Wednesday, June 18, 2025

Multi-factor authentication

A friend was asking me about multi-factor authentication apps or just authentication apps.  So, he, unfortunately, got an earful.

We are not doing well with regard to authentication.  We never really have.  Oh yes, I know all the theory.  I have taught it for decades.  Authentication is based on something you have, or something you know, or something you are.  But actually implementing that seems to be really, really difficult.  And it's getting much *more* important, rather than less, that we have reliable and usable authentication.

First of all we went with something you know.  Passwords.  And, of course, everybody chose really stupid passwords.  1 2 3 4 5 6.  I actually got a letter, just this past week, setting up a session, and using that exact password.  When I got into this field, apparently you could get into 75% of all computer systems using the passwords love, or sex, or secret.  Then there was everybody who used their birthday, or their pet's name.  So, for years we have been trying to convince people first to pick reasonably strong passwords, and then, eventually, trying to move away from passwords all together and to some other kind of authentication.

Lots of companies have tried to sell something that you have as a form of authentication.  I have carried various one-time password devices.  Yes, I suppose it uses a password, but it might do a challenge and response type hashing of the password, or a password generation based on the time, or some other means of verifying a non-replayable password, and one that the person can't choose, themselves, in order to avoid all the problems with stupid password choice.  Then there were the various USB keys that you could stick into your computer and use as authentication.  Once again, something that you had.  But, of course, everybody had to agree on which of these systems would be used universally.  And, of course, no vendor would agree to use somebody else's system.  Which is probably a good thing, because that would have meant that we had a monoculture in terms of authentication, and therefore a single point of failure in terms of authentication for absolutely everything.

What people seem to be using these days, in terms of multi-factor authentication, is a secondary backup which, once again, involves something you have.  But, in this case, the something that you have is slightly more reasonable, in that it's a cell phone.  Everybody has a cell phone these days.  Everybody has a cell phone, and, indeed, an awful lot of people are getting rid of their landlines.  So, if everybody has a cell phone, then everybody has a cell phone number, and, as a backup to the password, and an implementation of multi-factor authentication, the system can send you a text with a PIN or code that you have to enter in order to verify that it is, in fact, you that knows your password, and just entered your password in authenticating to the system.

Which I find annoying.  Yes, I have a cell phone.  But I also still have a landline.  I'm a dinosaur, and keep technology around far too long, remember?  And I am not the type of person who walks around with my cell phone actually glued to my hand.  I occasionally turn my cell phones off.  As a matter of fact, when I am home, mostly they are off.  So, when I'm sitting at my desktop computer, and trying to sign on to something, it's a royal pain to have to go, get my cell phone, turn it on, and only then be able to do the secondary verification that, yes, it is me trying to sign on to my account.  For which I have long and complicated passwords, thank you very much.

Now I'm really not sure why, but an awful lot of companies have decided to get into the market, selling authentication, but relying on the fact that you have a cell phone.  Yes, I suppose that there is SIM swapping.  And, if some scammer knows your cell phone number, they can go and get a cell phone, and then, yes, when somebody sends you a text with some kind of pin in it, they can get that message as well as, or possibly instead of, you.  So, yes, I suppose that there is a vague point about authentication apps, on your phone, being somewhat more secure than simply texting a PIN.  But, other than that, in terms of the convenience of multi-factor authentication, using these authentication apps, I have the same objection.  Why should I have to keep my cell phone on, and with me, all the time?

(Yes, yes, I am well aware that convenience is the enemy of security.  I have been teaching that for decades as well.)

I actually only use one authentication app.  It is the BC Services Card.  Now, when I talk about the BC Services Card, I have to explain that the BC Services Card is not, in fact, a card.  It is an authentication app.  It runs on your phone.  It is actually a quite well-designed, and very usable, system.  It had better be.  I well remember sitting in on a presentation when they implemented the very first part of what eventually became known as the BC Services Card.  At that point it was just the public key infrastructure for what would, eventually, in the fullness of time, become the BC Services Card.  So, the BC government (and primarily Gary) have had thirty years to work on the background structure, and how it will work, and how it will work with other systems, and how other people will be able to use the BC Services Card, and how other companies will be able to use the BC Services Card, and how even the federal government will be able to use the BC Services Card, for authentication.  I understand (although I haven't yet tried it) that you can actually use the BC Services Card to sign on to your bank.  Congratulations Gary!  It works.  I had to sign up for it for something that I had to do with the death administration when Gloria died.  I can't even remember what it was that I had to do.  As a matter of fact, although I have come across an awful lot of possible uses for the BC Services Card in the intervening years, I have only actually used the BC Services Card about once every two years.  This means that using the BC Services Card isn't exactly a daily occurrence.  So, each time I have to use it, I have to relearn, all over again, how to use it.  Every time I have had to use it, it has actually been much less traumatic than I always expected to be.  It works.  It works well.  And I was even able to switch it from one phone to another without too much trouble, when I got my new phone.  (I did have to take both phones into the Service BC office.  I suppose that I didn't necessarily have to, but I was definitely nervous about the process, and I figured it was easier to just go into the office then to try and figure out how it worked by myself.)

The BC government, and all the people that I know who work in aspects of the BC government programs which use the BC Services Card, insist that it is very useful, and that everybody knows about it, and knows how to use it.  This is absolute nonsense.  Every time I talk about the BC Services Card, I have to explain that there is no actual card.  I have to explain that it is an authentication app.  There are all kinds of things that you can use the BC Services Card for.  But almost nobody actually knows that there is a BC Services Card, and what it is.  For the most part, unless your wife dies, you don't have to use the BC Services Card.  You can sign on to your bank using some other means.  You can sign on to the Canada Revenue Agency using some other system or method.  The BC Services Card could be very useful.  But it isn't required, and so almost nobody uses it.  If more people used it, and if more people had it ... well, that's sort of the problem isn't it?  If more people had it, more companies would use it.  If more companies used it, more people would have it.  It's a really good system, but you have to get both people and companies to actually use it.  Nobody is going to get it until it becomes useful to them, and no companies are going to offer it, as authentication, until more people are using it.  Catch 22.

But there is, of course, fairly widely used, yet another authentication boondoggle.  This is the fact that, if you go to some website where, in order to use it, you are supposed to have an account, but you don't have an account with this particular system, you can sign on with your Facebook account.  Or your Google account.  Or your own account with one of the other systems one of the other information technology giants, where a lot of people do have accounts, and they provide this form of online authentication.  You sign on with your Facebook username and password, and Facebook authenticates, to the system that you actually use, that you are you, and you should be allowed to use their system.

As I say, a number of the tech giants are starting to get into this particular service.  Once again, everybody would like to be the system that everybody else has to rely on.  One company that is interested in getting into this field is Open AI.  Yes, the people behind ChatGPT.  Now, personally, as far as I can tell, large language models, and generative artificial intelligence, are a solution in search of a problem.  About the only service that generative artificial intelligence seems to have been able to get anybody excited about, is code generation.  So ChatGPT is writing a whole bunch of code for a whole bunch of companies.  (Well, really it's more of an "autocomplete on steroids" function that searches existing code bases.)  (And, I suppose in doing that, that they can't do much worse than an awful lot of the programmers out there.)  But, in terms of authentication, I am less sanguine about the capabilities of hallucinatory generative artificial intelligence.  Since we can't trust the text that these systems produce, why should we trust the authentication that they, supposedly, verify?
Posted by at No comments:

Monday, June 16, 2025

VM - G - 2.13 - governance - requirements

Functional and Assurance requirements

In the world of information security, we make a distinction, in determining our requirements for a tool or a system to help us, in regard to the requirements.  We specify two types of requirements: functional requirements, which have to do with the actions of the actual tool; and assurance requirements, which answer the question is the tool doing actually performing, and is the tool actually doing what we intend it to do.

These two different types of requirements can, in fact, be applied to pretty much any task that we asked anything, or anyone, to perform.  What is it that we want done, and how do we know that it is being done, and that it is effective.

I I got what I thought was a nice illustration of this idea one day when I was getting lunch.  I was in a store that sold sandwiches of the types known as hoagies, or hobos, or submarine sandwiches (presumably because of the general overall shape).  When you are eating in a restaurant, or getting food from a takeout place, you will know that there are signs, in the washrooms, saying that all staff have to wash their hands after using the washrooms, and in between every order that they prepare.  This is good hygiene, and pretty much everybody understands why it's there.  This has to do with the functional requirements of preparing food.  You want to ensure that people the people involved in preparing, or serving, food, have clean hands, and definitely hands that are not contaminated by germs transferred from somewhere, or something, else.

The thing is, the only *assurance* requirement that there is that this functional rule is followed is the sign in the bathroom.  Sometimes there may be a sign at the counter instructing the staff that they have to wash their hands between each order.  But, if you pay attention, you will realize that the staff are mostly facing *away* from that sign, and that they actually very seldom wash their hands between one order and another.

But in this particular shop, every time the staff made a sandwich for someone, they pulled a couple of disposable plastic gloves out of a box and put them on.  The disposable gloves fulfill the same functional requirements: being sure that any germs that are on the food preparers has don't transfer to the food that is being prepared.  And, indeed, because the use of the gloves is immediate and fairly easy, it's fairly plain to see that, as they move to somebody else's order, they throw away the gloves that they were wearing, and put on a new pair of gloves.

The functional requirement is the same in both cases: making sure that germs don't transfer from the preparer's hands to the food.  But the assurance requirements are much different.  In terms of determining that the food preparers wash their hands every time they use the washroom, well, you really can't check that out unless you go to the washroom with them.  But, with the gloves, you can see that they put on the gloves.  You also can see that they throw away their gloves when finished with your order, and put on a new pair of gloves when they go to prepare somebody else's order.  So, while the functional requirements for both hand washing and gloves are the same, the assurance requirements are much stronger for the gloves than they are for the hand washing.  Gloves have it all over hand washing in terms of the assurance requirements.

This is something that should be applied to the management of pretty much any task, whether for a commercial enterprise, or for volunteers.  There is the functional requirements of the task that you want done.  Those are generally specified.  But the *assurance* requirements, that the job actually has been done, and that the task that is performed has some effective results, is generally given rather short shift.  Very often, when we send volunteers out to perform a task, we asked them to fill out some kind of report as to what task has been done, how many times, and if there were any incidents in the performance of the task.  To a certain extent, this does fulfill the assurance requirement.  The job has been done, and, a certain number of times.

But there is that sort of second half of the assurance requirement: was this task effective?  That is something that relatively few managers actually think about.  There's an awful lot of work, both paid and volunteer, that gets done, and is a complete waste of effort.  No one has ever checked on the assumption that what we are doing is, in fact, having some kind of benefit.  Think about this some time.  How is it that you know that what you are doing is, in fact, effective?

(In other management literature, some of this issue of assurance requirements is covered under what is known as "metrics," or key performance indicators.  But that's a topic for another time.)

One of my volunteer jobs is community policing, and one of the tasks that we undertake is speed watch.  We take down a lot of statistics: how many total cars do we see, how many of them are under the speed limit, how many are roughly at the speed limit, how many of them are driving about ten kilometres an hour over the speed limit, and how many of them are driving twenty kilometres an hour over the speed limit.  (For this last set, that's the group where we take down the license plates, and they get a polite but pointed letter from the local police.)

The data and statistics that we collect go to the provincial motor vehicle authorities.  Presumably, over time, they can see what the average speed is at the different places where we set up speed watch.  A much more immediate, and significant, assurance requirement to which we pay attention is the fact that we can measure the speed of cars more than half a kilometer away.  We can see that someone who comes into our zone at seventy kilometres per hour, by the time they get to us (and have had the time to see that we are set up), may be traveling thirty-seven kilometres per hour.  We can also see when someone, quite far away from us, slams on their brakes, and the front end of their vehicle is suddenly a lot closer to the ground.

We know we are having an effect.

Volunteer management - VM - 0.00 - introduction and table of contents
Posted by at No comments:

Saturday, June 14, 2025

Luggable dream

I had a dream this morning.  Unusually, when I woke up from the dream, I remembered the dream.  Even more exceptionally, in my case, what I could remember of the dream kind of made sense.  It was about ordinary things, as far as I can remember, and it wasn't totally bizarre.

What I can remember of the dream related to the old luggable computers.  Those of you who are as old, or almost as old, as I am, and worked with technology in those dim and distant days, may remember these suitcase sized "portable" computers.  Originally most of them ran on the CP/M operating system, and later versions ran on PC or MS-DOS.  Most of them had dual five and a quarter inch floppy disks for storage.

As I was waking up from the dream, but still in that fuzzy half state where you're not fully into the current world, I was thinking that these machines would have been in a bit of difficulty these days, since it's hard to get five and a quarter inch floppy disks anymore.

Actually, it's pretty much impossible to get five and a quarter inch floppy disk *drives* anymore.  I don't think that they're making five and a quarter inch drives anymore, and, unlike the three and a half inch floppy disks, nobody ever made, or sold commercially, a 5 and 1/4 in floppy drive with a USB adapter.  Somewhere around here, in my much reduced tech junk pile (or piles), I probably still have a three and a half inch floppy drive with a USB connector.  It has, of course, been a long time since anybody sold a computer with either three and a half, or five and a quarter inch, floppy drives actually installed.

I actually had, and was very proud of, one of the relatively rare Canadian made luggable computers.  It was a Canadian made, and physically exceptionally well designed, Hyperion computer.  Dual floppy drives, of course, and a rather beautiful machine in terms of its ergonomics and overall design.  It did have one fatal flaw: the read only memory, the basic programming that ran everything else, was only designed for PC/MS-DOS version 1.0.  That meant that there was absolutely no possibility of ever installing a hard drive in one of these machines.

(It, along with so much other technology that I had hoped to donate to a computer museum one of these days, went in the mass furor and clear out as Gloria was dying [and slightly before we actually knew that Gloria was dying], while the girls were throwing me out of the townhouse, and moving me to Delta.  There were $120,000 worth of, primarily technical, books that went in that clear out, and more than a couple of trunks full of old computers, old laptops, various kinds of boards, and a whole bunch of ancient technology.)

And, speaking of ancient technology, and five and a quarter inch floppy disks, it reminded me of all kinds of ancient storage media, a lot of which went in that clear out.  As well as a whole bunch of three and a half inch discs, and 5 1/4 inch discs, a whole bunch of eight inch floppy disks went.  There were also various formats of tape storage, including some nine track tape reels.  I never actually worked with punch cards, but I did have an opportunity to play with them at one point, and so there were a bunch of punch cards that went, as well.  I didn't still have any, but I do remember doing some educational programming with twelve inch laser video discs.  (As far as I can recall, the total storage capacity of video on those twelve inch discs was about thirty minutes of video.)  All kinds of storage, all kinds of memory, all kinds of files and information.  All lost, like tears in the rain.

And the dream reminded me not only to write down the thoughts about storage, and ancient storage, and luggable computers, and ancient technologies, but also about multi-factor authentication, and also about my dead phone.  And I was awakened out of the dream at four in the morning, and I've got all these ideas swirling around and have to get them down or I'll never get to sleep, so I guess I'm up for the day.
Posted by at No comments:

Friday, June 13, 2025

VM - G - 2.12 - governance - planning levels

In any kind of management there are three levels of management and planning: operational, tactical, and strategic.

Operational planning and management is short-term.  It deals with the day-to-day, and the immediate task.  Most of the operational planning for your volunteers office or department will probably fall to the volunteers themselves.  The volunteers are, by and large, going to be undertaking tasks generally independent of you for immediate direction.  They will be ensuring that they have the resources that they need for the immediate shift, or task, that the necessary group of volunteers have shown up, that they have the right equipment and determine by asking you whether anything has recently happened that changes the task that will probably have been planned by you previously.  As noted, this is primarily done by the volunteers themselves, although they will get direction from you as to any changes, and will report to you in terms of resources expended, damage to equipment, successful completionism task for otherwise, and any administrative details and reports that detail to completion of the tasks.

Tactical planning and management is primarily your job.  This deals not necessarily with the individuals day-to-day tasks, but with midterm planning.  You will be keeping an eye on the overall inventory of resources and equipment, the hours of work by the volunteers, noting who is doing too much and is in danger of burnout, and who is not doing enough and may need a bit of encouragement,  and keeping track of the completion of tasks or the failure to complete tasks, and the types of tasks that are completed, and possibly types of tasks that aren't.  You will be noting the details of the reports that the volunteers turn in.  You will be planning for the future, ordering supplies, not only as needed, but sometimes possibly *before* needed, in order to ensure that the resources are available to the volunteers when they are needed.

Strategic planning and management is larger in scope, and longer in term.  This is going to be primarily involved with the Board, or senior management of the organization.  This is generally beyond the scope of your job as a manager of volunteers.  This is going to involve the perception of the organization within the community, for issues of fundraising and resource acquisition, and overview of the objectives, long-term and overall, of the parent organization, and whether there need to be changes in the tasks that the volunteers should be organized should be encouraged to pursue, and the position of the organization within the larger community over the long term, trying to look at least five years down the road.

The thing is, that these three levels of planning and management apply to any kind, and any level, of management.  You, as a manager of volunteers, have operational tasks that you need to address every day.  You need to the reading the reports that the volunteers turn in to you.  You need to be noting who shows up for shifts, and who possibly is late, or doesn't show up at all.  You need to keep an eye out for attitudes, and signs of tension, between the groups of volunteers that are working together.  You need to know individual problems that may happen on individual shifts, but which happened consistently, and therefore may indicate a need for additional training of the volunteers overall, to address this particular problem.

Reading of the reports is operational.  The analysis of the types of problems that show up on the reports, and considering that further training may be necessary is going to be tactical.  You also have overall tactical management that you are going to be needing to deal with in your job.  Ensuring that volunteers are showing up for shifts, to cover the tasks as necessary.  Recruiting new volunteers on an ongoing basis to fill any vacancies as people leave the organization.  Planning attendance for any kinds of events within your larger community as may be appropriate to your organization, and to the volunteers that you have.

But there is also strategic planning and management that you need to undertake in your own job.  You are reading the operational reports from the volunteers, and, from your analysis of that, planning what you need to report to senior management, or to the Board, in terms of changing needs or priorities.  You may also need to strategize, again, with data that you are receiving from the daily operational reports, educate, guide, or simply influence the decisions that senior management and the Board may be making that affect you.  You are going to be making representation to senior management in terms of your overall budget, even though salaries for the volunteers are not part of what you need to budget for.  (Perks, equipment, appreciations, and parties for the volunteers are part of what you have to budget for.)

Volunteer management - VM - 0.00 - introduction and table of contents
Posted by at No comments:

Thursday, June 12, 2025

MGG - 5.53 - HWYD - Dead phone

I keep my tech far too long.  I have *no* idea how old my desktop computer is.  One of my laptops is over twenty years old.  I bought a new phone last year because my old ones were running out of memory/storage.  Even though I install only minimal apps on them, and clear off pictures as fast as I can email them to myself, I *had* to get something with more room.  So, I moved my SIM chip, and mobile phone number, to a new phone with more memory, and a higher resolution camera.

But, of course, I didn't get rid of the old phones.  I can still use them for email, and dictating, and my calendar (an absolute necessity, these days), and WhatsApp, and tracking walking on Google Fit.  The old phones don't have phones numbers or SIM chips, but using them for those things saves battery on the new phone.

And you may have noticed I said "phones."  Plural.  When we first got a cell phone (and I was *very* late to the game on that) we immediately realized that we had to get *two* phones, because the only time we *used* the phones (back then), was to call each other.  So, one of the old phones is Gloria's phone.

Which has now died.  For the last few weeks it has been difficult trying to charge it, and yesterday it just absolutely refused.  I've tried it with the various chargers that I have, and it's just dead.  (Cruelly but appropriately?)  *My* old phone still seems to be working, so I'll carry on using it for email, etc, etc.

I find that I'm having trouble with the idea of throwing Gloria's phone away ...

I have realized, that I have a way, workable but slightly inconvenient, to resurrect, and even keep using, Gloria's old phone.  Since we always had two phones, and mostly they were the same phone, I can switch the batteries on the phone, and use my phone, to charge the battery for Gloria's phone.  Then I can put the phone the battery back in Gloria's phone and actually use the phone.  As I say, it's inconvenient, and slightly kludgy, but it's possible.  I probably won't actually *use* Gloria's phone, but I can get it back into working order, and probably pursue some way of doing a factory reset on it, so that I can safely send it out for recycling.

Which, along with the dream about the luggable computers, got me thinking about the fact that I use computers and devices far too long.  I actually don't know how old these phones are.  I know that they are more than six years old at this point.  Actually, over the roughly thirty-five years that we had cell phones, Gloria and I only had four sets of phones.  Our first was a pair of Nokias, so that's how far back this started.  Our second set of phones were a couple of flip phones.  And in that generation, Gloria had a pink flip phone, so we actually didn't have quite the same model.  The next generation were Samsung cell phones, with slide out keyboards.  (The girls were demanding that we start texting.)  And then there were these current Samsung Galaxies, once again the same model, and so able to interchange the batteries.  Last year these phones got to the point where, while they still worked, I ran out of space and memory on the phones, and so had to go and buy something more updated, with larger storage and memory.  (Oh, I probably should throw in there that, as a prize at some vendor seminar or trade show, I did actually have a Windows phone for a time.  I never got an account for it as a phone, but I used it for quite a while as a kind of a mini tablet, and it had the best camera of the phones that we had at that point.)

What did I want to say about phones, in this regard?  Probably that I use them in weird ways.  I keep them far too long.  The Windows phone still worked when I had to get rid of it, but the Windows cell phone operating system, which it ran on, couldn't be updated for that particular model (a later Nokia, as well) of phone.  That meant that the apps on the phone couldn't be updated, either.  And, eventually, all of the apps stopped working, as everyone was switching to https, and none of the apps on the phone would connect in that way.

Posted by at No comments:

Wednesday, June 11, 2025

VM - G - 2.08 - governance - support requirements of enterprise

Address and support the specific requirements of the enterprise

In information security, as previously mentioned, we have to make sure to point out to our professionals that security is there to support the specific requirements of the enterprise.

There are two reasons to emphasize this particular point.  The first is that it is vitally important, in a field where we are the experts, and the people who are managing us very often do not understand the threats, vulnerabilities, and risks specific courses of action, and implementing different types of technologies, to remember that we are there to support the business.  Unfortunately, all too many of my colleagues simply look at the risks, and not at the benefits of the technology.  Technology should always be implemented with an awareness of the vulnerabilities and risks involved, but simply because a technology presents a risk is no reason not to use it.  You have to mitigate the risk, in order to use it, but all too often my colleagues will say that we simply can't use this technology.  Security therefore gets a reputation as "the knights who say 'no,'" and is seen as opposed to business.  This should not be so: security is a vital support for the business, and we should be careful not to run afoul of the perception that we are there to impede everybody else's work.

But the second reason to emphasize this point is because of those "specific" requirements.  It is important to consider what the business is doing, and pursuing, and which type of security is most important to it.

This may seem to be far afield from that of volunteer management.  It's not.  You always have to remember that, whatever the objectives and tasks of the volunteers in your volunteer office or department, they are part of a larger organization.  The overall organization does not exist simply to provide tasks to the volunteers.  The volunteers, and indeed, the volunteer office or department itself, is there to support the objectives of the parent organization.  We always have to make this clear to the volunteers.  And, as the person managing the volunteers, you are the one who has to make this clear to them, and keep repeating it every time individual volunteers seem to be pursuing ends of their own that are not those of the parent organization. 

That's a delicate task: reading the riot act to the volunteers, while, at the same time, trying not to do away with their motivation to continue volunteering.

But, once again, there is a second reason to remember that we, as volunteers are there to support the aims of the parent organization.  And this is the specific requirements of the parent organization.

One of my, very long-term and extensive volunteering has to do with the provision of support for those who'd have been affected by some kind of disaster.  We were responsible for making sure that people had the basic necessities for life in the aftermath of such an event, for a short period of time.  As such, we had authorization to call upon certain levels of funding, and provisions, in order to distribute to those who did not have the necessities of life.  But, at one point, I was volunteering in a location where there was a significant population in chronic need.  I remember feeling rather uncomfortable at various meetings where the idea was discussed that, since there was some oversight of the provisions that were available to us, but very little detail in regard to specific events, it would be possible for us to divert the emergency provisions to those in chronic need.  This might seem to be a kind thing to do, but was not the specific intent of the parent organization, and it would be possible to say that doing this kind of diversion of provisions was a kind of fraud.

But the issue of specific requirements of the parent organization can be viewed in other ways, as well.  Most particularly, it means that there is no "one size fits all" of volunteer management, any more than there is one size fits all in security.  Each volunteer organization is going to be unique, and is addressing a unique need, in a unique situation.  This is why, in this particular series, I may be seen as providing very broad brush and cliched recommendations for how to pursue volunteer management.  It's basically impossible to get too detailed.  As soon as you do, you start running into situations where those specific actions in terms of volunteer management actually conflict with a number of volunteer organizations who don't quite fit that pattern.

Yes, your job as a manager of volunteers is difficult.  No, I can't give you a cut and paste, checklist set of specifics of how to manage your volunteers.  That's just the nature of volunteer management.

Volunteer management - VM - 0.00 - introduction and table of contents
Posted by at No comments:

Tuesday, June 10, 2025

BBQ and back pain

Last week I helped out at a pride barbecue event at a church.  (Wait, a pride event?  At a *church*?)  I helped out with a bit of the setup, and then I took over barbecuing the hot dogs. 

There is a bit of an art to barbecuing for a large group of people.  You have to keep track of how much stock you have in reserve, and you have to send people for more if the reserves get low, and you have to ensure that you have enough hot dogs barbecued, and ready to go into buns, for the people who are likely to show up in the next five minutes (and, of course, nobody ever signs up, precisely, for when they are going to show up), so you have to do a fair bit of guessing, and a fair bit of scanning of the crowd, and noting who has recently arrived, and you have to put uncooked hot dogs on the grill, and you have to move the cooked wieners to the upper outside corners of the grill, so that they don't get completely charred, and, in between all of this, you have to put you have to split open the (usually rather dehydrated) buns, and then put a cooked wiener into the bun, and roll up the hot dog in a napkin (so that people can pretend that nobody has ever touched this hot dog before them), and put it on the tray, where you should have at least three, but no more than five, hot dogs for those families who are going to suddenly show up and all want hot dogs, and ...  It's a non-trivial task.

It helps if anyone else understands the needs, and comes to let you know how many people have showed up in the last couple of minutes, or help open up buns, and roll up the hot dogs in the napkins, or find out whether you are down to the last two wieners in the batch and might possibly have to have somebody run to the kitchen to find out if there are, in fact, any more wieners on hand, but nobody ever does.

Doing this on a portable barbecue, placed on a utility table, means that you may spend two solid hours kind of hunched over, making sure that the wieners are getting cooked, but not too charred.

I didn't really realize, until the event was over, just how sore my back was.  I mean, in a way, it's my own fault.  I have arthritis, and I have degenerating discs.  What did I *think* was going to happen?  Why didn't I pay attention to how my back was feeling, as it was going on, rather than staying hunched over the grill for two hours, and ending up in serious pain?

Well, good point.  The thing is, when you are focused on a task, and particularly when you are focused on a task for other people, you aren't paying too much attention to your own situation.  You aren't looking for signs that you could be in trouble.  You aren't paying attention to your own needs.  While you are making food for everybody else, do you, in fact, need something to eat?  On a very hot day, are you drinking enough water?  Given that you are probably drinking more water than usual, are you paying attention to eating something with salt on it, so that you get enough salt to replace the salt that is being washed out of your system by the extra water, and by sweating on a hot day?

So, why am I telling you this?  Is it just a complain about the fact that I, alone at all the population of Port Alberni, know about time and motion studies?  No, there are a couple of important points to make.

First, in terms of grief, and pain, and depression, and other distresses of the world, I have, at various previous times, noted that volunteering is good for what ails you.  If you are in difficulty, and you can't think of a way to address your own difficulty, help someone else.  Volunteer.  Join a volunteer group.  Help out with the barbecue at somebody's event.  Sit and listen to that boring person, whom nobody else will listen to because all they do is keep recycling their own petty problems over and over.  Help somebody else.  If nothing else, you will forget your own problems, if only for a little while.

And the second point is, as a volunteer manager, pay attention to your volunteers.  Your volunteers are going to get stuck into that same mindset.  They are going to forget their own problems.  They are going to be focused on solving the problems of others.  They are going to forget to pay attention to their own needs.  You have to look to their needs.  And, of course, it's not easy, because they aren't even paying attention to their own needs.  So, you are going to have to pay attention, and you are going to have to interrupt them, regularly, in order to make sure that they are, in fact, fine, rather than just *saying* fine whenever you ask, "How are you?"

Your volunteers are focused on others.  You'd better be focused on them.  (And, of course, by extension, every once in awhile you had better stop and think, am I okay?)


Volunteer management - VM - 0.00 - introduction and table of contents
Posted by at No comments:
Subscribe to: Posts (Atom)