Wednesday, February 25, 2026

Sermon 73 - Muster station, safe and secure

Sermon 73 - Muster station, safe and secure


Proverbs 24:11-12

Rescue those being led away to death;
    hold back those staggering toward slaughter.
If you say, "But we knew nothing about this,"
    does not he who weighs the heart perceive it?
Does not he who guards your life know it?
    Will he not repay everyone according to what they have done?

2 Corinthians 1:4

who comforts us in all our troubles, so that we can comfort those in any trouble with the comfort we ourselves receive from God.


Recently, at a church, I saw a sort of a an observation, a kind of a meme, illustrated with a picture of the cross, with a sign low on its upright, indicating "muster station."  The observation went on to note that for us (Christians definitely, but possibly all human beings in general), our muster station was at the cross.

It is a lovely and possibly inspirational note.  But it probably deserves a bit more examination in terms of what a muster station actually is.

First of all, there is the word muster.  Muster is to gather, to assemble, particularly in the face of a threat.  The word muster is used in the Bible.  The concept definitely is.  The trumpet sounds, and the people come together to face a problem or an assault.  This is probably most clearly outlined in the book of Nehemiah.  The people were rebuilding the wall of Jerusalem, and they definitely had some enemies who did not want this to happen.  So Nehemiah gave instructions that the people who were working on the wall would work with one hand holding a sword or a spear, and the other doing the actual construction work.  They would also have trumpets, and, if any part of the wall was attacked, those who were being attacked would sound the trumpet, and all the other workers would assemble, with their weapons, ready to repulse any attack. That is mustering.

Mustering also took place, through the ages, when a sample of the local populace would be called to support the lord or king in a war, either of defense or of conquest.  Those who had more experience in battle, and possibly weapons, would muster, or assemble, and would then travel to muster, or assemble, into a larger army.

These days we don't do that.  We have a standing army, a professional army, and those people have means of communication, and will receive orders to assemble in support of whatever project the army is engaged in at the moment.  So we still have mustering, but most of us know the word muster in terms of a muster station.

The muster station is a place of assembly in the face of a threat.  But we are not necessarily assembling to fight the threat, regardless of what the threat is.  In our day and age, a muster station is a place where an office, or a building, or a school, or any group or subgroup of the population, is under threat.  There are muster stations on ships, in case of some problem with the ship that might render it unseaworthy.  There are muster stations outside of buildings, in the case of fire.  So, it isn't anymore primarily a human threat, of an enemy come to attack us, but it's a threat nonetheless.

But we are not asking the people who are mustering to prepare to face the threat.  These days, mustering at a muster station is primarily about ensuring that everyone is safe.  It is about safety.

And, at this point, I want to digress to a topic in this regard.  Generally speaking, when we get to a muster station, one of the first things that happens is a headcount.  We count that everyone is here.  That everyone is out of the burning building.  That no one is locked in their ship's cabin.  We count to make sure that everyone is here, and therefore safe.  With us.

And this is an important point.  I'm going to come back to it to a certain extent but this business of counting your people, checking on your people, making sure that everyone is safe, is an important point, and probably one that I should address in a completely separate sermon as well.  How often do we see someone, week in, and week out, coming into our church, and leaving, looking somewhat despondent, and we never check on them.  We need to count our chicks.  We need to check on those who come to us.  Maybe it's someone who comes and goes, and nobody talks to them.  Maybe nobody knows even knows what their name is.  Why don't we know what their name is?  Why don't we know why they are looking despondent?  Why don't we know why they never talk to anyone?  We need to check that these people are safe.

We want to make sure that everyone is safe and secure.

Safe and secure.  We use that phrase all the time.  We don't really realize how strange that phrase actually is.  We see safe, and secure, as synonyms.  That safety and security are the same thing.  And, for those of us who actually do know about security, that is definitely not the case at all.

To explain how strange the phrase safe and secure actually is, and even to explain the concept of security, we have to talk about failure.

When I published my first book, after having talked about computer viruses and what they were, and given a little bit of the history and some examples of computer viruses that had been doing the rounds, I started in on the chapter on protection.  And I started off the chapter by saying in order to protect your system, you have to assume that you are going to fail.  Or, at least, you must never assume that you are going to succeed.

That may sound strange to those of you who do not work in security.  Actually, this was fairly early in my security career, so I'm a little bit surprised, myself, that, at that early point, I did understand this concept.

When somebody asks you to secure their systems, or their premises, or their enterprise, or whatever it may be, and you ask them how much security they want, the answer is pretty much always the same: 100%.  Of course, for those of us who actually know anything about security, we know that there is no such thing.  There is never 100%, guaranteed protection.  It just doesn't exist.  It flies in the face of the laws of physics, and any other universal laws that there may be.  You just can't have perfect.

Of course, as Christians, we should understand this.  We are called to be perfect, just as our Father in heaven is perfect.  But we also know that we can't be.  We are imperfect.  We are sinners.  We can never, by our own efforts, achieve holiness, or righteousness, or perfection.  We are sinful, and that is it.  And, as we have fallen, so nature has fallen.  The entire world, the entire universe, has fallen and is imperfect.  Possibly in heaven you can have perfect security, and possibly in heaven you can have a perfectly reflecting surface: I don't know what God has done about the laws of physics in heaven.  I don't know whether you *need* any laws of physics in heaven.  But, here on this fallen earth, we cannot have perfection.  And, we cannot have perfect security.

So, in our imperfect world, we, as imperfect security experts, in our attempt to provide what security we can, we have to assume that any particular security protection will be imperfect, and will fail at some point.  So we build what we refer to as defense in depth, or layered defense.  We look at the protection that we are putting in place, and try to figure out the most likely place, and extent, to which it will fail.  And then we put another protection in place, which will, hopefully, catch some of the threats that get past the vulnerabilities in the first protection.  And we may put a third protection in place, and possibly other multiple layers of protections.  Knowing, all the while, that while we are increasing the level of protection, and increasing the security, and decreasing the threat of an attack actually succeeding, we are never going to get to 100%.  We are never going to get perfect security.

So we turn to another concept in security, again based on the idea of failure.  We look at the different protections available to us, and we decide whether we want the system to fail safe, or fail secure.

To fail safe means that, even if the system is damaged, it will still function to a certain extent.  So, do we want our computer system, say, to continue to operate, even if the access controls are not working quite right.  This means that the system is failing safely.  This means that the information, and possibly certain functions, are still available to us, even though they might not, anymore, be protected against other people.

The other option is fail secure.  Fail secure means that, if the system is damaged, it will protect our assets and keep them from being obtained by anyone else, even if that means that we can't get at them, either.

Now that may sound somewhat academic when we are talking about a computer system.  After all, while just about all of you will interact with a computer at some point (pretty much every day these days), you don't necessarily manage the computer system.  You weren't responsible if someone breaks in and steals some information.  But the concepts of fail safe, and fail secure, don't apply just to computer systems.  They can apply to other things as well.

So, for example, let us consider a fire door.  What do you want to happen if there is a fire in the building?  Most buildings, most large businesses or commercial enterprises, will have magnetically locked doors.  The doors are held closed by electromagnets.  If the power in the building fails, then the doors are unlocked, and anyone can enter.  But, by the same token, anyone can leave, as well.  Therefore, if the building is on fire, you want all your employees and possibly customers to be able to leave the building as quickly as possible, in order to get to the muster station and be safe.

That's fail safe.  But there are some situations where we use fail secure, even on a fire door.  If you are on a in a high security military installation, and you are near a fire door, and the fire alarm goes off, get away from the doorway.  High security military installations, and, generally speaking, Navy ships, are built on a fail secure concept.  Fire doors in those types of situations will shut, relatively soon after the fire alarms start going off.  It's important that they shut.  It keeps the installation secure.  And if you are in the way of one of those doors, and the doors start to shut, then the doors will shut.  Regardless of whether or not you are in the way.  That is definitely not safe.  It *is* secure.  That is why safe and secure are not synonymous.

Okay, we want to return to assembling in the face of a threat, and muster stations.  Now there are some pretty constant threats in our environment, as Christians.  We are under constant threat from the temptations of the world.  We are under threat from the false idols of the world.  We are under threat from God.  After all, God is God, and God is holy and righteous, and we are sinners, and God has every right to destroy us for our sinfulness.  But God has covered that, so we need not fear it.  But that does give us a bit of an indication of where "at the cross" would be.

I mean, we talk about meeting God, or meeting Jesus, at the cross, all the time.  We don't really think about what it means.  Individually, yes, we are coming to God in humility and gratitude for the sacrifice of Jesus that brought us salvation.  But that isn't assembling.  That's us individually.  So, fairly obviously, "at the cross," in terms of mustering and assembling for safety, is the church.

And this brings up an important point about what the church should be.  A muster station is kind of the ultimate definition of a safe space.  We are assembling in the face of a threat.  Therefore, we want a space where people will be safe from threats.  And so that gives us an important idea of what the church should be.  The church should be our monster station.  The church should be a safe space.

We use that phrase, safe space, quite a lot.  It's likely that we have kind of forgotten what it should mean.  The space should be safe.  It should be safe from threats.  It should be safe from *all* threats.  And, because the space is a space for gathering, for assembling, then that means that the space should be safe from us, as well.  Anybody who inhabits the safe space has to respect the safety of the space.  They have to respect the fact that other people have needs, and fears, and triggers, and that you have to be gentle, and non-threatening, with anyone in the safe space.  Even if you are in the safe space, yourself.

The church should be fail safe, not fail secure.  We do not need to keep the church, the safe space, the space that keeps us safe from threats, secure.  Yes, we have to keep it safe.  We do have to provide protection against threats, even threats from ourselves.  But we do not have to secure the church.  After all, what is the church?  As we frequently point out, the church is not a building, or even, really, an institution.  It is not the rules that we create, even though we create rules to help maintain the church, and to keep it safe for those within it.  But the church doesn't have to be secured.  The church is, quite simply, all the people of God.  Wherever two or three are gathered in His name, that is the church.

We do not have to secure God, or God's holiness and righteousness.  Even to entertain that thought sounds a little bit like blasphemy.  After all, God is God.  God is secure, in and of himself.  God is who He is.  His holiness, and His righteousness, are inherent in God's nature.  And, after all, what could we possibly do to protect God?  God is all powerful.  We are pathetically weak.  God is Holy.  We are sinners.  God is righteous.  We are imperfect and fallible.  There is nothing we can possibly do to protect or secure God.  And, indeed, nothing that we need to do to protect God, or secure his holiness.  God is God.

We couldn't do that anyway.  And the church should be safe for sinners.  God calls sinners.  Jesus came for those who were sick and needed a physician, not those who were righteous.  Which is a good thing, since we are all sinners, and none of us are righteous.

God does not, of course, need us to keep people safe.  God can keep others safe, and even secure, in the same way that God is, Himself, inherently secure.  God doesn't *need* us to do anything.  However, God has offered us the opportunity to help keep people safe.  Are we going to take that opportunity, or are we simply going to ignore it?


Posted by at No comments:

Monday, February 23, 2026

It couldn't possibly be a scam, could it?

Background: the Widowed Village organization (associated with Soaring Spirits International) has a "pen pal" offering.  I've been "matched" with six pen pals, only one of which has continued beyond two transactions (one stopping immediately after a mention of my research into grief scams).  However, I've noted that he (all the matches seem to be the same gender, presumably as a minimalist protection against romance/grief scams) hasn't really said much about himself, although he always commended me on being so honest and open.

"Edmund" is 49 and has an 18 year-old daughter who means the world to him (but whom he never otherwise mentions).  I told "him" a lot about myself (including the fact that I was a security expert), and even more was available in my blog.  "He" was always appreciative.  The only thing he really mentioned about himself was a major road-building contract coming up in the Middle East, which needed investment.  (Hey, I'm a professional paranoiac.  At this point I'm starting to see signs of a potential scam.  But I keep going.)  

So, after eight transactions back and forth, today I received:

***
Meanwhile, I met a woman here in Turkey who is in her early 60s. She’s a gemstone trader and is currently facing a difficult situation. She came to Turkey to purchase some gemstones to bring back to the United States but was held at the airport for not having the required export license. Now, she’s facing the possibility of a four-year jail sentence.

She explained that she has a trust fund left to her, which she needs to claim in order to get the finance needed to resolve her issues. The trust has a mandate that it must be claimed with a man present in her life. She is a widower, and I want to be clear that I cannot get involved with her personally.

Would you be interested in communicating with her or offering any assistance?
***

1)  Hands up those who think that this is a variant but fairly classic grief scam, with an initial approach by someone presenting as male to get around the system's grief scam protection, and then redirecting me to the scam?

2)  Hands up those who think that this guy is, himself, as a widower, being grief scammed, and I should warn him?

3)  Hands up those who think that I have let my professional paranoia run away with me, and I am throwing away a golden opportunity to meet, aid, and fall madly in love with this age-appropriate and wealthy woman who needs my assistance?

Anyway, I carried on, although I did note that neither gem trading nor legalities were my specialties.  (OK, I lied a bit about not being familiar with the law.)  Now, at this point, "Edmund" seems to get impatient, and (as I had asked him about his daughter) seemed to mess up his response:

***
My daughter is doing well, and I plan to see her when I leave Turkey.  I hope you might have the chance to get to know each other. I know she is looking for a trustworthy man to help her with a power of attorney so she can have easier access to the trust fund left for her.
***

So I messed with him a little on that score, but kept going.  However, by this time I had also alerted Widowed Village, and they had started an investigation, so I suspect that scared him off.

Oh, but wait!  Before he disappeared, he gave my email address to "Debra."  In "her" second message to me, "Debra" noted that "she" was keeping an open mind as we get to know each other as life has taught "her" that meaningful connections often begin with simple conversations, and "she" looks forward to learning more about me.  Outside of work, "she" enjoy simple pleasures.  "She" likes taking walks, listening to good music, reading, and spending quiet time reflecting or enjoying nature.  "She" also enjoys travelling when "she" can, trying new foods, and having relaxed conversations with good company.  "She" values honesty, kindness, and a good sense of humor.  (I note that this seems to be copied directly from "How to Write A Generically Attractive Dating Profile in 25 Words or Less.")

"Debra" has been quiet for a couple of days, and I was wondering if "she" had twigged to the fact that I know that this is a scam.  But today she sent me a picture!  Of a woman who, five years ago, was running a vintage fashion business.  She also responded to my email, praising everything that I wrote--and saying almost nothing about herself.

To be continued ... (possibly ...)



Online scams, frauds, and other attacks (OSF series postings)


Posted by at No comments:

Sunday, February 22, 2026

Presentative dissonance

 A man may smile and smile and yet be suicidal ...

Posted by at No comments:

Wednesday, February 18, 2026

Woke

When did the word for being a conscious and thinking entity become an insult?

(And why?)
Posted by at No comments:

Monday, February 16, 2026

Isaiah 49:20-21

The children born during your bereavement
    will yet say in your hearing,
'This place is too small for us;
    give us more space to live in.'
Then you will say in your heart,
    'Who bore me these?
I was bereaved and barren;
    I was exiled and rejected.
    Who brought these up?
I was left all alone,
    but these—where have they come from?'
Posted by at No comments:

Thursday, February 12, 2026

Wrong place

I figure that I am always the wrong person in the wrong place and situation.

I am a scientist who believes in God.  I am a believer in discourse and consensus, in a world full of division and denial.  I am a devotee of lifelong learning, in a church that has reached new heights of anti-intellectualism.  A protector of those who think that they are too street-smart to be tricked or trapped.  I am a believer in donating everything that you can, in a world that believes every need is an opportunity for a side hustle.  A teacher in a society where most people avoid learning anything they can.  I am a believer in partnership and relationship, in a society which believes everything is a transaction.  A specialist in information security, in a world where no one wishes to take any account of risk.  I am a specialist in information integrity in a world which no longer believes in the truth.  I am a depressive in a society that worships positivity (even if toxic).
Posted by at No comments:

OSF - 3.20 - spam - packages

Package scams are probably yet another variant in the general class of advance fee fraud.  Packages, as well as various gift and lottery, scams have been around for quite a while, but they really picked up during the pandemic, when everybody was ordering things online.  Online ordering, and delivery services, are still quite active, and so package scams are still around.

I have a possible advantage over the scammers, in regard to package scams.  At one time I did a lot of reviewing of technical books, and so I was receiving an awful lot of packages, of books, through the mail, or via the various delivery services.  Therefore, I was more aware than most people of the announcements that you would, and would not, receive from delivery services, and so I was more able to identify the variations that indicated that something was a scam.

As with any advance fee fraud, there is the promise of a benefit to come, dependent upon you paying some kind of fee in advance.  In the case of packages, or the free gifts mentioned earlier, the fee is generally fairly small.  Usually, package scams are a kind of a one-off fraud, rather than the ongoing requests for a constant stream of fees or assistance that are part of the classic advance fee fraud.  However, it is possible that some of the package scams may involve an initial small fee, perhaps five or ten dollars, and only later report that you need to pay extra taxes or duty.


Package scams very often come via text, rather than email.  In this case, it offers us a bit of a twofer, in terms of red flags.  The first message is for a delivery scam.  How do we know?  Well, Canada Post isn't likely to host its rescheduling Website in Hong Kong (.hk).  So that's one indication, for a start.  However, as chance would have it, these particular scammers seem to be involved in a number of different scams.  You'll notice that both messages came from the same number, and one is for a completely different scam (threatening that you have not paid your Disney+ account).


These texts didn't come from the same number: this is from my reporting of spam to a research account.  However, you can see that there are a variety of package scam attempts: one purportedly from Canada Post, one from DHL, and one unnamed.  Notice also one mention of a "border fee."


I really love this one.  They've put a bit of thought into the social engineering: in order to prove that they actually have a package for you, they've sent you a *picture* of it!  Relatively few people would think to question the fact that the picture isn't clear enough to indicate who sent it, or to whom it is addressed.  I mean, it's not possible that someone just took a picture of *any* package and sent it to you, is it?


Posted by at No comments:
Subscribe to: Comments (Atom)