avatarTeri Radichel

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

5582

Abstract

alcoholics, for reasons yet obscure, have lost the power of choice in drink. Our so-called will power becomes practically nonexistent. We are unable, at certain times, to bring into our consciousness with sufficient force the memory of the suffering and humiliation of even a week or a month ago. We are without defense against the first drink.</p></blockquote><blockquote id="b97c"><p>~ The Big Book, page 24.</p></blockquote><p id="2733">I mumbled something about doing more therapy sessions to stay in touch with my baseline feelings, but my new sponsor was having none of it.</p><p id="e1c9">‘This isn’t an emotional issue!’ he said, cutting in. ‘This is a memory issue that no amount of therapy you chose to throw money at will solve.’</p><p id="1800">He even suggested that the mental blank spot could be similar to a form of amnesia or dementia that science hasn’t picked up on yet.</p><p id="4ad6">‘But why hasn’t science picked up on it?’ I asked, holding the phone tightly.</p><p id="26fb">‘Probably because this blank spot only happens at certain times. Most of the time, it lays dormant.’ he replied before warning,</p><p id="337a">‘And unfortunately, this dormancy feature gives us an illusion of power. We think we’ve got sobriety now because our memory and willpower function normally again. Until, the condition randomly comes back online, and we relapse, leaving us totally baffled as to why it happened.’</p><p id="a3e9">My new sponsor sighed deeply.</p><p id="f455">‘It’s heartbreaking,’ he said softly. ‘Especially if you’ve relapsed after being multiple years clean. But it is sadly needed to show you that you are genuinely powerless, regardless of how much you desire and want to be sober.’</p><p id="969d">My head was spinning. Every sentence felt like the jolt of an electric cattle prod.</p><p id="8e0a">Later that day, I looked back at my recent relapses. I found no real conscious memory of consequences before any of them.</p><p id="352f">It appeared relapse was happening to me, not by me.</p><blockquote id="8aba"><p>As soon as I regained my ability to think, I went carefully over that evening in Washington. Not only had I been off guard, I had made no fight whatever against the first drink. This time I had not thought of the consequences at all. I had commenced to drink as carelessly as though the cocktails were ginger ale. I now remembered what my alcoholic friends had told me, how they prophesied that if I had an alcoholic mind, the time and place would come — I would drink again. They had said that though I did raise a defense, it would one day give way before some trivial reason for having a drink. Well, just that did happen and more, for what I had learned of alcoholism did not occur to me at all. I knew from that moment that I had an alcoholic mind. I saw that will power and self-knowledge would not help in those strange mental blank spots. I had never been able to understand people who said that a problem had them hopelessly defeated. I knew then. It was a crushing blow.</p></blockquote><blockquote id="93f7"><p>~ The Big Book, page 41.</p></blockquote><figure id="7922"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*n4r4HuNFWSnCD_WU"><figcaption>Photo by <a href="https://unsplash.com/@alicealinari?utm_source=medium&amp;utm_medium=referral">Alice Alinari</a> on <a href="https://unsplash.com?utm_source=medium&amp;utm_medium=referral">Unsplash</a></figcaption></figure><h2 id="287c">A Belief That It Will All Be Alright.</h2><p id="baea">Sadly, the ‘blank spot’ wasn’t all that was happening.</p><p id="7c3e">My new sponsor later explained that something else was happening in my mind, a kind of twisting of my thinking that I couldn’t see either.</p><p id="02a0">This is the other main feature of the relapse condition.</p><p id="da70">The Big Book explains it as follows:</p><blockquote id="f067"><p>But there was always the curious mental phenomenon that parallel with our sound reasoning, there inevitably ran some insanely trivial excuse for taking the first drink. Our sound reasoning failed to hold us in check. The insane idea won out.</p></blockquote><blockquote id="4ad8"><p>~ The Big Book, page 37.</p></blockquote><p id="da58">Anytime the ‘good idea’ of relapsing suddenly popped into my head, part of me would start to minimise the lunacy of this thought.</p><p id="e2c7">I would begin to rationalise this catastrophic idea with excuses and reasons why it would be, in fact, okay to relapse despite being in recovery.</p><p id="432a">No matter how insignificant and non-sensical those reasons were, they quickly became plausible and seemingly rational.</p><p id="6997">At the same time, the urge to want to relapse would start to surge.</p><p id="cdc4">A fear of missing out would relentlessly come crashing in like waves rolling in and out of my consciousness.</p><p id="b225">Thoughts and narratives of why it would be okay this time would dominate my thinking.</p><p id="fe2d">Finally, a tidal wave of justification would smother me into deep unconsciousness.</p><p id="c65b">Convinced of my rationale, I would carry out my plan, only to revert back to type and do everything I said I wouldn’t do, and again, find myself powerless to stop once I started.</p><p id="34a2">This twisted thinking was nothing more than a lie, but I believed the lie and didn’t see the flaw in the logic in light of my track record with partying.</p><p id="888a">To any average person, this kind of thinking and decision-making would be termed irrational, unsound, or even insa

Options

ne.</p><p id="d880">The Big Book calls this thinking an <i>‘obsession to beat the game’</i>.</p><p id="9087">Whether it’s a vague idea that this time it would be different, that I would do it differently and party like a gentleman.</p><p id="b075">Or the well-loved excuse that this will be my last relapse. After this final time, I’ll be done for good. I’ll get on with my life.</p><p id="be67">But, it never was different and that last time never did happen.</p><p id="149d">My new sponsor would remind me often,</p><p id="a62b" type="7">‘You aren’t changing your mind when you’ve decided to give in and party; your mind has been changed for you.’</p><h2 id="4c19">It Centers In Our Minds</h2><p id="f0e7">Of course, there is a body element for the addict.</p><p id="86b6">Naturally, as a consequence of the constant extreme usage of powerfully addictive substances and processes that are designed by their very nature to make you want more and more, addicts have developed a sky-high tolerance.</p><p id="2d70">But there’s this annihilation approach to our acting out and using once we start, which the Big Book describes as the <i>‘phenomenon of craving’</i>.</p><p id="01c2">In the Doctor’s opinion in the Big Book, Dr. Silkworth calls the phenomenon of craving an ‘allergy’, but my new sponsor wasn’t too keen on that idea.</p><p id="10af" type="7">‘If it’s an allergy, then why doesn’t the phenomenon of craving happen every time?’</p><p id="ae75">Regardless of whether it is an allergy, the body part becomes irrelevant, as most people with a severe peanut allergy don’t tend to keep repeating the total lost cause of trying to have another peanut to see if they will react differently.</p><p id="2e48">They don’t touch or go anywhere near peanuts because they remember how terrible it was last time.</p><p id="436a">Once or twice is enough.</p><p id="3796">Not so with the real addict because of the first two features of the disease; they will not only be back gorging on peanuts, but they will eventually take up residence in a peanut factory.</p><blockquote id="e3f6"><p>There is a complete failure of the kind of defence that keeps one from putting his hand on a hot stove. The alcoholic may say to himself in the most casual way, “It won’t burn me this time, so here’s how!” Or perhaps he doesn’t think at all.</p></blockquote><blockquote id="d5e6"><p>~ The Big Book, page 24.</p></blockquote><p id="5cb9">That’s why the Big Book says the real problem ‘centers in our mind’, not our bodies.</p><p id="22d4">‘What will happen now,’ my new sponsor forewarned, ‘as the relapses get worse, the time between them will get shorter and shorter.’</p><p id="6f0b">This condition is progressive.</p><p id="e8f1">Therefore, the blanking and twisting will naturally grow in scope and reach until you can no longer differentiate the true from the false.</p><h2 id="869b">Turning To Something Else</h2><p id="922a">If you believe in the disease concept of addiction, that this is a disease, a fatal illness precisely like any other life-threatening condition, then you have it for life.</p><p id="a2d8">There is <b>nothing </b>you can do to change that.</p><p id="d5f6">If you constantly can’t remember why or how you relapsed despite your honest desire not to.</p><p id="9aaf">Or if you continually relapse, believing some trivial reason or silly excuse to relapse while dismissing the genuine consequences, then you are a real addict.</p><p id="a47a">You have this relapse condition.</p><p id="840d">You <b>crossed a threshold </b>where, at certain times, your inability to use reasoning and rational thinking won’t even register for you.</p><p id="d8c6">The tragic truth is that once that threshold has been crossed, you have <b>no choice</b> but to relapse.</p><p id="0564">A compromised part of your brain will always fire the thought of using or acting out. That will never change. It’s wired like that for life.</p><p id="5fb0">There is no cure.</p><p id="fcca">Even this information won’t save you, as at certain times, you won’t be able to recall any of it when it matters.</p><p id="7fc5">So, let go of trying to change that.</p><p id="59f9">Let go of any old ideas around fighting it and instead get out of the way and <b>trust in something else</b>.</p><p id="b722">After all, that’s all you’ve got.</p><p id="5065">There’s nothing you or anyone else can do to stop this relapse condition.</p><p id="d1dd">But there’s everything you can do about everything else.</p><p id="5e51">There’s everything you can do about building a <b>spiritual dimension</b> to your life, by giving back, helping others, living in genuine faith and trusting in something greater than you.</p><p id="3096">There’s everything you can do to improve your awareness and intuition, raise your consciousness and develop another part of your brain.</p><p id="7598">And let this part of your brain grow bigger and stronger than that addictive part so that it can embrace and look after that compromised part.</p><p id="d2e3">Just like a bigger and wiser older sibling can care for and comfort a much younger upset sibling by giving that stressed child a big hug.</p><p id="da93">There’s everything you can do about deciding to take on a new attitude, direction, and way of life that will keep this condition dormant one day at a time.</p><p id="e415">If this article speaks to you, please follow, share and subscribe to me for more.</p><p id="fc50">Click <a href="https://twitter.com/TheDarrenJames">here</a> to follow me on <a href="https://twitter.com/TheDarrenJames">X</a>.</p></article></body>

Thinking About CloudFormation LanguageTransformations

ACM.293 The implications of letting someone rewrite your code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: AWS Security | Application Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Image from Wikimedia Commons https://en.wikipedia.org/wiki/File:Example_of_Facade_design_pattern_in_UML.png

In the last post I set out to try the new AWS ForEach construct and add a loop to my CloudFormation KMS Key template. It didn’t work.

After spending way too much time troubleshooting, possibly due to misleading error messages or my misunderstanding of the documentation initially or lack thereof, I came to the realization that a loop only lets you create resources. Since a policy statement is not a resource (I think it should be as it would solve a lot of problems) and a ForEach can only create resources I was stymied.

But there’s a much easier way to do what I was trying to do in the first place. It was an interesting exercise but there’s a much easier way to achieve what I was trying to do, potentially. I’m going to give that a shot in the next post.

This was my first use of LanguageExtensions. I simply did not have a need for them previously. After using them I am somewhat doubtful I will use them again in the near future. I had too many issues and I’m not sure I like the implementation just yet. I’m still trying to put my finger on what bothers me but here’s some of it. (Well, as I got to the end of this post I kind of figured out what is bothering me.)

In the first post, I had a problem with not being able to use the language extensions. I found this implementation to be odd. It seems like a misuse of an IAM Policy and makes me wonder about who is managing the security of LanguageTransformations. You have to add permission to access an AWS Resource to your stack. That seems odd. It seems like it should be another action that you want to allow instead. I don’t recall ever adding an AWS resource in the resources section of a policy document prior to this. It just doesn’t feel right.

The action that failed because I did not have permission was not in the AWS CloudTrail logs. No trace that permission failure occurred existed in CloudTrail logs. What I figured out was that the code is likely parsing everything client side before you even send the code to the console to deploy the stack.

But how did that code check for permissions? There should be some record of that in the CloudTrail logs right? I mean you can’t tell I don’t have permissions unless you look at the policy. Was that in the logs? I don’t recall and I’m not going to go check now, but any access to my policies or accounts should be logged, and it seems like if I was doing something I don’t have permissions to do and permissions were checked, there should be a related error in CloudTrail.

All this seems a bit hacky and not aligned with how IAM was designed and is missing some key principles — like log every access failure (which helps with troubleshooting and threat detection) and you don’t generally add permission to use AWS resources — that is granted via the action. I hope that some tribal knowledge of IAM has not been lost at AWS in the implementation of this particular feature.

The other thing is this. LanguageExtensions are not simply adding new capabilities to AWS CloudFormation. They are re-writing your CloudFormation code under the hood. When you write a ForEach loop, the language transformations take that and generate old-school CloudFormation with multiple resources behind the scenes. They show you that in the documentation.

I am pondering this. Is it good or bad?

The thing is, you could write a code generator for CloudFormation and I think that’s a good thing. Awesome. Generate that complex code for me and minimize my myriad of mistakes. However this ForEach code generating construct took me an inordinate amount of time because it is complex, has error messages that didn’t make sense to me, I had numerous other errors in my CloudFormation template to simply try to get it working. And then it didn’t work for my use case anyway. I think it should have. I mean it should just be generating a snippet of valid YAML and let the core of CloudFormation figure out if the resource is valid or not. That’s where the errors should come from at the end of the day and be accurate.

And on that note, the errors were masked — and not in a good way. The errors were more confusing, not less, when bubbled up from CloudFormation. I had to remove the LanguageTransforms to get to the actual CloudFormation error which often made more sense to me than what the transforms were displaying.

Now mind you — it could be the other way around — and that would be lovely. There’s this pattern called the Facade Pattern in object oriented programming design where a front-facing object removes some of the complexity of the architecture behind it. Used correctly, this pattern could help put a new face on CloudFormation and fix all the cryptic error messages by providing something more accurate and meaningful. That was not my experience when using the LanguageTransformations.

That could be fixed — but it requires a LOT of detailed testing. Do not glaze over the error messages. This is one of the most important part of your user experience in CloudFormation — and I met an amazing UX designer on my recent trip to Amazon so I know you have them! Consider the person reading the message, how they will interpret it, and how easy it will be for them to fix that problem. If you want to know what my experience was like read the blog posts above.

I know. I’m a terrible example. I try to do everything too fast. Because I want everything to be fast. Sometimes I read too fast and end up skipping over words or reading things backwards. Perhaps it is an undiagnosed learning disability. But it also helps me see between the lines in some cases which can be a useful thing when it comes to security. And sometimes I do actually get things done faster by trial and error than reading overly vebose documentation.

Overall, my experience with AWS LanguageTransformations was not great. But I’m not giving up on it just yet. I like something about the concept.

I wrote about how I would love for AWS to allow me to pass in an optional parameter to a CloudFormation template and handle the whole messy !If logic that seems extraneous for me. If the resource property is AWS::NoValue, don’t set it. That seems obvious doesn’t it? Instead I have to set a default value, add a condition, and write bunch of messy if logic in CloudFormation — and I always seem to mess that up with some kind of typo — which is why I always copy and paste it from another template. And if I am copying and pasting it all the time, why is that not just a feature of CloudFormation.

Please add a “Required” property to parameters: true or false. If it’s not required and not set, don’t set the property. #awswishlist

I think that one change would save me a bazillion hours.

That’s an example of reducing complexity without changing the CloudFormation I write in a significant way. I can still write the CloudFormation and check it into source control with that approach.

I can still see the parameters passed into the template in the CloudFormation and compare what got deployed to what I see in my account (CloudFormation drift detection.)

What is AWS LanguageTransformations actually doing?

It’s rewriting your code.

It doesn’t seem like it is just generating code for you that you can then check into your own source control and deploy, so you can track any changes to the resources. It’s taking your code and it’s generating new code.

Is that OK?

Maybe. Or “it depends” as security people like to say. 😊

Can you see exactly what it generated and what got deployed in the CloudFormation console? Do you see your code, or the generated code? Both would be nice. I never got to the point of deployment since what I was trying to do was not possible.

What happens when someone changes that transformation library behind the scenes. Will you know that on the next deployment your resources will be different? Is there some kind of warning that the transformation code generated something different than it did the time before? Perhaps there should be an option for a diff if the underlying code generation library changes.

This is akin to using the AWS managed IAM policies. It’s a good place to start but I recommend to customers that they create their own policies and track them in source control because AWS can change those managed policies without telling you. They have to do that. If they add a new action and feature for S3 then they need to change their policy to allow it. But you, on the other hand, may want to review that new feature and its capabilities before you unleash your developers to use it.

I was thinking about how AWS CloudFormation works in comparison to XSLT — a powerful tool I used to love to use for generating static website code. I picked up a book on the topic and read it and was instantly sold on this technology being an absolute game changer. For me it was.

I could generate any static website with any design you wanted in a website content management system. You were no longer limited to picking from a limited set of components. I could deploy ANY web design with my content management system. In the end, you ended up with the following:

  • The XML data that fed into the system.
  • The XSLT template that transformed the data.
  • The HTML template.

Of course people have moved on from XML and I moved on to other things as well. But if you think about what AWS Language Transforms is, it’s really trying to do a twist on that.

  • Data plus transformation code
  • Transformation engine
  • CloudFormation template

Perhaps there needs to be some separation of those elements to make a clear delineation. The customer still need to see and deploy the results — the CloudFormation template. But there’s a way to generate that code that gets deployed that makes things easier.

I don’t think AWS LanguageTransformations yet hits that mark, but it possibly could with some tweaking.

Just let me see and check in the resulting CloudFormation template (like my resulting static HTML website code) into my own source control and do a diff on it. Let me see the versions, what changed, and see if those versions match what currently exists in my AWS account using CloudFormation drift detection.

Maybe I’ll revisit AWS LanguageTransforms later but my first impression was a bit painful. It could use a little more love. ❤️

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
AWS
Cloudformation
Lanaguagetransformation
Foreach
Code
Recommended from ReadMedium