End of the sabbatical – so what’s new?

looking ahead
Thinking, thinking…

A year ago yesterday I logged off a seven-year freelance contract and started planning a different life – a healthier one with a better work-life balance preferably, and maybe a change of work focus, and maybe take some time to explore all those things I’d been stacking up on the backburner, fancy stuff like learning Indonesian and skating backwards and the more mundane, like sorting out all my crap and finances.

I’ve spent much of the past year, getting fit – through walking, swimming, Scottish dancing and tai chi – but the biggest health difference has been the ability to leave my screen and just potter. The second biggest revelation was that shorter hours meant less stress-based eating and drinking. I’ve lost a stone. I barely drink. I feel calmer. My neck and shoulders rarely ache and my arms have even redeveloped some muscles.

The big project, the thing I thought I would do was write some kind of memoir based on my travel diaries. That failed fairly quickly. I just couldn’t seem to settle into the slog of a book-length writing project while long solitary screen-based hours were the very thing I was trying to escape. I decided to just explore instead.

One year on, I’ve reinvented this project into a much more fun thing – different ways to mine a diary. Every morning I sit down and carve out something fresh from the diaries, whether that is a code-generated poem or a reworked story in a literary style or a haiku distilled from old travel emails or a vertical date slice juxtaposed with a historical event. I actively look forward to sitting down to work now.

The other big project resulted from the first book I read after stopping full-time work – The Snowden Files on Day Five. I immediately signed up for an OU/Futurelean course on cybersecurity basics, then spent the next year following its advice, from setting up a password manager to sorting out my backups to learning about privacy settings, file and disk encryption, two-factor authentication, PGP, email encryption, Tor browswer and so on. I go to everything I can on infosec to learn more – then I blog it and also share the 101 basics with others in a local café. It’s a fascinating and scary world out there but I’m aiming for practical rather than paranoid.

All this effort has led to something quite exciting…

Yesterday on the anniversary of stopping work I had a phone interview and got the ‘job’ of an Ingenius at the forthcoming tech/art pop-up event, The Glass Room London. Training begins soon and I am very excited to be part of this dystopian tech store where data privacy is the stock in trade. It signals a new beginning, of something, and hopefully something that I can bring back home to Birmingham

So yes, all the big things have changed. I’m earning a fraction of what I used to but I’m healthier and happier for it – I needed to buy time not stuff at this point in life. I’ve also done some mentoring and digital/tech/infosec help sessions and campaigning and protesting, and generally tried to give a little back. I did some long-distance travel, to Eastern Europe by train. I sorted out finances and clutter (ongoing that one). And I met a lot of people in coffee shops to ask their advice.

No, I didn’t write a book, hit my Indonesian 2000-word target (I got to 500 words on my app), invent a moveable maze for rabbits or learn to skate backwards. But I’m ok with that and, besides, there’s still time.

Still my favourite phrase of last year is ‘Everything does change, something is happening’ – it’s still changing and happening now. The sabbatical was slow to start in some ways but it has had a deep impact. The idea of nicking back some of your retirement and living it now is a good one if you can manage it. Because as my hero Ferris Bueller always says:

All my Sabbatical posts are rounded up here.

Seven ways the Bank of England encourages a culture of cybersecurity

Bank-of-England-culture-change-security

“What is important to you?” This is the first question to ask before planning any cybersecurity strategy, according to John Scott, Head of Information Security Education at the Bank of England, talking at the recent Cybersecurity UK Roadshow event in Birmingham (notes here). Because if you don’t know what a client or company values, if you don’t understand their business priorities, you can only talk in absolutes.

As Scott gently points out, 80% of cybersecurity consultants come from a background in IT or security and they tend to talk in absolutes. Finding people who can both listen and communicate well on this topic is difficult (this is the soft skills side of cybersecurity, I guess). The result in many large organisations is an environment of enforced compliance; getting workers to care and engage beyond that is a tough sell.

‘From compliance to culture, awareness to action’ was the title of Scott’s talk. He said compliance and awareness aren’t enough; it’s building a culture of mature security that is required to stay safe. Scott then rated security culture on a scale of -1 (negative behaviours) to 0 (compliance behaviours) to +1 (security maturity and positive behaviours), and outlined the Bank’s encouragement of the following ‘cyber seven’ practices to move from compliance towards maturity (more of which below):

Bank-of-England-cyber-seven

1. Passwords

0 = don’t share passwords

+1 = use a password manager

2. Phishing

0 = don’t click on suspect email links or open attachments.

+1 = report suspicious emails (whether clicked or not)

3. Document classification

0 = classify documents when saved into document management system

+1 = mark docs clearly, dispose of confidential documents safely

4. Clear workspace

0 = don’t leave confidential material on your desk

+1 =  also check printer, whiteboards, keysafe when you leave

5. Remote working

0 = make sure you are not overlooked when working on trains

+1 = keep your remote token separately from your laptop when travelling; report loss of devices immediately

6. Social media

0 = don’t post photos of the Bank on social media or get involved in discussions related to the Bank’s mission on social media without permission

+1 = audit your social media profile – make sure you’re aware of what you and other people are saying about you.

7. Report it

0 = if you see anything that worries you, tell us – ‘See it, Say it!’

+1 = if you’ve done something yourself or caused a problem, report it

This final point raised a lot of questions in the audience – wouldn’t a major breach be a sackable offence, for example? Why would employees admit their error? Scott suggested awareness and education, perhaps telling stories about how coming forward has worked and to try to build trust with your employees.

It’s always better to know that a breach or a vulnerability has occurred so you can address it but you need people to feel secure in coming forward. As the Regional Organised Crime Unit noted in their talks at the roadshow, one of the biggest issues in cybersecurity is the lack of reporting.

Thanks to John Scott and Metsi Technologies for use of the slides.

Notes from Cyber Security UK Roadshow Birmingham

John-Davies-CybersecurityA one-day event held yesterday held at Innovation Birmingham on the Aston Uni campus to help businesses get to grips with cybersecurity. It was organised by Metsi Technologies, and supported by the National Police Chiefs’ Council and Regional Organised Crime Unit (ROCU) in the West Midlands. The Twitter account and hashtag was @cybersec_uk but the backchannel was pretty quiet. Here are my notes.

Cybercrime

The increasing threat of cybercrime runs across a range of levels from nation-state threats to ransomware to IP theft. There were various police chiefs in attendance and the main message seemed to be that cybercrime is massively unreported to police – with the result that sufficient budget isn’t being assigned.

Ashley Bertie, Assistant Police and Crime Commissioner for the West Midlands, sent out a plea to find out what your local police force is doing and engage with their agenda. One available resource that has just launched is the Digital PCSO (Sean Long in the West Midlands) who can go into business organisations, schools and the community and advise on security basics.

John Davies of Pervade Software then introduced the National Cyber Security Strategy, consisting of three main acronyms:

  • NCSC – the National Cyber Security Centre (at GCHQ) – pushes out national strategy.
  • CiSP – Cyber Security Information Sharing Partnership – a place to both get free advice and also report hacks.
  • CES – Cyber Essentials Scheme – certification scheme to show that a business has addressed basic cybersecurity.

Main cybersecurity threats for SMEs

Louis Augarde, lead pen tester for Omni Cyber Security, introduced these as:

  • Ransomware – disruption for financial gain
  • Credentials-based attacks – to gain an entry point
  • Breaches based on known vulnerabilities – often used as a first step to identify weak systems that can be exploited further
  • Phishing emails – to gain credentials and access
  • DDOS – freezes your system temporarily but can also be a smokescreen for more serious attacks

He also introduced me to the idea of baiting, a social engineering tactic to get hold of your personal info by leaving out a USB for people to pick up. Never plug an unknown USB found on the train into your computer!

Cybersecurity help for Birmingham SMEs

If there’s one thing for businesses to do now it is the Cyber Essentials Scheme, said John Davies. Participants address 68 questions on their cybersecurity systems around firewalls, patches, configuration, malware, user accounts and so on. The scheme costs £300 and provides an annual certificate.

The CES process is designed to prevent the vast majority of cyber attacks but also offers a badge to show that a business has made an effort to keep the supply chain more secure.

Other options mentioned include the 80-question IASME governance standard, costing £400, which also looks at data assets, risk assessments, people, policies and disaster recovery. Both CES and IASME were said to be a good foundation in securing businesses and a more achievable alternative to 500+-question ISO27001 international standard.

There is also the newly launched West Midlands Cyber Security Cluster, the 19th in the UK, and people, businesses and organisations can tap into this to get help and advice in tackling cybersec issues. The website looks as if it has teething problems right now so check back later.

Other links mentioned on the day were:

Takeaway quotes and stats

95% of all successful attacks are the result of well-known and entirely preventable vulnerabilities (various reports from 2011)

“Don’t buy the whole onion – security is best built in translucent layers” – Brian Chappell, Beyond Trust, introducing five main layers for organisations wanting simpler security (focus on the high risks, tackle lateral movements of hackers into your system, exercise privilege control, one standard user account for all, configuration management).

The first reported cybercrime was in 1820 – it was the sabotage of some newly invented tech – the Jacquard loom – that automated the weaving process. DCI Rob Harris suggested this was where the term ‘patch’ came from but I’m not convinced that is true.

“Why do they do it? I’ve sat opposite many cyber criminals in my job, some as young as 16, and their answer to this is ‘because they deserve it’.” – National Police Chiefs Council on cyber crime motivation.

“80% of people [in cybersecurity roles] have an IT or security background and they tend to talk in absolutes. You have to find people who can listen and communicate.” – John Scott, Bank of England

GDPR for businesses

Jane Burns of Anthony Collins Solicitors made a valiant attempt at an overview of this super-complicated incoming regulation from May 2018.

The EU GDPR, also being adopted in the UK despite Brexit, offers a whole different world of pain so I’m not going to get into it here but, basically, if you’re not already aware, businesses are going to have to get a whole lot better and more transparent in how they process their data, or they risk big fines, and even worse for some, being cut off from accessing their data for a period of time.

This photo may be useful…

Jane-Burns-GDPR

What does the Bank of England do?

What does the most secure place in England do to prevent cybercrime?

John Scott, Head of Information Security Education at the Bank of England, gave a great presentation on one of the biggest problems facing companies – that of lack of user engagement in an organisation’s cybersecurity practices. He said compliance and awareness aren’t enough; it’s building a culture of mature security that is required to stay safe.

I enjoyed this talk so much I’m going to blog it separately.

Next event: a London CryptoParty on 11 September, a mix of cocktails and practical workshops…

 

 

Tor’s two sides, Amazon’s offline surveillance and how to obfuscate

Interesting links I’ve read this week:

The dilemma of the dark web: protecting neo-Nazis and dissidents alike (Guardian, 23/8/17)

“Perhaps the most important use of Tor, for many of its users, is simply allowing access to the open web in a protected and private manner. The system works by bouncing a request through at least three relays, with each only knowing the positions next to it in the chain: the entry node knows who is asking for a connection, but not where for; the exit node knows what the connection is to but not who wants it; and the middle node only knows to connect the other two.”

Silicon Valley siphons our data like oil. But the deepest drilling has just begun (Guardian, 23/7/17)

“For Silicon Valley, however, anything less than total knowledge of its users represents lost revenue. Any unmonitored moment is a missed opportunity.

Amazon is going to show the industry how to monitor more moments: by making corporate surveillance as deeply embedded in our physical environment as it is in our virtual one. Silicon Valley already earns vast sums of money from watching what we do online. Soon it’ll earn even more money from watching what we do offline.

It’s easy to picture how this will work, because the technology already exists. Late last year, Amazon built a “smart” grocery store in Seattle. You don’t have to wait in a checkout line to buy something – you just grab it and walk out of the store. Sensors detect what items you pick up, and you’re charged when you leave.”

How to obfuscate (Nautilus, Issue 49, 29/6/17)

“The solution TrackMeNot offers is not to hide users’ queries from search engines (an impractical method, in view of the need for query satisfaction), but to obfuscate by automatically generating queries from a “seed list” of terms. Initially culled from RSS feeds, these terms evolve so that different users develop different seed lists.

… The activities of individuals are masked by those of many ghosts, making the pattern harder to discern so that it becomes much more difficult to say of any query that it was a product of human intention rather than an automatic output of TrackMeNot. In this way, TrackMeNot extends the role of obfuscation, in some situations, to include plausible deniability.”

The dick* pic guide to government surveillance

* and boob

I had a conversation with a family member recently about my growing interest in cybersecurity and they responded with ‘I’ve got nothing to hide so I’m not worried’. Basically, let the government watch them if it stops terrorists; it’s all good.

For someone who grew up in the 1980s Cold War (but also basically made a second career out of Web 2.0), it’s about how much they are watching, centralised files, a culture of fear, lack of freedom, potential abuse of political power – and trying to understand the trade-offs of privacy versus security when we put our info out there.

I don’t think I have anything to hide either – except when I do – but it’s not about having something to hide, it’s about having something to protect. We’re not just talking about status updates knowingly shared on Facebook, Twitter, etc; the info at risk is also the stuff you think you are keeping private: phone calls, files and photos stored in the cloud, SMS, email.

Getting people to care about surveillance and infosecurity is apparently an issue, with cybersecurity events often struggling to attract an audience. Calling it infosec or cybersecurity is a kiss of death, according to a friend who runs such events. (It’s true: I’m going to an evening event in London because it’s a CryptoParty in a bar with beer sponsors, etc, whereas a day-long ‘cybersecurity roadshow’ in Birmingham was a much harder sell.)

To help with the ‘who cares’ issue, I finally got round to watching John Oliver’s 2015 ‘Last Week Tonight’ interview in Moscow with Edward Snowden – a deliciously awkward affair in which Oliver played a rude, dumb American asking Snowden’s nice, intelligent whistleblower to explain in layman’s terms (‘Can I share my dick pics or not?‘) why they should give a shit about increasing government surveillance powers and his 2013 revelations.

If you haven’t seen it, it’s well worth a watch. My notes below…

Notes: Government Surveillance: Last Week Tonight with John Oliver (HBO)

  • Section 215 of the Patriot Act (created post 9/11, and extended/renewed) requires businesses to hand over ‘any tangible things'(eg telephone records) to protect against international terrorism.
  • Snowden in 2013 revealed this to be used for the mass scooping up of data.
  • Government says it doesn’t abuse its powers + there are restrictions on how/when they can employ surveillance, eg, through the FISA Court, which grants surveillance warrants.
  • Reality is that FISA rarely rejects an application. From 1979 to 2013, it has approved 35,434 application for surveillance and rejected only 12.
  • Snowden: “NSA has the greatest surveillance capabilites that we have ever seen. Now, what they will argue is that they dont use this for nefarious purposes against American citizens. In some ways that is true but the real problem is that they are using these capabilities to make us vulnerable to them, and then saying, well, I have a a gun pointed to your head but I won’t pull the trigger – trust me.”
  • Is anyone having the conversation about where the limits should be, eg, reform of Section 215. Public debate not happening (that care issue again).
  • Oliver asks if it is possible for the public to have a conversation about something that is so complicated we don’t fundamentially understand it? He shows Snowden a video that shows Americans getting upset about the government sharing and looking at their dick pics. The rest of the interview is framed through this simple analogy.

Can they see my dick?

Section 702 surveillance – yes – through bulk collection if an emailed image crosses a border in some way and is caught on a database.

Executive Order 12333 – yes – the NSA uses this order when others aren’t aggressive enough, so if a Gmailed pic is sent even to a fellow American, it will be stored on Google server, and Google may move this data from data centre to data centre – the US government can capture that if it moves outside of US even temporarily.

PRISM – yes – it captures your info with the agreed help/involvement of government deputies/sheriffs such as Yahoo, FB, Google.

Upstream collection – yes – they can ‘snatch your junk’ as it transits the internet.

MYSTIC – if describing your junk on the phone, yes. Collects content as well in some countries, eg, The Bahamas.

Section 215 metadata – no, but can tell who you are sharing junk pics with (eg a penis enlargement centre).

So what next?

Snowden says: “You shouldn’t change your behaviour because a government agency somewhere is doing the wrong thing. … If we sacrifice our values because we are afraid, we don’t care about those values very much.”

My take is:

  • Keep doing what you’re doing but send/share your stuff via more secure platforms
  • Try to understand the lay of the political and digital landscape and don’t give away freedoms that are at risk.
  • Figure out the trade-offs and fight back against government surveillance where it is an invasion into privacy/freedom – I’m not saying terrorist and other threats shouldn’t be addressed, of course not, but scaling up government powers shouldn’t be done thoughtlessly or in knee-jerk reaction to modern threats without a thought for historical ones that threaten all our civic freedoms. Debate publicly and find the line.

Challenge: Get up early for a week

Kings Heath Park
Park report: King’s Heath is my current favourite to walk to. KECH girls are already going to school at 8am, flicking the finger at friends/enemies and checking out the boys. Drivers are driving like arses in 20 zones. It’s warming up for a 27 degree day. Grass is dewy but drying. A bee is hovering and checking me out – probably the smell of Soltan. Baby Driver soundtrack is playing. A hay fever sneeze. End of year accounts await and later an epic Moselele summer singalong. It’s gonna be a good day.

A random wish on my sabbatical list – and one of the toughest for me as a night owl – was to get up at dawn for a week to see what it would feel like and discover if/how it would change my day/life.

With sunrise at 4.45am in June and dawn at 3.55am, this was a bit too much of a stretch. Still, on the week of the longest day of the year I started to go to bed at 10.30pm in order to get up at 6 – three hours earlier than usual.

Three spare hours at the start of a day! What would you do?

Birmingham is a city often maligned and mistaken for a concrete jungle. Its critics are not aware of how much greener it is than, say, London. We have so many tree-lined streets but also a multitude of parks and recs. Within 30 minutes walk of our house, for example, are 12 or so parks: Kings Heath, Highbury, Cannon Hill, Holder’s Lane playing fields, Row Heath playing fields, Hazelwell, Stirchley, Muntz, Cotteridge, Cadbury’s ladies recreation ground, Bournville and Raddlebarn/Selly Park.

Waterwise, there is also the Lifford Reservoir, the Rea Valley Route, and the Worcester and Birmingham Canal. And, of course, my local Hazelwell Allotments to which I have the key.

I didn’t consciously set out to explore the parks and open spaces of south Birmingham in the early morning hours but it was a natural consequence of walking any short distance. The sun was shining, most people were still asleep or at breakfast, the day felt fresh and new. I downloaded a playlist on to my phone and started walking wherever (admittedly sometimes singing, dance-walking or air-drumming) to the beat of the music.

Here’s what I saw…

Hazelwell Allotments
Cotteridge Park
Muntz Park
Cadbury’s Ladies Rec
Rea Valley Route
Birmingham and Worcester Canal at the Lifford Curve
River Bourn at Stirchley Park and a shadow-me on the bridge

The walking felt good, the views were uplifting, the day started with a feel-good factor, and the music was a key part of the experience, giving me a lift and making me walk further and further, for an hour or more at a time. Coming home, my tea and toast never tasted so good. I even fitted in a meditation for extra deep levels of calm and relaxation, or visited a friend for a tea. And I still haven’t got over the weird feeling of having done so much and it being only 8 o’clock.

There were some downsides: losing my creative time at the end of the night and needing a nap to get through the day. But…

At the end of the week I was convinced enough to keep going with this new regime of getting up early Monday to Friday (and lying in at the weekends). Sunset walks were added, walks with friends and some trips further afield…

Harborne Walkway with Danni and Emma – a disused railway line close to the centre of Brum
Cannon Hill Park
Cannon Hill Park
Holders Lane playing fields and a paddle in the River Rea with sis
Kinver Edge walk with bro
Kinver Edge Rock Houses and breakfast overlooking the Black Country

On one walk I even discovered a secret canary yellow canalside breakfast caff in Stirchley, called the Barge Thru Café. It caused quite the stir on Twitter and I felt a little Lewis and Clark, discovering new things in an area where everything seems to be known. A breakfast expedition with other Stirchillians is already being planned – and if not a walk, an approach by raft or inflatable like the pioneers we aren’t. The adventure continues.

Brazilian-looking cafe at Stirchley ‘marina end’ – an unexpected find

And so…

It has had a big effect on me, and my mental and phyiscal health, this getting up early malarkey. This is the call to action bit. Is anyone else interested in an early morning walk around the B13, B14, B29, B30 post codes – there are some areas I don’t want to venture alone, namely the canals and commons.

Get in touch if you do.

Since Snowden… a visit to Infosecurity Europe 2017

Fiona Cullinan, Infosec Europe 2017

‘Since Snowden’ has become a bit of a catchphrase for me after his revelations in 2013 about the mass government surveillance of our data. Since Snowden I’ve watched Citizenfour, read The Snowden Files, completed two OU cybersecurity courses, joined ORG Birmingham, learnt how to use PGP encryption, risk-audited my personal info and started putting some basic processes in place so I am more in control of my data.

This is something I hope to starting helping other people with, so if you have a question about passwords managers or how to risk-assess your info, for example, get in touch. I’m still learning so it’s basic guidance only and probably best done at a friendly local level than in any official capacity.

Last month I also attended two days of Infosec Europe, the largest event of its kind in Europe featuring a conference programme, 360+ exhibitors and around 15,000 visitors. It was very much aimed at larger organisations and since I’m at the individual and SME level, there was some disconnect.

That said it was probably one of the best conferences I’ve attended outside of SXSW and I came away with a lot of info and contacts – enough to know that this is going to remain a definite interest of mine for some time to come.

So I’ve started a Twitter list of Women in Infosec because I missed that session at #infosec17.

And collected a few conference links for reading and reference:

Hello Infosec World.

 

 

 

 

What’s the point of yoga?

book cover

My mother-in-law is a long-time yoga teacher; my sister is in her second year of a yoga teacher training course; and many of my friends are yoga addicts, some to the point of getting up at 5am to practise or get to class.

But while I’ve been to a few classes in the gym over the years and even developed a daily sun salutation habit for a while to stretch out back stiffness, I’ve never really got it. What’s the big draw? Why does everyone love yoga so bloody much? Why are at least four people I know training to teach it? Why is an ancient Indian practice suddenly everywhere in 21st-century Britain?

It occurred to me that maybe I’m doing it wrong and that everyone else is getting some secret buzz out of yoga that is eluding me. So naturally I bitched about this on a social network, and that’s when a book arrived in the post from mum-in-law Sue.

It took me a month to get through ‘Bringing Yoga To Life’ by Donna Farhi but, even though I would say I still don’t feel it personally, I understand a bit better why other people love it.

I’m parsing the dog-eared pages here into blog post Q&A so I don’t have to read the book twice. Yoga aficionados forgive me if I’ve misunderstood. It’s not my intention to have a go, so to speak. My aim is to understand yoga in terms that don’t involve saying ‘come back to yourself’. As my sister often says: “Language always gets in the way.”

1. What’s the point of yoga?

There is a lot of gumpf in the book about how yoga is a life practice that connects you to the wild force that runs through everything. Of course, a lot of people don’t believe in a wild force that runs through everything but the point is that it’s the spiritual aspect that is the thing in yoga and not the physical focus that you get in the standard gym class.

An ongoing practice in your everyday life can help fortify you against all kinds of attack and give you a means of coping when life gets physically, spiritually or emotionally tough. Which seems a very good reason to do it –more than the need to be bendy anyway.

2. What does it teach?

What is possible as a human being; a sense of returning to oneself and becoming ‘centred’ not being separated from others/humans.

I’m not 100% sure what this means but I’m surmising that it is about removing the gazillion distractions that surround us and getting the focus back on our humanity – and the wider sense of who we are as a species (for better or worse).

(Aside: Personally I tend to think of humans as ants, although that may be too kind: as Ripley says of the monsters in Aliens: “You don’t see them f*cking each other over for a percentage.”)

3. Do you have to be perma-calm?

No (thankfully) but the point seems to be to apply the feelings of attentiveness that you cultivate through yoga beyond the mat – into relationships, work, play, etc. Less perma-calm, more ‘aliveness’. Luckily for me I don’t NEED to do yoga to achieve this. Just slowing down is conducive to flourishing, mindfulness and being a bit kinder to others.

4. Why do yoga people seem smug* or a bit too happy sometimes?

There’s a section in the book about gratitude and faith being the two supreme qualities that transform a yoga practice, which may translate into feelings of being happy to be alive in the here and now, and feeling thankful for what you have. Recognising how fortunate we actually are can turn the most difficult of circumstances on their head and affect every waking hour, says Farhi.

*I’m being a bit harsh here, it’s probably more of a radiant calm that I admire because I enjoy being fast-paced and am reluctant to slow down.

5. OK, so where do we non-yogis go wrong?

There are five causes of suffering listed by the Patanjali (from ignorance of our eternal nature to seeing ourselves as separate and divided from the world to attraction/attachment to impermanent things).

We can work on these without getting into strange postures and breathing deeply – but then again, do we? Yoga brings a certain focus. Farhi outlines some positive actions we can take:

  • Friendliness towards the joyful.
  • Compassion for those who are suffering.
  • Celebrating the good in others.
  • Remaining impartial to the faults and imperfections of others.

6. Does it have to be yoga?

In a word, no. There are many ways to channel our energies in life and to still the mind. What setting aside time for yoga (or other practice) does is provide regular time and space to ground ourselves, think on life’s big questions, face our demons, celebrate being alive, push the reset button or simply be free.

7. So why all the batshitcrazy postures?

None of the above tells me that I have to get into some weird twisty posture so why is this often the main focus? Farhi says the point of practising asanas is “to become more sensitive, attuned and adaptable” and that “great gymnastic abilities are entirely inconsequential in the context of yoga”.

I’m not sure this really answers the question of why yoga is often so focused on the physical. My own novice understanding is that yoga is predominantly about the breath, and also the breath in each posture. So my conclusion is that if yoga is a life practice helping you out when things get emotional or out of control, then the exercise element is a big part of disrupting bad thoughts and changing the focus. After all, it’s hard to give any mind to one’s existentialist angst when you are trying to do a Tree balance and not fall over, or when breathing is stretching your taut muscles so that physicality is the most pressing issue.

In short, perhaps asanas offer a fast way to ‘not thinking’ about your suffering; and (with practice) take you to a place that offers a spiritual balm that allows you to “see past the immediate and fleeting feelings to a broader perspective”, to accept things as they are and “find a place of inner ease that no one and no thing can take away from us” as a result.

8. Keeping up with the young bendy teachers and pupils always causes me to get injured at the gym. What’s that about? Where’s the realistic yoga?

Accepting we are where we are is the thing to do – otherwise we’ll be contorting ourselves into an “ill-fitting suit” of a yoga practice. Easier said than done. Switching off one’s competitive head is hard, and the language around yoga teaching can make you feel inferior if you go for a ‘lesser’ stretch or other compromise.

I look forward to older, less bendy, injury-challenged role models joining the teaching fraternity. I had a practice lesson with my sister for her yoga exam and it was refreshing to break down some really simple yoga moves and make the most of the nuances of each posture. It also allowed me time to breathe – something that is often missing from yoga classes in the gym with their focus on agility.

Farhi says: “As we enter our 40s and 50s there is a noticeable drop in energy levels… this is a period of life when the focus in yoga practice needs to switch from the mechanics of practice to the subtler underlying energetics of practice… Through these subtler practices we begin to realise the deeper significance of yoga practice as the body becomes more sensitive in its role as a vehicle for perception”.

By which she means more meditative practices, less physical repetition of advanced postures.

9. Will it help with the bigger questions?

It can* – “This contemplation both on death and what it means to truly live is designed to help you distinguish between short-lived pleasures and long-lasting joy.”

* Other options are available.

10. Will yoga solve my emotional baggage problems?

Yes, no, maybe, it depends. All kinds of realisations can be had – especially with regard to what Farhi calls our “box of monsters”. Rediscovering one’s inner self, true identity, centre (or however else you term the feeling you get from yoga and similar practices) is a way to look at your ‘monsters’ in a different way, with a certain distance and impartiality, even kindness and compassion.

11. What if we don’t like our inner self?

Yoga can help us act differently on the “riptide of strong emotions” and teach us to act more skilfully once we have cooled down.

While seeing clearly is a gift, we all have blind spots, however – difficult relationships, making bad decisions, making the same mistakes over and over, resorting to outbursts of anger. Farhi suggests asking a trusted friend to tell us honestly what they see in order to accelerate the process of seeing ourselves more clearly – this awakening is probably only for the brave though.

12. What happens in the end?

Nirvana? Leaving the Matrix? Seeing ourselves and the world in a new way? The realisation that we are all one?

After reading this book, yoga seems mostly about two things: practically, it offers a coping mechanism for life with the byproduct of better physical/mental health; spiritually it offers a potential reawakening through connecting to own core sense of humanity and our place in it.

It seems a shame that I don’t get this from yoga myself but I’ve also learned from this book that yoga is just one method of transport and there are other ways to get there. The important thing is to find something that does work and to practise it regularly so that you don’t fold when the riptide of emotions comes.

So, yes, yoga –

Reactions GIF - Find & Share on GIPHY

 

The bonkers magic of KonMari

‘Sorting out the house’ was mentioned several times when I asked friends what they would do with a few months off. I’ll look back at May 2017 as the month of decluttering. Like many others, I tried the Marie Kondo book ‘The Life-Changing Magic of Tidying’, aka the KonMari method.

Marie Kondo is a Japanese organising consultant and now bestselling author. She sounds insane when you read her book – she was addicted to tidying up by the age of eight – and her methods are no less bonkers.

But… it works.

I still can’t quite believe how folding your clothes so that they stand up has actually transformed what I wear simply because I can now see it all in one go. Or how asking if something ‘sparks joy’ has allowed me to emotionally, rather than practically, let go of things I’ve kept for decades – from university research papers to my 1990s Thelma and Louise denim top that never came back into fashion.

It could be procrastination from other more creative work or it could be life-transforming as the book promises. I’ve cleared out so much crap, I do feel lighter and freer, and more pertinently for an allergic person, the house is becoming easier to clean. The really sentimental things are to come but that’s why you practice with your socks and pants first. It gets easier.

Here are some before and after photos. Sorting is done by category – another trick that helps massively when facing a big clear out.

TOPS

BOOKS

ACADEMIC PAPERWORK

The nice thing about this is the focus is less on throwing things away and more on only keeping things that you love. But possibly the biggest lure of the KonMari method is that you only have to do it once. We’ll see if that is true in time but my socks do remain firmly folded for now.

Overland to Eastern Europe: Kotor to Dubrovnik

Day 12: Kotor to Dubrovnik

It’s raining heavily on arrival in Dubrovnik and it’s freakishly cold. We are wearing all the clothes and hats. This is not the only shock. The taxi from the bus station to Ploče charges a £12 set fare to go a couple of km, it’s £18 just to walk the town’s bloody walls – that’s each – and, worse still, a medium glass of so-so wine costs £7. Come back Zurich, all is forgiven.

“Everything is better is Croatia,” my Croatian ‘sister-wife’ Anita, the UK-famous inventor of the chocolate crumpet, repeatedly tells me – and I want to believe her. An old guidebook tells me the walls cost only £3 for access not so long ago, so this is probably the Games of Thrones effect. There really should be a different Dubrovnik price for non-GOT fans.

Being British, we of course mention the weather to our host Stijepo at Apartment Love and Hope and thank him for waiting for us in the torrential conditions.

“I would be happy if this was my biggest problem!” he exclaims, several times – a reference to being caught up in the 1991 Siege of Dubrovnik with no electricity or water and weeks of bombardment by Serbia/Montenegro. After that, we pretty much shut up about the weather and the price of bread.

Once the storm clears, it is indeed truly lovely inside the Unesco World Heritage Site of Dubrovnik, so clean. I mean, really clean. (Well, all that tourist money has to go somewhere I guess.) We enter it at sunset so that we can immediately leave it, as Stijepo has sent us for a sunset drink at Buza, a well-known drinking hole on the rocks outside the wall. Pete nearly chokes on his £6 GOT-priced Leffe but it’s the view we are paying for and a ringside seat for sunset in the Pearl of the Adriatic.

Day 13: Lokrum Island

Stijepo recommended this nearby island as a lovely spot for a picnic, with botanic gardens and an old fort – but, who are we kidding, we mainly go because he told us there were loads of friendly rabbits roaming freely about there. There are. Here is a bun the size of a banana…

… and also an array of randy peacocks parading and trying to win over peahens to the point of fighting.

It’s quite something to watch baby bunnies hopping around giant prickly aloe vera succulents while peacocks shimmer and shake erect feathers next to the deep blue Adriatic. Only unicorns could have topped off the fairytale if anyone has Photoshop skills to add one here…

Day 14: Dubrovnik

We check the cruise ship timetable and head into the Old Town as the passengers leave. After a picnic on ‘the outside’ wall by the harbour, we randomly bump into Hannah and Myk who, being super-speedy Americans, have caught up with us despite leaving Belgrade four days later. Their Podgorica train journey, taken on May Day weekend and packed with students heading back to Montenegro, makes ours sound a Four Yorkshiremen sketch – luxury. The next day Mark from the Belgrade apartment will fly in as we fly out. More travel connections in time.

We buy a Ferrero Rocher-flavoured ice cream from Stijepo’s recommended childhood ice cream parlour Dolce Vita and sit once more outside the walls, on a tiny beach that has the most beach glass I have ever scavenged in my life. You know when you start a collection and become enslaved? Well, mine is a worldwide beach glass collection and this tiny beach just tripled it – as well as producing two rare pieces in blue.

Pete and I discuss biting the tourist bullet and paying nearly £40 to walk the 2km city walls but it comes down to this on our last day – we can either walk or eat. So we eat: a tuna pasta and beer and wine and chocolate feast on our Love and Hope balcony overlooking beautiful Dubrovnik.

A male voice choir carries up the steep hillside from Banye Beach as the sunset does its glorious hazy coloured spectacle thing, and we have a little last-night-of-the-holiday dance on the terrace because we’re married now and it’s legal.

I may not be as enamoured of travelling as I used to be, and I can’t wait to see our own little floppy-eared dudes and the rest of the human-eared family, but I sure could do with a little bit more blue sky, sea and sunshine in my UK life to be happy.

Perhaps everything is better in Croatia after all.

</The end of the Balkan blogging beast. Thank you for reading. Hope you enjoyed it. Other blog posts are available. >