Passwords – the Gremlins of Cyberspace

Passwords – the Gremlins of Cyberspace


Meet Juanita Smith

On November 18th, John Smith was suddenly hit by a bus while texting to a friend about the merits of eating tuna. He left behind his wife and two children. Aside from the shock of losing a loved one, life did not stop. The wife, named Juanita, looked at a stack of bills that her husband always paid on-line. She had never accessed the bank account and she had no idea of the password. She was a co-signer of the account, she had a few checks still in the check book, but soon ran out. She solved that problem when a friend reminded her that she could call the bank for assistance.

What she did not know was that John had also paid several bills using e-mail or simply tracking his bills on-line. She was not aware that student loan payments were not paid. She missed the first notification that the cell phone bill was ready, and failed to receive notice that two credit card statements were ready for viewing. With all the trauma of sudden death and loss, she would not realize that something was amiss until two months later when her credit card was rejected at the grocery store.

Suddenly thrown into her lap was the full responsibility of managing the finances of the family. Sarah, their youngest, cut her knee requiring stitches. Juanita had no access to the health insurance account, no idea of how things were covered because, alas in this paperless economy, there was nothing in the files. Even though John had been diligent in keeping a will up to date, she had no quick way to obtain even the basic information. Fortunately they shared a password to the Wii, Amazon Prime and the router.

The situation just described happens every day. It illustrates how important it is that passwords are managed well. It not only affects your security and the confidentiality of the information you wish to protect, it also has implications for those you love.

Passwords – the word people love to hate.

Passwords. They may be too weak, whatever that means. They may be too many, each having to conform to a password standard of a particular web site. They are forgotten, confused and yet hacked by somebody out there. What is it with passwords? Can we master these little devils?

As a security geek and an economist (a behavioral science), I am intrigued about how people respond to passwords. You would think that the older people would be tripped up by passwords, but password klutzes come in all ages. And it knows no IQ standard. I have seen the smartest people do the dumbest things with passwords (like doctors or some political advisors that I will not name). Passwords are the vital signs of security, how they are handled is indicative of the security culture that surrounds a person. Yes – it is cultural. Security is not all technology. It is us. It was John Smith. It is Juanita Smith.

I recall the early days of the PC. Passwords were almost an afterthought, rarely encountered. But as the personal computer evolved into the business workstation, the password problem began to emerge. It really wasn’t all that complicated. All a person had to remember was 1) their login password to the network and 2) another password for an application they may have been using. Two passwords. Yet even at that level, I had to deal with many users who complained about two passwords, and some who rebelled by simply writing them down on their deskpad!

Then came the Internet – and the rest is history.

Today, I maintain a listing of passwords that cover 13 pages, double-columned! Passwords range from the bank to ESPN. They have been accumulated over seventeen years of Internet activity. For the person who tells me “I use the same password for everything,” I say “Impossible!” I know of people who have tried to accomplish that goal and soon learned that everyone had a different set of rules regarding the login ID and the passwords.

This article will focus on how you can manage passwords. It is like caging gremlins. You will find a lot of workable suggestions below, but you will also have your own personal demons to engage, what transforms you from the sweet person you are to a cursing, talk-to-yourself ogre. Whatever you are, the goal of this article is to avoid what happened to Juanita.

Login IDs

First, it is appropriate to address the problem of login IDs. It is one reason why the list of passwords and IDs grow. Some sites want your e-mail address. Others want you to use an ID, preferably your name. And there are sites where you would prefer to use an alias. All I can say is use common sense. With the advent of the cloud, your e-mail account is used more often for various services like Yelp or Uber. But your bank, the IRS, and stock trading site will usually require an ID that resembles your name. After the list grows to a certain size, however, rarely visited sites are tough to recall and you forget your login ID and/or password.

Passwords – Why Make it Complicated?

As a security specialist I can relate to the tendency of human beings to use passwords that are easy to remember, such as your grandmother’s first name or the name of your first son. Guess what. Hackers know this and have had some surprising success accessing even the most sophisticated systems, simply because they looked up a guy’s grandmother’s name! Such amateurism was soon dispelled by large enterprises, constructing what is called the “complex password.” They set up rules that would force users to create passwords of a certain length, with capital and small case letters, some numbers and symbols.

Why is that? One technique that hackers use is called a brute-force attack. There are programs out there that can guess your password, often engaging a form of brute-force referred to as a “dictionary attack.” In other words, if your password is a word, it is relatively easy to break. But when you add random small case/ large case letters and mix in numbers and symbols, the time required to guess the password lengthens considerably. Sites that enforce complexity are usually those that pertain to your finances. But it is a good rule to follow in any situation. If you have four-letter passwords, even for presumably unimportant sties, you are highly vulnerable. Some of the most interesting hacks I have observed commence with somebody breaking into a presumably unimportant site that you visit. From that intrusion they can begin to construct a profile, which only improves their ability to predict your behavior at other sites.

Another thing I need to dispel is that the brute-force attacks that you see on such shows like NCIS are purely fiction, much to the tragic realization of “script-kiddies” who try to break into a city government network to control stop lights. Networks not only regulate the length and complexity of your password, they can also establish how many attempts you have to enter the correct password. Most high-security sites give you three attempts before you are locked out. Another thing to note is that most high-security sites have intruder detection systems that flag unusual behavior, like repeated attempts to access a particular account.

In conclusion, get in the habit of using passwords of about 12 characters in length. Mix up small case and large case letters, add numbers and symbols.

Dividing Passwords into Groups

The protests would be loud and frequent if I required my family to enter a highly complex password whenever they wanted access to the home router, Wii or family e-mail accounts. To avoid that problem, reserve the most difficult passwords for your financial sites. Recognize that family members ( and some guests ) will appreciate passwords that are relatively easy to remember. I call this grouping.

Easy passwords are what you encounter at the local coffee shop. They are simple enough for the barista behind the counter to share and for the customer to apply. On the opposite end of the spectrum are passwords that are not easily remembered because of their complexity. In the middle are lower risk sites that may or may not warrant highly complex passwords. The important thing is to have passwords that are different based on risk. If you are using the same password to access your router as you do the bank, you are highly vulnerable. One exploit of that password, and your goose is cooked. Imagine sharing with your twelve year old son the router password so he can tell his friend, and using that same password to access your bank.

How Often Do I Change Passwords?

Another cause of complexity is that everyone has a different set of rules regulating how often you need to change your password. As a consumer I rarely encounter a request to change my password. But most intranet operations ( i.e. business enterprises ) have expiration dates on passwords. Another cause of forced password changes may be when a company or government agency is compromised and there is concern that hackers have obtained your login ID and password. When that happens, they send you notification that your account may be at risk and the best way to resolve that problem is changing your password.

Most security experts recommend changes every 30 or 60 days. The average human being will find that advice as insane. They will keep using the same passwords to get into their e-mail or sports network account until the day they die. How can we improve on this?

First, make it a point to change passwords of critical accounts at least annually.

Second, change your password whenever you receive a notification that your account may have been compromised.

Third, get in the habit of changing passwords to ALL accounts on a regular basis, at least annually.

One suggestion is to keep a spreadsheet that lists the account description, the login ID, the password, the frequency of a password change, and last date of a change. You can create a formula that will calculate the next scheduled date for a password change. You can then sort the list of passwords by change date. Once a month you can go over the list and change passwords that are scheduled for a change.

Fourth, keep your eyes open regarding login failures after you change the password. If you change your password and shortly after receive an alert from that web site, you may have had your account compromised before you made the change. If that occurs you may need to contact the site and report the incident. If it is financially related, you may want to look over your financial records to assure that no damage was done.

Is it Safe to Write Down your Passwords?

Yes – if you read the rest of this article. Hackers use a social engineering trick I call desk surfing, also known as eavesdropping. I recommend that supervisor’s enact the “janitor test.” If I were a janitor, working in the evening, what could I discover without touching a thing? You would be surprised. Read Alan Henry’s blog on The Most Common Hiding Places for Workplace Passwords and you will get a good laugh – probably at yourself!

The simple truth is this – there are too many passwords to relegate them all to memory. It is impossible. People write them down. So the question is whether there is a safe way to write down passwords. There are a number of tools out there that enable you to record passwords such as encrypted password vaults that come with browsers, and several apps that provide password storage services.

Whatever you do – DO NOT RECORD PASSWORDS IN PLAIN TEXT, UNPROTECTED FILES. Word processors and spreadsheets have password protection options. Use them. Studies have shown that this level of password protection is not considered high-level, most particularly subject to brute-force attacks. A hacker can download the file and conduct unlimited attempts to break into the file. But it is better than no protection.

Below is an example. In prior versions of Word, the password option was provided under the “Save As” screen. But recent versions of Word place the password controls under “Tools” and then “General Options.”

While password storage apps may provide the best protection, I have found they do not store other information that may be handy to write down, such as your bank account number, PIN used for the bank card, airline frequent flyer numbers, etc. And then there are the security questions that they want you to use. As you can see, it can get messy.

Here is an example from the Firefox browser, where you can save passwords.

Another trick is to only record the first and last few letters of a password. This will require some discipline on your part because it depends on something that only you know. But if you build complexity at the ends of the password, the center can be a pattern you know. So you would record in the document something like A@C …. 789. Only you know what lies between C and 7. So in the event someone obtains your password file and cracks the password and gains access, they will only get a hint of what the entire password may be. They may eventually discover the password, but you have made the effort much more time-consuming and complex and have increased the odds of detection by security considerably.

What Happens if you Die?

We now return to the sad fate of John and his surviving spouse, Juanita. I’ll be honest. I have never heard anyone discuss this subject at a security conference. But it is obvious to any lawyer or trust manager who has to handle estate settlements. And it doesn’t have to be death. You could simply be traveling and someone at home needs to access an account. With more and more financial activity being conducted on the Internet, there is often few clues in your paper files at home. Financial firms are often in the forefront of “sustainability,” i.e. the use of e-mail rather than paper and snail-mail. The only evidence that you have a bank account or a stock trading account are the e-mailed statement notifications. For someone to access that account they would need to know the e-mail address and the password. The old fashioned way of transferring assets upon death still are required, but it may mean the difference of one day versus one to six months before you can access the account information.

The impact of your loss, however, will be felt most by the everyday things you do over the Internet. Consider how many bills you pay on-line. Does your spouse know those IDs and passwords? Consider all the services you use that may require a periodic password entry: Hulu, Netflix, You-Tube, Facebook, the cell phone provider, resolution of medical bills with the insurance provider. The list can go on and on.

One way to reduce the confusion and chaos for the beneficiaries is to provide the list of passwords and IDs in printed form, filed away in a safe location, preferably in a safe or safe-deposit box. If all involved are cyber-sophisticated, you may find it practical to keep a digital copy of the password file with a beneficiary, or simply place a thumb drive of critical documents in a safe.

Finally, use a shredder. Any piece of trash that contains an account number or, heaven forbid, your passwords, can be used against you. Shredders are not that expensive and handy to have around.

Sliding Doors

A fun movie is Sliding Doors which explores the consequences of one decision, tracking the subsequent events of a person’s life. Let’s return to John Smith, and go back four years. John, seeing how important it was to document passwords, decided to record IDs, passwords, PIN #’s, account numbers, etc. in one password-protected document. He named the document “Grandma’s Recipes.docx”. He printed out the document and placed it into the safe. Juanita, not being cyber-friendly, barely provided enough attention to recall John’s remarks about the document. She squirreled away the safe combination in her wallet.

On hearing the tragic news of John’s death, she fell into shock. The coming days passed before her like a bad dream. Friends provided meals. Her parents and John’s parents all converged at their home, providing comfort and support. But the time came when she had to live again. She saw the bills sitting on the counter, which reminded her that they needed to be paid. She recalled John used on-line banking and rarely used checks. She then recalled John describing this document that he placed into the safe. The safe! Where was the combination? She remembered she placed it in her wallet. There it was, worn thin, the numbers barely visible. She went to the safe and breathed a sigh of relief when the door opened. There it was, the document listing all the passwords. At the top was the password to the file on their computer. She went down the list and found their bank. She got online. The ID and password worked! She studied the page and learned how to track transactions. She noticed there was a button on the upper right portion of the screen labeled “Bank Online.” She found the utility bill. She paid it. She sighed in relief. She then noticed a credit card bill being paid last month. She never recalled seeing a credit card statement in the mail, so she found the ID and password to the Visa card. To her relief, it also worked and she saw that the bill would need to be paid soon. She printed out the statement and looked it over. She returned to the on-line bank and scheduled a payment. “Yes,” she said to herself. “I can do this.”

She would later access his e-mail accounts, noticing that there were some bill notifications. She paid those as well. Yet as the months went by she noticed the other accounts he had listed. She recalled the memories of his love of sports, his uncanny ability to plan trips, and his diligence in providing insurance coverage. She would decide in the coming months to return to her hometown to be near her parents. With that list of passwords, she was able to access the travel accounts, transfer the accumulated points to her name and arrange the flights that saved her over a thousand dollars. Consulting with customer support, she was able to close out his unneeded accounts and update those she would continue to use. She kept his Facebook and Instagram accounts. She wept when she viewed the photos and his witty responses to his crazy friends. These were practically all that was left of him, the ghost in the machine.

Other Resources.

The Most Common Hiding Places for Workplace Passwords, Alan Henry, LifeHacker, November 13, 2012. Fun article for all the tricks people have tried to hide their passwords.

PC Magazine has a good article rating password vault apps.

The Best Password Managers of 2017”, PC Magazine, Neil J. Rubenking, December 13, 2016

Another source organizes the recommended vault applications by operating system, expanding your options if you have a non-Windows platform.

“Best Password Manager – For Windows, Linux, Mac, Android, iOS and Enterprise,” Swati Khandelwal, The Hacker News, July 29, 2016

Advent Conspiracy – It’s a Tide, not a Day

One of the revolutionary changes that occurred in my celebration of Christmas was when I realized that it was a “tide”, not a day. I recall as a kid wondering what that word meant. You know, the “Yule Tide Carol”. And what was this thing about “The Twelve Days of Christmas?” As a rural Protestant, all there was to Christmas was December 25th. While there was a lot of stuff happening before that day with the “Christmas” label, the celebration of Christmas, for all practical purposes, was one day.

Fast-forward thirty years, add three kids and a wife, a dozen or so relatives, an ever-widening wealth of friendships, it seemed that something was terribly bent about Christmas being just a one day celebration. Instead of celebrating the day as the coming of the Saviour, it was more of a logistical contest, managing the yearnings of children wanting to open all their gifts on Christmas morning, fixing a hot breakfast followed by a huge dinner, and having the dining room fill with friends and family, topped off with a marathon dish-washing. Come December 26th, nothing except exhaustion.

As a lover of history it was no secret to me that sometime before 1900 people had a broader understanding of Christmas. To Europeans, Christmas-tide was a period of time extending from the day Jesus was born to Epiphany, when he was visited by the wise men. Those twelve days were replete with activities that had little to do with giving gifts. Most people could not afford the orgy of materialism we see today. While gifts were exchanged throughout this period, it was at a much smaller scale and most everything people gave was personally made or had significant practical value. Food, for example, was vital – as was clothing. To give someone a pair of shoes was a blessing from heaven. People moved from household to household sharing food, liquid refreshment, music and stories.

Today, Christmas is now fast-tracked. It starts with the madness called Black Friday, the day after Thanksgiving. The Drudge Report fills with headlines of fights and even deaths resulting from the rush of people. It is then followed by Cyber Monday when on-line services compete to sell their goods over the Internet. Charities are now chiming in with a special day on Tuesday. The rest of time is filled with Christmas pageants, cantatas, concerts, carol singing, office parties, and so on. Christmas Day comes along, usually proceeded by a Christmas Eve service at your church. Some families have a tradition of opening some gifts on Christmas Eve. But Christmas Day is the climax where people rush to the Christmas tree and open a mountain of gifts, followed by a huge feast. It is a day of fond memories. But then it ends.

Historically, it was the other way around. Prior to 1920, there was not much consumerism. Gifts were usually hand-made. Pre-Christmas parties were often the luxury of the wealthy. For many commoners, Christmas was twelve days long. It was during this time that carols were sung, gifts exchanged, gatherings made around a Yule Log. It was more spontaneous. There was no rush. It is the Christmas I dream of having every year.

How can we regain this tradition that expands over two millennia?

Start with the family. Attempt to wean your children off of the Christmas morning rush. We felt we were successful if we could stretch it out over two days, beginning with Christmas Eve. This will definitely be the toughest assignment. But, over the years, it may actually work. Isn’t it sad that kids open up a half dozen gifts, all scattered out over the floor, filled with joy and excitement yet they hardly know the gifts are there after the day is over. Imagine replacing that with a gift each day and each day that gift is special. That may be the most idealistic proposal in this essay – good luck.

Staying with the family, attempt to arrange trips around Christmas-tide rather than Christmas Day. Let your extended family members know that it is OK if they come December 28th or News Year Day. It is still Christmas! Vice versa, you can avoid much of the Christmas chaos at airports and highways by traveling during off-days. You may notice that ticket costs vary considerably if you choose days that are less frequently traveled. The greatest dividend is that your family members can travel without feeling harried, rushed or unsafe.

Third, scope out your acquaintances and see who you can have over for dinner. The biggest tradition of Christmas-tide is that the nights are filled with fellowship, food, drink and even some rowdiness. While not advancing the latter, the other three things look quite attractive. Have this week reserved for friends and those who are without family. Get to know someone new. Invite the neighbors for an evening of left-overs.

Fourth, check to see if there are ways you can extend service to those in need. It is nice that members of the community chip in and provide a mountain of food and a hot meal to those in need on Thanksgiving and Christmas Day. But they are in need the rest of the year and you may find it more meaningful to see how their needs are met on a regular day.

Fifth, really get radical and sing Christmas Carols! Imagine how weird that would be in our modern society. But that is what folks used to do, singing carols during Christmas-tide. Being shy, you may want to start with a carol-sing at your home or local church. Then get brave, and spread out to nursing homes, homeless shelters, or schools. But one great idea is to bake up a batch of cookies and share them with people if you must go door-to-door. You might be surprised what you will get back – I can imagine that everyone on your street will have a mountain of leftovers to share!

This is just the beginning. I can imagine that buried deep into the past are a bevy of lost traditions that await our discovery. Christmas-tide can definitely be the most joyful part of the year.

================================

Please check my web site for a listing of more technical and literary publications.

Advent Conspiracy — Give More

Two of the tenets of the Advent Conspiracy are to Spend Less and Give More. What sense does that make?

give_moreIn an earlier essay I discussed how we could get through Christmas without any debt. It is interesting to note that, in hindsight, I was not telling you to spend less. But by focusing on spending cash only, it would automatically cause us to take more care in how we spend money for Christmas gifts, evolving from being impulsive to being deliberative, from credit card debt recovery to saving in advance. It could, quite possibly, cause us to spend less. But the real point of controlling how we spend money is not to become misers and Scrooges, but to enable us and others around us to enjoy Christmas in a worshipful manner, to have the liberty of truly focusing on Christ and all the important things he has placed in our lives: love, generosity, family, and friends.

So how can you give more while “spending less”?

First, taking thought before buying anything. Ever wondered why you wait till Christmas to buy someone a gift? A gift that is truly meaningful is one that meets an important need in a timely fashion. I make an annual trek to Missouri to help my dad around the house. One year I was painting the trim around the exterior of the house. His step ladder was 15,000 years old and was nothing short of dangerous. He needed a new ladder and, being near his birthday, it became his birthday present.   He needed a new ladder then, not later. This type of stuff goes on all year, encountering people who could be blessed by receiving a timely, much-needed gift. Waiting till Christmas makes no sense. As a result, there are honestly few nice gifts to give people on Christmas. So you have to pause, think, and carefully consider what would truly lend value to a gift. Just don’t throw money at something. I noticed a lot of people are just like us, resorting to purchasing a cute Christmas card with a cute gift card inside. Sometimes cash is the best gift.

For my family, our journey in buying sensible gifts began with “What do you give someone who has everything?” This typically applies to older people. Would my parents really need another painting? Would my wife need another bracelet? After a while, the parents have run out of wall space and your wife’s two stacks of bracelets are getting to appear more like a rare metal investment. So we bounced an idea off of our parents and siblings – would it be OK to give to charity on their behalf? They thought it was a great idea. The fun part is what we select. We would navigate to the World Vision web site and pick a goat for the brother, a pig for the sister and a piece of a water well for my parents (my father is a civil engineer). The neat thing is that we are not guessing at what would benefit someone who has practically everything. Nor are we sending them gifts that have no practical use.   But giving on their behalf for a World Vision project? That made more sense.

Also note that in buying a goat we gave more. We gave a gift to my wife’s brother, but somewhere in Latin America a family received a goat that blessed them throughout the coming years. How many people drank the milk? If they sold the milk, what did it purchase for the family?

Next, buying local. Giving more is possible because you are blessing people who live in your community, people you most likely see around town, possibly a friend. I realize this is tough for folks who live in major metro centers. But wherever it is possible to relationally connect with store owners and their employees, there is something positive whenever you realize that an item you purchase benefits people you are near. Also note this does not necessarily mean ignoring chain stores. I knew someone who worked in the florist section of a large grocery chain store. I could have bought flowers from elsewhere, but I knew that this person would be blessed to do business with me and she knew my wife besides. She was delighted to be making a flower arrangement for my wife.

Buy from local artists and craftsmen. One of the bonuses of living in Juneau is the abundance of artists. It is interesting that Black Friday is the day the local craft fair is held. The event is usually well attended, packing people into three different buildings. From food to cutlery, from scented candles to outstanding photography, you can find it at this craft fair. We usually buy something each Christmas. Folks who receive these gifts are getting something handmade, unique and with a touch of Alaska. But just as importantly, the creators are blessed by being rewarded for the fruit of their creativity and labor. And, for a city as self-contained as Juneau, it is likely someone you will see again.

Buy from friends or people you know who would particularly be blessed. We know people who are very talented and could really use the income. Be watchful for people who need the extra income. I love to buy art work (wish I had more wall space) and I have had the good fortune of knowing some very talented artists. Reserving my resources to buy their art work is a blessing. It also addresses the fourth tenet of the Advent Conspiracy – to Love All.

Giving is also something we do that does not involve a purchase. There are food drives, coat drives, Angel Tree, Operation Christmas Child. Consider buying a bell-ringer a cup of coffee. Inventory how you use your time and consider giving your time and talents where it is needed. Christmas is a good time to take account of our own resources to see how we give all the time. Maybe Christmas is a good time to call Love INC and volunteer your time, call the Glory Hole and join a kitchen team, volunteer to provide health services, or call your local church and provide your time to a need they may have observed in your congregation.

Consider giving the “fruit of the Spirit.” Interesting, isn’t it, that the most important thing you can give to anyone is your presence. “Presence, rather than presents.” Consider a commitment to love someone more, to untrack your personal agenda and have intentional compassion toward someone else. It’s amazing how something costless is priceless.

================================

Please note that Advent Conspiracy is a movement started by a handful of concerned Christians desiring to recapture the true meaning of Christmas.

================================

Please check my web site for a listing of more technical and literary publications.

Advent Conspiracy — Worship Fully

A tenet of the Advent Conspiracy is Worship Fully.

Worship_Fully.png To reclaim Christmas, we can dole out a considerable amount of advice. Yet we need to be reminded that “Advent” is part of the Advent Conspiracy. Any suggestions offered to regain Christmas can never be addressed unless the reader has a stirred conscience and a desire to participate in the Advent season.

Advent is not a scripture-proscribed holiday.  Advent evolved from the development of the liturgical calendar. The early church was largely composed of illiterate people. Paper was very expensive and rare, so even if you wanted to read and write, the transference of scriptural knowledge was usually reserved to a few. To resolve this problem, the early church used a calendar to emphasize various parts of the gospel story.   Up until the 19th century, Easter was the big holiday in Christendom. The crucifixion of Jesus had a specific date because it occurred during the Jewish Passover.   The gospels are replete with details of the crucifixion and the resurrection of Jesus, and contemporary secular sources of the time verified much of what was recorded in the gospels.

Advent was designed to instruct believers in the coming of Jesus. Words like “anticipation” and “preparedness” apply to this time of year. While the Nativity Scene is often associated with this season, that did not appear until the 13th century courtesy of St. Francis of Assisi. But the stories of the birth of Jesus abounded. Unlike the crucifixion, the birth of Jesus was reported quite differently in each of the gospels. Mark and John have nothing about it, while Matthew and Luke were similar but each providing a unique element to the story. So Advent leaves a lot more to the imagination.

Advent is a spiritual journey. It is my journey and it is personal. There are no formulas here, no recited liturgy or rites of passage. It is, in essence, a reminder that at one time in the history of man was my personal history – a life without the Christ. I have heard a lot of testimonies and they all contain some common elements – one of which is preparation. Whether a person knew it or not, they were being prepared for the coming of Christ into their lives.

As a Bible-centered evangelical raised in rural Missouri, the liturgical calendar was something lightly regarded in my church. My family did not celebrate Advent as such although I recognize some elements of it on hindsight. So it would remain until I was much older (several years ago) when I realized that Christmas had become, in reality, a single day on the calendar of frenetic activity and material consumption with a rapid succession of events proceeding, as any parent of children can attest. Managing the affairs of Christmas became algebraically more complex with each addition to the family. Finding the true meaning of Christmas was illusive.

I related to what C.S. Lewis referred to in Surprised by Joy, this awareness that there was something fresh, mysterious and pure somewhere near me, more than imagination.  On hindsight I realize that I was “being prepared.” My conscience was stirred. For a few years I kept asking God, “Lord, is this what Christmas is about?” Each year I was more prepared to address that question.

And that is where the Advent Conspiracy begins – prayer and meditation. It is no accident that missionaries and Christian charities begin with prayer support. Missionaries don’t say this rhetorically when they share how we can support them – they begin with prayer. You can write a check and that takes hardly a minute. But missionaries are full time on the front line of our faith. They need our prayer support all the time. Advent is certainly no different. It begins with you, preparing yourself, for the coming of the Saviour. It grows to be an embedded awareness.

What I share of the various tenets of the Advent Conspiracy in a few weeks will reflect almost half a lifetime of my spiritual journey. No guilt trips here. No radical purge of materialism. Rather it was a gradual transformation. I discovered that the Advent calendar was there for a reason, to redirect my thoughts and energy toward a renewal of my faith. It is a spiritual exercise that I now look forward to each year.

May you worship fully this Advent.

================================

Please note that Advent Conspiracy is a movement started by a handful of concerned Christians desiring to recapture the true meaning of Christmas.

================================

Please check my web site for a listing of more technical and literary publications.

Advent Conspiracy — Cash Only Please

Spend_Less.png
Spend Less

One of the tenets of the Advent Conspiracy is to Spend Less

If anything demonstrates how distorted Christmas has become, it is the amassed credit card debt. According to an ABC Report, 60% of credit card holders do not pay their balances in full. From within this group, credit counseling agencies report a 25% post-Christmas up-tick in people experiencing credit debt assistance. The London Telegraph notes that 1.5 million Britons take out payday loans to pay for Christmas! Most folks are happy if they can clear the debt by April, often thinking a tax refund will cover the balance. It is the worst kind of financial management. It generates personal stress and weakens the family.  It is indeed ironic how many Christians participate in this trend. I should know because there was a time in my life when I was a part of that “tradition.” Besides attempting to cover gift purchases for my immediate family, I had to cover gifts for the extended family. Add to that office mates, business contacts, neighbors, my close friends, special offerings, and January sales, the amount of money I expended in late November through the first week in January was staggering.

Yet it was Jesus, himself, who taught us that we either serve God or Mammon. Mammon is more than money. It is spiritual servitude. It consumes us and demands our devotion. It is the very essence of debt. Yet how was I celebrating Christmas? I went out and generated four months of debt! When that happens, you spend a part of your life recovering from that debt, not only changing how you spend your income in the coming months, but also how you shift your priorities and even the level of generosity in the months after Christmas.

100The first financial step I took to recover Christmas was to switch to a cash-only basis. No credit cards. The first Christmas was, admittedly, a failed attempt. We did not have enough cash to cover such a noble principle. Our urge to purchase gifts was still well ahead of our means. And, as a family member, I had to have buy-in from my immediate family as well as other extended family members. Getting “buy-in” from a five-year-old is a bit of a trick. The Advent Conspiracy tenet of “Spend Less” was not exactly easy to implement without some “preparation” for others in the family. So don’t beat yourself if you find this takes a few years to achieve.

Eventually, however, cash-only became a reality. It took a couple of seasons before we figured out how to pull back on our spending and save ahead. Once I figured how much we spent for Christmas, I set aside a given amount each month. Come Christmas, I could say we had $600 to spend on Christmas gifts and we, generally, kept to that amount. You can’t imagine what a huge change that was for me as a bill-payer. In the space of about three years we evolved from paying off credit cards in monthly installments to having money in the bank come November 1st. What that made possible for me was the opportunity to “Worship Fully” (another tenet of the Advent Conspiracy). Don’t kid yourself. It is impossible, as a bill-payer, to truly worship fully when you and everyone around you are making demands that will have grave financial consequences. It was a huge blessing to go through Christmas without that hanging over my head.

Sticking to the budget made “spend less” automatic. As noted above, there is a lot more that goes on with “spending less” than cutting your credit cards and unilaterally buying fewer gifts. It is a cultural shift. Your children need to appreciate that it is not important that they each get three gifts. But it is also more imperative that you, as a parent, are more aware of what is truly meaningful to them. Personally, I had to stop buying small gift items for the office. But I found purchasing tasty food items a good substitute, or simply baking a loaf of bread or a batch of snicker doodles . My wife has been great at making small craft items.

So pray about this important challenge – to get through Christmas without a single credit card purchase. It will be the first step in your journey to recapture the true meaning of gift-giving. And eventually you will have a Christmas without a worry or unnecessary demands on your financial resources.

Spend Less.

Sources: “Lingering Christmas Bills Can Lead to Debt Woes,” ABC News

Why debt-fuelled spending on Christmas and weddings is humbug”, The Telegraph

Here’s what the average American spends on holiday gifts,” Motley Fool

================================

Please note that Advent Conspiracy is a movement started by a handful of concerned Christians desiring to recapture the true meaning of Christmas.

================================

Please check my web site for a listing of more technical and literary publications.

Advent Conspiracy — What’s Missing

One of the tenets of the Advent Conspiracy is to Love More.

Love Well -- One of the Tenets of the Advent Conspiracy
Love More

I have had pleasant memories of Thanksgiving when I was alone.  It was in college that I had my first experience of being away from my family for Thanksgiving.  Traveling 600 miles from Hope College to my home was a daunting task.  I did so my freshman year and both myself and my parents agreed that the trip was expensive and hurried, although it was so good to be home.  For my parents, it was a long-awaited acknowledgement from their somewhat rebellious son that home is a good place to be.  So it would be that I remained in Michigan for subsequent Thanksgivings.

What was a blessing was that the college campus being a community of students, faculty and families in the town.  They were all aware that many students would not be returning to their homes.  So it was truly a blessing when I received an invitation to join a family for a Thanksgiving dinner.  Aside from the incredibly excellent cooking of my hosts, there was the opportunity to dine with two noted theologians.  Something I certainly did not merit.

When I first wrote this essay I was going to wait till the final week of Advent to discuss loneliness, but two events occurred that caused me to change my priorities. First, my mother’s memorial service was held in early November 2014. The other event was the service I attended at the country church I attended as a youth. The pastor, staying true to the church calendar, shared a message on honoring the memories of those who passed away. Many people, even Christians, do not realize that Halloween is followed by All Saints Day and many Christian traditions have used that day to honor those who have recently passed on. The pastor’s message was a Christmas message, oddly enough. The pastor asked that we remember who was missing.

As is immediately apparent in my own family, the elderly who have lost a loved one are often confronted with the deepest loneliness. I can’t begin to imagine what my father experienced, to see someone who was by his side for over half a century pass on.  When Christmas rolled around his family members resided in remote cities or countries and many of his friends were far away or dead. The home was empty except for a pet. So in our journey to love more, it can best begin with those who are nearest to us, considering those in our family who may be going through the holiday season living alone.

Then there are those who are without family nearby. Not too long ago I had a conversation with my daughter and she commented how lonely she felt. I said, “Isn’t it ironic you are in a city of 14 million and you are lonely?” I relate because I resided in a city when I was single and just out of graduate school. Amidst 2 million people I felt lonely.  No matter where you are, it is difficult to be far from the ones you love.  Juneau is famous for having people who are hundreds, if not thousands, of miles away from family. In some respects it is akin to living overseas or in a different country, 850 miles from Seattle.  This is a time to remember Coast Guard families and keeping our eyes and ears open for people we know who will not be able to fly down south to rejoin their family. It was four years before my family could scratch together the funds to fly down south.

Finally, amongst the “missing” are those simply alone because they are homeless.  Many of us may have rolled up our sleeves and volunteered at the Thanksgiving or Christmas kitchen. But having a homeless person invited to your home? You can’t be serious! To be quite honest, most of our readers may have to make this a project for the coming year. To be truly meaningful, setting aside a part of your Christmas-tide for a homeless person or family requires a personal investment in their life. Otherwise, it is a bit patronizing. In the course of your charity work you can make a commitment to be personally invested in one or two people you are serving. It goes beyond cooking at the Glory Hole. It requires you to get out from behind the kitchen counter. When that happens, having them over for a meal during Christmas is much easier.

Yet maybe the homeless are not over there at the Glory Hole. Look around and you will probably see someone you know who is going through a financial crisis, a lost job or a sudden emergency. They may not be homeless, but they are close to it. Showing you care about them, that you are praying for them and willing to have them over for dinner can be a huge blessing.

It seems that the title of this essay should be “Who is Missing,” but it is the what that defines the value of family:  love, warmth, acceptance, laughter, good cooking, wonderful memories.  These are aspects of life that are difficult to replace.  When you extend a welcoming hand to people who are lonely, you help fill the emptiness.

Love More.

================================

Please note that Advent Conspiracy is a movement started by a handful of concerned Christians desiring to recapture the true meaning of Christmas.

================================

Please check my web site for a listing of more technical and literary publications.

Spam Filtering: Mastering Your E-mail

 

It is now a fact of life that e-mail traffic is largely spam, unwanted solicitations for your time and money, if not worse. I recall in the days of the mailbox that spam was the latest sweepstakes offer. That’s quite tame compared to the dozens, if not hundreds, of daily spam offers we encounter.  Spam cannot be avoided, but it can be controlled.

This does not have to be so. The most effective way to control spam is to note your internet behavior. Most people have one e-mail address, whether it corresponds to a friend, a bank or the guy needing money for his Nigerian grandmother. There is no better solution than to divide up your e-mail into unique e-mail addresses. (This is discussed at length in “A Method to the Madness.”)

This article focuses on how to effectively use spam filters. And it is a journey I have undertaken to understand spam filtering. Like just about everyone who reads this blog, I had one personal e-mail address. I was between jobs so I was hitting a lot of job sites on the web. It was then that I realized some were not quite what they appeared to be. When I began working at the University of Alaska (UAS) I had my personal e-mail address (which was used primarily for consulting work) forwarded to my work address. Before long the UAS account was being hammered by “job opportunities.” To add fuel to the fire, this was at a time when a faculty member’s e-mail address was posted onto a web page. Filtering, at this point, was a desperate battle of survival. Mix in about a 50-100 students, message management was a nightmare.

Introducing Filtering

Filtering has come a long ways since 2003 when I moved up to Alaska. I picked up on it quite readily. I started teaching the concept in security classes. I have seen various tools that provide filtering at different levels. For you, the average user, about all you see are the junk mail controls on your e-mail software. There is more to filtering than that. Filtering is done at several levels.

  • Your Internet Provider or Host
  • Your mail server
  • Your e-mail client software

 

For most folks, what they see day-to-day is their e-mail client software and they’ll see a folder called “Junk” or “Spam”. What they don’t see is that Internet providers and hosting services (like 1and1.com) have been utilizing anti-spam measures of their own.

  • Spammers need an e-mail server to do their work. The message must start from somewhere. That is getting harder to do these days using conventional channels. Mail service providers have been utilizing digital certificates to authenticate who they are, which it makes it more difficult to service traffic from rogue servers. Mail servers on the Internet send messages to “relay servers”, which in turn are capable of detecting spam traffic and blocking abusers.
  • Mail service squelching eliminates bulk e-mails. Most people do not encounter this problem until they volunteer to send newsletters to the 100 member gardening club. That’s when they discover an exciting new feature from the Internet provider – squelching. The messages start to drag, then get very inconsistent, and then get corrupted. You go to your provider’s web site and see in very fine print – “Send messages to as many as 50 recipients.” Once you go over that limit, the message delivery rate is sent to the bottom of the pile as messages may or may not be delivered. In other words, your Internet provider is not in the business of bulk mail.

 

From data I gathered during my days at UAS I detected that the UAS mail filter (which was my “Internet provider” so-to-speak) was filtering about 1500 messages a week for my account! They provided faculty and staff with a tool to check theses messages which provided a great deal of insight regarding the volume of spam. And that holds true for what your Internet provider these days encounters. Messages, which are unambiguously spam, are zapped before it ever gets to your mailbox.

The second layer of filtering is with your e-mail server. Most people have only an Internet provider, but if you have a hosted site ( like for your personal web page or business ), you will notice that your e-mail service has a filtering feature that affects all the people who are listed under your domain. If you had an address such as juneauflowers.com, and you had 12 employees, you can set spam filtering that affects all employees. This can remove another significant level of messages in which your employees may be tempted to open. You may also note that tools like SpamAssassin may be employed at the server-level.

 

1and1_spam_filter

No one is more aggressive at doing this than government web sites and high-security business sites. In my work with volunteer organizations, I implore people, over and over again, do not list your government office e-mail address. Invariably, newsletters are blocked by mail filters. If you subscribe to an e-mail server, you can also control quite specifically the type of traffic that comes to your employees.

The third layer is your e-mail client, the software you use on your computer or smartphone. You may have noticed that your mailbox may have a folder called “Junk” or “Spam”. These folders are used to collect spam and deposit into Junk folders. You usually get a message with a summary of the filtered messages. If you discover this is an error, you can right-click on the message and mark it “Not Junk”. Below is an example how you configure Thunderbird to filter junk mail, as well as decipher e-mail scams and messages with viral payloads.

thunderbird-1

What is interesting about this layer is that you are introduced to the fact that an e-mail client is “trained” to identify junk mail. In reality, the spam filters of your e-mail server are also “trained,” albeit at a different level. Your spam filter is asking you to move into the Spam/Junk folder any message you do not trust or want. The next time that message arrives, it may see a similar message in the Spam/Junk folder and automatically mark the message as spam. Be patient. It may take a while for the software to learn. Another thing to note is read carefully which messages are being filtered in the event a sender you care about gets marked as “junk.” For example, my health care insurance provider had, for some odd reason, their messages filtered. The solution was to right-click over the message and mark it as “Not Junk”.

The fourth layer are “rules”. Thunderbird, my e-mail software, calls it “Message Filtering” while Outlook calls it “Rules”. In both cases, you have the ability to filter out messages based on who they come from or specific phrases. This is the last defense of filtering where all other measures fail. This feature is not only for spam, but for doubtful messages, or for general, routine messages that clutter up your mailbox and you wish to keep them out of the Inbox. As an enterprise administrator, my mailbox is pounded by automated messages. These are all handled by rules, which direct these messages to specific folders. This enables me to communicate more effectively with my colleagues while also tracking notifications.The final filter is yourself. Be smart. If the message is unsolicited, use common sense. What do you know about a grandmother in Nigeria? Are there links in the message which are different than the sender. Is their an attachment from somebody you do not know. When in doubt, delete it.

thunderbird-2

In Conclusion

As I said at the beginning, learning the art of spam filtering is a journey. Take some time, beginning with your e-mail software. See which features it provides for filtering and virus protection. See which features your Internet provider employs for spam filtering. Make one change at a time and measure how it affects your e-mail traffic.