Disaster Relief Buckets of Love and more…

Buckets of Love

The Arkansas Baptist State Convention is collecting “Buckets of Love”.  These are really helpful items for victims and their friends/family that are assisting in the clean up. See the brochure below and deliver the buckets by Friday to Central Baptist Church Conway, 3333 Dave Ward Dr, Conway, AR 72034.

Regarding relief supplies:

I’ve seen a need for more Gatorade and sports drinks, masks for the workers, and colors/coloring books for kids. In Vilonia you can drop off supplies at Beryl Baptist Church (Red Cross HQ).

Volunteers:

Authorities are asking people to not self-deploy. If you’d like to volunteer you can put your name on the ABSC list here

Buckets of Love

 

The Same Voice Still Speaks Life

sunday_is_coming_life_voice

God raised him up, loosing the pangs of death, because it was not possible for him to be held by it. (Acts 2:24 ESV)

At the point that all seemed lost I imagine hearing God the Father’s voice speaking the name of his Son in the darkness of Saturday night. Divine vocal chords piercing into the abyss of death and hell. A phrase that changed everything.  – Jesus, my son, Arise.

The Bible doesn’t tell us the exact words God used but it does tell us repeatedly that the same voice calls life out of our death as well.

When we are trapped by our sin suffocating under the weight of our self-centeredness and wickedness that voice of YHWH pierces through. The power it contained 2000 years ago hasn’t diminished one iota. God is still in the resurrection business.

That voice is giving life to men, women, orphans, families, murderers, deacons, Sunday school teachers, our homeless neighbors and even we folks that have lost sight of God in our business of church. Gods speaks life to all who will come.

Wherever you are tonight do not despair. The Good News still stands, your debt has been paid.

Do not mistake seeing Jesus sacrifice as rudimentary appeasement of an angry terrible beast name God. He died because the wages of sin is death. God is Life and Holy and cannot abide sin. Justice demands a price and once we chose to sin that price was demanded of you and I. It is through God’s love and mercy that he made a means of atonement for you and I. Take hold of the cross and choose to live!

Glory Hallelujah Sunday is COMING!

because, if you confess with your mouth that Jesus is Lord and believe in your heart that God raised him from the dead, you will be saved. (Romans 10:9 ESV)

//image credit Stephen A. Wolfe

Heartbleed blah blah blah – What does it mean for me?

Question Mark

I’ve read a lot about Heartbleed lately but I don’t really understand it. What does it mean for my family?

A friend texted me this question yesterday and I’m going to do my best to answer this question in non-tech talk because I feel like the message to normal folk is getting lost in technical language and there are likely more friends and family wondering the same thing.

 

Heartbleed is a bug in the code that many sites use to secure websites. The webcomic xkcd actually did a great job of explaining it

Heartbleed explained by XKCD

Heartbleed explained by XKCD

Heartbleed is going to affect you in 2 primary ways.

Lots of password changes

Every account you have with a website that used OpenSSL should be considered compromised and you need to go change your password. Thankfully many sites are sending out emails and publishing blog posts to notify their users. This password reset is to prevent any unauthorized access (folks other than you) from logging in to the site or app just in case your password might have been exposed using Heartbleed.

What sites are affected? Mashable has a very good list but don’t go changing everything just yet. Websites really need to take 2-steps to fix the problem before you change the password (more on that in a bit). Without these changes the new password might be exposed. It’s akin to having your phone tapped and giving out your new number to anyone eavesdropping.

So how do you know a site is fixed and is ready for you to change your password? Well there isn’t a single good answer. Check the website of the company, ask them via Twitter do a bit of research. If you are a user of Lastpass then they did their users a huge favor and added a feature to their security check to show every account saved in Lastpass that may be affected and indicating whether it was now safe to change your password or not. Don’t you wish you used an incredible service like Lastpass 🙂

Facebook, Pinterest, Tumblr, Soundcloud, Yahoo and most of the big sites are safe know so you can change those passwords anytime.  Some of the notable sites that aren’t secure as of this writing are Imgur, Instagram, and Flipboard.

Malicious Websites using a stolen “valid” certificate

Let’s start with an oversimplified explanation of Secure Websites.

When you login to your bank the little lock in your browser means that your bank bought a certificate from the web trusts and is using it to encrypt your data so other folks at the coffee shop don’t get a peek at your password. That security lock means 2 things: 1) you are really dealing with your bank and 2) information submitted through that webpage is secure and only visible to your bank. That is what SSL technology does in a nutshell. You can see that when that system is compromised its a big problem. Welcome to Heartbleed.

If you are familiar with phishing then you know that attackers will craft an email or website to look similar enough to your bank, google, yahoo etc… to fool you into typing in your username and password. If you fall for it then you’ve handed your account over to an attacker. This OpenSSL bug opens the door for attackers to not only impersonate website but now they might be able to steal that websites certificate and make their forgery even more convincing.

I mentioned before that websites have 2 steps to secure themselves. 1) Apply the OpenSSL patch which fixes the bug 2) Get a new certificate and revoke the old one that marks it as bad.

Once they mark the old certificate is marked as bad your web browser should flag you that the certificate used on this website is no longer valid. The only catch? Chrome and Firefox don’t do this by default. Follow the instructions here to change those settings to check for revoked certificates in Chrome and Firefox.

Final thoughts

Its difficult to predict the fallout of Heartbleed. It will be learning process for both the security community and everyone involved from Certificate authorities to browser vendors.

TL;DR The best you can do is to change your passwords, use something complex and unique to that site (don’t reuse passwords, seriously— don’t) and make sure your web browser settings give you the most security and to keep your wits. If something looks off or strange don’t type in your password.

Further Security Tips

  1. Passwords: You can’t remember complex 22 character passwords. Use a password manager like Lastpass. Stop using passwords and start using passphrases 4 words add punctuation. BlueElephantlovesYanni! is an incredible password and you can remember it.
  2. Enable 2-Factor Authentication: This is an extra step and uses your mobile phone as a 2nd form of authentication. Use it on Google, Apple, Yahoo, and many more. Start with this article Here’s Everywhere You Should Enable Two-Factor Authentication Right Now, I use the Authy App on my phone to keep track of all my 2-factor enabled accounts
/image credit ryanmilani

Heartbleed and your web browser

There is a very nasty vulnerability known as Heartbleed that has been discovered within OpenSSL. While you may not be familiar with OpenSSL you are familiar with the hundreds of thousands of sites that use it to protect your passwords and encrypt your data. It is estimated to be implemented on a 1/3 of all secured webservers and it is used by sites like Yahoo, Imgur, and many others.

The vulnerability allows an attacker to gain plaintext chunks of text in 64k segments. These segments have been proven to expose visitor cookies, user passwords, and perhaps most worrisome the private keys of Web Server SSL Certs. In laymans terms that means I not only broke into your house but I changed the locks. (infosec folks please don’t take the analogy too far, I realize it is more akin to being able to spoof locks but I digress). Because of this potential key compromise Yahoo and many other companies are going through the process of revoking and regenerating their SSL certificates.

Why should you care?

If an attacker has gained the private key of a certificate they can then use that certificate to make themselves appear legitimate unless your web browser checks for certificate revocation. Chrome nor Firefox do this by default. (they should and I’m hopeful they will).

You can manually enable this feature and I would suggest that you do so. It is not a cure-all nor fool proof but the fall out from heartbleed is going to be significant and honestly this future should be enabled at all times.

How to change your browser settings:

Chrome – go to settings, click “Show Advanced” and find this setting

ChromeRevocationSetting1

ChromeRevocationSetting2
Firefox – settings, advanced, Validation, then check both boxes

FirefoxRevocationSetting1

2014-04-09_1152_001

IE – I believe these are on by default but to be sure, go to settings, advanced and find these settings

IERevocationSetting1

Further Reading

For further reading regarding Heartbleed:

The Greatest Comedian You’ve Never Heard Of

Minister of Mirth: Grady Nutt

Minister of Mirth: Grady Nutt

I have a special place in my heart for great comedy and as a youngster I thrived off Ray Stevens, Bill Cosby, and Grady Nutt. Most of you recognize 2 of these names but you aren’t familiar with the venerable Mr. Nutt.

Grady Nutt is the best comedian you’ve never heard of. This is a true southern brand of comedy that centers around church and families and it is absolutely hilarious.

I’ve looked for clips of his sketches for years and on a whim decided to try again today (it’s maintenance night and I need something to entertain my ears) and EUREKA; I found the exact album that I played endlessly.

So do yourself a favor and check out “Funny Stories from the Prime Minister of Humor

I recommend you start with “When the Roll is called up yonder”  – My favorite joke of all time. and don’t miss “I have an Odor” and the “Dinner on the grounds“.  I hope you enjoy these bits as much as I do.

Passing Away

We are immersed in thoughts of food that will be gone tomorrow, a situation at work that you won’t remember in 6 months, a repair on a house that will be shambles in 50 years, and building a legacy that will be forgotten by our own ancestors in 200yrs.
For all that is in the world—the desires of the flesh and the desires of the eyes and pride of life—is not from the Father but is from the world. And the world is passing away along with its desires, but whoever does the will of God abides forever. -1 John 2:16-17

A Personal Interpretation of the Lord’s Prayer

Make Your Name Holy

My Pastor has recently been preaching thru the Sermon on the Mount and his teaching on the Lord’s Prayer was a catalyst of internal revolution. While I have never used this prayer as something to recite I have recently discovered the real blessing of turning the “Lord’s Prayer” into my prayer. After reading my friend Savannah’s blog post this morning I was prompted to finally share a personal interpretation of the Matthew 6:9-13.

Our Father in heaven,
hallowed be your name.
Your kingdom come, your will be done, on earth as it is in heaven.
Give us this day our daily bread,
and forgive us our debts, as we also have forgiven our debtors.
And lead us not into temptation, but deliver us from evil.

-from the Gospel of Matthew

 

God you are high and holy, above all, seated on a heavenly throne, yet you are near. You desire fellowship with me. You desire that I know you as my father.

Make your name Holy. Make it holy through me. Make it Holy to your people. May your very name be whispered with awe.

May your ways come alive in me today. May I live out your kingdom as I walk through this day. May I be an ambassador of your upside-down way of interacting with this world.

Lord grant me what I need today. Be it protection, health, or merely bread. Remind me of my utter dependance upon you this day, every day.

Lord forgive my many sins. May you pour your mercy upon me as I continue to grant that mercy to others. Help me to repent and walk toward you.

Father, please protect me from the temptations that I cannot withstand today and give me the strength and wisdom to bring you glory and be refined by the trials you choose to allow.

Amen.

-a personal interpretation

I highly recommend you taking time to listen to Bro. Wyman’s sermons on the Model Prayer and the Sermon on the Mount as a whole.

I’m grateful for friends and leaders like @SavannahB and @WymanRichardson that inspire me and challenge me. You’d be blessed as well by following and reading them.

photo credit Dennis Peterson

Taking Threats to the Throne

a_letter

“In the fourteenth year of King Hezekiah’s reign,King Sennacherib of Assyria came to attack the fortified towns of Judah and conquered them.” 2 Kings 18:13

All their fears were now realized and knocking at their doorstep.

The Assyrian Army had already conquered all of their neighbors including Israel and now they had overrun the border cities of Judah and have arrived at the gates of Jerusalem. King Hezekiah was a good and Godly king but in the face of this overwhelming threat his faith crumbled and he retreated to his own power. He attempts to pay a ransom for their safety and does so by robbing the silver and gold in the Temple and even stripped the Gold from the doorposts of the Temple.

He and his people are scared and lacking faith. When the ransom fails to save them he sends messengers to the prophet Isaiah as a last resort, asking Isaiah to pray to “His God”.

Bend down, O Lord and Listen

When the final written warning from Sennacherib comes, Hezekiah makes a very different choice,

“After Hezekiah received the letter from the messengers and read it, he went up to the Lord’s Temple and spread it out before the Lord.” 2 Kings 19:14

He took that threat which was sure to destroy him and everything he loved and he went straight to God. He took the threat to the throne.

I don’t know what you are facing today but I if you are drawing breath then you are either in the midst of a threat or one is coming around the corner.

Don’t retreat to your own strength and resources but rather remember you are a child of the King and even when you make a terrible mistake, as Hezekiah did, God is waiting for us to confess our fears and admit our inability to handle them.

Once we spread that letter out in front of God that my friend is when Jehovah Sabaoth (Lord of Hosts) shows up.

Dear Christian, take your threat to the throne room. You serve an almighty God who is not surprised by the threat or your weakness and he will use both to bring Glory to Himself.

“But have you not heard? I decided this long ago. Long ago I planned it,and now I am making it happen.” 2 Kings 19:25

PS: Don’t miss the God’s full response to Sennacherib, in 1 Kings 19:2-34

 

Snowden and the Perseverance of Privacy

liberty_bell_jefferson_quote

If you’re not outraged, you’re not paying attention.

In early June a 29 year-old NSA security contractor, Ed Snowden, decided to go public with information that should permanently alter the discourse and decisions that balance intelligence gathering and citizen privacy in this country for the next 50 years.

In brief he detonated 2 intelligence bombs, that the NSA had,

  1. Required Verizon, via the FISA court, to disclose “the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls” on all of its customers. This was not a one time requirement but an order to produce this data on an ongoing basis. via The Guardian: NSA collecting phone records of millions of Verizon customers daily
  2. Created a data mining program that had direct and complicit Access to Web Companies like Facebook, Google, and Skype. via The Washington Post: U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program

Ied_snown response to these revelations Ed Snowden has been charged with espionage and has slipped out of Hong Kong to seek political asylum in Ecuador. He appears to be employing the advisers of Wikileaks founder Julian Assange who is currently in asylum in the Ecuadorian embassy in London.

These revelations represent a stunning abuse of our basic rights to freedom and privacy and the whistleblower that brought them to light is on the run.

This is not my America.

We are all at fault

In the post 9/11 era George W. Bush’s administration pushed for and a narrowly Republican congress passed the Patriot Act which broadly expanded law enforcement’s surveillance powers without sufficient judicial oversight. Then remarkably his administration went even further by embarking upon an illegal warrantless wiretapping program that when it became public required congress to enact the FISA Amendments Act of 2008 so the covert program would no longer be criminal. Lest we forget, FISA stands for the Foreign Intelligence Surveillance Act, keyword: foreign.

Every iota of privacy we are clamoring to regain from the intelligence community is a direct result of this sweeping “patriotic” legislation and its re-authorization amendments.

Amendments that have been consistently supported by Republicans. (The NSA phone surveillance program that Snowden revealed was authorized under Patriotic Act Section 215.)

However, if Bush initiated this dreadful state of affairs then President Obama has made it into an art form. Obama made such a seismic shift from his campaign trail opposition rhetoric to supporting the FAA expansions as President that the outcry from the left at the time was deafening. When you couple the AP leak investigation with these NSA disclosures you must wonder at what point do we convene congressional hearings on domestic spying and haul this administration in and demand answers under oath?

So regardless of your political persuasion it is time to take responsibility for the cess pool that our willful ignorance has hydrated. We are all at fault.

Let us now resolve to become part of the solution.

The Time is Now

If we, the citizens and voters in this Republic, do not take a vocal and visceral stand against this abuse of power and in opposition to an intelligence community operating with impunity we may very well find that we have permanently punted our ability to preserve liberty or have oversight of these “public servants” who have sworn to uphold the tenets of this country they so readily shred.

It is imperative that we ask our elected officials and candidates for Congressional office the tough questions about protecting our privacy.

It’s time to ask why 53 senators thought so little of an NSA briefing on phone surveillance that they could not be bothered to attend. Senator Pryor why weren’t you there?

Let us ignore the party affiliations affixed to the names of candidates and instead ask them to explain how they will uphold our Bill of Rights including the Right to Privacy. If their answer doesn’t demand specific warrants for domestic surveillance then it is the wrong answer and they should be voted out.

May I suggest 2 specific actions:

  1. Support the Bipartisan HR2399 LIBERT-E Act – It seeks to limit government surveillance without due process of law.
  2. Sign the StopWatching.us Open Letter to Congress – It calls for reform to section 215 and asks for a special committee to investigate the extent of domestic spying. <– 2 great questions to ask the next politician asking for your vote. Also I’d recommend following @stopwatchingus

On Snowden

There is little doubt that Snowden broke the law and at least some of the charges against him are legitimate. However, as Schneier eloquently states, “before the Justice Department prosecutes Snowden, there are some other investigations that ought to happen.”

I’m no legal scholar but perhaps we can find a way to simply indict him and release him on bail pending further review. I’d much prefer Snowden be sitting in the Capitol giving testimony than in an Ecuadorian embassy on the run from intelligence community I no longer trust.

For more enlightenment on this issue may I suggest:

Don’t wish me Happy Birthday – Part II

Empower people around the world with $25

Thank you for taking a moment to find out more about “Don’t wish me Happy Birthday” and my 2nd attempt to turn eyeballs into action.

Adult birthdays are often low key events so it makes the friendly flood of well wishers on Facebook that much more enjoyable. For 1 day your birthday event is prominently featured on the top right of your friend’s Facebook streams and this is small attempt to take advantage of that exposure to do something more.

Let’s change the world the a little bit today.

Instead of wishing me Happy Birthday I’m asking you to

[maxbutton id=”1″]

Kiva is a microlending site that turns lots of small donations from people like you and me into loans that help people around the world accomplish their dreams and provide for their families. Its radical and it works!

Narangerel is using the money to buy sheep in Mongolia

Narangerel is using the money to buy sheep in Mongolia

I’ve been a lender at Kiva since 2011 and I’m thrilled to say my donation of $25 has been lent out and repaid 3x. It is a real blessing to see such a paltry sum help people in Peru, Kenya, and currently being used by lady named Narangerel in Mongolia. I wait for the loan to be repaid and then I just pay a small processing fee to fund a new project.

I’m not made of money, we are expecting the arrival of our 2nd child in a couple of weeks and on a single income we have to watch our finances pretty close. I get frustrated by not having the resources to really make a difference in projects I believe in but that is one of the reasons I’m an advocate for Kiva. They take my little bit and turn it in to so much more. We both have a little bit don’t we?

But wait there’s more…

What if I gave you a free $25 to lend?

Done. Just join Kiva using my invite link, we will both be given $25 to loan for FREE.

I’m grateful that Kiva has Donor’s that step up and sponsor promotions to get more people involved in microlending. So thru their generosity I can give you $25 to lend for free. You’ll just pay a very small processing charge $3.75 I think. That covers admin cost and keeps the full $25 headed to the person needing the loan.

That’s it. That is the whole plan.

Pass it On

If you want to wish me Happy Birthday you are more than welcome to do so. I love hearing from friends. If you’d like to help make a difference in the world today I’d be eternally grateful.

After you join (or even if you don’t join) Would you consider helping spread the word about “Don’t wish me a Happy Birthday”? Just send your friends a link to DontwishmeHappyBirthday.com or this blog post.


Thank you – Here’s to another 35 years. God Bless.

-Keith