The Shadow on the Earth

I was introduced to the Masterful Monk series by Owen Francis Dudley during a rather formative time in my teenage years. While it can be a bit preachy, the stories are compelling and challenged my understanding of what being a Catholic meant. Due to how well the series dovetailed with the writings of G.K. Chesterton and Venerable (soon to be Blessed) Fulton Sheen I was very surprised that I hadn't heard more about it. I and my family promoted it when we could, even getting the reprinted volumes from St. Bonaventure Publications into a local Catholic bookstore. After more than 10 years the uptake is still slow.

After considering how difficult it is to ask someone to sit down and read a book these days, I set myself the task of recording "The Shadow on the Earth" at the beginning of 2021. The playlist below is the outcome of that effort. I plan to begin recording "The Masterful Monk" in 2022. Support for this effort (prayers and otherwise) would be much appreciated.

While recording "The Shadow on the Earth", I laughed and cried, railed and smiled. Some may think that it is triumphalistic, especially considering the events that have occurred in the life of the Catholic Church since it was first published. I found it extremely relevant and refreshing, probably because Truth never gets old. It is not a simple book. Be ready to look Good and Evil in the face.

The Ethics of Digital Suspension

At the January meeting of the Catholic Computing club, we had quite the conversation, discussing the decisions from various tech companies and their platforms to suspend or close accounts of various people and companies. While there has been a lot of back and forth depending on where you are in the political spectrum, the two questions that we tackled was whether the actions themselves were ethical according to the Catholic understanding of justice and whether the current laws fit with that understanding.

First, we acknowledged that the laws themselves are not prescribed due to ethics, but are generally written to resolve a political or legal problem. So, just because something is unethical, doesn't mean that it should be handled legally. It is also possible for something to be stated legally that creates an ethical difficulty that requires a review of each particular case.

The question of ethical action mostly revolved around whether the actions of users on a platform could be separated from the owners of the platform. To a certain degree, this is true with the understanding that each person is a moral agent and is responsible for the rightness or wrongness of her or his actions. However, failing to curb known bad acts on a platform can be construed as granting license for a person to use a platform or forum for evil. This led us to consider a Catholic concept called "remote cooperation with evil". In Catholic thought, there are roughly four different levels of participating in evil:

  1. The person committing the evil act (Shooting an innocent person)
  2. The person directly helping the committing of the evil act, known as proximate cooperation. (someone letting the shooter know that the victim is within range)
  3. The person who may not intend to help, but whose actions contributed to the evil done, known as remote cooperation (someone driving the shooter and co-conspirator to where they plan to wait on the victim)
  4. The person who does not intend, and whose actions do not contribute (someone who sees the shooting and calls 911)

While we should aim to never commit or cooperate with evil, there is a possibility that legitimate and objectively good actions can be taken advantage of to enable an evil act. Nevertheless, the more directly involved a person is with the evil act, the more likely that they are culpable (fancy word for being at fault, deserving condemnation, and needing correction).

While discussing the potential remoteness of a digital platform, we identified two different kinds of platforms: A publishing platform and a services platform. We quickly agreed that a digital publishing platform did not have sufficient remoteness to avoid culpability for the actions take on them. One of the interesting arguments was that while there is a legal distinction between moderating and editing the content on a publishing platform, in practice, there is no clear way to distinguish the two activities. For a digital services platform, there was less clarity, but we eventually settled on private businesses having the ability to "fire the client" for ethical reasons. This was different from moderating and editing, and simply a refusal to do business with a client, which all businesses have (though that could be called into question with some small business owners)

At this point we started to look into other digital goods and how they might be affected by this, such as cryptocurrencies and software. Cryptocurrencies were an interesting case because a currency like bitcoin relies upon the blockchain to function, and arguably each transaction materially relies upon the previous transactions, both good and bad. With software, we might potentially write it so that it can't be used by the wrong person or for the wrong reason, but then we would have to be careful with having that enforced legally. Since source code can be considered the personal property of the owner, forcing it to have certain loopholes for law enforcement could be considered as a violation of the 3rd Amendment of the US Constitution.

Of course, we were well off the original topic, though thoroughly enjoying ourselves. If you thought this was interesting, come join us at

An Examination of Conversation

My last post received a couple of comments that raised a few good points which I think dovetail very nicely with my attempt to "relocate" Agile Conversations to a firmer foundation.

One point was that the distinction between reality and fiction was flat and potentially unhelpful. I will admit that I intentionally shut off certain avenues of consideration as I was afraid I would inject my own meaning into the words used by the authors of the book and who they quoted, rather than what they actually meant. Here I must acknowledge a limitation of human languages: We can use two different words to mean the same thing and use the same word to mean two different things. This limitation is why I focused on the word "fiction" and what was meant when Yuval Harari or Douglas Squirrel or Jeffrey Fredrick used it. Now that I'm not as focused on what they meant, I feel a little freer to explore possible alternative meanings.

A second point introduced an excellent alternative meaning. "Fiction" could be interpreted as "model", which would address most of my concerns and still fit the intent of the authors. I like the word "model" and prefer it to "fiction" since all models are an acknowledged attempt to imitate reality. Applying this to Agile Conversations, I see that the authors are giving the reader the tools and techniques to build and improve a conversational model. This model can then be used within a business context to build and improve a shared model of the business constraints and customer needs. So using "Model" definitely fits within the authors' state goals for "Agile Conversations", yet I think only focusing on the model drops an important aspect that exists in the word "fiction".

A third point hinted at this important aspect: for a model to be useful, it must fit within a specific context and scope, and meet certain goals. To evaluate a model, we need something in addition to consider. I think we would need the story of how the model came into existence, the insights that led to its creation, and any oversights that had to be overcome during its creation and development. This story would explain the constraints or invariants that made the model usable in our particular context and gave us confidence that it would met our goals. Sometimes, however, the story does not satisfy because it goes against our experience or previously accepted stories. To truly determine the potential usefulness of the model, we may need to re-examine it based on statements that, once we understand the meaning of the words, we cannot but assent that they are true. These statements are often referred to as first principles.

The first principles can be grasped through the interaction of two different human activities. The first activity is the human ability to sense the world, the second is the human ability to reflect on what it has sensed. Because these principles are grasped from how we can know reality, it means that they apply to all branches of knowledge. Working from these principles is rather slow and difficult, which is why we rely on stories that assume them and the conclusions that come from them.

Conversations build on top of this natural human ability to grasp first principles. According to Merriam-Webster Online the definition of conversation is:

  • oral exchange of sentiments, observations, opinions, or ideas
  • an instance of such exchange: talk
  • Conduct, Behavior

The brief etymology stated that "conversation derived from Middle English conversacioun, which came from Anglo-French conversacion, which in turn came from Latin conversation-, conversatio, from conversari "to associate with", frequentative of convertere "to turn around".

Combining the current definition and the original Latin definition, we end up with the rough meaning of "To turn over with another". When we are in conversation, we are "turning over" the topic being discussed. This aligns with the two human activities relied upon to recognize the first principles. Two or more people sense some reality and then reflect together on what they sensed. As we can see from the limitation of language and human perception, we know that each person will arrive at different conclusions about the same reality. Sharing those different conclusions and seeking to build a consistent and shared model based on those conclusions while weeding out incorrect conclusions using first principles is precisely what the authors of Agile Conversations are seeking to do. Conversations can take what each person can do with grasping truths about the world, and turn it up to 11.

However, without a firm foundation in first principles, we can accept stories that assume wrong conclusions or deny certain first principles. This can make conversations unproductive if not downright impossible. The denial of first principles can arise from either rejecting the senses as a source of knowledge by claiming that they are utterly unreliable, or by rejecting that the human mind can grasp reality and claiming that the senses are the only source of knowledge. Now there is some truth to both statements, as we can see in the cognitive biases or perceptual delusions that human beings can experience. Yet without both actions, the sensing and the reflecting, we would be unable to know anything, which we can prove from first principles.

For a short and inadequate version of the argument:
- Through our senses, we are aware that everything is changing
- Through reflection on what we sense, we can grasp what is fixed, what are the laws the govern the changes that we see.
- If the senses are unreliable, then we couldn't know that things change, and be unable to determine the fixed laws
- If nothing is fixed, then we would not be able to determine that a change had happened, much less be able to predict how something changes or when something would change.

This would contradict the first principle that "Being is, Non-being is not". the changes that we grasp through the senses are too real to be dismissed, and the fixed laws which govern those changes and can only be grasped through the intelligence are also too real to be dismissed. As an example, you cannot say that the law of evolution exists, and then say that evolution proves there are no fixed laws

Taken from God and Intelligence in Modern Philosophy by Fulton J. Sheen.

With all this in mind, I now need to turn back to the original concept of "shared fictions" and see if I have laid out a firmer foundation for "Agile Conversations". The problem that I see with "shared fictions" is that it promotes the idea that there are no fundamental truths or first principles about the world. I will admit the possibility that my perception is wrong but it is very difficult to do so when the development of shared fictions arises from an evolutionary process that appears to violate the first principle that the greater cannot come from the lesser. I also don't see what would prevent one shared fiction from being replaced with another, even if they both made the opposite claims about reality. Building upon such a foundation would be like building on sand. However, if the stories and models about our everyday experience are grounded in first principles, while it may not be perfect, would not be liable to shifting around just because an alternative fiction became more popular.

I hope this blog post sufficiently explains my concerns and responds to the comments that I have received while writing the last two. These posts were a lot harder than I thought they would be as I had to think a lot deeper than I probably would have. Since I've now told my story, I would like to open this up for a conversation. Feel free to reach out to me either in the comments or the various platforms that I hang out on.

The Lie of Useful Fictions

While writing about the helpful analysis described in Agile Conversations, I mentioned that I had some concerns with the book. While the analysis method draws upon solid scientific studies and I have personally found the conversation types useful in identifying and engaging in the different interactions that I have with my co-workers, the foundation upon which the authors built bothered me. The fundamental reason that the authors give for why conversations are effective at changing culture is as follows:

"Though our ability to gossip surpasses that of other species, [Yuval] Harari says that what is really unique about human language is our ability to discuss non-existent things. (Sapiens, Ch. 2). With this special power, we are able to create and believe shared fictions. These fictions allow us to collaborate at tremendous scales and across groups of people who have never met. In this way, a community's belief in a crocodile-headed god can create flood control works on the Nile, as described by Harari in another of his books, Homo Deus: A Brief History of Tomorrow (Homo Deus, 158). And a shared belief in continuous improvement can allow us to create a learning environment and a performance-oriented culture rather than a power-oriented or rule-oriented culture, as described in Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations by Nicole Forsgren, Jez Humble, and Gene Kim (Accelerate, 31)."

What triggered the most negative reaction was the concept of "shared fiction". The idea that fictions enabled large groups to collaborate didn't make sense. Rather than dismissing my reaction, I went in pursuit of what it was that bothered me, starting with a rough definition of "shared fiction".

I went to the Merriam-Webster online dictionary and pulled the following definition for "shared":

  • used, done, belonging to, or experienced by two or more individuals

And the following definitions for "fiction":

  • something invented by the imagination or feigned
  • an assumption of a possibility as a fact irrespective of the question of its truth

After seeing these definitions, my initial reaction was to cynically and naively reword the last sentence into the laughable statement: "And if we feigned that continuous improvement could actually happen, then we could create a learning environment and a performance-oriented culture rather than a power-oriented or rule-oriented culture..." Such a statement reminds me of the fairy tale about the Emperor's New Clothes. Just pretend and everyone will play right along until someone points out the obvious. While the rewording was overly simplistic in its application of the definitions, it led me to wonder what Yuval Harari meant when he used the word "fiction".

In an interview that he gave to the Smithsonian Magazine, Yuval Harari states:

"The truly unique trait of Sapiens [that is, human beings] is our ability to create and believe fiction. All other animals use their communication systems to describe reality. We use our communication systems to create new realities. Of course, not all fictions are shared by all humans, but at least one has become universal in our world, and this is money. Dollar bills have absolutely no value except in our collective imagination, but everyone believes in the dollar bill."

This division between the physical paper of the dollar bill and its accepted value provides a clue to what Yuval Harari means when he speaks of shared fictions. If I understand what he means, then Harari is saying that a shared fiction is a fiction that a group of people agree exists when it does not exist. I know of another more unpleasant word for "saying that something exists when it does not exist": a lie. Of course, claiming that Harari is saying the Egyptians were lying to each other about the crocodile-headed god of the Nile falls into the trap of believing that we humans can achieve perfect knowledge of the reality around us. This trap is well summarized by the authors of Agile Conversations in the section on cognitive biases that follows the paragraph I quoted from the book.

Another angle on the separation between the physical dollar and its agreed value is that there is no scientific experiment from which we can determine the value of the dollar bill. To put it another way, there is no empirical evidence from the dollar bill itself that would determine its value. Applying this pattern to what Harari says about the crocodile-headed god of the Nile, it seems to match up. The definition for "shared fiction" appears to be: "something that two or more people claim to exist that has no scientific, empirical or sensible evidence to confirm its existence." Turning to the claim in Agile conversations about a shared belief in continuous improvement, it appears that "shared fiction" as described by Harari and "shared belief" as described by Douglas Squirrel and Jeffrey Fredrick are synonymous.

If we applied this definition broadly, I fear we would find that justice, mercy, and peace would be categorized as "shared fictions". If that is over-broad, I would greatly appreciate being corrected, but based on Harari's application of this definition across science, legal theory, and religion, I find the case rather difficult to make. This definition of "shared fiction" appears to assume that "reality" would be defined as "something that has scientific, empirical, or sensible evidence to confirm its existence." These two definitions, as water-tight as they may seem, are incorrect. I will first deal with the definition of "reality" and then the definition of "shared fiction".

First, how do we know that reality is limited to scientific, empirical, or sensible evidence? If this is certain then we should be able to find such evidence to confirm it, and yet we don't. One example is the Borde-Vilenkin-Guth Proof in physics, which indicates that any universe that has an average expansion rate greater than zero must have a beginning. Since our universe does have an average expansion rate greater than zero and nothing comes from nothing, something had to begin the universe. Now, scientific, empirical, and sensible evidence requires a universe to exist in the first place, yet it would be ridiculous to claim that a fiction brought reality into existence. Another example is from a longitudinal study of near-death experiences reported in The Lancet (van Lommel, et al 2001). In that study, they determined that the near-death experiences of the patients had no physical or medical root. Included in that study are examples of patients blind from birth who were able to accurately describe the people and environment around them during their near-death experience. In both of these examples*, we have indications that reality extends beyond scientific, empirical, or sensible evidence.

Second, if reality does indeed extend beyond scientific, empirical, or sensible evidence, that would contradict the definition of "shared fiction". One potential way to solve this contradiction would be to claim, as Harari does, that when we create "shared fictions" we create new realities. This goes against the basic common sense principle that something greater cannot come from something lesser. As we human beings are part of reality, and the part cannot be greater than the whole, then we cannot create a radically new reality to replace the existing reality. In addition, we human beings build fictions out of reality, which means that reality must be greater than fiction. Another potential way to resolve this contradiction is to point to examples of people who believed in crocodile-headed gods that didn't exist and how this "shared fiction" enabled them to collaborate with each other, as if to say that "if we can do great things by believing that non-realities are real, then so be it." However, believing that non-realities are real can be summed up in another unpleasant word: "insanity". I don't see how collective insanity would be an improvement to human life; it reminds me of Dostoyevsky's Grand Inquisitor who claimed he was greater than Christ since he would ensure people would go to heaven by teaching them that sin was a fiction, even if it meant that he would burn in hell for it.

Now, the authors of Agile Conversations don't say they are spreading a "shared fiction", though they do hint at it. "[A] shared belief in continuous improvement can allow us to create a learning environment and a performance-oriented culture." The authors made a slight adjustment in switching from "shared fiction" to "shared belief". While we may invent fiction, we don't invent belief. Beliefs are often the result of observing the world and drawing conclusions. For example, I believe that I will see the sun tomorrow. However, by using the two terms in the same paragraph in a synonymous way, it appears that Squirrel and Frederick do mean to treat the idea of continuous improvement as a fiction that we should share for the benefit of others. I would posit that this effectively undermines the goal of their entire book, as it would be difficult to build trust and mitigate fear if we believed that all our work, in reality, was for a shared fiction. If that is the case, then something must have gone very, very wrong.

All this being said, there is much that was good to consider and helpful to use when working with others, so there is something "real" and not "fiction" in the book. With this in mind, I will attempt to identify in my next blog post a better foundation that would allow the book to be effective and truly promote the well-being of those who follow the conversational analysis as described in its pages.

Since I've made some very sweeping statements in this blog post, please reach out to me in case I got something wrong or missed a nuance. I want to make sure that my thoughts, perceptions, and beliefs are in alignment with reality, and that I'm not spreading a lie or encouraging insanity.

* These examples were pulled from The Big Book on

Lightweight Trust Building

I was speaking with some colleagues the other day about some low trust interactions that I had recently observed. Based on my description of my observations, one colleague commented that the interactions appeared to arise from a negative feedback loop that promoted a low trust environment between senior leadership, managers, and employees. To break that feedback loop, he recommended having the different groups take a Speed of Trust course. Having gone through a course myself, I agreed that it would encourage trust-building behavior, yet I was concerned that convincing even one group to take the course would be a monumental task. Another colleague acknowledged my concern and the difficulty with saying "Hey, I noticed you're in a low trust environment, would you like to take this trust course?"

This comment about the difficulty of opening a conversation on trust in a low trust environment prompted me to pick up the book Agile Conversations, which I had just started reading. Divided into two parts, the book describes a lightweight method of conversational analysis and the theory behind how it works followed by using the analysis in 5 kinds of conversations. The purpose of the book is to encourage high-trust, psychologically safe conversations regarding business value creation that enable participants to jointly set a direction for a project, commit to goals that will achieve it, and be accountable for the steps taken to achieve those goals. Intrigued, I kept reading.

The analysis of a conversation revolves around writing down a conversation and then comparing what was said with what was thought to improve the next conversation. A few good questions to ask during the comparison are:

  • When I ask questions, are they genuine questions or leading questions?
  • If I had difficulties or concerns with what the other person said, did I mention them and show a willingness to work with him/her to overcome them?
  • Am I being consistent in how I talk and act so that others can trust me?

These stuck out to me, as they ensured I stayed honest with myself about my intent (similar to the Speed of Trust) and promoted curiosity and transparency in my conversations. After determining what could be improved, what was said is revised to address the discovered problems. Then the revised conversation can be role-played to practice the improvements before the next conversation.

After explaining the analysis, the 5 conversations that followed were:

  • The Trust conversation
  • The Fear conversation
  • The Why conversation
  • The Commitment conversation
  • The Accountability conversation

Each of the conversations naturally leads to the next.

The Trust conversation ensures that all parties in a conversation are working from the same story of the problem or need that they are dealing with. When a person starts telling a conflicting story, follow the Ladder of Inference to determine what is causing the conflict so that it can be resolved. This ensures that everyone is working from a shared perception of the world and gives a common language that people can use to be understood. Once people trust that they will be understood, then they will more readily and easily bring up concerns that they have, leading to the Fear conversation.

As an aside, the Ladder of Inference is very close to the Catholic philosophical tradition of how we perceive the world and choose our actions based on those perceptions. Here is a rough sketch: The senses perceive the world, the imagination creates an image from that perception, the intellect recognizes the image, recognition prompts a value judgment which can trigger the emotions. Reason, reflecting upon the image, the value judgment, and the emotional reaction, determines the potential responses to the perception. The will makes actual one of the potential responses. For a more complete and accurate summary, see Aquinas' Summa Theologiae Book I. Questions 79-89 and 93

The Fear conversation provides an opportunity for the team to identify problems they fear will prevent project completion. Often the best place to start uncovering these fears is by examining the deviations of the team from their espoused way of working. These deviations are often disparate mitigations that create conflict within the team and prevent them from being effective. Once the problems are brought to light, the team as a whole can design mitigations for them. As it is probable that there are multiple causes for each problem, spend some time talking through multiple scenarios to make sure that the mitigation will be effective. As some mitigations may require an entire project to be effective, the team will start questioning if the current project is the most important thing to be done, leading to the Why Conversation.

The Why conversation builds a shared purpose and direction for the current project between team members and leadership. Within a timebox, each person has an opportunity to discuss the goals of the project and advocate for their position on them. To achieve a shared ownership of the project, it is crucial for the team to share and understand the interests that lead to the different positions, otherwise the conversation can result in an endless loop of debate. When the interests are visible, the team will naturally try to set goals that take them into account. As long as the final decisions regarding the project direction sufficiently address the different interests, the team will have a sense of ownership for the project, leading to the commitment conversation.

The Commitment conversation determines what project goal is going to be delivered and when. This requires that everyone involved in the project agrees on what is being delivered. This is only possible when they trust each other, have identified and determined sufficient mitigations for any concerns, and understand why this particular increment is the most important thing to deliver. Without achieving these first, people may be showing up, but they won't be fully participating in delivering the goal. Once the team commits to the desired goal, then work on the project beings, leading to the Accountability conversation.

The Accountability conversation communicates the progress of a project increment. It provides an opportunity for the team members to "radiate intent" and to receive feedback. This conversation is more about each person giving an account for their actions rather than being kept accountable for them. The structure of such a conversation can closely mirror the textbook standup questions: What is the current state of the project? What is planned next and the expected outcomes? what are the existing or upcoming obstacles? This conversation allows the project plan to adapt to new business constraints or missed user needs. It also creates a positive feedback loop that reinforces trust as conflicts are resolved through understandable compromises or the discovery of a more fundamental value for the business.

These 5 conversations and the analysis process looked very promising for overcoming the problems that I was facing. What made them immediately usable was that the first three conversations are all triggered when a conflict is perceived. However, the reasons describing why this analysis works gave me some cause for concern, which I'll be examining in another blog post.

What do you think? Is there possibly an even easier way to start improving trust within an organization? Are there additional conversations that could be added to this list? Is there a situation where taking a Speed of Trust course would be more beneficial? Let me know either in the comments or you can reach out to me on the various platforms where I'll be posting this.

My VPN dropped…again

During the COVID-19 stay-at-home order, I've been blessed to be able to work from home. However, I faced what many people suffered when switching from working in the office to working at home: a poor VPN connection. In my case, my connection would hiccup every 5 minutes.

This problem had shown up before we were forced to stay-at-home and I had worked on it with an excellent network administrator at my client. When tethered to my phone or using the office guest network, the VPN was rock-solid. It seemed to only fail on my home internet connection. This knowledge - combined with the stay-at-home order - gave me an excellent excuse to tinker on my home network.

The original network was a fairly typical setup:

graph LR; FTTH-->Modem[ISP Router]; Modem-->Laptop;

My first suspect in this setup was the ISP Router. Looking through its settings, I saw that passing through the public IP to another device would bypass most of the network stack in the ISP Router. As I didn't want yet another all-in-one router sitting next to the ISP Router, I looked for a vendor that supported a modular, easy to expand and maintain setup. I ended up choosing Ubiquiti Networks because of their unified dashboard that I could host myself and their "pro-sumer" hardware. A few days later, I brought home an EdgeRouter X (ER-X) and a Unifi AP Lite (AP) from the local Micro Center.

After a few hours of tinkering, I had the following setup:

graph LR; FTTH-->Modem[ISP Router]; Modem-->Router[ER-X]; Router-->AP AP-->Laptop

With this in place, the VPN drops stopped occurring and the latency dropped by a few milliseconds. I was elated, but then I noticed another problem. While the VPN remained connected, random latency spikes would cause pages to time out and video calls to drop. Ping would initially report dropped packets until the latency dropped, at which point the missing return packets would all simultaneously appear. My initial thought was that the packets were leaving the network but not making it back until the latency dropped. Suspecting that the IP passthrough hadn't really solved the problem, I attempted to physically bypass the ISP Router with the ER-X.

The ISP network will refuse service to unauthenticated devices attached to it. This meant that the ER-X needed to somehow authenticate itself in the same way that the ISP Router did. After some more research, I found three ways to accomplish this:

I picked the second option as bridging meant a slower connection and extracting authentication keys seemed legally dubious. I changed the physical configuration again and began configuring the ER-X.

graph LR; FTTH-->Router[ER-X]; Router-->Modem[ISP Router]; Router-->AP AP-->Laptop

I was able to get eap_proxy started only after I found an issue on the eap_proxy Github project and downgraded the firmware on the ER-X to an older supported version. However, the auth packets from the ISP network still weren't making it to the ISP Router. After tweaking different settings and some more research, I found a guide on Github which solved my problem. To make sure that only the required setting were in place, I reset the ER-X to it's factory settings and then walked through authenticating with the ISP network one last time.

With this final set up, I again tested my VPN dice. Armed with the additional details now in the Ubiquiti dashboard, my new suspect was the AP, as I saw a jump of WIFI retries when I was working in my study. So I bought an Ethernet cable and ran it to the study, to see if that would solve the dice. I replace the cable between the ER-X and the FTTH dice.

I was rapidly running out of options. Mildly frustrated that my hardware fixes didn't make any difference, I started tcpdump on the router and watched the VPN keepalive packets between the laptop and the VPN server. Then my understanding of the problem flipped. The laptop would pause in sending the keepalive and then it would send a whole bunch, matching the latency spike. The laptop itself was source of the problem. With this new insight, I set out to show whether it was a hardware or software problem.

To test whether it was a hardware problem, I set up a Linux VM on the laptop and connected to the VPN within the VM using openconnect. No problems. Perhaps the supplied AnyConnect client was the problem? I looked through the brew repository and discovered that an openconnect client existed for macos. I immediately installed and tested it. no problems.

Reaching this resolution took a couple weeks and it's held up for several weeks now. The open-source alternative to the AnyConnect client has been working just fine. At some point, I'll need to re-install the AnyConnect client to see if there was some old driver or library that was causing the network problem. It's been very nice to be able to get my work done without my connection dropping all the time.

Where did this 404 come from?

Recently, a friend reached out to me to help him debug a 404 error that didn't make any sense in his Kubernetes cluster.

He had a rather simple setup:

  • a pod for his application
  • a nginx ingress used as a load balancer
  • a nginx ingress that pointed to the application pod
  • cert-manager for automatically generating certificates from Let's Encrypt

After talking through his setup, I put together the following diagram:

Mental model of his setup

Rather than the 404 error, he expected a 308 redirect from the root domain to the www subdomain, e.g. redirecting to

With this information, I traced the 404 through the logs to the ingress. So I cracked open the existing ingress configuration:

apiVersion: extensions/v1beta1
kind: Ingress
  name: my-ingress
  namespace: my-app-ns
  annotations: true letsencrypt
  - host:
      - backend:
          serviceName: my-app
          servicePort: 80
        path: /
      - backend:
          serviceName: cm-acme-http-solver-4k39l
          servicePort: 8089
        path: /.well-known/acme-challenge/d34db33fde4db3ef
  - host:
      - backend:
          serviceName: cm-acme-http-solver-7l45p
          servicePort: 8089
        path: /.well-known/acme-challenge/d3adb33fd34dbe3f
  - hosts:
    secretName: my-ingress-cert

Within this configuration, I noticed 2 things:

  1. The nginx ingress annotation which sets up the www redirect.
  2. The "/.well-known/acme-challenge/" paths indicated that the cert-manager had been set up to use the HTTP01 Challenge for Let's Encrypt

Perhaps the host stanza for "" was the problem? I removed it and applied the configuration to the cluster, watching the logs. Once the configuration was applied, cert-manager stepped in and updated the configuration to re-add the missing stanza, at which point the nginx-ingress refused to create the redirect to the www subdomain. There was the problem!

I spoke with my friend about switching cert-manager to use the Let's Encrypt DNS01 Challenge. He pointed out that cert-manager didn't have an integration for his DNS provider, which is why he hadn't used it in the first place. Until that integration existed, we needed a solution that kept the existing cert-manager configuration and didn't use the "from-to-www-redirect" annotation.

After some trial and error, and some help from Stack Overflow and the DigitalOcean community, we ended up using the following annotation: |
  if ($host = "") {
      set $test "1";
  if ($request_uri !~* "^/.well-known/") {
      set $test "${test}1";
  if ($test = "11") {
      return 302$request_uri;

Because nginx does not allow the if directive to handle multiple conditions, we had to use three conditions. The first two test the actual properties we wanted to check, while the third tests the outcome of those two previous checks. This workaround was rather gnarly yet ensured that cert-manager could renew certificates for the root domain while redirecting all other traffic to the www subdomain.

Those 404 errors

When I posted last, I noticed that the nice permalink took me to a 404 error page rather than my intended blog post. So I temporarily disabled the nice permalink until I could debug the problem.

After digging into it, it turned out that I was missing this stanza from my Apache configuration:

<Directory /var/www/wordpress/>
AllowOverride All

This meant that Apache was ignoring the .htaccess file that WordPress generated for permalinks.

Once I put that stanza in place, the permalinks started working again.

Many thanks to author of a DigitalOcean Community Tutorial for helping me solve this problem.

EDIT: Turns out, the post on LinkedIn was still returning a 404, since it wasn't prefixing the link with https://. Now I've setup a permanent redirect with:

Redirect permanent /

Let’s try this again.

Much has happened since I last posted something: a move, a new job, kids, and more! Reflecting on my motivations for writing, I realize that I was attempting to write at length on topics that I knew next to nothing about. With this in mind I've thrown out all my drafts and plan to keep my posts short and simple.

Reflecting on recent events: The crisis in the Catholic Church, the increasingly extreme divisive language in politics, and the spiritual and moral poverty in society, I've realized that so much of what we argue about is peanuts in comparison to God's plan. I'm hoping that these blog posts are a kind of almsgiving.

We all need to turn to the Lord God, beg for his forgiveness and mercy, and seek to conform our wills to His. Only then will the Church recover, the politicians forgive, and society be spiritually and morally enriched.


For the men who read this,  I invite you to come to the Holy League Holy Hour for Men at Annunciation Catholic Church on Wednesday, March 13. Church doors open at 5:00AM with Exposition of the Blessed Sacrament and the Sacrament of Reconciliation beginning at 5:30AM, followed by Mass at 6:30AM, and fellowship with other men from around the Archdiocese of Galveston-Houston after Mass.

Thoughts about Apple’s Customer Letter

I've done some research on the court battle between Apple and the FBI (AKA read some blogs, listened to coworkers) and the Apple's letter to customers does a fairly decent job in explaining the current situation between them and the FBI. However, the letter glosses over some of the underlying political, technical and philosophical problems that I believe are essential to understanding why Apple is refusing to comply with the FBI's demands.

Politically, this is 'dynamite' for the case the FBI has been making for the last several months for creating a backdoor in encryption. Up to this point, the FBI has made the case using the media with the goal of having state or federal laws passed to create this backdoor. This case gives them the ability to 'speed up' the process by having this decision made in the courts, rather than having to slowly work through an increasingly stagnant legislative system. There is also plenty of evidence that this is an attempt by the FBI to make an example out of Apple. If the FBI can strong-arm what is currently the most profitable tech company in the world - a company that markets its products based on quality and security - into creating a backdoor into its products, then all the other tech companies will more likely 'roll-over' and put in back-doors as well. Also, we have evidence from several whistle-blowers and tech companies that the FBI is known to intentionally modify technical equipment to perform surveillance, so for them to go ahead and create the backdoor themselves for this particular iPhone is not exactly outside of their capabilities. In addition, Apple specifically requested that the FBI not go public with this case, but the FBI did so anyway, which is probably one of the reasons why the customer letter was written.

Technically, a backdoor in encryption is just a flat-out bad idea. Encryption is used for online shopping, online banking, healthcare records, and government secrets, just to name a few. In the case of the iPhone, this encryption is used to help ensure that if someone steals your phone, and you have it locked, then there is no way for them to access the data on the device. It is also used to ensure that messages sent between phones cannot be intercepted and modified between the sender and the receiver. The obvious downside is that it also can prevent law-enforcement from legitimately accessing the phone of a convicted criminal. However the idea of developing encryption that is strong for government but weak for individuals is flawed. In fact, there have been a number of recent computer attacks that happened because certain security technologies which were compliant with the now rescinded rules from the 80's and 90's against exporting encryption technology. The best analogy that I can think of putting a backdoor in encryption is the scene in the Lord of the Rings movie where Denethor says the Ring "should have been brought back to the citadel to be kept save, to be hidden dark and deep in the vaults, not to be used, unless at the uttermost end of need." The FBI would be creating something in order to be "safe", and yet would set up the very weakness that terrorist organizations and other bad actors would love to exploit, as there would be no way to stop them, since the hole in our defensive structure would be there by design.

Philosophically, the whole question is being placed by the FBI on the false dilemma of 'security versus privacy'. Apple is attempting to shift the conversation to more 'freedom versus fear'. The idea of 'security versus privacy' is a false dilemma because security is impossible without privacy and vice-versa. In order to establish the common good, respect for the person requires that his privacy be safeguarded, and that the security of the community is maintained, (see Catechism of the Catholic Church 1907-1908) To sacrifice one for the other would be destructive to the common good and would prevent either from being realized at all. Apple's attempt to re-frame the question is definitely closer to what we should be concerned about, but I do acknowledge that while they say the right words, the meaning behind them is very different, being rooted in a more individualistic sense of freedom, which I talk about a little bit here and here.

For a more in-depth look at this story, I highly recommend Troy Hunt's article: Everything you need to know about the Apple versus FBI case.