Sunday, April 12, 2026

Sermon - TLIS - 0.7.3 - Four right answers on CISSP questions

Sermon - TLIS - 0.7.3 - Four right answers on CISSP questions

Ecclesiastes 3:22
So I saw that there is nothing better for a person than to enjoy their work, because that is their lot. For who can bring them to see what will happen after them?

Ecclesiastes 6:12
For who knows what is good for a person in life, during the few and meaningless days they pass through like a shadow? Who can tell them what will happen under the sun after they are gone?

John 18:38
"What is truth?" retorted Pilate.

Proverbs 16:9
In their hearts humans plan their course, but the Lord establishes their steps.


For a quarter of a century, I have facilitated seminars for those seeking their certification as professionals in the field of information security.  The particular exam that I have conducted seminars for is the CISSP, or Certified Information Systems Security Professional.  The exam is probably the hardest exam that you will ever encounter.

That isn't just my assessment.  In one of the seminars, one of the candidates came up to me towards the end of the seminar and said that if he was ever recruiting, for any job, regardless of what it was, and one of the candidates had passed the certification exam, he would hire that person.  He figured anybody who could get through this exam could get through anything.

The exam used to consist of 250 questions.  That was back when it was paper-based.  These days, there are computer-based exams, and candidates can get through in as few as 100 questions.

The exam is multiple-choice.  When I say that, most people think that means it's an easy exam.  That is definitely not the case.  Over the years, preparing testing instruments for a wide variety of courses, the multiple choice exam has come to be my testing instrument of choice. It's much harder to write, for the instructor, but if you do it properly, it is the most reliable.  I, and a number of the other exam instructors, spend a considerable time getting students prepared for the style of the questions that they will see.  Each question has the question, maybe with a bit of background, and then four options to choose from.

Again, most people think that a multiple-choice exam is going to be easy.  Far from it.  Sometimes you are presented with four correct answers.  You have to choose the answer that is most correct out of those four correct options.  Sometimes you are presented with a question that gives you four wrong answers as possibilities.  You have to select the answer that is the least wrong among the four wrong options.  One of the other instructors characterises these questions as "which answer stinks the least".

The kind of questions that give you four correct answers, or four incorrect answers, can be extremely challenging.  Candidates will agonise over the choices.  All four answers are correct.  Which answer is the *most* correct?  How do you even determine an answer to the question, "most correct?"

Most correct tends to mean that it is the answer that will provide the most benefit, if the question calls for a benefit, in the most situations, to most companies and most individuals trying to protect those companies.

So, I hear you ask, "What has this to do with the Christian life?"  Once again, it has a lot to do with the Christian life.  A lot of times, in life, we are presented with multiple options.  Sometimes we are presented with a number of seemingly equally correct and valid options to follow.  Which one do we choose?  Sometimes we are presented with a huge range of wrong or impossible options.  Which do we choose?  Which is the lesser of two, or a great many, evils?

In dealing with the question of the exam, we do tend to tell the students that you should not overthink the question.  Do not agonize too long over the answer.  Do not think, and rethink, and second guess yourself to the point where you are paralyzed by indecision.  One of the things that we tend to tell the candidates is that, if you have any chance of getting through the exam at all, very often your first response to the question is, in fact, the correct one.

It is the same with the Christian life.  Do not beat yourself up over the options.  Maybe the options are all correct, but you ask yourself, which path is the path that God wants me to follow?  Again, sometimes all of the paths before you, all of the options, appear to be wrong, but you have to do something.  What do you do?  Which do you choose, among a range of bad options?

The thing is, you have to answer.  You have to choose.  You have to make a choice and make a decision, and sometimes there is actually no perfect decision to make.  We live in a fallen world.  Do not try to find the perfect answer.  If the perfect answer is not one of the options before you, then you cannot pick the perfect answer.  This often happens in the exam as well.  Students who try and force one of the available options to be the "perfect" answer are the ones who make mistakes.

In terms of the exam, we tell students that if you really cannot figure out how to answer the question, then just guess.  If you just guess, you have a twenty-five percent chance of getting the right answer and the points that you would get for that answer.  If you do nothing, if you do not choose, then you get nothing.  You get zero.  In a sense, it is the same in life.  If you do nothing, then you get nothing.  If you do not choose, then you choose nothing.  There is a similarity here to the parable of the servant who, given a certain amount of money, wraps it in a cloth and buries it, thinking that it will be safe.  Of course, he is told that he has done wrong because he could have invested the money with the bankers, and then at least there would be a bit of interest.

In the same way, in the Christian life, if we do not have a perfect solution before us, it is because we live in a fallen and sinful world.  We have to pick the best option available to us, and then go on.  Don't do nothing.  Never let what you can't do prevent you from doing what you can do.  As Voltaire tells us, "the best is the enemy of the good."  And James as well: James 4:17 “If anyone knows the good they ought to do and doesn’t do it, it is sin.”

I have, elsewhere, mentioned that, following Gloria's death, in trying to determine what I should do in terms of rebuilding my life, someone mentioned the passage in Philippians about whatever is pure, think on these things.  I took this as an indication that I should de-emphasise my work in information security.  Later, certain events seem to indicate that this was, in fact, the wrong choice.  That I should be continuing with my information security work, but possibly in a different way.

At the moment, I am writing sermons based on specific lessons out of my seminar materials for the study of information security.  I am going through my curriculum for information security, with all of its frauds, scams, attacks, and adversaries, and using those concepts to create and write sermons, one of which is this one.  Did I make the wrong choice?  Did I make the right choice?  Only God can answer that question.  I certainly don't know for sure, but it certainly seems that the advice, and my interpretation of it, was holding me back from what God might be now directing me to.  It might be that I needed a delay in order to do this, and that God provided that delay.  Once again, I don't know, but what I can say is that, presented with any range of options, in our fallen, sinful world, all that we can do is to pick the path which, in our current state of fragmentary knowledge and understanding of God's will, does look like the best.  Even if it's the best among a range of bad options, or a range of good options, of which we can take only one.

I spent the day recently with a young man who is trying to consider how best to live and structure his life.  He is a thoughtful young man, and although he does not have a vast range of experience, he is considering his whole life: should he marry?  What kind of business should he be involved in?  Should he be pursuing business primarily, or charitable endeavours?  He is faced with many options.  A number of them are good, but he can only pick one.  There is only one that he can concentrate all his energies on.  Which one should it be?

You don't have to be young to face this kind of paralyzing indecision.  After Gloria died, a friend told me that now I had the chance to reinvent myself.  I knew what he meant, since he himself had lost two wives and a son in the course of his life.  My first reaction was, "Thanks, but I'll pass on the opportunity."  That ship had sailed.  That wasn't an option.

Now, what do I do with my life?  I am writing the words to sermons that nobody hears.  I am writing seminars, and materials for them, that no one ever attends.  I am working with volunteer organizations which are falling apart for lack of volunteers and lack of funding.

At one point, many years ago, I was working in a place where I could ride my bike to work.  One time Gloria needed to come and pick me up after work.  As we headed home, we reached a point on Boundary Road in Vancouver where you could see pretty much my entire bicycling route stretched out ahead of me, terminating at a point high in the North Shore Mountains.  She burst out, "How do you possibly keep going when you know that you have to drive all of that?"  I replied, "You don't drive all of that.  You look at the road twenty feet ahead of you, and you drive that."

Often, our paralyzing indecision comes from the consideration of "all of that."  Our entire life stretches out before us, and we think that the choice that we make now will determine what we do for our entire future.  That is seldom the case.  I take issue with the career planners who say that you need to plan, very early, in great detail, how your life is going to work.  If you do not, you will not be a success.  I never wanted to be a teacher because my parents weren't particularly good at it, and certainly didn't love it.  When I was forced into it, I loved it.  I thought my life was over when I got fired from teaching. The fact that I got fired from teaching resulted in me teaching on six continents.  All my life I seem to have been forced into situations, and often jobs, that I would not have chosen.  Looking back, it is astonishing to consider how perfectly chosen all of them were.

It's almost as if somebody else knew the right answer.


Theological Lessons from Information Security

Sermon - TLIS - 0.1.1 - Security is a hindrance with no benefit

Sermon - TLIS - 0.2 / 47 - Integrity/Robert Slade is a world renowned speaker

Sermon - TLIS - 1.1.3 - Functional and Assurance Requirements

Sermon TLIS - 1.1.5 - "Footprints" and key performance indicators/metrics

Sermon - TLIS - 1.1.7 - Security Frameworks

Sermon - TLIS - 1.2.1 / 34 - Edit, Audit, Prophet

Sermon - TLIS - 1.5.1 - Manage Everything

Sermon - TLIS - 1.7.1 - Organizational Roles and Body Parts

Sermon - TLIS - 9.8.5 / 73 - Muster station, safe and secure

Sermon - TLIS - 10.3.1 - Intellectual Property

Sermon - TLIS - 10.5.1 - Privacy

Sermon TLIS - 10.6.1 / 54 - Liability and Negligence



Posted by at No comments:

Saturday, April 11, 2026

Sermon - TLIS - 0.1.1 - Security is a hindrance with no benefit

Sermon - TLIS - 0.1.1 - Security is a hindrance with no benefit

Leviticus 18:5
Keep my decrees and laws, for the person who obeys them will live by them. I am the Lord.

Deuteronomy 4:8
And what other nation is so great as to have such righteous decrees and laws as this body of laws I am setting before you today?

Joshua 1:7
Be strong and very courageous. Be careful to obey all the law my servant Moses gave you; do not turn from it to the right or to the left, that you may be successful wherever you go.

Joshua 24:15
But if serving the Lord seems undesirable to you, then choose for yourselves this day whom you will serve, whether the gods your ancestors served beyond the Euphrates, or the gods of the Amorites, in whose land you are living. But as for me and my household, we will serve the Lord.

Matthew 22:37-40
Jesus replied: “‘Love the Lord your God with all your heart and with all your soul and with all your mind.’  This is the first and greatest commandment.  And the second is like it: ‘Love your neighbor as yourself.’  All the Law and the Prophets hang on these two commandments.”


Business men do not understand security.  As I have mentioned elsewhere, frequently, I do not understand this lack of understanding on their part.  Managers in a business, whatever they manage, whatever level they manage, manage two things: one is risk and the other is people.  They may possibly manage some other things, but they have to manage these.  We, in security, manage risk.  We are doing half of the job of management.  Why is it that business people so signally fail to understand security?

One of the major areas of misunderstanding is that business people, and employees and workers in the business as well, see security only as impeding the business in some way.  Workers tend to see security as setting up requirements that only hinder them in the performance of their jobs.  Employees, generally speaking, want to do their jobs and do their jobs correctly.  They see the requirements that we, in the security field, set up, as being a hindrance and impedance and drag on their ability to perform their job.

Given this perception, it is no wonder that nobody likes security.  The problem is, the perception is wrong.

Security is not just an impedance or hindrance with no benefit.  Security is there, in fact, to ensure that the workers and employees can continue to do their jobs.  We, in the security field, set up policies, procedures, login requirements, and other aspects of security so that someone from the outside of the company, who may be intent on stealing resources or information from the company, or trying to create trouble for our company, is not able to do so.

When we ask a normal worker to use the assigned login credential and to choose a strong password that they can remember, we are trying to ensure that nobody from outside will be able to use that login credential, guess the worker's password, and then use that credential in order to steal resources, delete information, corrupt information, or do various kinds of damage to our systems and information bases.  We are trying to protect the company, and we are trying to protect not only the worker's job, but their ability to perform their job.

But, business people, business owners, managers, and even employees and workers see security as a hindrance to the smooth operations of the business.  Not only that, particularly in regard to the managers, they see security as a cost centre.  It is an expense and does not return any value.  There is no revenue generated by having people do their jobs in a secure manner.  At least that's the way most managers see it.  The fact that, if security does not protect the systems and then somebody does attack the systems, nobody is going to make any revenue at all, doesn't seem to enter their consideration.

We probably don't do ourselves any favour, in the security field, by saying, when management comes to us and says that they want absolute 100% guaranteed security for their systems, that this is impossible.  We, in the field, know that 100% perfection simply isn't achievable.  The closer you want to get to that impossible standard, the more expensive it becomes.

Part of our job is to do cost-benefit analysis.  We have established security protection to a certain level, and it costs a certain amount of money or resources.  We then have to consider: if we increase the security, how much is that going to cost the company?  How much benefit will the extra protection bring to the company?

Once again, you are going to be asking yourself, and me, "What does this have to do with Christianity?"  Well, most people see Christianity as a hindrance as well.  Christianity, and religion in general, are seen as a "no fun" state of mind.  This is a philosophy which says that anything that is fun is bad.  Religion, overall, is seen as a whole series of "thou shalt nots".  That's the way that we are perceived.

And, of course, this attitude is also incorrect.

God has not laid down the law so that we can have no fun.  God has provided his law and direction to us so that we can have the most fun that there is: in a relationship with Him.

Let's take some of the aspects of modern life that people consider to be antithetical to the Christian way of doing things, or that the Christian way of doing things is antithetical to modern life.  Allow me to use one particular example: alcohol.

I don't drink.  In my case, it's not so much that my family didn't drink, although they didn't, but the fact that, by the time I got into university and was going to parties where drinking was available, I had already taken organic chemistry.  When I was offered various alcoholic drinks, all that I could taste was industrial solvent.  I couldn't really see the point in trying to develop a taste for the stuff, and so I didn't.

But, of course, most people do, and most people don't see anything wrong with drinking.  And, indeed, there isn't necessarily anything wrong with drinking.  Drinking to excess does create problems, but alcohol, in and of itself, is not necessarily a bad thing.  Yes, wine is certainly consumed in the Bible, and anyone who says that all of the mentions of wine in the Bible are actually just references to grape juice are definitely fooling themselves.  There isn't really anything wrong with alcohol per se.

My dad was a teacher, and then a principal.  He, as a principal, was responsible for staff parties, to a certain extent.  He hosted a couple every year.  My family did not drink alcohol, so these parties were dry parties.  There were no alcoholic beverages served at these parties, particularly when they were at my parents' house.

I taught in another school, with a different principal.  That principal made his own wine, and his wine was fairly famous among the school staff for being particularly strong in terms of its alcoholic content.  It was also considered to be rather raw on the throat, but I'll have to take somebody else's word for that, because of course I never drank any of the stuff.

The point is simply that here are two situations, with two people in the same job, creating two very different types of parties.  My dad's parties were dry.  The other principal's parties were definitely alcohol-soaked.

My parents recounted that, among the staff members, there were comments to the effect that they really appreciated the fact that the parties were dry.  There was no trouble at the parties, nobody ever got drunk, and there were no unpleasant incidents at these parties.  I don't want to say that having alcohol at a party inevitably leads to unpleasant consequences, but there is certainly a great deal of evidence that suggests that it does happen on occasion.  If there is no alcohol, these types of consequences can't arise.

So people at my parents' parties tended to have more fun.  Without unpleasant aftereffects.

When I worked in logging camps, there was a lot of drinking that went on.  Even when the camp was supposedly a dry camp, alcohol got smuggled in on a regular basis and was definitely consumed.  The loggers would show up in my office in the morning stating that they got a bottle of alcohol and had a wonderful time last night!  That statement would be followed up by one of two options explaining why they had a wonderful time last night.  Option A was that I'm sick as a dog this morning.  Option B was that I can't remember what I did last night.

I never understood the logic behind those two justifications proving that they had a wonderful time the night before.

I'm not sure that I picked the right rule when I picked on alcohol.  After all, there isn't any actual commandment against drinking.  (Not unless you consider Proverbs 31:4 it is not for Kings; Lemuel it is not for Kings to drink wine not for rulers to crave beer.)  It isn't a major problem for an awful lot of people.  It's a problem for society overall, and it's a terrible problem for some people.  But it isn't exactly universal.

Pride.  Possibly I should have picked on pride.  But that's a lot more complex.

In any case, there are all kinds of things that we could pick on.  The point is not any specific sin or commandment.  Any specific issue even.  The point that I want to make is that what God tells us to do is, as I have noted in a different sermon, for our own good.  God's directions to us are not a heavy-handed person yelling at us to keep off his lawn, but a parent, giving us advice that will help us in life.

There is another point to be made here with respect to the issues and approach of security.  I have mentioned that a lot of people ask us to give them 100% guaranteed protection, and have mentioned that there is no such thing.  In the same way, there is no such thing as 100% righteousness.  Well, there is, for God, of course.  But not for us.  And that presents us with a little bit of a problem in terms of people saying, "Well, if we cannot be righteous, then why even try?"  The answer is that we should always strive for perfection, even though we are pretty sure we are never going to meet it.

And, of course, there is more benefit to Christianity.  In the same way that there is more benefit to a business in having security then simply the protection of assets.  Security, by forcing you to study what is and isn't important in your business, and what are and aren't important assets, forces you to understand more about your business, and therefore make better business decisions.

In the same way, there are more benefits to Christianity.  There is the relationship with God, to begin with.  There is support and provision from God.  Not that it doesn't come to those who don't believe in him, it just has to come a little bit more indirectly.

There are somewhat intangible and ineffable benefits.  I really enjoy CS Lewis's Narnia chronicles, the series that is most identified by the book "The Lion the Witch and the Wardrobe."  Those who love the series probably have a favorite scene in it.  My own favorite scene is one from one of the lesser known books, and even within that book it is probably a scene that is passed over in many times.  In it, the characters have been captured, and an evil witch is attempting to gaslight them, and convince them that there is no Narnia, there is no overworld (they are being held underground).  A character, deliberately injuring himself in order to clear his mind, makes an absolutely impassioned and beautiful speech about how if the sun and sky and Narnia and other aspects of believing in Narnia (which stands in for a belief in Christianity in the books) are all such false childish imaginings, then it's rather odd that their fictional imaginings are so much better and more substantial than the world they see around him them.

God is not anti-fun.  God loves us.  God wants us to be happy and has made all kinds of provisions for us to make us happy.  God's directions are not to stop us from having fun, but to ensure that we can continue to enjoy all the wonderful things he has provided for us.


See also: Sermon 45 - The Difficulties of Law


Theological Lessons from Information Security

Sermon - TLIS - 0.2 / 47 - Integrity/Robert Slade is a world renowned speaker

Sermon - TLIS - 0.7.3 - Four right answers on CISSP questions

Sermon - TLIS - 1.1.3 - Functional and Assurance Requirements

Sermon TLIS - 1.1.5 - "Footprints" and key performance indicators/metrics

Sermon - TLIS - 1.1.7 - Security Frameworks

Sermon - TLIS - 1.2.1 / 34 - Edit, Audit, Prophet

Sermon - TLIS - 1.5.1 - Manage Everything

Sermon - TLIS - 1.7.1 - Organizational Roles and Body Parts

Sermon - TLIS - 9.8.5 / 73 - Muster station, safe and secure

Sermon - TLIS - 10.3.1 - Intellectual Property

Sermon - TLIS - 10.5.1 - Privacy

Sermon TLIS - 10.6.1 / 54 - Liability and Negligence



Posted by at No comments:

Friday, April 10, 2026

Sermon 82 - Systematic vs Biblical Theology

Sermon 82 - Systematic vs Biblical Theology

Deuteronomy 11:18
Fix these words of mine in your hearts and minds; tie them as symbols on your hands and bind them on your foreheads.


Most sermons these days, at least in smaller churches, are based on biblical theology.  Carl Armerding taught me biblical theology.  That is, you take a passage of scripture and you mine all the wisdom that you can out of it.  That's a very valid approach.  Mine is a little bit different.  I use systematic theology, that is, to take an idea [very often an idea from a non-religious setting or environment], and to see what the Bible says about it.  Bruce Waltke taught me systematic theology.   So if you don't like my sermons blame Bruce.

Biblical theology is good.  It has a very solid foundation.  You start with the Bible.  That is always a good place to begin, and you can do your own Biblical theology, simply with your Bible reading time.  Reading your Bible regularly definitely provides you with the foundations of the Christian life.  The Bible teaches you about God.  The Bible is our source of revelation.  If there are any other revelations, they are to be judged against the Bible!  Starting with the Bible is absolutely foundational, and you can't go wrong with it.

On the other hand, there's an awful lot of areas where simply reading the Bible won't give you a lot of benefit.  For example, there are all those genealogies.  What do they matter?

(Well, I suppose that I should say that not all of my sermons are, in fact, systematic theology.  It was, in fact, in one of those genealogies that I got one of my, not just sermons, but a whole series of sermons!

I was intrigued by the fact that, in the book of Matthew, as opposed to the book of Luke, Jesus' genealogy lists women.  Going back into the Bible to find out about those women, there seemed to be some very interesting common characteristics!  For starters, they were all foreigners.  That's got to be something interesting when you find women who don't get mentioned anyways in a Jewish genealogy that leads to an important figure.  Why include these foreigners?

And I went on from there.  I got four sermons out of it, and then got three more, because I have always loved the book of Ruth, and I just took advantage of the fact that she is one of the four mentioned.)

Okay, maybe objecting to genealogies wasn't the greatest place to start with this particular sermon.  After all, I'm trying to point out that systematic theology is something you can do in addition to the straightforward Biblical theology.  Let's get back to Biblical theology and the parts of the Bible that might not be particularly helpful.

There's all of those places in the Bible where, in the spring, the kings march off to war.  Unless you're writing a Biblical movie epic, you don't particularly want to concentrate on the battle scenes.  There's a lot of that stuff in the Bible.  We don't do that anymore, so what does it have to teach us today?

Then there's the prophets.  There are the major prophets, who really do tend to go on, and then there's the minor prophets, and there's a lot of minor prophets.  And most of what the prophets are talking about is the fact that the Jews have been unfaithful, and so God has had to send armies against them and haul them off to slavery in a foreign land.

Okay, yes, there are parts of both the major and minor prophets where the prophet gets a vision long into the future, talking about the coming of the Messiah.  That's all relevant to us.  They were talking about Jesus.  They were talking about why Jesus would come, and they were talking about what he would do when he came.  It's rather steadying to take this stuff that was written five to seven hundred years before Jesus was born and show how startlingly accurate it was about noting different, and sometimes very minor, aspects of his life!

But then we're back to complaining about Israel being unfaithful, and how they had to be hauled off to slavery.  Yes, the prophet said that they were going to be brought back in the not-too-distant future, but they do go on at great length about it.  Over and over again.

I'm not saying there is anything wrong with this.  Even those passages about Israel being unfaithful, being taken away into exile, and then the promise that they will be brought back to the promised land, is evidence of God's faithfulness.  God made a promise; God is going to keep his promise.

But there are other things in life. 

We have difficulties and problems, and we live in troubling and complicated times.  We are faced with technologies, politics, and a disastrously complicated financial and economic system that just doesn't get mentioned in the Bible.  Sometimes we have to look at this, look at our difficulties, and then try to see what the Bible does say and how it addresses the problems that we are facing.

Sometimes this has to do with troubling times.  I wrote a sermon on an idea from a book called "The Grieving Brain."  I am grieving, and I was at the time that I wrote the sermon.  I want to look at grief, but I also want to look at what the Bible might have to say about grief.  I took the way that the book looked at grief and tried to see if that was consistent with the way the Bible looked at grief, and there is a sermon.

Sometimes it doesn't have to be troubling aspects.  I realised that, doing a lot of walking in the early morning hours and generally speaking getting my breakfast from blackberry bushes along the way, I realised that I was having breakfast with God every morning.  God was providing the breakfast in the form of the blackberries, which nobody was growing or cultivating and just sprang up.

I wrote a sermon about blackberries.  Hopefully the idea that God provides for us isn't too far from what the Bible says.

And then there was a sermon when I was very troubled at how the churches were not working with each other.  They weren't cooperating with each other.  As a matter of fact, for the most part, they weren't even talking with each other.  I found that troubling, and I tried to write a sermon about it.  I didn't get very far, and then suddenly, some of the research, from my very non-spiritual and not very pleasant work in information security, sprang to mind and pretty much finished the entire sermon.

Of course, I did have to make sure that the way that I, in information security, was looking at this was in fact consistent with Biblical principles.

Most recently, I have been going through the course that I created for information security and picking out concepts which I think would make a good sermon.  What I find that I'm doing is, from a background as a Christian over these many years, I will address this issue and see how it relates to our Christian life.  But I do want to make sure that it is consistent with the Bible.  Having written a certain amount of material and content for the sermon, I will then turn to the Bible and look up the words that I have been using and the concepts that I have been talking about in the sermon.  I see what comes up out of the Bible, and it's been surprising, and really, well, heartening, to find that doing it this way, the Bible verses that come up in my searches bring out new aspects, and sometimes new depths, to what I've already written.

I still have no idea why I am writing sermons.  After all, for 70 years I didn't.  Well, I did write *one*, but all this time I never wrote sermons.  All the time that I was married to Gloria, I was just working on that one sermon, and I don't think we ever really discussed it.  I have lost the opportunity to discuss the sermons that I am creating with Gloria, which is another reason to grieve.  Another loss to add to the pile of losses that is related to Gloria's death.

Recently I noted that I was writing a bunch of sermons, and I didn't know why, and it was in connection with discussing Gloria and the discussions that we had, about absolutely everything.  The person I was talking to suggested that maybe writing the sermons I am still discussing things with, and teaching things to Gloria.  I guess she just hasn't had as much of a chance for input anymore.

I still don't know why I am writing sermons, but I guess this is how.  I am a systems analyst.  A systems analyst looks at a system, finds the trouble, and then tries to propose a solution.

So, basically, this is what I am doing in the way that I write sermons.  I look for trouble.  I look for a troubling aspect of modern life.  I look for a troubling aspect of the churches that I am going around.  I look at a troubling event in the modern world, and then I analyse it, and then I go to the foundational principles of our faith and try to see if there is a solution there.  I back that up with what the Bible has to say about it all.  Being reasonably well grounded in the Bible I generally have the feeling that I know what the Christian attitude towards this problem is going to be.  But then, as a kind of a final check, I usually go back and try to find scripture verses to justify what I've written.  At which point, I often find something that wakes me up a bit, and makes me realize that I don't always know everything that the Bible has to say about this subject.  And, usually, at that point I go back and do a bit of rewriting.  Sometimes a *lot* of rewriting.

And I guess that is systematic theology.

Someone asked me if I had a big wrap-up ending for this sermon.  I don't.  But I do have a small suggestion.  A lot of us, in doing Bible study in a small group, decide to pick a book and plow through it no matter what.  That's Biblical theology.  But you could decide on a topic.  Possibly a problem that we see around us, or in the wider world, or possibly just an idea or a concept that we find interesting and want to explore.  And everybody gets to think about it, think about a Christian approach to it, and possibly try to find places in scripture that might relate to it.  And everybody brings their ideas together next week.

Well, I think that it would be an interesting idea for a Bible study.  And it would let everybody participate, and not just the study leader.  (It would also take some of the pressure off the study leader.)



Posted by at No comments:

Thursday, April 9, 2026

Mythos: Hit or Myth?

It should be obvious just how dangerous the Anthropic Mythos Preview is.

But it probably isn't for most people.  So here are a few pointers.

Anthropic Mythos Preview finds vulnerabilities in software and systems.  Vulnerabilities aren't immediate attacks, but they can be used to direct which attacks could succeed.  If you know where and what a vulnerability is, then you can create an attack that will take advantage of that vulnerability.  A single vulnerability may not be sufficient to create an attack.  You may need several vulnerabilities in order to successfully penetrate a system.  And, depending upon what your target is, you may require a number of vulnerabilities to penetrate the operating system, and then a number of vulnerabilities to penetrate the internal application software.  so not every vulnerability, or even every collection of a dozen vulnerabilities, may get you what you want.

But if you have a thousand vulnerabilities, or 10,000, or more, then the opportunities to directly attack anything you want rise exponentially.

Anthropic has said very little about Mythos Preview.  Fifty technology companies are currently contracted to use it.  We do not know how many vulnerabilities Anthropic has collected, via Mythos, so far.  But it is extremely likely to have found a great many vulnerabilities in the most commonly used software and systems.

One vulnerability is said to be thirty years old.  I believe it.  So far finding bugs in software has been a very hit and miss business.  Yes, for any widely used software, millions of people have used it, and probably tens of thousands of people who have some knowledge of how to probe or poke at the internals of software.  Bugs and vulnerabilities have been discovered.  But many times the number that have been discovered probably lie undiscovered.  A thirty year old bug in software has probably been installed on millions and millions of systems.  Possibly into the billions.  And if you think that the various upgrades of software will have ensured that that bug is long dead, you don't know anything at all about software development.

Anthropic has, so far, behaved with probate and morality.  There is a reasonable expectation that it will continue to do so, at least for the foreseeable future.  (The foreseeable future, in terms of high technology, tends to be about eighteen months.)

But just consider for a moment the power that this kind of information gives a company.  In the present situation, Anthropic has handed the information or at least the capability over to fifty high technology companies.  But it could easily have kept the results to itself.  It could have sold that database of vulnerabilities to any nation state for pretty much any amount of money.  These days artificial intelligence companies are looking for massive amounts of funding.  $10 billion could probably buy you a few new data centres and power plants to power them in some interesting places.

But, of course, the most money could be made by selling the information to some people, and not selling it to others.  You could reduce the number of companies that you sold the information two, and probably raise the price considerably.  How much would Meta be willing to pay for the ability to install its software, secretly, on pretty much any telephone and computer in the world?  How much would Elon Musk pay for that capability?  How much would the United States pay for the capability to penetrate vulnerabilities in Russia and China?  How much would China be willing to pay to return the favor?

And, of course, it's not just money.  How about actual power?  The ability to penetrate is slightly different from the ability to install software.  However, when you know so, so many vulnerabilities, you should be able to install control software on just about every computer that there is.  And when you control all the world's computers ...


AI topic and series
Posted by at No comments:

My birthday present to me

Well, the fact that the new drug won't let me sleep is finally working to my advantage.  Waking up at 1 a.m. also awoke me to the fact (while I was doing other work) that I should be testing out my 4000 mm telephoto lens for its original purpose as a telescope.

So here is my very first reasonably high-resolution picture of the moon:

And then I realized that the last time I used this lens, I was using a film camera, and I was falling into old habits.  I realized that I wasn't completely happy with the focus (which is kind of loose on this lens), and I could probably just take a few more shots and delete the ones that I didn't like as much.  I took some more a little later.


So, the purchase of the camera (and the extra work to update the firmware and solve the problem, and read the 920-page manual), although I didn't think of it as a birthday present at the time, kind of turns out to be my own birthday present to myself.
Posted by at No comments:

Emotional support badger

I need to get one of these for the times that people ask about my grief and then make stupid comments about it.


Posted by at No comments:

Sermon 18 - Whatsoever Things Are Pure

Sermon 18 - Whatsoever Things Are Pure

Philippians 4:8
Authorized (King James) Version
Finally, brethren, whatsoever things are true, whatsoever things are honest, whatsoever things are just, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report; if there be any virtue, and if there be any praise, think on these things.

New International Version
Finally, brothers and sisters, whatever is true, whatever is noble, whatever is right, whatever is pure, whatever is lovely, whatever is admirable—if anything is excellent or praiseworthy—think about such things.

Titus 1:15
To the pure, all things are pure, but to those who are corrupted and do not believe, nothing is pure. In fact, both their minds and consciences are corrupted.


When your wife dies, your life changes.  Well, you say, of course.  The thing is, that so many changes take place, so much of your life changes, so drastically, that it's more like your life *ends*.  You are doing all kinds of things, when you are married, because you are married.  Your interests are affected by your spouse's interests.  Any schedules that you have are affected by the activities, and needs, of your spouse.  So when you're spouse is not there, everything changes.  *Everything*.

So that's what was happening to me.  Gloria had died, and my life was over.  But I hadn't stopped breathing yet.  So, I had to build a new life.  I had to come up with things to do, and reasons to get out of bed in the morning.  I had to come up with things to occupy the endless empty, lonely, hours of the day.

Well, I'm a researcher.  I found things to do.  Or, at least, I found things I *could* do.  I found a number of things that I could do.  I was researching grief.  I was creating a means of support for other men who had lost their wives.  I was doing research in my field of information security.  Rather oddly, I started writing sermons.  There were quite a few things that I could do.  But, of course, just having things to do doesn't build you a life.  So I was starting to worry about which of these things I should pursue.

I spoke to a friend about this problem, and she quoted Philippians 4:8 at me: whatever is true, whatever is noble, whatever is right, whatever is pure, whatever is lovely, whatever is admirable—if anything is excellent or praiseworthy—think about such things.

That sounded like pretty good advice.  There's only one problem, in my particular case, with that advice: my professional life does not deal with things that are pure.  I deal with liars, thieves, fraudsters, pornography, and people who are just out to do injuries to you, simply because they can.  My professional life does not deal with the pure, and the noble.  Oh sure, what I am doing hopefully will help people, and there may be some nobility in that, but the research that I have to do is not into anything that is remotely pure.  My research is always into things that are pretty nasty.

As I am writing the notes for this sermon, I am also teaching the cryptography section of the information security seminar.  I love cryptography, and, in this case, one of the reasons seems to be that, as a topic, it is at least ethically neutral, and research into it doesn't necessarily involve delving into the actions of bad people.

So, I felt that I needed to get away from what I had been doing in my professional life.  Probably not entirely, since my research tends to be long-term, and I have to keep it up, if I'm ever going to go back into information security work.  So I dialed back on my research.  I kept up with issues that were arising in my field, but I didn't delve into it very deeply.  I went into other things.  I tried to help out in churches.  I tried to find a new church.  So I was doing church shopping.  I was also offering help to the churches I was trying out.  I was creating workshops on information security, at a very basic level, for the general population, and particularly for seniors.  I was doing this so that the churches could offer this both to help out their own congregants, but also so that they could offer it to those in the community who might come to a workshop, but wouldn't want to come to a sermon.  Then, of course, once you've gotten them into the sanctuary, you can grab them.

I was continuing to write sermons.  Some of the sermons seemed to arise, rather oddly, from my experience of grief.  Okay, well, grief is not the greatest of experiences, and it's not exactly pure, but it's not exactly impure, either, so that wasn't too strange.  I felt that that was acceptable.

However, even as I was dialing back my research into information security, it seemed that information security was either prompting, or invading, some of my sermons.  Ideas from information security, and the dangers, and, yes, even the nastiness, seemed to find an important place in the sermons that I was writing.  One such sermon was initially prompted by an unfortunate experience, that seemed to point out a failing in some of the churches.  So I wrote that up, as best I could, but it didn't seem finished.  I wasn't happy with it.  And then, during my church shopping, a throwaway comment at the end of a sermon suddenly reminded me of two areas of research that I had been working on prior to the "think on these things" advice.  And suddenly, in a flurry, adding lessons from those two areas of research finished that sermon.  It became complete, where it had not been before.

Are we not allowed in the church to talk about anything bad?  Must we always be talking about only the positive?  Doesn't that way lie toxic positivity?  Are we not allowed to talk about the reality that sometimes you find it difficult to praise the Lord because you don't feel that you have anything to praise the Lord about?

I'm asking this question quite seriously.  We really have a problem talking about anything bad in the church.  Even if it's something bad unrelated to the church, we seem to feel that that is something that should not be discussed. 

Can we not talk about the reality of pain?  Of loss?  Of grief?  Is that forbidden in our church?

When my sister died, I first realised that we were not allowed to talk about death in our society.  I desperately wanted to talk about my sister and about my sister's death.  I was grieving.  I probably wasn't doing it particularly well, after all I was only 15 years old.  I still would have liked to have talked to someone, at least about my sister.  That is a standard part of grieving: talking about your dead loved one.  But I also wanted to talk about death.  This was my second major experience with death, and I still really didn't understand it, but no one, absolutely no one, would discuss it with me.  Not outside the church, and definitely not inside the church.  Inside the church, negative and painful topics were absolutely forbidden!

That hurt me very badly.

After all the Bible says that God comforted us so that we could comfort others.  Are we not allowed to comfort anybody until they come back to us with a happy smile on their face?  Even without being helped?

Does Titus give me an out?  Is it possible, if I have the best of intentions, to continue to do my information security research in the hope that I will, in fact, create something good out of even the difficult situations that I research?  I know that it is too much to hope that I can be considered pure of heart, in and of myself, but hopefully using my security research to write sermons is at least a relatively good thing?

In another sermon I was trying to delve into the story of the foreign woman who begged Jesus to drive a demon out of her daughter.  And what does Jesus do?  He refuses!  He calls the woman a dog!  He calls the child, the suffering child, a dog!  Unworthy of being healed!  I'm trying to use this story in a sermon and I'm trying to make a point and every time that I get to this place in editing the sermon, I start crying!

It's very inconvenient.

Why on earth am I crying about this?  Well possibly because I am suffering at the moment, and God is not doing anything about it.  Am *I* unworthy of being healed?  Or even comforted?

I'm trying not to take this personally.  I am trying to remember that everything will be all right in the end and that if it is not yet all right then it is not yet the end.  And of course yes, I know in the story in the Bible in the end the girl gets healed.

But, here in the middle, it's hard, you know?

So do we have to ignore the fact that it is hard?  Does religiosity require that we deny that bad things even exist?

Are we, in the church, so desperately afraid that we are trying to deny that anything bad actually exists?  That hardly seems like it could be right.  Why should we be so afraid?  Why, after all, are we even afraid of death?  When we die and we go to be with the Lord, as Paul says.  Isn't that a good thing?

Certainly, in my current situation, lonely, pained, grieving, and depressed, I'd much rather go to be with the Lord, but I can't even joke about things like that.  Not in the church.

Am I completely out to lunch?  Is the horror of information security work invading my sermons, to the bad?  Am I so far gone that I don't even recognize how evil the bad stuff has become?  Am I fooling myself?

Am I to look for the good, in the very bad?



Posted by at No comments:
Subscribe to: Comments (Atom)