As the CIO of a cybersecurity company, the massive breach of Solarwinds through a supply chain attack has been keeping me up at night lately. Security and IT practitioners around the world did not have a restful time these last couple weeks and holidays as they responded across public and private organizations to understand the impact and scope. Let's take a look at the timeline of the Solarwinds supply chain attack:
This supply chain compromise enabled the attacker to deploy malware through someone else's software delivery mechanism. It seems targeted to US Federal agencies while also enabling access to corporate, state, and local entities. The update was digitally signed by the Solarwinds cert which begs the question of how they got access to that (insiders?). The download site was insecure but they still had to sign it to be trusted by Windows. The list of affected organizations now includes Microsoft, Treasury Department, US Department of Commerce, NIH, CISA, DHS, US Department of State, NNSA, DOE, three states, and the City of Austin. The impact of these breaches will not be known for some time. This points to the need (just like EternalBlue did) of modernizing our stack to reduce reliance on vendors with high rates of vulnerabilities such as Microsoft, Oracle Java and Adobe and to step up our pace of patching and ability to monitor anomalous user behavior.
To sum it up, it seems like while we were arguing about wearing masks, we got owned by the Russians.
I first learned about brain entrainment when I was a senior in high school by reading Mega Brain Power by Michael Hutchison. It was fascinating and I was looking for alternative ways to achieve altered states that did not involve chemicals. Back then, light and sound machines were pretty expensive, like $1000+ and required computers to connect to. I decided to build my own by buying some cheap sunglasses, LEDs, parallel port adaptor, and wire from Radio Shack, and writing the code to turn on and off the pins on the parallel port Used mostly for printers, the pins would put out 5V which was enough voltage and current to power the colored LEDs. I wrote the first code in Visual Basic and then rewrote it later in C++ to progress from high beta brain waves down to delta in 5 s increments, while matching the tones in the audio at the same frequency delta (30 Hz -> 4 Hz -> 30 Hz). I got the lights working well and was kind of amazed that it actually worked. My code for the audio was not as good and so I mostly used it with lights only. The goggles were cheap Rayban Wayfarer knock-offs, had two LEDs in each eye, and the cable ran out the back of the left ear (RJ45 telephone cable) to the parallel port adapter plugged into the PC. I dug through my electronics cabinets last week to try to find the set but I must have gotten rid of them along the way somewhere.
The IQ-Tutor by Inner Quest was one of these early devices that did the same thing that my home-built device had but with adjustments on the fly to go up or down in frequency. No built-in programs or extensibility, but did the trick. Can't remember what I paid for it but I think it was like $100 used. Can't find them any more on ebay or other markets so they may not have had a long life. From the mindmachines.com website:
"The InnerQuest IQ jr was one of the finest mind machines ever produced. The late founder of Psych Research, Rob Robinson, worked with Gayland Hurst, Ph.D. and Rayma Ditson-Sommer, Ph.D. to compile fourteen highly effective built-in light and sound brainwave frequency sessions that during the 1990’s proved beneficial to thousands of light and sound mind machine users worldwide."
Next I upgraded to the Dynamind Mind Machine system which was extensible and PC-based. This was a huge upgrade and got me excited about programming new sessions.
This device was amazing and had a bunch of existing preset sessions with fun names like "mystical journey" and you could create your own sessions with their software. This machine required DOS so in order to keep using it in the late 90s, I had to create a DOS-boot disk, put together an old AT device and install all the drivers manually. It worked and I still have that old PC under my desk!
I discovered the Kasina Mindplace about five years ago and that has been my go-to device. It travels well as it requires no other devices, you can use the ganzfeld goggles and keep your eyes open, and it is super easy to use. It's like the iPod of light and sound machines:
This device is really fun to use. It has 10 min to 1 hour sessions for all kinds of different scenarios including deep meditation, sleep, hypnogogic images, and psychedelic journeys. Really fun. I started pairing this with Neurofeedback to study the effects of the light and sound entrainment to actual brain state changes as measured by the neurofeedback device (I use the Muse S and an app for that).
That's my short history of light and sound devices! I will share more stories about specific sessions in the Kasina Mindplace. I also am starting experimentation with neurostimulation using the Neorythm device, which deserves its own blog.
Here are some cool references to light and sound:
Online learning has been tough on educators, students and parents. Many kids don't have reliable access to the Internet, laptops or mobile devices, or the support they need at home to be successful. Many parents are balancing work, parenting, and teaching all at the same time. Many educators have not been enabled effectively and are struggling with the technology and policy, which is taking them away from what they love - teaching. As a parent, there are some things that I did to help get the best out of the situation we are in and am collecting my thoughts here for others to enjoy.
1. Schedule everything in one place
The first thing our kids struggled with was where to be and when to be there. We decided to use their school Google id to schedule everything into GCal so that we could mimic the physical school day with a virtual one. Instead of the class bell indicating it was time to move to the next period, we set up reminders so that they knew class was starting in ten minutes. We created the calendar by scouring all the emails, the PDF schedules, and Google Classroom to find the zoom links, the passwords, and the class names and created recurring calendar entries for all of them. We also scheduled in lunch and breaks as well to encourage our kids to eat and exercise once in a while. Once this calendar was created, we shared it to our personal calendars so that we could see when our kids were supposed to be in class and not playing Minecraft. This took away all the inefficiency of trying to find the zoom link for English and removed any excuses for not showing up for class on time. Pro tip - put in the school holidays as well (most schools already have an online calendar you can just add to your kids' personal calendars). This gives you something to look forward to when you have been online all week.
2. Learn Google Classroom well
If you are used to GSuite (Sheets, Documents, Slides, folders) then this will be an easy transition. Just think of it as adding a conversation stream, assignments, and check in/check out features. Google Classroom is just a new UI on top of GSuite with those added features. Learn to navigate the Stream, the Assignments, and the To-Do views. The "To-Do" view is the first place to go to see what assignments are due, overdue, or do not have dates on them:
This list should be pretty small if your student is staying on top of their assignments. This view allows you to click directly on the assignment to review your student's work. The next view to get used to is the individual classroom "Stream" view. This is where you will stay on top of the discussion and it helps you find links to external resources, zoom recordings, and important assignment information. Some teachers use this instead of the assignment object to convey information so you have to dig through this sometimes if your child needs help figuring out an assignment:
The "Classwork" view will give you all the assigned work in one place, per class. It is somewhat useful but you should be able to get everything you need with the views above.
Pro tip for Google Classroom - Once an "Assignment" is submitted, you can not see the teacher's comments until you un-submit the assignment. This is a handy trick if the teacher tells you that they graded the assignment and you can't see the notes. You have to "Un-submit" and then you can view them. This seems like a design flaw to me but I haven't filed it yet with Google.
3. Learn the grading system well
Since Google Classroom does not include grades, schools typically deploy a separate technology for grades such as Schoology, MySchoolApp, or ThinkWave. I am most familiar with the first two as that is what my kids' schools use. Here are my general tips. If the LMS is different than the grading solution, then there will always be a difference between what you see in the LMS and the grades. This is just because teachers are busy and don't always post their grades immediately after submittal. Therefore, your kid may have completed the assignment three school days ago but still has a zero in the assignment. Now, the teacher should not post the grade until the assignment is graded but some do and this can cause concern. My recommendation is to be patient and only reach out to the teacher if it is really outdated (like a week).
MySchoolApp has a messaging capability in it as well. I don't use that capability and prefer to stay in the GSuite environment so that everything is readily accessible from one place.
4. Zoom setup and configuration
Make sure your kids show up with their full names so that you reduce the burden on the teacher to take attendance and let kids in from the waiting room. Make sure their Zoom client is fully patched to the latest version of Zoom by clicking on the zoom menu and selecting "Check for Updates":
On the "Video" tab of the Zoom "Preferences" menu, you should select "Turn off my video when joining a meeting" and on the "Audio" tab, choose "Mute my mic when joining a meeting". This will avoid any embarrassing situations for your kid accidentally clicking on a Zoom link before they are ready. Also verify that "Automatically adjust microphone volume", "Automatically join computer audio when joining a meeting", and "Press and Hold Space key to unmute".
Pro tip - use the space bar to unmute yourself to say something quickly and go back on mute.
4. Be involved at the school
Being a parent with kids in online learning right now is not easy. It takes a community of teachers, parents, and students to work together to make the best of it. For some of the tips above, you can work with your school administrators and teachers to make improvements for all students. For example, we had success at convincing one of our schools to make the calendar trick a school standard. So instead of hundreds of students having to set up their own calendars manually, the teachers send out calendar invites to all students and the students' calendars will automatically populate and automatically be updated with no work by the student. This works way better than making the kids do it themselves. Don't be a critic, be a constructive critic with a positive attitude and you will have more success!
I will repeat the sentiment from my last post that you can't believe the news from media and government regarding the flattening of the curve because we are not testing enough to understand the real numbers. There is good journalism about the lack of testing, I just don't see a lot of good challenges to the "we are at the top of the curve" messages that are being put out by the White House. Today we see the largest number of incoming positive cases in the US with 40,000 new cases at the time of this blog post (7:30 PM PT 4/21/2020). The number of new cases globally is the highest in four days and well above the average for the last fourteen days. I don't believe the University of Washington model that predicts 65,976 that the federal government keeps citing. At this rate, it would take only ten days to blow past that number.
To be fair, I don't understand the models being used. I am just looking at and tracking daily incoming rates, death rates, and testing rates over the last thirty days and it doesn't appear that we actually are decreasing or flattening at all. It just seems like more and more suffering is happening to people due to financial, mental health, and physical health concerns. There is little compassion from our leaders and lots of compassion with each other. It's weird to go out in LA and see hardly any cars, people walking their dogs with face-masks on, neighbors crossing the street when they encounter you. These are strange times and getting stranger.
I have been reading more about the economic changes due to coronavirus and am getting more concerned every day. I read This is how an Economy Dies this morning. Large corporations have cash on hand to survive this recession, even depression. They have cash to gobble up smaller, struggling organizations. Small businesses have on hand roughly a month's worth of savings. The stimulus package may offer them a bridge, but how soon are people really going to go back to shopping at brick-and-mortar stores? This statement sums it up pretty well "In the end, what will be left in the wreckages of such an economy is just a handful of mega corporations controlling most of the economy". I believe this will be an opportunity for mega corporations to consolidate market share, increase profits, and buy mid-sized businesses at bargain-basement prices. This could accelerate us into autocracy by corporations. I hope this is not true:
"When societies go through shocks which are allowed, through negligence and folly and failure, to leave entire classes of people suddenly, permanently poorer — then democracy tends to die, too. Think of the Weimar Republic. Think of Soviet Russia becoming Putinist Russia. Think of…modern day America. Trumpism was a direct, predictable consequence of the implosion of the American middle class. Coronavirus is likely to accelerate America’s implosion into autocracy."
I am not buying all the positivity about us "hitting the top of the curve" indicating that we are turning a corner on this pandemic in the United States. I also don't believe it is a good idea to talk about this as a positive sign that we could open for business again. The reason I don't believe that is because of the lack of information and the amount of misinformation:
1. We have only tested .69% of the population for Coronavirus. Even really sick people with all the symptoms are not able to be tested because of our inadequate response in testing scale.
2. Global and US positive rates have gone up daily for the last three days. There is just too little data to describe this as the "top of the curve". Not sure where this finding is coming from as it doesn't reflect the actual counts from open COVID-19 research data.
3. There is new evidence that we are significantly under-counting the number of deaths and new cases.
There are beautiful acts of kindness and compassion happening - with the dying, with essential workers, with families. There are increasing rates of domestic violence. There is huge economic uncertainty. There is indifference and ego within US leadership, limiting our ability to respond. There is disfunction within our supply chains, potentially forcing de-centralization of PPE, energy and food production. It doesn't seem right that we can predict that we are "turning the corner".
This is a legitimate question that many are asking. Some are asking it from a macro-economic perspective because they are investors who want to get the bull running again. Others are asking from a much more personal perspective because they lost their jobs, they are watching their retirement plan drop in value, or they need to feed their kids or get them in a safe environment such as school. No matter what, there will be massive economic impact globally and personally from this pandemic. A better question could be - "When will we know how many people are sick in the United States?" It implies more compassion for the sick, the families of the deceased, the workers on the front lines. This question might be better as the answer is necessary before "when can we open up America again?". Unfortunately, we can't answer this due to our inadequate response to this pandemic. We are woefully behind on testing by losing almost the whole month of February and barely starting to get it together by the end of March with a patchwork of local self-organization. This is all well-documented in How the Coronavirus became an American Catastrophe.
On March 20th, a friend who is a nurse shared the mixed messaging that was coming from Iowa health officials on testing when Iowans were being denied testing with the messaging of "not everyone needs to be tested" which I believe is disingenuous as it is hiding the broader truth and obscuring the real problem. A better message could have been - "...we only have Y tests available per day and we have to prioritize. Given your current symptoms, you do not meet the cutoff for our prioritization. We hope to remediate this problem soon by X date but unfortunately this is what we have to do until we get more..." A message like that may create more empathy for the situation and highlights the root challenge of us not being able to effectively ramp testing services and kits. Note that as of this morning, only 4,673 tests have been performed in Iowa with 298 positives and 3 deaths. Since we are restricting testing so much, we can only see a tiny surface area of risk (in this case, 4,673/3,150,000 = 0.1%).
When you look at the broader United States, you have only 801,416 tests given (or 0.2% visibility, self-selected to the most sick) and a positive finding in 122,166 people which creates a 15.3% positive rate. Since we are only testing the most sick, let's make an assumption that the actual positive rate if we did random sampling would be 25% of that which would lead to a 3.8% positive rate. This would lead to a rough estimate of 12 million affected in the US. If you use existing death rate percentages you get a range of 219,000 using the current US death rate to 1,250,000 assuming system-collapse death rate of 10%. If you use the global death rate of 4.65%, the estimate would be 581,724. This range is a terrible range and is increasing over the last week. The range is also tightening as US death rates are increasing.
Testing rates are ramping up. California was woefully behind last week and has now ramped up significantly but still way behind. Faster test kits, more test kits, and more coordination in the distribution of test kits seem to be one of the most important things we can do to make good decisions about opening up America again. I don't agree with politicians who pick a date out of thin air (e.g. "Easter") since the data is dynamically changing and must be analyzed on at least a daily basis.
on by X date but unfortunately this is what we have to do until we get more
It has been six days since my last blog when I expressed that I hope the pandemic will not increase separate-ness in the world. Since then, I have been watching the news of Italy, New York, Spain, and the harrowing stories of health care workers on the front lines talking about running out of PPE, ventilators, and surges on emergency rooms. I am unable to reconcile those stories with the hopeful picture painted by most politicians and most of the media so I decided to just start tracking trends myself using publicly available data. Here is some simple modeling of potential impact using today's data:
Metrics as of March 25th, 2020, 8:42 PM PT
If the current death rate holds, which it won't, and we estimate with current hit rate, then we will have 85K deaths, a terrible number that is hard to comprehend and 7 times the annual number of flu deaths. Since we know that we are self-selecting tests to the most sick and assume 25% of that, you still have 21K deaths on the low end. I believe that estimate is much too conservative, however, since our death metrics will trail 1-2 weeks behind the positive test case metrics.
If we use the global death rate with the current hit rate in the US, we get 2 million deaths. If we estimate system collapse death rate of 10% (what is happening in Italy), then you get 4.4 million deaths. If we apply the same 25% ratio due to self-selecting only the sickest to get tests, then we still have deaths from 500,000 to 1,000,000 people in the US alone.
I sure hope that our measures of self-isolation will stop the exponential rise of cases and deaths and we are able to bring these estimates much closer to the thousands, not millions. I will try to update this regularly with the latest testing data.
Times have changed. Society will change. In a short period of time, we see massive business, societal and family disruption. I am grateful to be able to work from home and still be effective. My heart and gratitude goes out to the health care workers, security teams, people on the manufacturing line, the drivers, the cooks, the bartenders, the small business owners that are provide continuity to my life and business. I wish them the best.
Cases are doubling in the United States every four days. We are at 13,690 cases in the US, 200 deaths, and only 103,945 tests given. We don't know the surface area because we are testing so little due to our aging and inefficient systems. We testing the most sick, who are exhibiting symptoms while asymptomatic folks are carrying the virus to new areas and people. There will be significant economic impact and small businesses will file bankruptcy. I believe the health, societal, privacy and security impacts will be even more impactful. I believe we are learning from Italy and China, not yet competent in our response. There is time for retrospective later, we should focus on response now.
I hope we do not use this situation to create further separate-ness between us. I believe we can create more one-ness from this. I see parents spending more time with their kids and others spending less time because they are on the front lines. I see neighbors and team members supporting each other. I see anxiety about the future and good people being creative and figuring it out.
I have been working from home for about two weeks now out of an abundance of caution. I am grateful for the ability and opportunity to have a job that allows me to do this. In fact, my company starting mandating it as of March 12th. I was getting some cabin fever and decided to take a short overland camping trip in the truck. I picked Liebre Mountain up by Gorman and packed up the truck for an overnight, wet trip as it has been raining for four days. Only took an hour to get to the trailhead. Then it was a beautiful switchback unimproved road for about six miles to the top of the ridge-line.
Once at the ridge-line, it got really windy and was raining sideways. I stepped out for a minute to check out some camping spots and it got cold quickly! I went to Bear Camp but it was so windy I decided to move on to Sawmill Campground. Bear Campground is definitely worth checking out some other time as it has some cool tucked away sites and is right next to the Pacific Crest Trail. Gotta get back there sometime.
Sawmill campground turned out to be cold, windy, and rainy but it was my last option so I set up camp and tucked myself into the tent to see if the rain would die down. I sat there for a couple hours, writing in my journal, watching Netflix, and trying to warm my toes up in my sleeping bag. At about 4 PM I checked the weather report which told me that it was only getting worse. I made the decision to come home and hang with my family rather than sitting in a cold tent for 12 hours in the darkness. Great idea as I was able to get a little adventure in, was able to test the truck, and still able to spend the night with my family.
The ride out was really pretty as the sun came out and lit up the valley. I had a beautiful drive down. The trail was not technical but did have a lot of rock and tree fall, running water, and huge puddles. The trail is washing out pretty bad in this recent rain but it never felt unsafe. I only saw one other person ( in a Jeep of course) on the mountain. The campsites were empty, the roads were empty and the freeways were free sailing. In these crazy times, it is good to remind ourselves that there are some amazing places out there that are being under-appreciated right now. Get outside and have some fun!
Eric is a traveller, hacker, and experimenter who is currently researching how to become a happier, calmer, and more compassionate human being.