The low calorie, high fibre, high calcium, tech geeks don't have any time cookbook

Thursday, April 9, 2026

My birthday present to me

Well, the fact that the new drug won't let me sleep is finally working to my advantage. Waking up at 1 a.m. also awoke me to the fact (while I was doing other work) that I should be testing out my 4000 mm telephoto lens for its original purpose as a telescope.

So here is my very first reasonably high-resolution picture of the moon:

And then I realized that the last time I used this lens, I was using a film camera, and I was falling into old habits. I realized that I wasn't completely happy with the focus (which is kind of loose on this lens), and I could probably just take a few more shots and delete the ones that I didn't like as much. I took some more a little later.

So, the purchase of the camera (and the extra work to update the firmware and solve the problem, and read the 920-page manual), although I didn't think of it as a birthday present at the time, kind of turns out to be my own birthday present to myself.

Emotional support badger

I need to get one of these for the times that people ask about my grief and then make stupid comments about it.

Sermon 18 - Whatsoever Things Are Pure

Philippians 4:8

Authorized (King James) Version

Finally, brethren, whatsoever things are true, whatsoever things are honest, whatsoever things are just, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report; if there be any virtue, and if there be any praise, think on these things.

New International Version

Finally, brothers and sisters, whatever is true, whatever is noble, whatever is right, whatever is pure, whatever is lovely, whatever is admirable—if anything is excellent or praiseworthy—think about such things.

Titus 1:15

To the pure, all things are pure, but to those who are corrupted and do not believe, nothing is pure. In fact, both their minds and consciences are corrupted.

When your wife dies, your life changes. Well, you say, of course. The thing is, that so many changes take place, so much of your life changes, so drastically, that it's more like your life *ends*. You are doing all kinds of things, when you are married, because you are married. Your interests are affected by your spouse's interests. Any schedules that you have are affected by the activities, and needs, of your spouse. So when you're spouse is not there, everything changes. *Everything*.

So that's what was happening to me. Gloria had died, and my life was over. But I hadn't stopped breathing yet. So, I had to build a new life. I had to come up with things to do, and reasons to get out of bed in the morning. I had to come up with things to occupy the endless empty, lonely, hours of the day.

Well, I'm a researcher. I found things to do. Or, at least, I found things I *could* do. I found a number of things that I could do. I was researching grief. I was creating a means of support for other men who had lost their wives. I was doing research in my field of information security. Rather oddly, I started writing sermons. There were quite a few things that I could do. But, of course, just having things to do doesn't build you a life. So I was starting to worry about which of these things I should pursue.

I spoke to a friend about this problem, and she quoted Philippians 4:8 at me: whatever is true, whatever is noble, whatever is right, whatever is pure, whatever is lovely, whatever is admirable—if anything is excellent or praiseworthy—think about such things.

That sounded like pretty good advice. There's only one problem, in my particular case, with that advice: my professional life does not deal with things that are pure. I deal with liars, thieves, fraudsters, pornography, and people who are just out to do injuries to you, simply because they can. My professional life does not deal with the pure, and the noble. Oh sure, what I am doing hopefully will help people, and there may be some nobility in that, but the research that I have to do is not into anything that is remotely pure. My research is always into things that are pretty nasty.

As I am writing the notes for this sermon, I am also teaching the cryptography section of the information security seminar. I love cryptography, and, in this case, one of the reasons seems to be that, as a topic, it is at least ethically neutral, and research into it doesn't necessarily involve delving into the actions of bad people.

So, I felt that I needed to get away from what I had been doing in my professional life. Probably not entirely, since my research tends to be long-term, and I have to keep it up, if I'm ever going to go back into information security work. So I dialed back on my research. I kept up with issues that were arising in my field, but I didn't delve into it very deeply. I went into other things. I tried to help out in churches. I tried to find a new church. So I was doing church shopping. I was also offering help to the churches I was trying out. I was creating workshops on information security, at a very basic level, for the general population, and particularly for seniors. I was doing this so that the churches could offer this both to help out their own congregants, but also so that they could offer it to those in the community who might come to a workshop, but wouldn't want to come to a sermon. Then, of course, once you've gotten them into the sanctuary, you can grab them.

I was continuing to write sermons. Some of the sermons seemed to arise, rather oddly, from my experience of grief. Okay, well, grief is not the greatest of experiences, and it's not exactly pure, but it's not exactly impure, either, so that wasn't too strange. I felt that that was acceptable.

However, even as I was dialing back my research into information security, it seemed that information security was either prompting, or invading, some of my sermons. Ideas from information security, and the dangers, and, yes, even the nastiness, seemed to find an important place in the sermons that I was writing. One such sermon was initially prompted by an unfortunate experience, that seemed to point out a failing in some of the churches. So I wrote that up, as best I could, but it didn't seem finished. I wasn't happy with it. And then, during my church shopping, a throwaway comment at the end of a sermon suddenly reminded me of two areas of research that I had been working on prior to the "think on these things" advice. And suddenly, in a flurry, adding lessons from those two areas of research finished that sermon. It became complete, where it had not been before.

Are we not allowed in the church to talk about anything bad? Must we always be talking about only the positive? Doesn't that way lie toxic positivity? Are we not allowed to talk about the reality that sometimes you find it difficult to praise the Lord because you don't feel that you have anything to praise the Lord about?

I'm asking this question quite seriously. We really have a problem talking about anything bad in the church. Even if it's something bad unrelated to the church, we seem to feel that that is something that should not be discussed.

Can we not talk about the reality of pain? Of loss? Of grief? Is that forbidden in our church?

When my sister died, I first realised that we were not allowed to talk about death in our society. I desperately wanted to talk about my sister and about my sister's death. I was grieving. I probably wasn't doing it particularly well, after all I was only 15 years old. I still would have liked to have talked to someone, at least about my sister. That is a standard part of grieving: talking about your dead loved one. But I also wanted to talk about death. This was my second major experience with death, and I still really didn't understand it, but no one, absolutely no one, would discuss it with me. Not outside the church, and definitely not inside the church. Inside the church, negative and painful topics were absolutely forbidden!

That hurt me very badly.

After all the Bible says that God comforted us so that we could comfort others. Are we not allowed to comfort anybody until they come back to us with a happy smile on their face? Even without being helped?

Does Titus give me an out? Is it possible, if I have the best of intentions, to continue to do my information security research in the hope that I will, in fact, create something good out of even the difficult situations that I research? I know that it is too much to hope that I can be considered pure of heart, in and of myself, but hopefully using my security research to write sermons is at least a relatively good thing?

In another sermon I was trying to delve into the story of the foreign woman who begged Jesus to drive a demon out of her daughter. And what does Jesus do? He refuses! He calls the woman a dog! He calls the child, the suffering child, a dog! Unworthy of being healed! I'm trying to use this story in a sermon and I'm trying to make a point and every time that I get to this place in editing the sermon, I start crying!

It's very inconvenient.

Why on earth am I crying about this? Well possibly because I am suffering at the moment, and God is not doing anything about it. Am *I* unworthy of being healed? Or even comforted?

I'm trying not to take this personally. I am trying to remember that everything will be all right in the end and that if it is not yet all right then it is not yet the end. And of course yes, I know in the story in the Bible in the end the girl gets healed.

But, here in the middle, it's hard, you know?

So do we have to ignore the fact that it is hard? Does religiosity require that we deny that bad things even exist?

Are we, in the church, so desperately afraid that we are trying to deny that anything bad actually exists? That hardly seems like it could be right. Why should we be so afraid? Why, after all, are we even afraid of death? When we die and we go to be with the Lord, as Paul says. Isn't that a good thing?

Certainly, in my current situation, lonely, pained, grieving, and depressed, I'd much rather go to be with the Lord, but I can't even joke about things like that. Not in the church.

Am I completely out to lunch? Is the horror of information security work invading my sermons, to the bad? Am I so far gone that I don't even recognize how evil the bad stuff has become? Am I fooling myself?

Am I to look for the good, in the very bad?

Sermons: https://fibrecookery.blogspot.com/2023/09/sermons.html

For my birthday ...

For my birthday I got a new romance scam attack example via Instagram.

Wednesday, April 8, 2026

Sermon - TLIS - 1.1.7 - Security Frameworks

Proverbs 11:14

For lack of guidance a nation falls, but victory is won through many advisers.

1 Corinthians 12:28

And God has placed in the church first of all apostles, second prophets, third teachers, then miracles, then gifts of healing, of helping, of guidance, and of different kinds of tongues.

Psalm 25:5

Guide me in your truth and teach me, for you are God my Savior, and my hope is in you all day long.

Jeremiah 33:3

Call to me and I will answer you and tell you great and unsearchable things you do not know.

I know. I'm talking about security frameworks, and you are thinking that the only framework that we need in the Christian life is the Bible.

That just shows that you don't know what frameworks are.

First of all, I suppose I should talk about what policy is. Once again, you think you know what a policy is, and you don't. You think that the bible is a policy guide book. Well, no, the bible is way too big to be a policy guide.

Yes, you have policy guides probably at your work, probably for any organization that you belong to, and probably your church even has one or two policy guides. They are great big thick fat documents, just like the Bible. You think that the Bible is a policy guide.

No, it's not.

First, there is the actual policy. The policy, for the Christian life, probably boils down to:

1. Love God

2. Love your neighbor

3. Spread the gospel

That's it. Policy is a lot shorter than most people think it is. The actual policy is more like what people tend to think of as a mission statement. The shorter you can make it, the more focused you can make your policy. So God wants us to love Him, and then to love our fellow man, and then to spread the good news. To everyone. Policy is the foundation. The barest fundamentals. It defines what the enterprise considers valuable, and the goals and objectives. But I did say "policy guide." That does tend to contain other documents like our standards, our baselines, our procedures, and some guidelines.

Guidelines are where frameworks come in.

COSO is an acronym that stands for Committee Of Sponsoring Organizations which is itself a an abbreviation of the Committee of Sponsoring Organizations of the Treadwell Commission. The Treadwell Commission was formed in response to the financial crisis of 1980, after financial institutions had been very busy selling junk bonds to people who then lost their life savings. That started a problem with the financial institutions not being able to sell anything to anyone because nobody trusted them and therefore they were losing money. So the Treadwell commission was formed in order to figure out how to convince people that financial institutions were safe people to deal with. In other words, they wanted to figure out a way to lie to people. This was an absolutely cynical project from start to finish. The entire intent was to get people to trust organizations which had demonstratively proven themselves to be untrustworthy. I very much doubt that anyone intended it to ever make any change in business management at all.

But the result was very good. This is one of the "breakdown" frameworks. Breakdown frameworks mean that instead of trying to improve your entire business all at once, or to protect your business all at once, you break it down into small sections, and then try to protect and improve each individual section. Later on you can try and address overall problems of the whole institution, which is probably going to be informed by the breakdown that you have done and the protections that you have put in place at lower levels.

We can use breakdown models in our own Christian life. Instead of trying to improve yourself all at once, which becomes a huge and impossible task, you instead take a section of your life and examine it carefully, looking for flaws or areas of improvement. For example, instead of trying to address everything in your life, first of all address, for example, your reading of the Bible. Find a time that works for you, and an amount of time that works for you, and figure out how many chapters of the Bible you could likely read in that time. Then set yourself a quota of reading two chapters of the Bible per day. If you keep this up every day, it will take you two years to read the entire Bible, cover to cover.

Then there are the checklist frameworks. Generally speaking, in security I call these the 135 checklists, because most of them have approximately 135 items on them. Possibly 133, or 138, but within a few numbers of 135. It is astounding how consistent this has been over time. These checklists have fallen out of favour and haven't been updated in about a decade, but recently GDPR set up the accountability standard, and they came up with a checklist. It had roughly 135 items on it.

In the Christian life, our checklists tend to be smaller. Generally speaking, we would go for the Ten Commandments. Ten items. So there's a checklist that you can go through and figure out whether or not you're doing well.

However, that's certainly not the only one. You will find books with a dozen steps to this, or twenty steps to that, or seventeen items to consider with regard to your faith. Use these checklist frameworks to address different areas of your Christian life and improve things.

One common category of frameworks in the security world are the maturity models. Maturity models usually have five or six steps to them, and see how mature they organization is. This does not mean how long you have been in business, but rather how well you manage your systems and your overall performance on an ongoing basis. This is quite useful if you use it properly. The big mistake that people make is to say okay, we are at the first step. We want to get right to the top level here. The big lesson with maturity models is that you have to take it one step at a time. There is no point in being at a chaotic level, and try to go to a fully managed level right away.

That lesson is directly applicable to our Christian lives. We cannot reach perfection immediately. We have to take each imperfection in our lives and try to address it separately. And we have to ensure that we do not expect, once we have addressed something, to never fail in that area again. Forgive yourself, in the same way that God forgives you. Try, but do not expect yourself to be perfect.

Certain types of security frameworks come from business management frameworks. There is one that I find particularly useful called the Balanced Scorecard. The point is to have you assess yourself in your business in four different business areas. The intent of doing so is to find out where your business is not the strongest, but the weakest. Then concentrate on improving that particular aspect of your business. That way, you improve the weakest link in the chain, as it were, and make a greater contribution to improving your business overall.

This is directly applicable to our Christian life. Look at your Christian life. Yes, take note of where you are strong, but pay particular attention to areas where you are weak. Do you fail to read the Bible regularly? Do you have inconsistent prayer time? Do you fall down in the areas of volunteer work, or contributing to charity, or the church itself, or to other charitable donations? Have a clear-eyed viewpoint and look at your Christian life. Where are you the weakest?

That is the area to concentrate on. Remember that our adversary is not going to attack us at our strongest. As I have said elsewhere, our adversary is not going to play fair with us. They are not going to attack the area where we expect it and have protected ourselves. They are going to attack us at our weakest. Attack an insufficient prayer life. Attack a weakness for alcohol or a wandering eye. We need to concentrate on the areas of our life that open us and make us vulnerable to attack.

Theological Lessons from Information Security

Sermon - TLIS - 0.2 / 47 - Integrity/Robert Slade is a world renowned speaker

https://fibrecookery.blogspot.com/2026/04/sermon-tlis-02-47-integrityrobert-slade.html

Sermon - TLIS - 1.1.3 - Functional and Assurance Requirements

https://fibrecookery.blogspot.com/2026/04/sermon-tlis-113-functional-and.html

Sermon TLIS - 1.1.5 - "Footprints" and key performance indicators/metrics

https://fibrecookery.blogspot.com/2026/04/sermon-tlis-115-footprints-and-key.html

Sermon - TLIS - 1.2.1 / 34 - Edit, Audit, Prophet

https://fibrecookery.blogspot.com/2024/07/sermon-34-edit-audit-prophet.html

Sermon - TLIS - 1.5.1 - Manage Everything

https://fibrecookery.blogspot.com/2026/04/sermon-tlis-105-manage-everything.html

Sermon - TLIS - 1.7.1 - Organizational Roles and Body Parts

https://fibrecookery.blogspot.com/2026/04/sermon-tlis-171-organizational-roles.html

Sermon - TLIS - 9.8.5 / 73 - Muster station, safe and secure

https://fibrecookery.blogspot.com/2026/02/sermon-73-muster-station-safe-and.html

Sermon - TLIS - 10.3.1 - Intellectual Property

https://fibrecookery.blogspot.com/2026/04/sermon-tlis-1031-intellectual-property.html

Sermon - TLIS - 10.5.1 - Privacy

https://fibrecookery.blogspot.com/2023/12/sermon-tlis-1051-privacy-theological.html

Sermon TLIS - 10.6.1 / 54 - Liability and Negligence

https://fibrecookery.blogspot.com/2025/01/sermon-54-liability-and-negligence.html

Sermons: https://fibrecookery.blogspot.com/2023/09/sermons.html

Sermon - TLIS - 1.1.3 - Functional and Assurance Requirements

Psalm 34:8

Taste and see that the Lord is good; blessed is the one who takes refuge in him.

Hebrews 11:1

Now faith is confidence in what we hope for and assurance about what we do not see.

Business doesn't really like security. I really don't know why. If you are a manager in a business, you manage two things: people and risk. In security, we manage risk; therefore, we do half of what managers do. You would think they should understand what it is that we do and how necessary it is, but so often we, in security, are considered to be "the knights who say no." We put up barriers to prevent people from getting hurt, or doing something wrong, or getting into trouble, and people see our barriers as preventing them from actually doing their jobs.

When we want to talk about security requirements, the requirements that we have in the field of security, really what we are talking about is the requirements that the business actually has.

But when we get down to the specifics in terms of security requirements, we break them down into two types. The first is the functional requirement. That is what you actually want to have done: the actual tool. For example, maybe we want to prevent viruses from getting into our computers and wreaking havoc. We want an antivirus scanner. That is the functional requirement: scanning for viruses and preventing them from getting into our systems.

But then we have a second type of requirement. The assurance requirement. The assurance requirement is a little bit more abstract, but it's the kind of thing that asks the question: Is the tool working? Is the tool actually doing what you want it to do? Is the tool being effective at what it was originally designed or purchased to do?

In terms of the Christian life, one might see an example like this. The functional requirement is salvation. God has provided our salvation. We are saved. We are not going to be punished in eternity. We will be with God in eternity. That is the functional requirement.

And what is the assurance requirement there? Well, faith. God has said that we are saved, and we take him at his word. We have faith.

Hmmmm. There might be a few problems with that assurance requirement. Are we really sure?

In the security world, we might want a requirement with a few more metrics to it. For example, in our virus scanner example, we might want the virus scanner to report how many viruses have been caught and held. As a matter of fact, maybe we will ask the scanner to quarantine the viruses so that we can examine them at some point and ensure that they were, in fact, viruses.

In the Christian world, we rely on the fact that God is always with us. Now, yes, that's a fact, but it may not necessarily be perceptible. Yes, there are those fortunate people who feel God's presence at all times, particularly when times are tough. But that's never been my experience. And when you are a grieving widower, and a depressive, to boot, it might be nice to get something a little bit more substantial every once in a while. Faith is good. Hard to hug, though.

I came up with another example of functional versus assurance requirements during the pandemic period. When you go to a restaurant, or a fast food place more likely, you will notice the signs saying that hand hygiene, hand washing, was a requirement for all employees. This, of course, is to prevent infections. It's to prevent spreading disease. I suppose that's why this occurred to me during the pandemic.

The functional requirements are that people have clean hands when they're handling food. In terms of hand washing, though, the assurance requirements really aren't there. If it's a fast food place, yes, you can see the signs displayed saying that employees must wash their hands, but you don't see them wash their hands. They probably wash their hands in the washroom. That's out of sight to you.

But in some of the fast food places, you will actually see the employees, while they are preparing your food, wearing plastic gloves. You can see the gloves. You can see that they prevent the employees from touching the food. So you can tell that there is not going to be any cross-contamination. You can also see that the employees, when they are finished with your sandwich and move on to the next sandwich, strip off their gloves and get a new pair.

An optional requirement, that of preventing cross-contamination and infection and disease, is the same in both cases. But in the case of hand washing, we don't have any assurance requirement. In the case of the gloves, we do.

(It's possible that you could get a similar visibility with regard to the hand washing if the hand washing station was, in fact, out front and visible to the public. That might possibly be off-putting in other ways.)

In a similar way, if our church has a program of hangout food to the homeless, that is the functional requirement. However, we could have an assurance requirement, if we also had a kind of drop-in facility for the homeless. If we staffed it with volunteers from the church, who are willing to actually talk to the homeless people who came in, then we could check to see if, in fact, they hand out to food where it is appreciated and did in fact make some difference in their lives.

Another example of security requirements from the pandemic was the question of masking in schools, and particularly elementary schools. Now, initially, it was felt that masking was a major requirement in school. After all, all teachers (and I know because I'm one), feel that children are little infection factories. They catch everything that's going and then they spread it everywhere. They are little germ spreaders. So the functional requirement was, yes! We should have masking in schools! All kids in schools should wear masks! At all times!

And then we started to figure out that kids didn't wear masks in schools all the time. And particularly they didn't wear masks on the way to and from school, walking and talking in groups with their friends. There was even a meme that did the rounds noting that kids actually swapped masks! (Swapping face masks is not an ideal way to prevent airborne infections.)

Now, the insurance requirement, in this particular case, was detailed contact tracing. Figuring out when new cases arose and where they got the infection from. And lo and behold, it was determined that, quite contrary to what all of us as teachers thought, there was actually surprisingly little infection spread in the school environment. Almost none, in fact, in comparison to the transmission vectors for the rest of the pandemic.

So, what are our Christian requirements? What are the functional requirements, and associated assurance requirements?

Well, we have the requirement to love our neighbor, and we try to fulfill that requirement. We have, for example, ministries to the homeless. There are a number of churches in town who go to the homeless population. They attempt to provide some sustenance and support for the homeless. Possibly this is in the form of a bag lunch. In one case, there is another church that makes up sandwiches and distributes them via the Salvation Army's Community Response Unit truck.

But where is the assurance requirement? Where is any indication that the sustenance is actually going to the homeless? Well, I suppose you are directly handing the sandwiches or bags to the homeless. How do we know that this is effective? How do we know that this is actually addressing a need? Handing out a sandwich is one thing, but are we stopping and talking to these people? Do we talk to them long enough to find out, really find out, more than just a quick expression of gratitude so that they will get another sandwich next time, that this addresses a need that they have. Do they need sandwiches? Do they need something else? Do they need clothing? Do they need to contact a friend or a family member? Do we even know?

We have other types of service that we do, that have specific functional requirements. For example, there are those who go on vacationary trips, building schools or other facilities for people in third world countries. We need to have some kind of follow-up and feedback from those in those countries to ensure that we what we are doing what we are building is in fact of use to them.

Do we want to know? Is *our* assurance requirement that we remain in ignorance, so that we can assume that we have fulfilled the functional requirement?

On one occasion in our downtown, an acquaintance noticed a discarded piece of clothing. With much disgust, he asserted that that was ingratitude for you. He was associated with a program that handed out clothing to the homeless. Now here was one of their pieces of clothing, lying, discarded, as if it had no value whatsoever.

The thing is, it was wet. What use is wet clothing to the homeless? It will not keep them warm. As a matter of fact, it's a danger. Wet clothing will leech away heat faster than if you are even stark naked. And why should they carry wet clothing around with them? Once again, that's a danger. Wet clothing is going to wet the dry clothing that you are wearing. Once again, you risk hypothermia. And, in any case, where is a homeless person going to be able to dry a piece of wet clothing?

In this case, the security requirement wasn't clothing; it was warmth. And there was no assurance requirement that assured us that the clothing would remain dry.

As I said, a lot of people in business consider that security is something that can be discarded as unnecessary. In church we need to present in the same way as security people, constantly reminding people that we, as security, are there to support the business. Our objectives are their objectives. We are there to help them.

In the same way, with the church, what is the church there for? Who is the church there to help? What are the objectives? And then, what are the assurance requirements that let us know that the functional requirements are in fact being met. We need to know that our functional requirements of teaching are getting through to the congregation. We need to know that our functional requirements of supporting them, in their endeavors, are followed up by assurance requirements in terms of either pastoral care or small groups, where we get to know what their requirements for support are.

If we don't, we could just be wasting everybody's time.