What’s Coming Next

First, a few precursors – because these elements are foundational and need to be understood, at least in an abstract manner, to take the next step in understanding.

“I am the only way.”

How does a cult leader cement his/her leadership status? This is a topic covered by far better sources than myself, and I will defer to them without hesitation – as a recommendation, look up the works of Hannah Arendt (“The Origins of Totalitarianism”).

From a high level view, one of the means by which a cult cements its control over individuals is through inducing guilt and shame in them, and offering conditional acceptance to the individual. Psychologically this traps the person – if they leave the cult, what they’ve done that induces the guilt and shame comes due, they lose the refuge from it that the cult offered. The cult may also make it clear that those who leave become enemies, and not only lose the refuge but earn a cause for fear.

Take for example, Nazi criminals who worked in concentration camps. They participated in the industrialized murder of millions, an unforgivable source of guilt and shame – but so long as they remained loyal to the Party, that became a quality of value within the cult. And of course, any who departed became enemies, and were to be destroyed as such. To depart was a twofold isolation: their own sense of guilt over what they knew to be wrong would come to roost, and the recrimination of their former colleagues would leave them with no one to help comfort them with it. Furthermore, they knew the physical harm which would befall them, which made departure from the cult unthinkable.

“I know nothing, and even if it does happen, they deserve it.”

Recall as well, that the concentration camps did not bear labels declaring them to be centers of mass execution. They were entitled “work camps”, with the slogan “Work Earns Freedom” on their gates. These were the sanitized exterior, what made them palatable to the local residents. As the knowledge of what actually went on within them made its way slowly out into the society, the combination of willful ignorance and the prior demonization of those condemned to the camps made it a simple matter for residents to simply ignore what went on behind those walls.

The Nazi party spent a great deal of time prior to coming to power spreading hate against the Jewish people, and others they considered ‘subhuman’ – gays, the mentally ill, Romany gypsies. They laid the groundwork of hatred in the common people by constant repetition and absolutely flagrant lies. This had the effect of demonizing the targets to the point where any normal person might consider ‘I know they aren’t as bad as that, but they aren’t good.’ This conditioning enabled uninvolved persons the psychological escape of looking the other way while unthinkable horror was visited upon their neighbors within a short walk of their homes.

How does this all bear pertinence to anything now?

  1. For years, Republicans – with the aid of FOX News and other even more extreme “news” outlets have demonized immigrants and gay/trans persons (all the while covering up their own pedophile and perverted members of the Republican party).
  2. Repeated themes of the Trump Presidency and candidacy have had him stating “I am the solution” and “I am your retribution” – positioning himself to provide relief from the fictional enemy oppressor.
  3. The Trump Administration of 2016-2020 spent its efforts on fictionalizing a “wall” being the solution to the immigrant problem, while throwing together makeshift camps on the Southern border of the US. During this time those camps contained thousands upon thousands of victims, and were responsible for the tearing apart of family members – again, on the fabricated grounds that those familial relationships were themselves untrue.
  4. The campaign of 2024, and the policy book “Project 2025”, has no plan for a “border wall” (which demonstrates that it is recognized as an idea that gains no traction, and therefore is of no use in marketing their ideas). It does, however, contain a proposal to round up and deport as many as 30 million persons. Such an effort will require an enormous infrastructure to be constructed, at hideous expense. It would also require an open destination to receive the deportees.
    • Except, of course, there is no such destination. There is no where on the planet with the ability to take in that many individuals.
    • And there is no money for such an effort. The Trump Administration couldn’t even manage to get funding for the ill-conceived wall between 2016 and 2020.

For comparison, the United States prison system has 1.5 million inmates across the country. The Republican round-up of deportees dwarfs that by 20x. There are no facilities to contain that many persons, never mind no legal ground for imprisoning them.

Where does this go?

Thirty million people that the Republicans wish to remove from society. They have no place to send them. No money to pick them up, store them, and eventually move them. They already have been conditioned to think of them as “murderers”, “rapists”, “vermin”, who “poison the blood of our country” (which, by the way, Trump has said numerous times on tape and camera, and is a direct quote from Nazi propaganda of the 1930s).

Of course, being Republican, they have no capacity for original thought – and they will go back to the old plan that they’ve been carrying around for decades.

They will construct “staging areas” and “deportation centers” around the country. Unlike our borders, Donald Trump’s surrogates will ensure these are built with high walls to prevent casual observers from watching what transpires inside.

His rich enablers will buy up all media outlets and ensure that no news story discussing these centers which is not approved by the Administration leaks out. Trump will shut down any remaining news outlets to seal the information leaks.

They will gather the people they consider “undesirable” in these deportation centers and staging areas.

And they will kill them there.

This is the end result that a Donald Trump dictatorship will arrive at.

We have seen this story before. We know its outcome. And we have no excuse to allow it to be repeated.

Posted in Uncategorized | Leave a comment

Advice on Getting Through a Layoff

I struggled a bit deciding whether to write this one. This is a tough time for everyone – some of course, worse than others – and having been through this sort of thing once or twice, I thought I’d put some advice together. I hope this helps.

Being laid off sucks, there’s no two ways about that. For whatever reason it happened, having your job end is one of the top three disruptive events in a person’s life (the other two are getting married/divorced and moving to a new home).

First, and possibly most importantly, remember that this isn’t personal – this is an event which simply is. When companies absorb one another, redundancies and layoffs are a natural occurrence. This isn’t your fault, it’s simply a confluence of events that had a bad outcome. Don’t blame yourself for what happened here. You can be the best at what you do, and still when the companies don’t have a space for you after a merger, it ends in a layoff. It wasn’t because of you, it was just how things worked out.

Second – how to talk about it. And you should, with friends and family, to help work through it. If you have a spouse, remember that you’re there for each other – you have a close ally there. Spend time with a close friend or spouse to talk through your feelings. Trust me, it helps.
Talking to children about the situation will depend on their age, of course, since kids can be a bit sensitive when it comes to potential instability. A six year old will not hear “dad lost his job” the same way a sixteen-year-old would. For younger kids, it might be better to phrase it “mom’s going to change to a new and better job.”

And be aware of their feelings, too – they’re little sponges, they pick up on nonverbal queues a lot better than we usually suspect. A tummy-ache can often be a sign of anxiety. Your mileage may vary, my kid tends to stress out about little things that are unrelated to her day-to-day if I’m having some kind of issue. If you’re going to change some of your regular activities, even if it’s only temporary, try to plan some other replacement events so that you don’t self-isolate.

Third – take time for yourself. Losing a job often means having some involuntary distance put in between yourself and friends you have in the office, whom you won’t see as often. If you don’t take care of yourself during this period, it can exacerbate the feeling of separation. Are there some things you always wanted to do but never had the time? Maybe a couple weeks of free time is just what you need to do a project or two that you wanted to get done. Helping others can be remarkably therapeutic, too – whether that means volunteering at a community center, doing something with your church, or even just helping a neighbor, it can give you a chance to remind yourself that you yourself are intrinsically valuable.

Set a schedule for your days, especially those spent in job-search time. Getting up at a regular hour, spending some time checking responses and doing some job-hunting, then an hour or two of exercise, however you lay it out. Just give yourself a dose of routine, in order to avoid spending all your time staring at a screen waiting for emails to come in, etc.

Fourth – be careful of bad habits building up. Overeating, or over-use of substances such as alcohol, can sneak up on you during stressful periods. Don’t swear them off entirely, just remain attentive to your own health. This is another reason to spend time with friends and family, because having their presence can give you the endorphin boost that you might otherwise seek in the fridge ).

Fifth, and the last one for now – set aside a little time each day to remind yourself of the things you are thankful for. “I’m so lucky to have a friend like ..” or “I’m really glad of ..”, or even “What a nice sound the rain makes.” Training your mind to be grateful for good things will help you avoid depression, and keep you positive in your interactions with others.

As these things go, all advice is just that, advice – I do hope this helps some folks. If so, the only thing I would ask is that you ‘pay it forward’. Someday, you might know some other folks who are going through a troubled time. Reach back to your memories of how you got through this one, maybe some of this will help them too.

Posted in Uncategorized | Leave a comment

Brewing Basics – what you need to start homebrewing

First item!

Charlie Papazian’s “The Complete Joy of Home Brewing” – The Complete Joy of Homebrewing Fourth Edition: Fully Revised and Updated : Papazian, Charlie: Amazon.de: Bücher

That’s a great book, full of good recipes and even better advice.

I’m going to assume something here – that your average batch will be about 20-25 liters in size.  There are some kits out there which do 5-liter batches, but given the amount of work that goes into making a batch of beer, it seems trivial to brew only ten bottles of beer.  That’ll be gone in a day or two if you do it right :). 

Next up:  a basic brewing kit. 

Wherever you get it, this should include at least the following:

– a decent sized fermenter (20-30 liters or so)

– a bottling bucket of about the same size as the fermenter (could be a second fermenter, they can do double duty), ported towards the bottom of its side with a spigot/faucet  

– an airlock for the fermenter

– some kind of capper (usually comes with 50-100 caps)

– stirring paddle

– cleaning compound (some brand of Oxi cleaner)

– a siphon for moving finished beer from the fermenter to the bottling bucket.  Bonus points if it can be started without sucking on it.

– thermometer

– hydrometer (measures specific gravity of the beer before and after fermenting) with testing tube

Should cost between 50-75 euros.  Really fancy ones might go to a hundred. 

Usually starter kits will come with a mix of additional stuff, but this is where you’ll be glad you bought the more expensive one.  This one appears to be pretty much perfect:  https://braumarkt.com/Starter-kit-beer-brewing-PREMIUM

Next:  a kettle to boil your ingredients on the stove. 

This should be a solid metal vessel of 20-30 liters capacity, with a lid, and make sure it’s compatible with your stove top (i.e., if you have an induction stove, make sure it has a steel bottom).  It doesn’t have to be exactly your fermenter’s capacity, but you want to make sure you have plenty of room in there to avoid boil-overs.

Speaking of which, boil-overs will happen.  They just will.  It’s going to be a hot, sticky mess.  But it’s a rite of passage.  Consider it that you’re making an offering to whichever god rules over alcohol in your pantheon of choice.  Relax, have a beer, and laugh it off.

A kettle is probably going to be your most expensive item on the list here.  Even a 12-liter one runs fifty bucks here in the EU, and the larger, heavier-sides varieties will get up into several hundred Euros if you’re not careful.

On the plus side, your brew kettle can also serve for making soups and stews for large parties, so you can use that as an explanation for your spouse.  Here’s a good one at a pretty reasonable price:  Easybrew Brewkettle 36 liter with tap – buy cheap at Braumarkt

Next Item:  Bottles! 

This part is going to be easy.  Since it takes 1-2 weeks for beer to ferment out, you have some time to buy some beer and empty the bottles, saving them for re-use at home.  If you prefer a crown-capped bottle, that’s fine, but I like the swing-top ceramic caps with the little gasket.  They make the effort of bottling a LOT easier. 

Regardless, you’ll need 45-50 clean and empty bottles to receive your first batch.  If you decide to go with swing-tops like me, I have found that the brand “Mönchshof“ uses a glue which is very soluble in water, and that means the labels will just slide right off in the dishwasher.  If you’re going to do another batch before the first one is finished, you’ll need more bottles – which means emptying more bottles :).  Maybe have some friends over to help you free up some bottles while you watch a game or something. 

I have also found it very useful to buy beer in 11-bottle cases for carrying the brew around.  The 20-bottle ones are workable, but they’re very clunky and hard to manage if you have stairs in your house.  Easier to carry two 11-bottle cases, one in each hand.

Best part of this, is that when a bottle gets old (the gasket starts to develop cracks, etc.) you can simply return it and get a new one from the market.  You also are basically paying fifteen cents a bottle and four or five Euro for a case, whereas you’d pay over a Euro per bottle and eight to fifteen for a case if you purchase them new.   

Next:  A clean, empty book.

Preferably hardcover with a glossy finish, because it might get splashed.  This is going to be your recipe book.  You write down everything in here.  Ingredient list, timing when you added what, the original gravity / finishing gravity, tasting notes, etc.  There’s going to come a day when you hit on a really, really good recipe and you’re going to want to make it again.  If you don’t write everything down, you risk forgetting a critical step.  I still have my original book, goes back to 1992, and I’m really glad I kept it around.

Last Item:  A pre-boxed beer extract kit. 

I’m going to steer you towards extracts as a starting point, because they’re easier to deal with, you’ll have a greater success rate with them, and the beer you get from these is a great jumping-off point.  If you end up enjoying the hobby a lot, I can give you some pointers on what sort of equipment you’ll need for doing a grain mash, but that sort of complication is for when you really want to dig in and start getting nerdy about it. 

So we’ll start with a good solid extract kit to give you the best chances for a great kick-off.

Many extracts come pre-hopped, which is also a good place to start, but I think you’ll want to start buying hops and hopping your beer on your own almost immediately.  We’ll start with an all-in-one kit, but your second batch of beer is likely to be the place where you want to buy hops and hop it yourself.  I’ll mention that in my “optionals” category.

For the hopped kits, good brands include “Mangrove Jack’s”, “Munton’s”, and you’ll quickly start to see some common names.  Here’s a good example of a starter:

Mangrove Jack’s Craft Series Irish Red Ale (braumarkt.com)

That’ll make 20L of a nice red ale, and everything you need is in the package.  For now you want to stick with ales, as lagers require a cold-storage space for your fermenter.  Unless you have access to a walk-in fridge or you have a separate kuhlschrank that can fit your fermenter, a lager will be…difficult.

You’re ready to brew your first batch of beer!

Here’s the timeline I follow:

Friday night or Saturday: clean and rinse my fermenter, get my ingredients lined up, get the kettle ready.  Cleaned gear dries overnight.

Sunday:  brew day – you can expect a brew to take 2-4 hours from start to finish, depending on how fast you can get your kettle to boil all that volume.  When you start working with all- or partial-grain mashes, that’s going to add another 2-3 hours to your timeline.  With a wort chiller I’ll pitch the yeast as soon as I’ve cooled things down.

Sunday night or Monday morning:  If I didn’t use a wort chiller, by now the wort has cooled enough that I can pitch the yeast.

Fermentation takes 1-2 weeks.  Longer if I do a secondary ferment.

When I’m ready to bottle…

Friday night or Saturday:  Bring the bottles out of storage, make sure the gaskets aren’t cracked, and that there isn’t any gunk in the bottle (PBW if there is).  Make sure I have enough bottles for the volume in the fermenter.  Wash them all with Oxi and park them to dry overnight.

Sunday: bottling day.  Transfer the brew from the fermenter into bottles.  Set aside three bottles and store the rest in a cool, dry place (Kellar). 

Over the next three weeks, I open one bottle each week to test how the carbonation is coming along and see how the beer looks.  Usually it’s ready by week 2, but week 3 is guaranteed to be finished.

Quick advice:

  • Sanitize everything that your beer will come into contact with using Oxi cleaner (I’ll link another variety in my “optionals” section).  Clean and sanitize everything the day before you brew, then let it air-dry overnight turned upside-down so you don’t accumulate wild yeast and other contaminants.  Make sure your work area is clean.  You can’t be too cautious when sanitizing.  Everything else can go perfectly, and your beer will end up tasting like soap or worse because some wild microbe got in and had its way with your beer. 
  • Tap water in this area is perfect for making beer.  Munich has some of the cleanest water in the world, and the mineral content can’t get much better for brewing.  Don’t waste money on getting bottled or distilled water, or additives to change its nature unless you want to really perfectly emulate a specific region.  Excess minerals will fall out of solution during the ferment. 
  • Don’t open your fermenter unnecessarily.  Once you pour the beer in there, cover it (do *not* seal it air-tight right away, as it cools the air inside will contract and create suction, making it really hard to re-open the fermenter) and wait for it to cool down.  Once cool, you can pitch the yeast, and then you seal it air-tight with an airlock to let CO2 out.
  • Don’t pitch your yeast when the beer is still hot!  If you have an infrared thermometer for testing when you’re ill, that’s a perfect tool to check the temperature of the fermenter without opening it.  Once it’s down to 20C or less (might need to wait overnight), you can pitch the yeast in it.
  • “Wake up” the yeast before pitching.  Make 300ml of “starter” using either some of the beer or some table sugar (100g should be plenty).  Dissolve the beer/sugar into the water, let it cool, and then dump the dry yeast in there, stir.  Let it sit for half an hour, the yeast will dissolve and the stuff will get cloudy.  When foam starts to form on the surface, it’s awake and ready to start making beer. 
  • Buy a bottle of cheap, crappy vodka.  Use this in your fermenter’s airlock instead of water.  This is just in case the fermenter cools a little bit and sucks fluid into your beer from the airlock.  Cheap vodka will kill and disinfect anything that gets into it (like fruit flies), won’t add any strange flavors to your beer, and adds an extra layer of protection.  You can also use it to make extracts of spices and fruits to add certain flavors to your beer, or just to have in the kitchen to use with food.
  • Make sure your bottles are clean, inside and out.  Rinse them as soon as you empty them, and run them through the dishwasher.  A small bottle brush is a worthwhile investment, as is some PBW cleaner to get rid of stubborn caked-in residue.  If a bottle has some kind of stuff in it that you can’t get out, don’t use it.  Return it and get a new one.
    • Once you empty a bottle, give it a quick rinse with water and run it through the dishwasher.  Then store it upside-down and open before its next use to avoid dust settling in it or mold growing on it.
  • Don’t be afraid to taste your beer!  Set a little aside before pouring into the fermenter and let it cool to get a taste of what it’s like beforehand.  Some some aside when bottling to build an understanding of what happened in the fermenter. 
  • Don’t stress out.  Just have a beer, relax, enjoy. 

Optional Stuff

Hops and hop bags – Hops are basically green flowers, which produce an oily acid called “alpha acids” which are responsible for bittering and preservation of your beer.  I generally prefer full-flower hops myself, but I have also used pelletized hops with no problems at all.  Hop bags are disposable muslin cloth sacks that you can cram your hops into and tie off, then drop in the kettle for boiling.  When done, you can fish them out with a strainer and rinse with boiling water to recover the wort that is clinging to your hops.

Warning for Pet Owners hops both before and after use are deadly poisonous to dogs and cats.  Something in the alpha acids of the hop turns into a weird alkaloid in their digestive system, which will destroy their liver and kill them painfully.  Spent hops should go straight into covered trash.

Bottle filler – this is only marked optional because most of the starter kits don’t come with it automatically.  Costs less than five bucks, and will save you a lot of grief opening and closing the valve on your bottling bucket.  Basically you attach this to your bucket with a short length of silicon hose, open the valve on the bucket, and now you have a spring-loaded filling wand.  Abfüllröhrchen | Hobbybrauerversand, 3,19 €

Wort chiller – your hot pre-beer in the kettle is called “wort”, and getting it down to cool temperature quickly is a valuable trick.  This helps prevent contamination, and makes your wort more comfortable for the yeast you’re going to add.  A chiller is a great tool to accomplish this.  Usually these come in the form of a big copper or steel coil that you attach to your faucet with some silicon hose.  You attach the hose to the faucet, dip the copper coil into the boiling-hot wort, turn on the cold water (making sure the return hose empties into the sink), stir a bit and in minutes your wort will be at pitching temperature.  That’s a big plus. 

Measuring pitcher – a 3L or 5L plastic pitcher can be really useful in getting water into various containers that might not fit under your kitchen faucet.

Funnel – if you have a fermenter with a small neck (most of the clear PET plastic ones will), a funnel is a must-have.  Most brew shops have big funnels for just this purpose.

Paper towels – remember how I said you’d have boil-overs?  Yeah, you’re going to spill water, too.  You’ll be glad to have a few extra rolls of paper towels around.

Kitchen scale – something that’ll handle measuring up to a couple hundred grams will be sufficient.  When you start measuring hops for your own brew recipe you’ll need to start being more precise.

Irish Moss / Finings – there are several types of “fining” products, the best of these I’ve found to be “irish moss”, which basically is a dried seaweed called “caragheen”.  You add this to the boil about fifteen minutes before you turn off the heat, and it ends up in your fermenter.  Because it is very mildly charged, it attracts proteins out of solution during the ferment, which improves the clarity of your finished beer. 

Unhopped Malt Extract – sometimes it’s difficult to determine which malts are already hopped and which ones aren’t.  BrewFerm is a brand that makes it pretty clear – they include a marking just above the title of their malt type with “unhopped” in black.  You can also usually assume that if a can of malt comes with its own yeast and is marketed as a “kit”, then the malt is already hopped.  Weyermann is another brand that specializes in unhopped malt extract, though theirs is offered in only large-size containers of 4kg each.  That’s about 1kg too much for a 20-liter batch, but if you’re pushing up into the 25L range it can work out just about perfectly. 

Blowoff hose / silicon hose – during the first day or three of the ferment, a beer can be…enthusiastic.  It’ll push up a big load of foam, and in the limited confines of a fermenter, the only way out is through your airlock.  This will happen, it’s just part of the deal.  But if you set up a blow-off hose instead of an airlock for those first few days, you’ll catch the excess and can direct it into a waiting bucket or pitcher for disposal.  It’s also useful to have a few meters of extra hose around for when you buy a wort chiller. 

Beer “enhancers” – these are sold in 1kg bags, usually labeled for light, dark, etc.  They’re generally 50/50 dry malt extract and brewer’s sugar.  If you want to up the alcohol content of your beer without dramatically affecting its character, adding one or more of these is very useful.  Gozdawa is a really solid brand for these. 

Carbonation Drops – if you go “by the book”, then at bottling time you normally would dissolve a cup or so of malt into some water and add that to your finished beer, which would give you just enough sugar in each bottle to provide natural carbonation.  An alternative to this is “carbonation drops”, which are basically small sugar pills.  You add one to each bottle, fill and cap, and your sugar requirement is dealt with.  I did the cup-of-malt thing for a thirty years, and tried the drops a few years ago – both methods work very well, and the drops add a dose of convenience at bottling time which I really like.  I’ll probably keep using them for most brews. 

Oxi Cleaner– Stuff like “Chemipro” (Chemipro® OXI 1kg Braureiniger Reiniger für alle leicht beschmutzten Materialien und Flaschen beim Bier selber Brauen : Amazon.de: Küche, Haushalt & Wohnen) is really good for sanitizing your gear before you brew / ferment, and great for cleaning bottles.  You mix some with hot water, rinse your gear with it, and let it air-dry overnight.  Very helpful, very easy, and a 1kg bottle of this stuff goes a really long way. 

PBW cleaner – PBW (Multifunktionelles Reinigungsmittel für die Nahrungsmittel- und Getränkeindustrie 450g : Amazon.de: Gewerbe, Industrie & Wissenschaft) is sort of the “big brother” to Oxi, and when you have equipment that has particularly stubborn staining or gunk on it, you make some of this PBW with hot water, fill the container, and let it sit overnight.  PBW can eat almost any organic contaminant.  Definitely want to rinse the equipment with clean water after exposure to PBW, and make sure there isn’t any left in the container.  It will ruin the flavor of your beer if there’s some that gets left over in a fermenter or bottle.

Bottle brush – definitely worthwhile, though you won’t need it much.  Your friends and family will end up returning bottles to you on occasion that have been allowed to get a little moldy.  Having a brush and some PBW will be a good thing.

Bottle tree / drying rack – bottle trees are a set of threaded racks that fit on a large base designed to collect drip-waste, usually cost about twenty bucks, and are super-useful when you are washing and drying your bottles.  This one is similar to (might be the same one) as mine:  Abtropfständer für 80 Flaschen | Hobbybrauerversand, 19,99 €.  The top rack will seat a bottle rinser, so you can set up your system to do a quick three-squirt with Oxi from the rinser, and drop the bottle directly on the rack. 

Bottle rinser – if you’re getting a tree, get the rinser.  Flaschenspüler Avvinatore | Hobbybrauerversand, 15,99 €.  Make a liter or two of hot water with a little bit of Oxi in it, and fill the bowl up, and park the rinser on top of the tree.  You then can give each bottle a couple of squirts of solution to clean it out for sure, set it to dry on the tree, and leave it overnight to be ready for bottling day tomorrow.

Bottle jet – this is a device that screws onto your faucet where the aerator goes, and is able to direct a jet of water up into a vessel.  Very handy for rinsing out fermenters and bottles.  Deluxe Stainless Steel Bottle Washer, 19,95 € (hobbybrauerversand.de)

Posted in Uncategorized | Leave a comment

Open Source: A Qualified Failure

Been having a discussion on another board regarding the “open source” movement, and whether it has been a force for good or bad. And I have to share my thoughts on this, that it has been resoundingly terrible – the open source movement has been the worst thing to happen to computer science since the invention of the bug.

I can think of at least a half dozen companies that had truly innovative and competitive products, companies which died as a result of the plethora of half-baked “free” versions of similar software which never lived up to promise, and which invariably failed in critical ways.  Some of those companies were gearing up to offer competitive desktop OS software that could have forced Microsoft to the table and could have generated honest competition with MS.  

Instead, we get a constant barrage of 80%-finished products which have no coherent product management behind them, which are almost never backwards-compatible (or often forwards-compatible).  Often including “poison pill” GPL licensing that prevent any sane company making a finished version.  

Oh, and did I forget to mention that all these “god’s gift” open-source products are rarely given anything more than a cursory testing regimen?  And when no one is QC’ing this beatch, anything could and will go wrong with them.  I recall all the numpty Linux heads back in ’99 and ’00 trumpeting about how having open source was more secure than proprietary software…don’t hear much out of them any more, not since it was discovered that SSL had a major breach which had existed for twelve years being exploited with no one noticing. 

Nope, open-source is a hobbyist infection that has caused immense and crippling damage to the entire industry of computer science.  It reminds me of the obsession with Communism as a utopia back in the ’50s.  Lots of idealists with no real plan for how to actually make it work as intended.  

Look at what’s going on in advancements in computer science just this year. AI developments are going bananas, with all manner of cool opportunities coming up. The drivers behind these? Proprietary software companies competing with one another. Not one single open-source project is in the news as a source of innovation, among what, like six new releases this week alone? I will grant freely that TensorFlow and PyTorch are popular tools within certain AI circles, but I will also suggest that these tools succeed not because they are open-source, but in spite of that. They are single-purpose tools, not AI products themselves.

Open source is a failure. Worse, it is actively retarding the advancement of computer science and engineering. It traps good minds into thinking they are accomplishing something, when in reality they could have been contributing to a better future for everyone – including your grandma, who still doesn’t know how to use her computer. I submit we’d have had “Cortana” or “Siri” or (insert name here) being a genuinely useful version of “Clippy” driven by something like GPT3+, twenty years ago, if we’d not had this massive and worse-than-useless distraction. If all those good intentions had decided to put themselves to work and formed a collective association of ethical coders instead of the dippy “protest coding” it turned out to be, the world would be a very different, and very much better place. We – as software professionals – would also have had an opportunity to form a power base that could influence the companies that shape the future, and drive it towards better practices.  

But we didn’t. And we have been paying for it for decades. 

I will also step down from this pulpit for a few moments to point to places where “free” options have been extremely successful – highly-focused, simple applications. In these spaces, my argument falls short. PuTTY, FileZilla, Apache, Chromium, again TensorFlow, Docker, these spring immediately to mind (though in the case of Docker, I think it was just some script-kiddies who couldn’t figure out what they needed to build a clean installation script, so they just decided to clone the development desktop environment instead and call it a “dock”). They are very narrow in scope, and have very little “wiggle room” for interpretation of their purpose. A talented developer could whip something like that up over the course of a summer and call it done. They also don’t present themselves as highly-marketable apps – I can’t think of the last time someone in my orbit who actually paid for web server software or an FTP client. I will openly admit that in cases such as these, the open-source community has stepped up and provided apps which probably wouldn’t have found a simple commercial solution.  

But all that said, I stand by my original point – we are far worse off having the open-source “movement” around, than had we let the commercial proprietary companies have at each other. We still would have had “freemium” software and the variety of “private” projects by hobbyists acting under non-profit status, and we also would have had a lot more success as an industry.

Posted in Uncategorized | Tagged , | Leave a comment

On the Nature of Black Holes…And Relativity

For some time, I’ve contemplated the nature of these mysterious behemoths, and I feel they have been somewhat misrepresented in their public image. Possibly misunderstood even among the scientific community. I’d like to address them from the stance that rather than being a place where “physics breaks down” as we often hear, they are instead a place where we observe “physics at its most extreme.”


Specifically, it has always bothered me to hear people say “when this object falls in…” This is, and always has been, physically impossible. Relativity insists that it will never be possible to cross the border of a black hole. Yet this is something we have actually observed – we’ve seen stars “fall in”. I am going to point out that we aren’t seeing them “fall in”. Not at all.

Relativity has several things to say about objects falling into a black hole, how the distortion of spacetime caused by gravitational acceleration will twist things up – let’s address each of the effects, and then I’ll go over how those effects then imply the formative moments of a black hole’s birth. Finally, a brief summation.

Time

OK, so let’s deal with the first, and easiest to view, aspect. That aspect is time. We’ll use an astronaut in our example to keep things “classic” – Major Tom (thanks, Mr. Bowie). He’s falling towards a black hole. A big one, a “gentle” one to use the phrase from the character Romily in “Interstellar”, so he’s not going to be spaghettified. (If it were a smaller hole, then yes, he’d get torn up and yadda yadda yadda all down to atoms or subatomics if you carry it to that extreme. That’s an aside.)

The apocryphal story is that if it’s a big enough hole, he could conceivably cross the surface without being killed and possibly see what’s inside, but like an astronomical Cassandra, Major Tom will never be able to get the message out as to what’s in there.

That image is, to put it bluntly, false. He’s never going to pass the horizon. The border he’s never going to cross is in actuality a surface, rather than a “horizon”. It has been represented in popular media as a non-physical boundary that simply represents where light can no longer escape. In actually what it is, is a solid surface upon which Major Tom – or at least, what’s left of him – will impact and merge. And we’ll get to that in a little while.

Back to what I started with – time. Let’s begin by looking at how time represents itself as a dimension of space. Hermann Minkowski first twigged to the nature of time in this fashion back in the late 1800s, while studying Maxwell’s laws of electrodynamics. He represented time as an additional dimension on top of the three we are already familiar with, which helped to explain why Maxwell’s laws came out looking so elegant. He posited that if you were to lay out a 2-dimensional diagram of X and Y coordinates, by “rotating” one’s perspective those axes could represent length, width, breadth, and time. When you use X being one of the space axes and Y being a time axis, then a thing which is at rest in space would be represented by a vertical column as it “traverses” time. Any motion within space would tilt that line of traverse to an angle.

And when one reaches c, then in practical experience time ceases to pass, because there’s no wiggle-room for the object to make any progress on the time axis (or, as it turns out, on any other). On the graph it would look like a 45-degree angle, but from an experiential perspective time just stops.

There’s absolutely no place for Major Tom to move in time. Space has been compacted to its fullest extent – in effect, all four dimensions are compacted into a point (if you drew it on a chart, any X or Y axis would only allow a single value, with no “range” to maneuver on). But it does not rip. That’s one of the kickers here, which conflicts with what you often hear when people say “Oh, the laws of physics break down inside a black hole.” No, they don’t. They reach their limits, but there’s no break-down. First off, because there really is no “inside” the black hole. Externally, it’s not really a hole, it’s a ball to our perception, it’s a solid piece of matter – for all intents and purposes space has compacted to a one-dimensional point that happens to have perceptible size to us, and what we have been calling its “horizon” is the solid surface of that point – and the accumulation of black hole matter upon it.

What kind of matter is that? That I couldn’t tell you. But Einstein’s relativity makes it quite clear that everything halts at the surface, where acceleration reaches c and space-time becomes completely compacted and clogged. And we’ll get to why soon. First things first. As we said, time this is the easiest one to conceive of – and because of the enormous gravitational acceleration, time locally drops to nil.

Sidebar
From Major Tom’s point of view, time is ambling merrily forward for him as if nothing abnormal were happening. However, the universe around him speeds up and up and up. As he falls towards the surface of the hole, his perception of the universe experiences a dramatic change.

The rest of the universe is ticking forward as expected from outside of the effect of the hole. So as Major Tom’s experience of the universe swiftly tightens, light and matter continue to fall into the hole, and any of it that comes from a vector that intersects Major Tom will line up right behind him. Depending on how the hole twists space up, there may only be one vector from which things approach the center of gravity.

All of that stuff falling on the hole throughout the lifetime of the universe, or at least the lifetime of the hole, hits him all at once. It’s been energized by the gravitational acceleration, and it all lands on his ass as he goes in. So basically as he’s falling, as he reaches the surface, he gets blasted with the most powerful pulse laser ever invented or ever to occur in nature. In effect, an X-ray laser nuke has just gone off behind him. Whatever internal structure hasn’t been torn asunder by tidal forces is going to be completely annihilated by the influx of a lifetime’s worth of matter-energy hitting him all at once.

Remember, looking at him from the outside, there’s no time going on. So there’s no time to stretch this event out in. It all piles up to occur in a single moment, a now, which comprises the lifespan of the hole. So he floats in thinking it’s going to be a gentle ride and he’s going to cross the surface to get a peek inside, and just as he reaches it, bam, he gets blown away by the biggest space laser ever. I guess we’ve discovered those space lasers.

Mass

Back to the discussion. Major Tom also represents an element of mass and/or an element of energy. When he reaches the hole, what happens to his mass? “What happens” is kind of a misnomer, since there’s no time for things to happen, but linguistically it’s what we have to work with. As a result of relativistic effect his mass rapidly ratchets up to infinity. Now this is impossible from the perspective of someone outside of the hole’s reach. We know he weighs 80kg, his suit weighs 120kg, so he’s 200kg of “stuff”. His mass can’t be more, according to conservation of energy, so obviously he can’t be of infinite mass. We’ve measured black holes. They have specific masses (usually expressed as a number of solar masses), we can see them dance with solar partners, we can see what happens to orbiting material. And we can calculate their overall mass, so obviously they don’t reach an infinite mass.

But according to relativity, as he approaches lightspeed, his mass literally reaches a state of infinity. And now that I’m looking at how this works, I can see why physicists hate infinities so much, because they really shouldn’t exist. But yes, he does reach an infinite mass. It is unavoidable – he is approaching lightspeed, and the math is undeniable. What’s more, we’ve observed mass changes in objects which follow the changes predicted by relativity. It really is happening.

But we have two measurements here, one from outside the hole’s effect and one from within it. Both are equally valid, according to relativity.

Recently, we’ve had validation of the Higgs field being responsible for granting mass to matter. As matter passes through space, it meets resistance in the form of inertia, which increases as the relative velocity increases, and the Higgs field is responsible for that resistance.

Call this a prediction – someone might have already posited this, I don’t know, I haven’t read 100% of the literature – but prediction nonetheless: with objects subject to the intense gravitation close to the surface of a black hole, the Higgs field will be bound up so tightly that it causes a localized mass of effectively infinite magnitude. I think we’re going to find that the Higgs field “spreads out” over the four dimensions, such that when time flows at its most free in deep space and uninhibited by objects of mass, one’s experience of the Higgs will be at its most minimal, “at rest” as it were. As spacetime gets constricted, however, there will be less “room” for the Higgs to spread out in, and as a result any matter within constricted spacetime will have to contend with a compressed Higgs field. It would follow that the Higgs bozon which was recently discovered at the LHC, might appear to us at different energy levels depending on how loosely or tightly local space is constricted. If we were to set up a properly-sized collider in zero-G, then the Higgs particle will be observed at an energy lower than the 127GeV we see it when performing detection on the surface of the earth.

Update 7/5/2023: Could it be that mass itself, or the Higgs which influences it, is a dimension? Similar to how we experience the dimension of time, perhaps we experience this other dimension as mass?

So to boil it down, the effect of the Higgs field will be inversely proportional to the availability of the various dimensions, including time. That would mean that the Higgs field expresses itself across all four spatial dimensions, and when those dimensions are compacted in the presence of a large attractor, the normally constant effect of the Higgs field is applied in a smaller space, thereby it is concentrated into whatever remains of them. This then grants a layman’s explanation for why mass increases for objects approaching lightspeed (Einstein was far better at math than I am, and his expressions are a much more accurate version of this).

Back to Major Tom – as we watch him slow down and fade away, his space becomes more constricted, and as a result his mass takes a sudden, steep increase as he gets nearer and nearer the surface. And as a result, he begins to exert more and more gravity upon himself. Of course, time is dropping away too, so the acceleration of this gravity is less and less notable to him, its per-second-per-second affect being peeled away by the very dilation that is amping up his local mass. It may become sufficient to overcome his internal structural integrity, much as there could be tidal forces that spaghettify an object. Except in this case, the object might collapse upon itself.

This is observed in the accretion disk, where fusion from stellar gas continues to happen, despite the star(s) being ripped apart and their own internal gravity no longer sufficient to maintain fusion of their material. The pressure within the disk builds up not only because of the volume of the material, but because the material itself is becoming more massive.

From outside, the material approaches the hole, becoming more massive but at the same time running more slowly, so as we see it the light emitted from the material begins to fade. It doesn’t emit as rapidly (photons per second) because less time is passing, and the emissions that do occur are red-shifted due to acceleration, thereby dimming what does get emitted, so overall it is steadily disappearing from view. From its own perspective, the material is compacting, going through fusion well beyond iron (at which point it stops emitting energy and consumes it instead) and into the compaction of atomic nuclei into neutronium, and possibly deeper into quark material. This will happen in the milliseconds before reaching the surface, but it will happen to all material falling in.

So it’s likely that Major Tom is going to compress locally to a point where his atoms will begin fusing. But externally his 200kg still adds to the mass of the hole (minus what gets converted into emissions that escape as he accretes). He will likely turn into at least a ball of tin foil with a hot mess of biological matter inside it as it descends.

Length

Now that’s all great. However, we’re we’ve got one more effect that we haven’t talked about yet.


His length.


Relativity’s conservation of angular momentum demands something particularly curious (which yes, has been observed) in addition to the dilation of time and escalation of mass. As it approaches c, an object’s length begins to compress, to the point where it will approach zero.

At lightspeed, its length is nil.

Along the axis of gravitation, Major Tom steadily becomes thinner and thinner, to a point where at the surface he achieves two-dimensionality.

As if his problems weren’t enough already.

We’ve already seen above, as his mass ratchets up and time slows, he gets compressed as his suit collapses around him, becoming a gross mess inside a tin-foil ball. But because of relativistic warping of his length, it appears more like a tinfoil plate. It will be a roughly flat one, its curvature matching that of the hole’s surface, as the force of gravitation will be straight towards the center of gravity.

Time has stopped. His mass has skyrocketed to Infinity. His length has lessened to close to zero. He has become a two-dimensional, infinite mass for which time has ceased – and this is where the really interesting part happens, he never crosses the surface.

At some point that mass and its attendant gravitation, along with his vanishingly small length, will exceed the Chandrasekhar limit on its own in the direction of the axis of gravitation. Major Tom becomes, all by himself, a black hole. He becomes the surface.

Our observations of stars vanishing “into” a black hole, I submit, are not transits of a boundary. That stellar material is quite literally becoming black hole stuff, plastered on the surface of the existing hole. The Chandrasekar limit isn’t describing where the boundary is – it’s describing where the beginning of maximal compression takes place, the surface of an object. Unfortunately, determining that requires mathematics beyond my capacity.

I submit here, that a black hole is not some “empty space” with a teeny tiny singularity inside – it is a solid body. It is made up of all the maximally compressed matter and energy that has ever fallen into it, bound up in maximally compressed spacetime. What we see as city- or solar-system-sized “holes” are solid objects whose surface exists spread upon a medium of spacetime that has been compacted as far as it will go. Just as a neutron star is a solid body of compressed matter, a black hole is simply the most compacted form of matter and energy there is, within the most compacted form of space-time there can be. Rather than breaking down the laws of physics, a black hole is the embodiment of them. It represents those physical constraints at their most extreme. Within it, we have achieved some phase of matter beyond what we know – matter and energy have become a single homogeneous material.

I don’t know this for sure, I obviously can’t look. I can’t see that closely. This phase of matter may be a fluid, it may be a solid, I don’t think such qualifications can be applied here.

But we’re still dealing with a form of matter that has been maximally compressed. And rather than being a rip in space-time or a hole in space-time, what we are seeing is the expression of matter and space-time at its most extreme. And no, the laws of physics do not break down inside a black hole. They reach their limit, their theoretical maximum of whatever measurement we’re trying to imply or measure, but they do not break.

Space being stretched to its maximum in this instance, we will have the result of what amounts to a spherical “pit”, which when graphed will look like the classical “stretched cone” diagrams everyone sees when talking about black holes. But in at least two dimensions the thing will have a property of motion, as it will be rotating – and continuing to accelerate in its rotation, if it has an active accretion disk. That rotation will steadily decrease over time, as it bleeds rotational energy into a steady, monotonous gravitational wave.

Formation

These all have implications on the formation of a hole, how it occurs at its initial moment.

I keep calling it a hole simply because the terminology has been there since I was a child. It’s not a hole, it’s a ball. It’s a solid ball, solid all the way through (which can appear deceptively large). From the moment that the maximal compression was reached, in the heart of a dying star. Or the moment that the primordial soup at the Big Bang reached maximum compression.

Which, when one considers it, may lead to the question of why isn’t everything already a black hole? During the bang, things were compressed pretty tightly, and it seems logical that things should have just remained together as a black hole. But then we get into “inflation”, wherein expansion exceeded the speed of light, which would certainly explain how we turned black hole matter inside-out and spewed out a universe.

(I put quotes around inflation for a reason – there is a clarification that can be done there, that what we consider “inflation” is actually evidence of a collision between two universes, one of space-time and one of matter-energy, but that’s a topic for a different essay.)

That spewage of universe back at the beginning doesn’t necessarily have to mean that all matter escaped black-holedom. There may very well be quite a bit of our universe still bound up in black hole material, fragments of the original impactor sailing around through space.

These original fragments may explain where some of the biggest holes originated from – superdense clumps that formed during an uneven expansion in the first moments of the universe. Who knows? Maybe the Great Attractor is simply a black hole so enormous that it would completely overwhelm our concept of size. We wouldn’t see it, because it’s not feeding, there’s nothing for it to feed upon. I don’t know. There would probably be some sort of residual image of it that JWST or a later telescope would be able to see, or a hint of it in the cosmic background, perhaps a lensing effect around it, or a greater red-shift directly before it and a blue-shift to the light lensed around it.

All of this black hole matter, the maximally compacted matter and energy, this exists in what is likely to be a homogeneous purest state of the stuff we consider to be “normal” matter. This stuff forms when gravitation – the warpage of space-time – compresses that matter to the point where it overcomes all of its own interacting forces.

When a star goes into collapse, gravity finally winning out over fusile pressure, all that mass cramming down towards the center, sooner or later some small pocket goes into maximal compaction. The atomic nuclei get pressed together, fusing far past iron and creating an energy vacuum, completely off the periodic table and into neutronium, that tiny core neutron star with overlapping gravitation not just of itself but from all the other crushing material coming in, the accumulation of forces finally reaching the tipping point of c.

Maybe it’s only a few atoms in size, maybe it’s the size of a full neutron star, but spacetime as well as matter achieves that maximal compression. From here, we end up with layer upon layer being forced onto the hole, each atom or molecule or quark plastering itself upon the surface, relativistic effects forcing them to each become black matter like a quasi-stellar onion.

And that star’s death continues to force-feed the hole, layer after layer of stuff being put down. It all goes through the same process we described for Major Tom previously. Space scrunches up and Its time slams to zero, the Higgs field goes crazy and its local mass explodes into infinity, and its length renders it effectively two-dimensional as it settles onto the horizon. Within its own Schwarzschild radius, the spacetime completely locks up, it crystallizes for all intents and purposes.

And as a side note, this is probably the only place in the universe where “vibration” cannot occur, and therefore perhaps the temperature would be considered to be absolute zero.

I want to term this stuff “black matter”, rather than dark matter, because it’s important not to confuse the two. Dark matter doesn’t interact with normal matter, whereas black matter interacts like a drunken undergraduate on spring break. Get too close to the door, and you’re going to get dragged into the party, never to escape the same again.

Summary

To synopsize, the popular conception of a black hole as a hole, as somewhere that physics breaks, is a false image. It may be due to the naming of it, the conceptual implication of the use of our language resulting in people viewing these as largely empty spaces. But Einstein laid out the rules very clearly – there can be no “hole” there, no demarcation border to be crossed.

Within our universe, we have limits – and a black hole does not exceed or break these limits, rather it embodies them. It is a solid form, of similar nature as other “strange” stars such as neutron stars and quark stars. Its black matter is the ultimate expression of the laws of gravitation being applied to “normal” matter and energy, maximally compacting that material into a homogenous ball.

With space having frozen in place in endless layers, this ‘cosmic onion’ also ends up preserving the matter which has fallen upon it – but any such matter has itself already been annihilated by the additionally infalling matter-energy, and maximally compressed into black matter itself.

Posted in Astronomy, Cosmology, Physics, Science | Tagged , , , , | Leave a comment

Protected: My Accenture Exit Interview

This content is password protected. To view it please enter your password below:

Posted in Uncategorized | Enter your password to view comments.

Delphi is 27!

We’re coming up on the 27th anniversary of the release of Delphi, a programming system that pretty much defined a big chunk of my career. It’s always been a great “secret weapon” in building fantastic software, and I’m proud to say I helped steer it for a few years back in the early 00s.


This year, we lost one of the core members of our team from back then, Danny Thorpe. Generations always come and go, but this one hit kinda close to home. We weren’t best friends, you know, just reasonably good ones. And this year, the anniversary makes me think back to the members of our team who aren’t around any longer.


There’s a lot of reasons to love working with Delphi. I guess I just didn’t realize there were a lot of ways in which the building blocks within it and behind it carry the echoes of all those old friends. But there they are.


I’m going to go back this weekend and reinstall my old copy from back then just so I can do the ‘team’ hotkey and raise a glass to our old friends, those who are both here and those who are gone.


Happy anniversary, everyone ).

Posted in Uncategorized | Tagged , , , | Leave a comment

An Open Letter to the Democratic Party

Are you people that stupid?

Really?

I used to think “No, they can’t be that dumb. They have to see this.” But apparently it has escaped notice.

I genuinely would not have thought so, but I guess someone has to spell this out for you. 

You MUST stop treating the Republicans as a political opponent.  They are no longer “another party.”  They are an avowed enemy of the United States of America, a genuine domestic enemy.  And you are failing to protect us from them.  While they wage an un-declared war against the people of the USA, you amble on merrily forward, pretending that your big old “Infrastructure Bill” is going to matter after Jan 20 2024. 

While you screw around, they are establishing with State legislatures the option to ignore election results and install their own people in office.  That is a DICTATORSHIP.  It is not the United States.  They are extinguishing the USA and you are sitting by, idle. 

Republican governors are establishing their own “state civilian military” forces, and you sit idle, thinking that the Justice Department will fix things.  Do you have any idea what those forces are for?  You haven’t thought about it much, have you?  You think it’s some kind of idle fantasy of theirs, don’t you? 

Let me spell out the situation for you, using a hypothetical situation that is likely to unfold next year. 

November 2022:  The House of Representatives becomes majority Republican due to gerrymandered districts.  A new Speaker of the House is appointed, likely to be a Trumpist such as Jim Jordan, or worse.

December 2022:  A MAGA militia member cultist assassinates President Biden and VP Harris.  Trumpist is 3rd in line of succession and is sworn in as 47th President.

December 2022:  Protests nationwide against the MAGA takeover occur.  Republican States with “civilian military” gun down protesters indiscriminately.  Locally, any allegations or charges of murder are dismissed using the Rittenhouse trial as precedent/justification.

Throughout 2023:  Republican State legislatures “reform” elections to be submissions of an electoral slate that they approve, ignoring any outcomes suggested by voters. The Federal Legislature is either completely stonewalled, or is in Republican hands. If the latter, the Filibuster is dismissed and Republican legislative agenda – which enshrines their one-party rule forever – is passed, signed by the “President”, and rubber-stamped by the “Supreme Court”.

2024:  gerrymandering re-captures the Senate for the Republicans if they don’t already have it, and a combination of gerrymandering and vote dismissal further entrenches the House in the hands of the Republican Party.  The Presidential election results are dismissed by State legislators, and Republican slates of electors are the default state of being for the United States.

At this stage of the play, legislation becomes driven wholly by Trumpist Republicans.  Elections are no longer of any consequence, and “democracy” as we know it in the USA is dead.  With gerrymandering the norm to claim legitimacy, Trumpists and sleaze-bag Evangelical Theocrats start amending the Constitution with rubber-stamp State Legislatures. The USA as we know it is dead.

This sort of fascist takeover has already happened in several countries worldwide.  It must be seen for what it is:  an attack on the USA, aided by an organized foe within our borders waging an un-declared war against us, funded by internal dark money and extranational money.

We’ve seen just how insane and violent these Trumpists are – they cannot be allowed to lay hands on the levers of power within our country again.  If you have any inkling of history at all, you know where this leads.

The strongest military force in the world cannot be taking orders from these lunatics.  QAnon followers with access to nukes?  Delusional fanatics with nuclear weapons? By 2030 we’d be in a nuke fight with China.

And you want us to be excited about your goddamned infrastructure bill? 

If you care in the slightest about the future of the world, you had best take this seriously.  They already tried a coup in 2020.  They are refining their process and taking steps to guarantee its success in the coming months and years. 

And if you stand idle, it’ll be you they end up sending to the gulag.  Assuming they don’t just publicly execute you on camera, on the front steps of the Capitol building.

Posted in Corruption, Crazy, Evil, Politics, Teabaggers | Tagged , , , | 2 Comments

Setting Up A New Fortigate Firewall

Sooo…my Cisco Meraki subscription runs out next month, and Cisco doesn’t want to talk to me about what their re-licensing options are. I like my MX64, the interface is really nice, and the device is super effective. But I can’t find out what they want to charge me for a fresh license, or even if they will sell me one. Their partners wouldn’t respond, they themselves wouldn’t respond, so I took the logical next step.

And I upgraded to a Fortinet firewall. I wanted a NGFW with full-service features, Fortinet’s got it. I wanted one that had a great rep, they got it. I wanted a good, clean UI, and they got it. Well, mostly they got it. I’ll say this – Meraki’s UI has Fortinet beat on intuitive nature, clean look, and logical division of features. It’s just better. But Meraki’s UI has a flaw: it is entirely cloud based. If I have a problem with my firewall, chances are high that I can’t reach the internet. And that means I have no method to work with my firewall unless I happen to have all the CLI memorized and the Meraki unit decides to be kind to me while trying to authenticate my login with Putty.

So I got myself a little Fortinet, a model 40F. Much like the Cisco offering, Fortinet uses the same web interface and commands across the board of their product line, so if you learn one you can run them all. Nice touch, that.

And it’s just so cute.  Who’s a widdle firewall?

And much like the difference between the UIs, the setup had a similar situation.  Fortinet just required a bit of a push over the finish line, and it was a frustrating push.  With the Meraki, it was quite literally a plug-it-in-register-go affair.  You could add more complicated configs after setup, but if all you needed was an above-average firewall that would let you go after setup, that was the bomb.  I had it in and running in ten minutes. 

Next-Gen v. Traditional Firewalls

You keep hearing about “NGFW” devices in network circles, but what exactly are they? 
 
Briefly, traditional firewalls worked on a port-and-IP basis, blocking undesirable connections by simply turning away traffic that wasn’t addressed acceptably.  Maybe it came from the wrong country, or asked for a port that wasn’t “open”.  This is called “intrusion prevention.”

NGFW devices do that too, but additionally they can inspect the contents of the packets that are accepted, and are able to filter traffic that contains unacceptable content.  For example, a NGFW might know to look for viruses or dangerous payloads in email traffic. 
 
As well, the NGFW is usually enabled with frequent updates to its library of dangers, or it may even perform cloud-based real-time inspection to catch zero-day threats.  A Fritz!Box just doesn’t do that.

Not so much the Fortinet. 

Which is why I’m writing this:  I want you to be able to do a fast setup and avoid the stress I had. 

So let’s go through it, shall we? 

When you get your new device, you pop open the box and the first thing you see is a “quick start” manual, which will do you no good at all.  I’ll explain why shortly. 

Beneath that, you’ll get a net cable, a power adapter (standard wall-wort with various national plug adapters), and of course the device itself sealed up in a plastic bag.  As well, a little sticky that has some simple steps on it. 

Position yourself within arms’ reach of your internet modem/router, and lay your things out around you in easy reach.  Have a laptop or other computer powered up and ready here.  Minimally you’re going to need the Fortigate device, its power adapter, two patch cables (LAN cables), and your computer. 

Important:  Don’t Get Ahead Of Yourself.  I had this device up in my office, getting it revved up to take over from the Meraki, and I was setting port forwards and a bunch of other stuff prior to the following steps.  That was a mistake that cost me a few serious head-scratches.  Some of that stuff conflicted with the basic setup and cost me time.

Yeah, that’s the sticky

1. Follow the instructions on the sticky, but not in the order given.

Do the “Cloud Setup” first.  Go register your name and enter the “cloud key” like it says.  

Next, assemble the power plug and plug the little critter in.  Attach your laptop or other computer to the device using the included cable.  Turn off WiFi if it’s on, and either enable DHCP (in which case you then need to tell your adapter to renew its IP) or set it to IP 192.168.1.1 with a subnet mask of 255.255.255.0. 

If you have a mac or an iPhone, do that Apple stuff.  Whatever. 

Open a browser and go to HTTPS://192.168.1.99.  < Note the “S” there.  Gotta have that.  The device by default won’t feed you a page if you’re not on HTTPS.  You should at this point be given a web page interface to the device.  By the way, the login is “admin” with no password.  It’ll prompt you to change that when you enter.


Should look a little like this (I pulled my ISP’s IP and the license server’s IP just to avoid confusion – your IPs will be different)

By the way, go look for my article on passwords.  You want to set a good one for your firewall.  And keep it safe in a manner that you won’t forget it.

It will also prompt you to register your device.  Ironically, you won’t be able to, so just tell it “later”. 

If it does not give this to you for some reason, get your vendor on a chat line or a phone line and have them walk you through enabling the web GUI (details can be found here: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34688).  I didn’t have this problem, so I don’t anticipate it to be common on new devices.

All good so far?  I hope so. 

2. Plug the Fortigate in to your modem/router.

I have a “Fritz!Box” 7490 here (yeah, I run multiple firewalls in a chain, call me paranoid if you have to), but this will work from a regular modem or other router, too.  The physical structure of your network when you do the setup should break down into the following:

Wall Socket > modem/router > Fortigate device

Where “>” represents a physical cable (it might also be wireless, but I’m not getting into that here).  So the wall cable goes into the “WAN” or “Internet” port (or whatever similar word they’re using on the brand you have).  You’d normally then have 2-4 “LAN” ports beside that which are supposed to lead to your computer or a switch or something. 

Take the second of your patch cables and plug it into the “WAN” port of the Fortigate (the first is running from the Fortigate’s LAN port to your PC), and the other end of it should go in one of those LAN ports on your modem/router. 

Wait a few seconds, and then in the UI page of the Fortigate, navigate the left-side menu to Network > Interfaces.  You should see at the top of this page a little indicator showing which ports are active on the device.

That’d be what I’m talking about right there.

You can hover over the ports, by the way, and they’ll give you a read of the connection details.  Nice touch there, Fortinet, I appreciate that attention to detail. 

Fly-by hints are nice. IP blocked to protect the innocent.

This would be a good time to go into your modem/router and fix the IP it gives your Fortigate, just so you have a record of it somewhere. 

3. You’re all done!  Happy surfing.  No, just kidding, this is just where they dump you on the side of the road.

No, really.  This is where they leave you.  On my old Meraki, that’d be fine, because I could get out to the internet from here and start goofing around and playing World of Warships or reading stupid Facebook posts.  But really, you’re not done here.  If you try to get out to the internet (go ahead, I’ll wait) you’ll find that your browser just gives you the finger.  Usually in the form of “DNS can’t be resolved” or something equally useful.  Also, in the Fortigate dashboard you’ll see under “Licenses” that none of them are confirmed and there’s a red bar that says “Unable to connect to Fortinet servers” or something like that.

@Fortinet – here’s where you guys dropped the ball.  A couple of simple defaults would have saved me (and who knows how many other people) a few hours of grief and head-scratching. 

Are you still at the “Network > Interfaces” page?  If not, go back there.  You have to configure something.  In my case (with a model 40F) there aren’t too many interfaces to choose from, and mine is called the “Physical Interface”.  Yours probably shows up as “wan” or something similar.

That’s the bugger right there.

Double-click on its name or right-click and choose “edit”. 

Here’s what you get taken to next – most of it won’t need to be modified, you just need to review it and be passingly familiar with what’s in here:

Let’s touch on these points in red.

The items highlighted in red there are ones you need to pay attention to.

  1. Alias – give your WAN connection a meaningful name.  Even if you only have one WAN hookup, it doesn’t hurt to name it after your router or your ISP so you know what you’re looking at.
  2. Leave role as “wan”.  If you’re using others, then you probably know enough that this article isn’t telling you anything new.
  3. Depening on how your modem/router hands out IPs to equipment, pick the appropriate style here.  My Fritz!Box is set up to use DHCP, and I’ve told it to always give the Fortigate the same IP when it sees it, so that’s the route I took here.  If you prefer to fix the IP within the device itself, then you’ll want to set it up on Manual. 
  4. DNS – confirm that your DNS server is set correctly.  If you don’t know what I’m talking about, ignore this for now.  I prefer to use Google’s DNS servers for my stuff, so the Fritz! Hands that off when an IP is requested.  Your mileage may vary. 
  5. Default gateway – for the Fortigate, its default gateway out to the internet will be your modem/router.  Ensure that this value represents the IP that your modem/router presents inside your walls (not the value it uses on the world-facing side).

Record your default gateway value in notepad or something.  You’ll need it shortly.

4. Here’s The Biggie

We’re at the point where the biggest “missing link” should have been.

@Fortigate – again, a short add here will save your customers some grief.

Devices like a regular modem/router or regular commercial firewall products that you can buy at MediaMarkt or Best Buy, etc., have a default rule in them: “If I get traffic coming in on the LAN ports, and the address isn’t in my house, squirt it out to the internet to find its way.” 

That rule doesn’t exist here on the Fortigate.  Which is why if you try to reach a Google server right now, your system will tell you to go spin.  So, we have to create it and give it to the Fortigate, so it knows that it should do its job. 

Navigate on the left-hand menu to “Network > Static Routes”.  There’ll be a big bag of nothing there.  At the top, choose “Create New”, and you’ll get this:

Just need to tell the Fortigate where the door is so it can let your traffic out.

Leave “Destination” alone.  That represents the address of the packets the firewall receives.  Grab that “Interface” drop-down and choose the Wan interface you configured (you did give it a good name, right?) a few moments ago.  It should populate the Gateway Address for you automatically, but if it doesn’t, you can enter it because you recorded it in Notepad or something when I told you to. 😊

When you’re done, it should look like this:

It assigns this just from choosing that drop-down.

In computer-speak, we’re creating a default static route that’ll go into the route table of the device.  In human language, that means “When the firewall sees an address on a packet it doesn’t recognize, it throws it out the window into the Internet to get handled.” 

@Fortigate – Really folks, you should just include this as a default.  Experienced users can always delete or disable it.  How many people buy a firewall and then don’t have a default like this? 

Don’t worry about Advanced Options or anything, just make sure to “OK” it.

At this stage, I re-booted my firewall (just pull the power and put it back in) to get it to take up the new route.  I suspect if you go get a coffee or something instead it will eventually pick up the rule and apply it without this, but I didn’t want to wait. 

Now that the static route is in, you should be able to connect to the internet from your firewall.  At the top right of the page, you’ll see an option for a command-line interface:

That’s it, right there ^^

Click on that, and in the faux terminal that pops up, enter:

execute ping 8.8.8.8

You should be getting back something that looks like this:

Queue John Mayer singing about 1983…

You can also now connect out from your computer connected to the firewall.

The dashboard of the Fortigate should now also show under “Licenses” which ones are active, and that red “unable to connect” bar should be gone.

By the way – you can now safely set up your port-forwarding rules.  If you’d done so before this, your default way out into the internet would have conflicted with rules already governing the default gateway, and you’d be wondering why the Fortigate won’t accept your default route outwards. 

That sucked, for about a half an hour.

5. You’re in the Home Stretch now

So, you bought a firewall, and you’re all set to connect to the internet.  But this isn’t just some plain old Fritz!Box, this is a Next-Generation Firewall that can protect you in all manner of ways that you should expect out of a 21st Century product. 

But as with the “tell it to send my traffic to the internet” case, we have to actively tell the firewall to use those abilities

@Fortigate – really?  You ship all these cool features and you ship with them disabled?  The FW can’t ask “what am I licensed to turn on” and then turn that stuff on in a policy for the user?  At least provide some basic enabled stuff, folks. 

Let’s turn on the goods you paid for. 

This is the stuff you pay annually for, the really solid protection measures.  You might have bought your device without any subscription, in which case you can skip this step, but I suspect you wouldn’t shell out that kind of bank just for an intrusion-protection brick. 

In the left-hand menu, head for “Policy & Objects > IPv4 Policy”.  There will be one or more rules already present in that bucket.  What you want is the one that is titled “internal > [your WAN name here]”.  Open that one up and edit it. 

You’ll get a screen something like this:

This is fully configured for me, see below for what would be some good ideas to perform on your own.

First, give it a name.  I use “Default Permitted” because this policy will by default permit someone to issue requests out to the Internet, and will only interfere if the target has some issue.  Hence, by default it permits the traffic. 

Incoming interface refers to where the firewall is seeing the traffic originate.  In this case, it will come from my internal network.  Outgoing is where the traffic wants to go – in this instance, out the WAN into the wild, wild internet.

Source/Destination should be “all” in this case.  I’m defaulting to allow almost anything, after all.

Schedule – how or when is this rule going to run?  You can create rules that apply only during office hours, or ones that turn off when the kids are at school, etc. 

Service – this refers to what protocols are covered (HTTP, mail, pings, yadda yadda).  Kind of a poor choice of name for a pack of protocols.

Action – in my case here, “accept”.  If I wanted to shut everything down by default then I’d use deny.  If, for example, I was operating a high-security bank or defense contractor, I’d probably start with “deny” and add exceptions for accept.  But, this is my home network, and I want my Netflix, so Accept it is. 

The Firewall/Network options should be left alone.  If you’re comfortable enough to dork around with those, you don’t need to be listening to me ramble on.

Now, here’s what you paid for: “Security Profiles”.  By default, these things are turned off.  Turn them all on.  Your device will eventually complain to you if you don’t have a license to run a particular profile, and you can turn it off then.  This section should have been called services, because really that’s what they are – paid services that add value beyond just the hardware and the Fortinet SOC chip. 

Take note of the “Web Filter” – you’re probably going to want to go in and adjust a few things there, as this is what governs the content filter for your network.  For example, I occasionally play on pokerstars, but gambling sites are by default blocked.  So I wanted to loosen that rule a bit.  I also wanted to block certain types of site from my net which my kid doesn’t need to see, so reviewing those settings was pretty important. 

Once you’ve enabled what needs to be on, make sure “Enable this policy” is green and “OK” this to apply it.  The line entry should now look a little bit like this:

Safe as houses.  Well, hopefully more, since most accidents happen around the home…

6.  You’re All Done!  Seriously, this time.  Time to wrap up.

So, from the perspective of a home or small business, you should now be good to go.  If you are going to implement a security fabric, that’s really beyond the scope of this little how-to (and if you’re familiar with that angle of Fortinet’s stuff, you probably didn’t need this guide anyway). 

Anyway, I hope this helped to walk quickly through the setup of your new Fortigate, without all the hair loss and whiskey drinking that my own setup ended up putting me through.  If it did help you, let me know in the comments.  Makes me feel good to know that I helped at least one person avoid the trouble. 

Happy (safe) computing 😊. 

This all seems like a lot of trouble…

Yeah, admittedly it is a bit of a pain in the ass.  But I have to say, as an IT person reading the news, the cost of a NGFW is pretty worthwhile.  In the case of Fortinet, you pay about six to eight hundred euros for the device itself and a one-year subscription to the security services.  It’ll be a two or three hundred per year after that.  Other vendors of similar quality cost about the same.  That’s not cheap. 

But then, losing my entire ripped video or music collection would represent a few hundred hours of work that would have to be re-done.  Worse still, losing the first eight years of digital photos of my kid would really chap my ass too.  And I haven’t even touched on the potential for identity theft or potential monetary loss if my digital bank statements got stolen.  Or if my network somehow became compromised and my work laptop got exposed.  I think it’s safe to say that anyone who runs their business on computers needs the kind of protection a NGFW offers.

None of these problems is a certainty, and none of them is even a probability.  I know my stuff, and I’m not likely to have a fault in my own behavior.  Likely being the key word.  I can still make mistakes.  Hell, even Jason Momoa has a squad of bodyguards.  Jason freaking Momoa. 

I’ve got a family now.  My kid has figured out how to download stuff to her tablet (thanks, Google, for the Family Link – I know exactly what she’s getting into now).  My mother doesn’t necessarily have the same paranoid instincts I do about mail attachments.  My wife is pretty darn sharp, but she can make an error just as I can.  Who knows what some cretin in a professional hack-farm is designing right now to screw everyone over with? 

I know I won’t necessarily be prepared to deal with it.  So, I outsource it to the best minds in the business.  They will see the news about that guy before I ever do, and will be working on a fix before I’m done with my coffee that morning.  They’ll jet it into my device while I’m still getting dressed.  

I like that. 

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Justice Must Be Served Upon Them

Unfortunately, ‘taking the high road’ is what led us to where we are now. Taking the high road fails to oppose people who don’t give a shit what road you’re on. I’ve been extremely vocal about this stuff for probably the last fifteen years – mainly because I can see where it is headed.

In fact, it’s why I left the USA to live overseas in 2008. It comes down to this: it only takes one side to wage a war. When that side has determined that war is its preferred / only option, they will proceed. Pretending that isn’t happening by the other side(s) only enables it.

The Republican party has been sleepwalking into war against our citizenry for the last thirty years.

They’ve had outlets for their (often religiously-inspired) violence overseas during much of that time. However, their latest batch of leadership took the racist trappings of the Teabaggers and dressed it up with the criminality of the Trump family, while adding in Trump’s own sympathies for the American Nazis and the KKK.

And those fucking people *NEVER* just “walk away” from power.

They (individually) almost had their hands on the brass ring. Their own guy did have it there, and despite the leashes on it, he nearly brought our country down. They can *see* it is in their reach. These filth are compelled to grasp for power, in their urge to abuse others with it.

For those who committed crimes while Trump was in office, Trump included, pursuit of that power is quite literally a life-or-death struggle.

So FOX, OAN and Newsmax, these are just the “pravda” wing, the modern apparatus that Joseph Goebbels would have jumped for joy to have at his beck and call. And they know they can pave their way to fortune with the racism, with the hate. So they’ll keep blathering it on, because that’s how they keep pulling in support for their attempts to create their own version of “America”.

And the only way to fight them without actually barricading the doors and burning down their office (which I think I would prefer), is to call them out for shame, for ridicule, for prosecution.

It won’t end there. They’ll never stop coming back, until we kill enough of them and their children to convince them that this is a bad path they are on. By opposing them though, one encourages others of good nature to oppose them as well, and it fights the fear that these would-be dictators want to use against the rest of us.

So yes, speak out against them. Even if you’d never pull a trigger against their forces. It might not feel like you’re doing much, but you’re signaling that what they are saying is not okay – you recognize it. And you endorse speaking out against it by your own action.

But be ready – it won’t end with just talking. They *will* convince themselves that war is the way, and when they stop sleepwalking it, we had better be ready to put them down like the rabid dogs they are.

I mentioned prosecution earlier. Justice must be served upon them, as I said in the title of this post. Prosecution, you ask? Yes, prosecution. There is a crime here, being committed in front of cameras and in broad daylight. Almost daily it is being committed. What might it be, you wonder?

Accessory After The Fact. Also, Misprision of Felony.

The perpetrator determined to be an Accessory After The Fact is someone who assists someone who has committed a crime, after that person committed said crime, with knowledge that the crime was committed, and with intent to help that person avoid arrest and/or punishment. It is a form of obstruction of justice, and can be prosecuted as such. So when Elise Stefanik steps in front of a camera and tries to levy blame onto a primary victim of the Jan 6th Insurrection – trying to deflect blame onto Nancy Pelosi, who was a target for assassination by the insurrectionists – she is committing felony obstruction of justice and is an Accessory After The Fact.

When Representative Andrew Clyde downplays the insurrection and claims the Republican terrorists were no more than “tourists”, he is an Accessory After The Fact.

When Trump himself attempts to gaslight the media with his blather of “so much love” and fabricates that the police “greeted them with open arms”, he is an Accessory After The Fact.

Misprision of Felony is itself a felony crime, prosecutable against anyone who, having knowledge of the commission of a felony, conceals said crime and does not as soon as possible bring that crime to the attention of a a judge or other civil / military authority under US code.

So when we do find that Jim Jordan, or Lauren Boebert, or their staffers have knowledge of collaboration with insurrectionists and failed to report those crimes, they are guilty of misprision.

And these crimes must be punished to the fullest extent of the law. To fail to prosecute invites a repetition of those crimes. These people, and their ideology, must be ended.

On top of that, we have discovered now that to allow fascist ideology to go unpunished invites insurrection. The American Nazi party, and all of its offshoots, as well as the KKK and its offshoots, are long past due to be declared as terrorist organizations, their membership hounded down and exited from society with extreme prejudice. People need to be made aware that their choices to follow vicious and anti-American agendas come with severe consequence.

We have coddled these freaks for far too long.

Posted in Uncategorized | Leave a comment