Sefer Ha'Cyber Lessons 1-2

Sefer Ha’Cyber

Every language is good at capturing certain things better than others. English is noted for its seemingly infinite willingness to steal terms from other languages. German is noted for its precision, Spanish for its emotion. Hebrew is uniquely suited for understanding Tan’akh. What does it say, then, when you are examining these concepts through the language of SQL? Python? How can languages derived from other, imperfect languages be used to describe such concepts?

Just as the limited commands can describe an incredibly diverse Internet, so too can they be used in metaphor to help show the infinite lessons and potential that is the study of the Lord our G-d. Just as the language of this document is English, since I know it best, so too is the language of the analogy going to be that of the Information Technology and Cybersecurity fields.

Lesson 1: What shall I tell them your Name is? Or your Password?

Moses said to G-d “When I come to the Children of Israel and inform them ‘the G-d of your fathers has sent me to you,’ they will respond ‘what is His name?’ What shall I tell them?”

G-d replied to Moses “Ehyeh asher Ehyeh.”

Exodus 3:13

What is perhaps the most important statement the Lord said to Moses. Translated to English, it roughly means “I Am what I Am.” Slightly deeper, it indicates that the Lord’s existence is independent of all else, and all else depends on it. A basic fact of the Universe and all within it.

Or, as those in my field will understand better, G-d is “OR 1=1”.

I may have lost a few of you, so let me explain. The statement “OR 1=1” is one of the most basic things taught to both attackers and defenders in the Cybersecurity field. Input into any field, it will force a poorly-coded website to read it as always being true (once you add a few extra notations according to the language of what you are attacking, not going to get too deep into that here and I’m not trying to train new hackers). It expects the password, which it obviously did not get, but reads a logical statement stating that it can either get the expected password OR evaluate what comes afterwards, which is the always-true statement 1=1. It thus lets you in.

“I Am what I Am.” “OR 1=1”.

However, this method is considered simple. Among the oldest in existence. Defeating it is generally accomplished in one of two ways. Sanitization, or Tokenization. Essentially every professional website you ever go to will employ one or both of these in order to deny exactly this kind of attack.

Sanitization is a process by which the website will look for certain things it should not see. Things like the equals sign, or apostrophes, or quotation marks, or any of a myriad of other things the programmers think improper. Seeing one, the field will instantly reject the input without bothering to read it. You don’t get in. Tokenization is a process by which the website, instead of looking at the statement directly, will instead encapsulate it within a variable, forcing it to act as a string of characters instead of a statement that can be acted upon. It then evaluates this string, rather than the statement, and can perceive that it is not what was expected. This lets it reject it as not matching the password.

In these two ways, too, do we as humans reject the simple truth of “Ehyeh asher Ehyeh.” We sometimes sanitize it, seeing that it contains a method that we do not typically expect in conversation, and thus discard it. We sometimes tokenize it, forcing the statement to abide by rules of language that do not permit it to act as a statement. In both cases, the true meaning is lost, and we do not let the Lord in.

This is not to say that a website should refuse basic security practices. It is, however, to say that we as people sometimes need to allow these statements to act fully upon our own minds and souls.

“I Am what I Am.” “OR 1=1”.

Lesson 2: What We Understand Together

Holy, Holy, Holy is the Lord of Heavenly Hosts! The entire world is filled with His glory!”

Isaiah 6:3

Another basic tenet of understanding the Lord as Jewish scholars have described is that it is possible to know things about G-d, but it is not possible to understand G-d. We are finite, the Lord is not. This necessarily puts a bit of a damper on one’s ability to learn about the totality of what the Lord is and means, which can lead to a desire to never start. However, this is a limiting view. It counts only one’s self, rather than one’s place among many working at this task.

Again in the security world, we have a phenomena known as a botnet. One system implanting a program on multitudes of others, in order that they work towards a common purpose (often unbeknownst to their actual owners). Though often nefarious, this is the basis of a few legitimate tasks. Scientists have uncovered the secrets of folded proteins doing this, for example, helping the fight against Alzheimer’s. What one bot could not do, many could. What one computer, no matter how powerful, could not accomplish, the combined processing of hundreds of thousands of them did.

We then see that, even persecuted and suppressed, the People of Israel have persisted for thousands of years. We have had our fair share of fools and sages. Centers of knowledge alongside villages barely able to survive. One commonality throughout the ages, however, is that Jews have always highly valued learning. One’s first act to become an adult in the religion is to read from the Torah in its original language and to teach from the passage. All Jews must learn, and in so learning come to know individual things about G-d. The two are inseparable, as all exists within the Lord.

Our greatest sages are very rarely innovators. Quite the opposite, they take the weight of that combined understanding to draw meaning into the present. Hillel and Shammai, infamously, were both considered equally learned and disagreed on nearly all such statements. Their disagreements are considered critical and foundational for Judaism as it exists today. That they saw the same G-d and read from the same texts yet drew such different things from them provides more views of the same Divine.

We are not robots. We are not intrinsically tied to a central node so that all we know and see can be properly collated. The Kohein Gadol is not directly sifting data that I personally experienced in writing this. However, what one may not know individually, the totality of the People of Israel, those who wrestle with the Lord, might come closer to understanding.

What does this require? Much as we have done for so long, it demands that we do two things. The first of these is to continue to observe and learn. No two of us have identical experiences, identical views, or identical thoughts. We gather and learn, and while we learn we teach what we have found. The more this spreads, the more each of us understands, and as a People we come closer to knowing. Perhaps true understanding will take all of us who will ever live, but in order to know that we have to keep going.