It’s just after six in the morning, I am the only one up. I went to bed on time, and finally got out of bed after waking up at two thirty and four thirty. It’s going to be a beautiful day out today, with some rain, and I’m looking forward to relaxing.
I didn’t work on my Substack article last night, instead deciding to take it easy. Played some video games, spent some time on the piano, and continued reading The Gervais Principle. Amazing stuff.
During meditation, I had the idea of moving these morning pages, journal posts off of this site and putting them on a local-hosted WordPress that’s only accessible inside the house. I could set it up so that the girls could post their videos, and I could type freely without having to mask everyone’s names. Can a seven-year old use WordPress, or would I need to make something simpler, that would be as easy as posting to Facebook or Insta? Will table for now and let the idea simmer.
There are two gifts that have been sitting in the downstairs hall closet for well over a month. One of them is quite large and heavy, and I cannot wait to see what it is. I still have my birthday gift from my brother, a copy of the newly reissued board game Dune, sitting on the dining room table, where I await a challenger. I think it might be too complicated for Elder, and Missus has no interest in playing it, but maybe the two of them together would be ok. I might be able to recruit one of the dad’s down the street since he likes games like Risk, but I don’t know how the logistics of that would work out. Maybe if we played outside it would be OK. I still don’t want anyone outside the immediate family inside the house.
I’m debating whether to good a big dinner this morning. I haven’t talked to my dad about doing anything, and don’t really feel like spending two hours trying to use my new outdoor griddle again. Missus never cooks breakfast. Maybe I’ll just make a quiche or something instead, just fry up some bacon and potatoes and dump some eggs over it. Sounds delicious.
I’m going to wrap this up and take a crack at the Substack. I really want to finish it and get it released tomorrow, or I’ll have to reevaluate my goals with it. We had a few unsubscribes after my first official blast, but nothing serious. I’ll need to figure out way to build it up. Right now LinkedIn seems like the only way, since I’m not getting out, and my normie Twitter account isn’t getting much action.
Speaking of which, I don’t think I went on Twitter once yesterday. I didn’t feel like these ‘morning pages’ types of posts warranted a post, since it’s just me talking to myself and I’m not really offering anything useful to anyone. I’ll have to work on that. Part of the problem is that the effort needed to publish these daily ramblings is a bit much for what I’m writing: find an image, write the SEO, validate the Twitter card, then post it. On top of that, I’ve been rewarding myself afterwards by scrolling my timeline. The WP to Twitter plugin I had been using broke some time ago. Anyways, I think it’s better for me to stay off Twitter completely, until I finish the Substack.
It’s just after six thirty. I might get an hour of writing in before the girls wake up. Time to go.
I’m writing this after dinner. Last night was another stay up late night playing video games on a Friday night, and I slept in till 9:30 this morning. My routine was ruined. I managed to make up for it though, restarting my day after getting some work done. Right now I’m sitting her in my usual writing spot, sipping my tea. Wifey managed to get the girls to do a lot of cleaning done, and even cooked a wonderful dinner of roasted vegetables and chicken breast. I actually managed to get some stuff done myself, changing some light bulbs and installing a bidet in the master bathroom. The water pressure is so powerful that the jet sprayed clear across the room the first time I turned it on, but at least we won’t have to worry about running out of toilet paper.
One thing that I did not get done was sending out my Substack last night. I did write a lot, but ran out of steam after a few beers and wound up playing Factorio and whatever game of the week the Epic Games store put up. Some turn based action game like X-Com, but with Nazis and RPG elements. It’s actually quite good. Anyways, I’m hoping that after I finish my routine I’ll be able to write the final paragraphs and get it scheduled for release Monday morning.
My next door neighbor, B., is moving out tomorrow. He had been scheduled to close on his house before the Lockdown began, but then the buyer was unable to clear the final credit check. No idea if it’s the same one taking the keys tomorrow. He said they have three young boys, so it seems that things are about to get a lot more interesting around here as far as the kids are concerned. I hope they’ll be good neighbors. B has really been tops and I’m sad to see him going, but he and his wife have taken new jobs outside of the area.
Something interesting came up in my mailbox today, a Medium article about WorldQuant, a hedge fund that is offering a free Masters in Financial Engineering. I took a look at it, and right up my alley. Data science and free, can’t go wrong. It’s a two year program though, and requires twenty five hours a week time commitment. I don’t think I can commit to that right now. I’ll probably table it and re-examine it in a few months before they start their September session. Might not hurt to go ahead and apply and get cleared. If I do it though, there won’t be room for any other business opportunities though.
The ASUS ZenWIFI AC router and mesh access point is working real good, now that I’ve gotten it setup properly. I think I botched a firmware update that made it go all haywire; I called ASUS support but wound up fixing it myself. The thing has a lot of features on it, wrapped up in a slick interface. It’s real nice. The tri-band antenna is really powerful and reaches all they way into the back yard, the only bad thing about it was that I waited so long to get rid of that old Linksys router. This thing is running a full Linux install under the hood, so theoretically I could install a full bitcoin node on it if I wanted to. Just attach external storage and who knows what I can do with it.
I discovered the band IDLES a few days ago. I went to run errands on Thursday and went to turn on my podcast through my car’s bluetooth when my phone started playing some radio station on Apple Music. They played GROUNDS, and I was hooked. The DJ went on to spout all kinds of gushing praise for the band, so I went and checked them out. I’ve been binge watching their live performances, and man they are good.
Yesterday turned into a bit of a slog. I was so tired after writing yesterday’s entry that I went back to bed and managed to get in a powernap before I had to start the day in earnest. And I was so drained by the end of the day that I turned in an hour early. I don’t think I got much done. The new ASUS router came in the early afternoon, (LOVE IT), and I ran some errands around town, but I wasn’t especially productive. I made an attempt at writing today’s Substack, but I couldn’t make up my mind what to focus on. I started out writing about “the future of work”, but started diverging into a critique of the last forty years of economic and Fed monetary policy. There’s no doubt it will taking up much of my day.
Today is off to a much better start. The weather is beautiful. I watched a squirrel build a nest in a tree in the backyard, and it sounds like the juniper bush next to our deck has some bird hatchlings in it. And it’s Friday. The girls are eating breakfast, listening to Party in the USA for the third time in a row.
When I came down this morning and said “computer, good morning,” it reminded me that “today is Juneteenth, … a moment to reflect on the black experience in America.” It’s remarkable, since just yesterday we had a discussion during our Zombie, LLC scrum call about whether the company, of which we are a franchise, had made any statements in recognition of the BLM protests following George Floyd’s death. They had not. The conversation did not go well. The question came up from X., a young black woman, before Boss came on the line, and when I rephrased the question after he came on the line, his response was not great. It seemed to lack any empathy for X, as well as a general cluelessness about what was going on, and why. When I mentioned the responses from other firms that I had seen, he actually responded with, “well, let’s leave aside who’s paying for that for a moment.” I was so dumbfounded.
Part of my fatigue-induced procrastination involved catching up on some reading, namely Venkatesh Rao’s The Gervais Principle, which proposes a new model of interoffice relationships based off of The Office and the following image from Gaping Void. It’s blown my mind, really, and has given me some insight into why I’ve felt so unfulfilled at Zombie. I’m stuck in the overperforming loser category with no room for advancement. My boss is clueless. The only way for me to change that is to either fully become a slacker loser, or embrace my inner sociopath and get the hell out of doge. In a way, I’ve already decided to be a slacker, and focus my attention elsewhere.
I’m keeping today’s post short since I have more writing to do, and have already wasted enough of my morning dicking around with my new ASUS ZenWIFI. It’s already started malfunctioning, and I really didn’t want to futz with it. That said, it’s got a remarkable open interface, with SSH and telnet access to the underlying Linux OS. Asus has also put the full source code for the OS online, which is amazing for a corporate company. I’m disappointed that it’s already acting up and that I’m allowing it to distract me from my one task for today.
And last note: yesterday the girls and I setup my Mr. Beer homebrew keg. I should have my first batch available in four weeks.
Getting it together, turning an inadvertent alarm into opportunity.
It is going to be a long day.
My Eldest, bless her heart, was using my iPad yesterday to film herself and her sister play with Legos, and afterward started playing with the stopwatch. She somehow wound up setting the alarm on my device for 4:35AM, so I got roused way early this morning. I tried to go back to sleep, but I think I woke myself up too much trying to disable the alarm. Que sera, here I am.
I must have spent at least eight hours working on the WordPress project yesterday. I can’t remember the last time I was that focused on anything for that long. A good half of that was trying to figure out why the header slider I was working on wouldn’t show up on the page I was creating. Turns out it was a sidebar setting. Lesson learned: WordPress’s page template hierarchy is quite complicated.
My internal GitLab server is already proving it’s worth, and has proved the need for some reengineering of the way things are currently laid out around here. I don’t have the development database fully under source control, so I was doing most of my work yesterday through a Google Remote Desktop session. And last night I was forced to edit images on Photoshop, check them into to version control, then import them into WordPress on the guest VM on the same machine, because I never properly setup guest to host file sharing and network communication. Well, I have a task for today.
Today’s Thursday, so tonight is the night I’m supposed to write tomorrow’s Substack. I’m having a bit of anxiety since I don’t really know what I’m going to write about. Maybe something about improving oneself during this time of self-isolation, with some mini-reviews of some of the books I’ve read recently? I hope I get a better idea before tonight. I haven’t checked my subscription stats since last week, so maybe I’ll see if anyone’s responded.
I am also expecting a delivery in sometime today. I ordered a new mesh wifi router, and am looking forward to setting that up. The wifi here has been garbage for a long time, and it is time for my old Netgear to go. I went all out and got an ASUS ZenWifi AC with all the bells and whistles, so we should be good to go. I just have to promise myself that I won’t set it up until after I finish my Substack, otherwise I’ll wind up distracting myself.
And I am going to start brewing beer! I made some preparations to use my Mr. Beer kit yesterday, and we should be good to start today. I also discovered that I did not need to order extra bottles, since the rest I needed were actually inside the brewing vat. Alas, now I’ll have some special ones I can use for gifts or something. The vat is assembled, the water is chilling in the fridge, and we’ll be ready to do this one with the kids as a project for today.
I must say that removing Twitter off of my phone may turn out to be another one of those life-changing steps, like when I dumped Facebook. I took a look at it yesterday after posting the blog for the day, and then looked at it once briefly during the day. I didn’t even feel the urge to pull it up during the evening, so focused I was on working on the WordPress project. My phone has turned into this strange, useless device now. I pick it up and look at it out of habit, but nothing on it has the same draw that flipping open Twitter and scrolling through it. Certainly not LinkedIn, that’s for sure.
And it has been several days since I filled out a job application. I’ve been somewhat discouraged by the requirements of some of the positions that I’ve been looking at, and my lack of experience in certain areas. For example, Twilio had a whole slew of postings up over the area recently, and there were several that I thought I would be a good fit for. One of the application questions asked “give an example of something you built using Twilio”. Ummm…. well, I put an Airtable base together that used Zapier to blast text messages during one of my campaigns, but I don’t think that’s quite what they’re looking for. I’m probably selling myself short.
I think the problem is two-fold. One, finding out from Boss that my future with Zombie, LLC was mostly secure for the near term, and that I’m not in any danger of losing my job. That has definitely reduced the sense of urgency. But secondly, I’m really so focused on finishing this damn WordPress project that I don’t want to risk abandoning it. It sound stupid really, that I’m holding back on finding that $100,000 job because I think it might take me away from this project that might lead to recurrent income.
Well, now I have my orders for the day: fill out that application for Twilio; write tomorrow’s Substack; and reconfigure my development VM so I can see it on my local network. That’s on top of doing whatever’s on my list for Zombie, and taking care of the kids and house today.
I had trouble falling asleep last night, Younger crawled in our bed just as I was dozing off and kept squirming as I was falling asleep, so I slept in her bed. It faces East, so I woke up at five and tried to go back to sleep. I heard Elder up, so I got up and started the day. She’s sitting across the room from me, looking up “Valentine’s Day” gifts ideas for the boy in our quarantine bubble down the street. Her sister has been ribbing her about it for days now.
One of our Zombie, LLC clients wants help standing up an internal GitLab server. It got me thinking, so I went ahead and set up a GitLab docker instance on my downstairs Ubuntu server. I figure it’s good practice. Do the job you want has always been good practice, so setting it up was worth the time. Plus it only took about fifteen minutes. The main problem I ran into was an SSH conflict with the existing service on the host. And it doesn’t appear that modifying the config on an existing container requires stopping the Docker daemon, so I just deleted the container and started over. I’ll probably move SSH if I ever do a real deployment, but here at the house the HTTP functionality is enough.
There’s also the mail issue. I didn’t want to use the root account to setup my repos, but the workflow around new accounts wants to send an activation email. I tried installing sendmail on the host, but the password reset didn’t work. I doubt it will work without a publicly routable dynamic DNS entry back to it or SMTP services, which I don’t want to mess with right now. Thankfully I found a password change form in the admin interface that didn’t require knowing the old password and got up and running.
I am nowhere near as strong with my Linux management skills as I am with Windows, where everything is pre-packaged and is somewhat unified. I can stand up domain.local services lickety split, and have a library of PowerShell scripts to setup AD, DNS, DHCP services within a domain. I have never actually taken the time to set one up at home though, but that point may soon be approaching. I’ve been wanting to investigate the use of Ubuntu server as an alternative or supplement to Windows based AD services, but part of me is skeptical that such a setup is even viable for workstation authentication and services. But I digress. The point I’m trying to make here is that I’ve always been in awe of Unix sysadmins ever since I worked at an internet service provider back in the late 90’s and watched our systems guy pop in and out of terminal shells like a wizard. I’ve never felt adequate in that regard.
I made some good progress yesterday working on the WordPress project, and have started converting the client’s site over to the new theme. I’m going over the demo site, examining the Bakery build they’ve got set up, and recreating it using the client’s assets. This allows me to get a bit more familiar with the framework that the theme author is using, and hopefully gleam some best practices at the same time. It’s a two step forward, one step back process. There are some strange bugs that popped up. Activating Woocommerce seems to bring the site down completely, as does changing the theme back to the original. Then at one point, while I was working on the new header, the previews stopped working completely and would only throw 404 errors. They work in the actual site, so I had to make do while I made edits.
Usual best practices for WordPress development and git repos are to exclude the entire WordPress directory except for whatever theme and custom plugin that you’re developing, but since in this case we’re working on an entire site, I’ve added the entire WordPress directory and associated SQL database files. The wp-content/uploads directory is mounted outside the container, along with plugins and themes. I haven’t yet pulled this directory on another machine yet, so I don’t know if it’s going to work. My main concern is how I’m grabbing the database. Managing PostgreSQL during my Django projects has always been a bit of a pain as I never learned how to incorporate it into my source control. I’ll have to spend some time correcting this deficiency.
Here is a look at the Docker Compose file I am using for my development setup. The SQL mount /docker-entrypoint-initdb.d/backup_to_load.sql get’s imported when the container is created; I assume that it’s ignored when pulling the SQL data from source. We shall soon find out. Also, I haven’t solved the file permissions issues that happen when trying to edit things like the wp-config.php file. I’ll have to save that for a later time.
Monday was filled with the usual challenges of dealing with the kids while Missus is locked in the office on the phone with patients. It’s been raining, and trying to keep the kids indoors while limiting their screen time is tough. They fought again, I think we all got up in a rough way as Younger wouldn’t listen to my direction and wound up having a tantrum before the rest of the house was up. We managed to their Dad Summer School work, and wound up having a little dance party before bed while I played beats on the keyboard. (I really want some sort of LoopStation!)
I had a heart to heart with Boss yesterday about the future of Zombie, LLC. It was the most frank conversation that we’ve had in a while. I didn’t go so far to volunteer that I was actively applying for work, but did tell him I was under the impression that we were operating with less than two weeks of runway and that I would either be going on furlough or unemployment from that point. He assured me that it wasn’t the case, and understood that without me, there was no company. The other two members of our staff are not so lucky, and might have to go hourly. We talked a lot about pivoting, and what that might look like. Unfortunately we’re still locked into a franchise contract for the next two years, so we’ll have to stand up a new DBA for whatever we do.
One of our clients makes embedded systems, and just wrapped up a major project. They’re preparing for a new one, and I got a request from them about standing up a GitHub server for internal use. They’re not using any version control internally. I was shocked. They’ve got two C++ devs that are geographically distributed, and they’re basically sharing code between the two of them wrapped up in in VirtualBox images. I wound up spending two and a half hours writing up a proposal document on how to go about rolling out a VCS system internally, proposing training and gathering business requirements to determine whether to go self-hosted or cloud based, and to choose which of the various vendors to go with. We’ll see if they bite. I’ve been managing the systems for this firm for over five years, so moving into a development position there might be feasible. We’ll see.
My life as a WordPress developer continues. Last night I discovered that the database I was running locally was pulled off of my botched staging site, and was missing half of the sidebar widgets from the production site. This was after two days trying to figure out why the logos were missing from my local host. Still, I’m learning how WordPress works. I’m not sure how helpful it is to be starting from this abomination of a theme, but I told the client I was confident that I could make it happen. I have a feeling that I’m about to get way more involved in the design of the site than I have in a really long time.
Many years ago, when Zombie, LLC was still new and growing, we had a young guy who was working with us. He bragged to me that he made most of his money working freelance, standing up Drupal sites for clients at ten thousand or more a pop. I was sceptical, since he had the air of someone who grew up with money, but he did move on very quickly, working with the DoD and other large firms as AWS architect and devops manager. In some sense, I guess I was jealous, and that jealousy lead to keeping him at a distance. I think he recognized early on that Boss didn’t have the vision to lead us where he wanted to go, and he got out early. Que sera.
I’m sitting here with Designing Your Life next to me, turned open to the section on writing a lifeview reflection, my next homework assignment. The first example question is why are we here? and moves on to what is good , and what is evil? and so on. I was planning on addressing it here, but these blog entries are always to long-winded for the type of short, two hundred and fifty word answers they require. It will be very hard to keep my answer short, and will be a lot of work. It’s almost easier to write a thousand words about “matters of intimate concern” than it would be to just two fifty.
Younger has come downstairs, and is playing in the living room singing. Moments like these make me wonder why we ever lived like we did before coronavirus. Again, I ask myself why would I send this babe off to daycare for two hundred dollars a week just so I go to work. I can do my job from home now, so why would I send her away. But the Fall will come, and her big sister will probably be going back to school in some regard, and keeping the little one home with me, might be more than I am ultimately prepared to take on. When I was younger, daycare was my grandmother, or a family friend down the street. Of course I have no family close enough to take the girls on like that, so it’s either keep them home or send them off.
Last night, in Digital Minimalism, I read a chapter about the Amish, and the Mennonites. They both follow the biblical creed to be “in the world, but not of it”, and the description of the mindfulness with which they allow technology, or anything, really, into their lives seems like it’s a great approach. We’re all living in some sort of minimalist lifestyle right now, separated from the world we knew. Everything has been refactored, daycare, schools, work, the way we shop for groceries, the way we interact with friends. My wife may be forced to go back to work soon, but I can tell you that the rest of us are never going back to life as normal.
It only remains to see how we allow the world back into our lives.
So I deleted Twitter off my phone yesterday. I really did it. It just took a chapter or two of Digital Minimalism to convince me that I needed a break.
Getting rid of Facebook on my phone about eighteen months ago was one of the healthiest things that I’ve ever done. It was such a time suck and I spent way too much time on the platform arguing with people. One the one hand, it did lead to me writing quite a bit, and probably lead to my political career, but between the toxic people that I had connections with on there, and all of the privacy problems that were going on there, it was just too much. I had to leave. Given the Cambridge Analytica scandal and all the other bad news about Zuckerberg and they way they manage things over there, I’ve had no desire to go back. I’ve logged on a few times to deal with some messages or check on some family members, but I don’t browse the feed at all.
I always considered Twitter a bit different, since I was curating my feed, and it wasn’t just random friend of friend connections. Just because someone wanted to follow me, I didn’t have to follow them. Or vice versa. I still see Twitter as a source of news and information, and being able to remain pseudonymous was part of the main draw as well. Still, I spent way to much time on it, picking up my phone whenever I’m idle. Watching TV shows with the family, sitting out on the deck, or out somewhere waiting in public.
So I removed it Sunday morning and went about my day. The absence was felt immediately. I found my phone in my hand throughout the day, and I found myself wondering why I was holding it. Then I realized that the habit was still there, but I had short-circuited it with the app gone. It happened several times during random moments, like waking from a dream. I took the kids to a nature park to get out for an hour or two, and felt the urge to pull my phone out while the kids were finishing their lunch. No need. I set the slip and slide up for the girls outside and there’s that habit again. Nothing to do. Watching a movie after dinner, sitting on the couch, I’m always checking my feed. Instead, I worked on the Sunday crossword.
Today’s going to be interesting since I don’t have the same kind of blocks setup on my workstations. There are ones out there that will whitelist or blacklist certain sites on a timer. I’ve heard of people using them to make sure they get their work done, but I never went that far with it. There’s lots of downtime during the day, when I’m waiting for a download or some sort of progress bar, when I pull up Twitter and browse the feed. That’s going to be the real test. I wonder if I can redirect that energy to something productive, like doing a lesson on LinkedIn learning, FreeCodeAcademy, or doing one of the competitive coding challenge sites? I have been wanting to take a look at Rust…
I do have a project to finish, that is going to take several weeks of deep work. I’m really going to have to delve into WordPress’s innards and really figure out how the theme system works, then actually develop a design for a site. I had been attempting to figure out how this site’s current theme had been developed, but it’s such a mess, and I don’t know if I have it in me. All of the site’s functionality was just dumped into WordPress’s TwentySixteen theme, without even a child theme setup. And the dev hardcoded all of the scripts for Google Analytics and everything else directly in the template files. I’m got fifty four plugins, and trying to figure out which ones are needed to for the existing site is a mess.
Anyways. There was one moment yesterday when I desperately wished I still had Twitter on my phone. I was driving the kids to the aforementioned nature park, travelling down a two lane divided highway, when there was some sort of traffic slowdown. There was a car pulled off to the right just before an onramp. As I passed it I thought we were clear, but the cars on my left were still slowing up. There, up ahead, was a black man on a horse, just trotting his way down the highway. And there, the perfect tweet formed in my mind: “Is it legal to ride a horse on the parkway? Asking for a friend.”
Well, maybe not. But the next few days will be an interesting experiment to see what happens when I reclaim my brain. Will it unlock my creative superpowers, or have astonishing effects on my mental health and well-being? Probably not anything that that dramatic. Being in the moment certainly won’t hurt, and redirecting that nervous energy somewhere else will most likely be helpful.
After publishing last night’s post, I made a little headway with one of my projects, figuring out how to mount a SQL dump into a mySQL Docker image so that it gets loaded automatically when the container spins up. Just one more little win toward accomplishing my task. Now I just need to tackle the way I have WordPress deployed, and I can begin working on the project for real. I’m taking my time with this. All of the learning and research I’m doing now isn’t the client’s time, it’s mine, and is the kind of learning I love.
Being able to master Docker means I don’t have to run all this stuff on my local machines. I can start culling all of the packages that I’ve loaded in the past for this project or that, things like Node dependencies, Ruby, and Postgres no longer have to bulk up my system. Pop, here’s a container. Pop, there it goes. I went through my staging server a few days ago and started cleaning out shop, removing abandoned projects. Goodbye, rm *pennykoin* -rf, and so long.
I’m still reading Fluent Python, about a half hour before bed. I finally have a good grasp on decorators. I think my eyes glazed over on coroutines, but I think I’m ready to add threading to my value averager app. I’ve only got a couple of chapters left, on asyncio, which I desperately need to master, and another on one of my favorite subjects, metaprogramming.
I’ve been reading Fluent Python for about twenty minutes right when I climb in the bed. It’s on the iPad and even with the brightness turned down all the way, it’s still bad for rest, so I usually wind up reading a real book. Right now it’s Digital Minimalism and last night there was a section about Henry David Thoreau, starting with his time building his cabin at Walden Pond, before he wrote his book. Just how does one build a cabin using just an axe? Anyways, the point here, and one I never knew before is that Walden is really about using time as the true unit of account. What use is earning a bunch more money if the cost in time to earn it is so much. And for what?
It’s not that I haven’t heard the idea of time as money before, or rather trading time for money. It’s very prevalent in the things I read and hear. Just realizing that Thoreau was writing about it some one hundred and fifty years ago makes me realize how little things have changed. I don’t know why I should be surprised. I’m sure Marcus Aurelius says similar things in his diaries. I think my point is that I wasn’t expecting to hear it. Here I was, trying to convince myself that I should delete Twitter off my phone for a month, and here’s Cal Newport, via Thoreau, asking “why are you working so hard, you sap?”
Thoreau did have any children, though, so I guess I can say that’s part of the reason that I grind, although it’s really not the only reason. I like figuring things out, and it’s just so happened that the things I’ve figured out how to do enables me to earn a comfortable living. Still, there’s some sort of drive to build something, a legacy, if you will, coupled with a mild regret that I should have more to show for this life I’ve lived these past forty one years. One of my grandfathers built a house. All I have of another is a stained glass lamp, sitting next to one of my daughter’s beds. That and memories of model trains in a basement, and playing a flight simulator on an old Tandy PC back in the 80’s.
And maybe that later point is the crux of minimalism. In the end, it is the memories that matter. Not all of us are going to write lasting works of fiction or build cathedrals that will be finished long after our deaths and stand for centuries. Today, all I can do is love those around me, and tinker on my keyboard, changing the world around me, bit by bit. Who knows, maybe Bitcoin is going to succeed, allowing me to leave generational wealth for my grandkids, either directly or indirectly. Maybe one of my other projects will succeed and grant me a minimum viable income so that I’m not forced to work another day in my life.
Maybe I’m being fatalistic, maybe this is just my monkey mind sowing doubt in my mind, preparing me for failure. I’m not sure, but it doesn’t feel like it. I think it’s just recognition that I’ve got too many things distracting me, things that I need to let go of, and remove from my life.
But right now, I hear the pitter patter of little feet upstairs, which means it’s time for me to enjoy my Sunday.
I wasn’t going to write tonight cause I wanted to do some testing with Docker, but I figured it was best to do it to keep up the habit. I already posted once today as I never actually published the phishing piece that went up on on my professional network yesterday, so that’s live now. I stayed up late last night, not too late, and my my morning routine was interrupted due to a visit to Hangover City and a visit by my dad for breakfast. We didn’t do much today other than cooking a huge breakfast on my new outdoor griddle and cutting the grass. Ordered Chinese takeout and watched half of Attack of the Clones with the kids.
Actually, that’s not quite accurate. I did have a sort of business call with someone who found my short-lived crypto podcast and wanted to talk about some non-profit business venture that he was trying to pitch. I wasn’t terribly impressed cause it’s not really my wheelhouse. I gave them some local resources to check out and told them I’d follow up in a month to see how things were going.
Also, I went ahead and opened up two additional BlockFi accounts for my daughters and moved their BTC over to it. I also started withdrawing cash from their LendingClub accounts so that I can start the process of converting them to USD coins and add that to BlockFi as well. It’s kinda funny, my oldest is only getting three percent return on her LC account, and her little sister is up around seven. It almost isn’t even worth moving her over to BlockFi, but I’m going to have the interest payments paid out in BTC, so I they can stack sats faster. Migrating their funds will take a while, since the loans are up to thirty six months, so it’s just something that I’ll have to add to my quarterly plans.
That’s it for tonight. No games tonight, just another hour until screens off and books in bed. I’m reading Digital Minimalism by Cal Newport, since I’m doing the exercises in Designing Your Life. It reminds me of the Team Human stuff. And given how much time I’ve been spending on Twitter – and the notifications I’ve been getting, I’m about ready to take a detox from it for thirty days. Well see.
This attack is not new, but the tactics are evolving, and some people are still behind the curve
I’ve been managing business networks for some time, and I’ve witnessed phishing attacks, where attackers attempt to steal a victim’s email login information, evolve the last few years. Yesterday I was alerted to a new variation on this traditional attack that I thought was worth sharing and dissecting, as you’ll see why.
Almost all of the attacks that I’ve seen stem from an email that a victim receives. Usually it’s someone that the victim has corresponded with in the past. The subject line and body vary, but there’s usually an external link where the victim is directed to in order to download some secure file. Normally, the victim arrives at a page that looks like a Google or Microsoft landing page, but of course they’re a fake, setup to steal the victim’s credentials.
If the phishers are successful, they’ll have gained access not only to the victim’s mailbox, but also any associated document storage systems like Google Drive, or Microsoft OneDrive or SharePoint. From there it’s all over, the attackers can download whatever they need, or if they discover that they’ve infiltrated a high value target, they might lurk, and prepare additional attacks.
In one particular case that I was involved in a few years ago, attackers managed to phish the CEO of a company. They discovered that they were going to be travelling from the East coast to the West, and waited until they were thirty thousand feet in the air to launch a fake CEO attack, requesting that their finance director wire tens of thousands of dollars to the perpetrators bank account as soon as possible. In this case, there were enough red flags that the attack was thwarted, but not before the attackers had used the CEOs mailbox to resend the phishing attack to everyone in their contact history.
And so the cycle repeats.
How not to be a victim
Normally, there are numerous red flags when phishing attempts happen, but it still surprises me the number of requests I get from people asking me to inspect an email for legitimacy.
Sometimes it’s as easy as examining the email recipient, or the actual link in the email, and finding that they don’t match. If Jane Doe’s corporate email is email@example.com, and you see your email client only displays “Jane Doe“, you might need to hover your mouse over it to see that the email is really from a different address altogether. (Hover over the link above to see what I’m talking about.) Most modern email clients have updated the way they display emails, making sure that the actual address is “Jane Doe <firstname.lastname@example.org>” or something similar.
However, there are still a number of businesses that haven’t taken precautions to protect their own email systems from being spoofed. That’s to say, there may not be anything stopping from someone from setting up a rogue email server and sending an email from anyone at that company. There are several methods to protect from this, known as SPF, DKIM and DMARC, that protect from this happening, so you may want to make sure that your domains are protected.
The flag that I look for is where the link is pointing. Just like email addresses, these URLs can be spoofed. Modern rich-text or HTML mail clients which allow special formatting can be used to try and trick users with links that misdirect users to hacked sites. So always check the URL. That official looking login page for your Office365 account might just be a fake sitting behind someone’s hacked WordPress site. CHECK. THE. URL.
These tips alone should prevent most people from falling victim to one of these attacks. If I’ve been drawn into investigating at this point, I usually go a step further and try to get the fake landing page taken down. Sometimes it’s easy to find the company who’s site has been hijacked, and usually a courtesy call is enough for me to consider my good deed done for the day. Sometimes the site is set up by the hackers themselves. A ten dollar web domain with a three dollar hosting account, paired with a free WordPress template is enough to start with. In these latter cases, I have to do a bit more work to find where the domain is registered and where the site is hosted. Then, an email to the company’s abuse department, and I’m done.
How you can stop it
And in almost every case that I’ve seen, it’s been a WordPress site that has been hosting the fake landing page. As it’s the software behind more than a third of all websites on the internet, it’s not surprising. But if you’ve got a business website running on WordPress and you’re not maintaining it or paying someone to manage it for you, then not only are you exposing yourself, your firm, and your clients to hacks, but you’re also partially responsible for any victims that fall prey through your site. Update your site, at least quarterly, or purchase a product or hire a firm that can check it on a regular basis for you.
Making sure email the security protocols mentioned earlier, (SPF, DKIM and DMARC) are enabled on your domains will prevent hackers from faking your domain and using it in an attack.
Using updated email software and security applications are also an effective way to mitigate these attacks. Make sure that your email client software is a recent version, or use a cloud-based one to make sure that you have access to the latest anti-phishing tools. And make sure you use them! It still astonishes me how many small firms haven’t enabled two factor authentication for their employees, or even looked at the protection services that are available from their email providers.
And one of the most important things you can do is train your staff how not to fall victim to these attacks. There are a number of firms that can deploy phishing attempts against your staff, and provide training to those who fail to avoid it.
Attackers upping their game
What concerned me with the attack I witnessed was the way that the attackers changed their tactics to evade some of the more advanced mitigation techniques that are in place to stop these cybercrimes. A number of enterprise level email security services have the ability to filter out these malicious links and block them from the recipient. They usually rely on some sort of whitelist or blacklist to allow certain domains through. In the case this week, the victim was sent to Live.com, which is Microsoft’s ID portal for Outlook.com and OneDrive accounts. To the casual observer, it looked like a legitimate OneNote notebook, and there was no breach at this point. No doubt most organization administrators would have no problem with users going there.
Of course within this OneNote page was the real trap, a link to the fake landing page. Thankfully the mark in this case, noting that the OneNote page was addressed from a person different than the original email, was suspicious enough not to fall for it. That said, when I was alerted to it and took a look at the OneNote page without the context of the original email, my initial thought was that it was legit. I almost cleared it! A second read turned up some irregular grammar, which is when I noticed the external link and the O365 landing page. Even then I still had to look up the domain registration on the site, two months earlier using an Asian registrar, before I was convinced it wasn’t some sort of Single Sign On configuration.
Technology changes fast, and cybersecurity is a cat and mouse game between attackers and the security professionals that protect your personal and business assets from these dangerous breaches. If you need help with managing your infrastructure or mitigation strategy against these attempts, let’s discuss it. Whether it’s email and network infrastructure, securing your website, or doing mock infiltration testing or employee training. I can help.