun.

"I know I am wrong in so many ways, but I'm willing to be right wherever it may take me and whatever it may cost me."