What are the elements of an apology? Is there a taxonomy of what is a meaningful apology? This is an attempt to dissect what are the elements of an apology.
Antediluvian Physiognomy
Fields: Mr. Abbott, I don’t understand how you can run around with a nincompoop like Lou Costello.
Abbott: I wouldn’t dream of inflicting him on anybody else. I ought… Oh god, here he comes.
Fields (to Costello): Well, my boy, did you get the toothache drops like I told you to?
Costello: Uh huh.
Fields: Good. Now take a few drops, put it on your finger, stick your finger in your mouth, and rub it on the bad tooth.
Costello: I can’t do that.
Abbott: Why not?
Costello: I drank it.
Abbott: You..! Another fifteen cents shot. You’re going to make a nervous wreck out of me!
Costello: Well it was good.
Abbott: All you do is cause me trouble, trouble, trouble, trouble!
Fields: Just a minute Mr. Abbot. It’s very possible that you’re a bad influence on this boy.
Abbott: Now this happens to be no business of yours!
Fields: Oh, you may not know this, Mr. Abbott, but a lot of people in this neighborhood resent your derogatory and insulting treatment of this boy here.
Costello: See there, Abbott? I got friends.
Fields: I should say you have! Just because Lou Costello happens to be a poor, unsophisticated, illiterate bore, with the intelligence quotient of a delinquent midget, Mr. Abbot…
Costello (interrupting): That’s telling him, Mr. Fields!
Fields: And furthermore, Mr. Abbott, is it compensatory for you to abuse this poor unsophisticated incompetent mental moron just because he hasn’t got the common sense of a half-baked imbecile?
Abbott: Look here!
Costello: Now, just a minute, Abbott! Now, you had this coming to you for a long time!
Fields: Yes sir! And another thing, Mr. Abbott: I want you to notice this boy. Notice his blank expressionless countenance. The receding forehead. The peculiar angle at which the ears leave the face. The thickness of his skull. The antediluvian physiognomy of this boy. The close resemblance to the early form of gargantuan ape. Ah ha: can you possibly blame this boy for being a slovenly unkempt grubby-looking crumb?
Costello: How do you like those potatoes, Abbott? Try and get out of that one!
Fields: Now, Mr. Abbott, I know what you’re thinking. Don’t quibble! You must admit that you’ve seen much more intelligent looking specimens than Lou Costello, in cages!
Abbott: I can’t say that!
Costello: Oh, you can say it if you wanna. You just don’t wanna remember, Abbott!
Fields: That’s a boy. Of course that’s how everybody in the neighborhood feels about Lou Costello.
Abbott(leaving): Eh, come on.
Costello: Mr. Fields, would you do me a favor?
Fields: Of course. What is it?
Costello: The next time that you say a lot of nice things about me and you build me up, will you throw in a couple of knocks? I don’t want everybody to think I’m too perfect.
Fields: I’ll be glad to. Well my boy, is your toothache better?
Costello: Yeah, I didn’t even give it a thought!
Fields (slapping Costello on the cheek): Well…!
Costello: Until now! Eee!
What needs an ATO? (Update)
In 2013, I wrote a post that traced the definitions in DoD policy on what things need an ATO (then Approval-To-Operate, now known as Authorization-to-Operate). Since that time, much policy has been reissued, so here’s an update:
DoD Instruction 8510.01 (Change 2, July 28, 2017) “Risk Management Framework (RMF) for DoD Information Technology (IT)”, says “Each DoD IS, DoD partnered system, and PIT system must have an authorizing official (AO) responsible for authorizing the system’s operation based on achieving and maintaining an acceptable risk posture.”
“DoD IS”, above, is a DoD “Information System”. The glossary section of 8510.01 says “Information System” is defined in CNSS Instruction 4009, “Committee on National Security Systems (CNSS) Glossary”: “Set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information.”
This doesn’t help, in terms of determining what doesn’t need an ATO. However, DoD Instruction 8500.01, “Cybersecurity”, says this:
(a) DoD ISs are typically organized in one of two forms:
1. Enclave
2. Major Application (Formerly Automated Information System Application)
a. Certain applications, because of the information in them, require special management oversight due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application and should be treated as major applications. A major application may be a single software application (e.g., integrated consumable items support); multiple software applications that are related to a single mission (e.g., payroll or personnel); or a combination of software and hardware performing a specific support function across a range of missions (e.g., Global Command and Control System, Defense Enrollment Eligibility Reporting System).
b. Major applications include any application that is a product or deliverable of an Acquisition Category I through III program as defined in Enclosure 3 of Reference (av). When operationally feasible all new major applications will be hosted in a Defense Enterprise Computing Center. c. All applications, regardless of whether they rise to the level of major application or not, require an appropriate level of protection. Adequate security for other than major applications may be provided by security of the environment in which they operate. d. When possible, capabilities should be developed as applications hosted in existing authorized computing environments (i.e., enclaves) rather than designated as major applications requiring new and separate authorizations. e. DoD Component CIOs will resolve disputes regarding whether an application rises to the level of a major application.
c. All applications, regardless of whether they rise to the level of major application or not, require an appropriate level of protection. Adequate security for other than major applications may be provided by security of the environment in which they operate.
d. When possible, capabilities should be developed as applications hosted in existing authorized computing environments (i.e., enclaves) rather than designated as major applications requiring new and separate authorizations.
e. DoD Component CIOs will resolve disputes regarding whether an application rises to the level of a major application.
The Fundamental Absurdity of the Christian Faith
In 1990, as a senior in high school, I had an atheist friend ask me: “What, precisely, is it that Christians believe?” I will call her “Amy”, because that was her name. Amy had been raised as an atheist by two atheist parents and had never really known much about Christianity. I had been raised Protestant by two Christian parents, I had gone to Church and Sunday School every Sunday my whole life, I had gone to Christian youth group (Young Life, mostly) for years, and countless Christian summer camps. I felt like I had a pretty good understanding of late 20th-century Christian theology.
By that time, I was basically an apostate myself, so Amy’s question left me with an interesting exercise: how to simply and truthfully explain the essential Christian theology without proselytizing? I had spent a lot of time at that point literally soul-searching and questioning the truth of the Christian message, but until I explained it to an atheist friend without trying to convert her, I’d never reflected on the complete absurdity of it. This is roughly how that sounded: Continue reading
ttyx: an updated tty.js
Ozone and the Government Open Source Software (GOSS) Advisory Board
I was recently asked about the history of the Ozone Government Open Source Software Advisory Board, AKA “The GOSS Board”.
Below are my recollections… Continue reading
p11-capi now supports SHA-256
Galaxy Chart in D3
When I first started working in for the Deputy CIO for Business Process & Systems Review, I was exposed to a data visualization called a “galaxy chart“. The version I saw was developed by Technomics, Inc., who (interestingly) do a lot of work for my former organization, PA&E (now CAPE).
While Technomics seemed to claim (when I met them) that they “invented” the galaxy chart, I think this is probably an overstatement, since there seems to be plenty of prior art.
Anyhow, I built a D3 plugin for a galaxy-chart layout.
What happens when you sign a PKI server certificate with another (non-CA) server cert?
tl;dr For years, I have wondered what would happen if you tricked OpenSSL into signing a server certificate with a non-CA cert. Unsurprisingly, nothing useful. Interesting, but not useful. Continue reading
A Burning Man 2014 Story
It was early in the morning around Thursday, when my family let me off-leash to go cruise the playa to see the art. I was way out in the deep playa, almost at the 12:00 apex of the trash fence, almost as far out as it is possible to be. I rode my bike up to a cabinet standing alone by itself in the desert. The sun was just over the hills to the east. There was a man and woman about 50 meters away, on a blanket watching the sunrise, but otherwise, I was alone.
The cabinet was a slightly battered-looking piece of furniture, like you would find in a bedroom at a beach rental. There were some drawers on the left, and two swinging doors, top and bottom. The drawers were screwed shut. The bottom door was secured with some heavy steel rings, locked with a bicycle lock, the kind that you dial in a combination of four letters and it releases. As I parked my bicycle and walked up to the cabinet, I could hear a woman’s voice from within, telling a story. Here is what I heard, retold as best I can remember 6 weeks later… Continue reading