Tuesday, 5 August 2014

When Even The Simplest Things Are Hard..

Tim Hortons drive-through was nearly empty, so I took advantage. It was one of those new two-lane drive-throughs, only one car in the left land already placing an order and the car right ahead of me went to the right-hand lane. So I went into the left hand lane thinking that car should move on first. And the car in the right lane placed their order and drove on. And another car went into the right hand lane, placed their order and drove through.

"Holy crap! What is this guy ahead of me ordering?" Just as I'm about to back out of the left land to take right lane, the car ahead of me finally finishes their order and pulls through. I drive up to the order window muttering aspersions on the character of the customer that was ahead of me.

As it turns out, I was casting those aspersions on the wrong person. It wasn't the fault of that customer why their order took so long.

 "Good morning, welcome to Tim Hortons. May I take your order please?"

"I'll have a small black coffee, and two twelve-grain bagels toasted with butter."

"Small... what kind of coffee?"


"OK. And two twelve-grain bagels toasted with...?"


"Right. Let me get you your total sir.  Ok that was a small ...?"

"black coffee"

"Right. And two twelve-grain bagels...?"

"toasted with butter."

"Right. Your total is $3.90, please drive through."

 I get to the office and enjoy my bagels. And nearly spit out my small REGULAR coffee.


Saturday, 2 August 2014

First Rule of Security, Deny Your Enemies Information

The Canadian Government alleged this week that the Chinese Government hacked into NRC computer systems, and China's response has been "prove it".

On the surface, this request for proof makes sense, as what we have is a game of "we said" "they said." But when it comes to IT security, publicly disclosing the proof is the last thing you want to do. And yes, it would have to be a public disclosure. If the Canadian Government gave the Chinese Government the proof under a none disclosure agreement, it would be very easy for the Chinese to deny the proof, and say it doesn't show anything. Without public analysis of the proof, no one can verify anyone's claims. And a public disclosure would be mind numbingly stupid.

What is the first rule of computer security?

Deny any potential enemies information about your system. Seriously. Because the first step of any attack is reconnaissance. Deny your enemies the ability to scout your systems for weaknesses.

Let me use a none-computerized example.

You have something very valuable that you don't want stolen. Say a bajillion dollar necklace. When it isn't being worn, you want to store it someplace safe, so that thieves can't easily steal it from your home while you're away. The standard location is in a Vault or a Safe. So you select a quality Safe, but what's the first thing you do? You decide where to put it, preferably someplace hidden and none obvious. The more time it takes to find the safe is less time any thieves have to crack that safe. No safe is ever 100% secure. If you're really tricksy, you purchase two Safes. One you put in a semi-obvious location (behind a picture frame) and the other Safe you put in a very secure location, say in a special room buried underground that you have to access through the wine cellar by moving a rack of wine bottles.

One day you get home, and you find that someone found the secure Safe, but didn't successfully crack it. Do you disclose to the news media that a thief broke into your home, and found the securely hidden Safe? Only if you're a moron. If you let the news media disclose how your Safe was found, now every thief in the world knows where that Safe is. Chances are one of them knows how to crack it. Right now the only thief that knows where it is was unsuccessful. Now you put all your efforts into fixing that problem. You don't open yourself to thievery by giving away the details to the whole world.

It's the same problem, only much larger in scope, when it comes to computer security. Every detail is important. The type of servers and workstations, the operating systems, applications installed, network layout and any security systems that protect that infrastructure. Also important, the physical location, the people who have access, physical security, everything.

To disclose the proof of a successful attack you have to reveal everything involved in why the attack worked. What system was first compromised, how it was done, why the security systems didn't work (what people didn't follow procedure). Essentially, publishing the proof of how it is done gives everyone a blueprint on how to do it themselves. You're drawing a detailed map for them.

"So change the security system!" you might say.

Let's go back to my safe example. Someone knows where the safe is, and the make and model of it. They've tried once, they might try again. To have pulled off that attempt, they managed to learn where the safe is (remember it was super secret, who blabbed?), defeat the home security system and knew when the house was empty. And they got away with their identity intact. How much work is involved in solving this problem? Ideally, you would sell this house, build a brand new one in another country far away and redo all of the security/layout/secrecy of the safes for that house. You don't do that in a week. you don't even do that in a year. Some of that solution may be practically impossible.

And that's the problem with computer security. In a way, it's better to be hacked when your security systems/practices are weak. The solution is to adopt the state of the art systems and procedures. But what if you are already using some or all of the best systems and procedures, and you still get hacked? That's a friggin nightmare is what that is. Your strongest defense is obfuscation and secrecy. Because if better systems don't exist (or only offer marginal improvement) you're going to be vulnerable to another attack by the same people. And you know it. The last thing you want to do is add to your worries by publicly disclosing how it was done.

But what the hell, if the Chinese Government was successful, maybe it wouldn't hurt to tell the Russians and every cyber-criminal organization out there how to do it too.

Or maybe it would.

Saturday, 14 June 2014

Ontario Election 2014, Post Thoughts - Part 2

(Part 1 here)

The Ontario election was a referendum on fiscal conservatism. Or so quite a few opinion pieces amongst various media outlets tell us. (I know these two are from the Natioal Post, they're the only ones I could find that were minimally hyperbolic.)

I think that is too simplistic a view of what happened. As I argued in Part 1, many voters wanted a minority government. When people want a minority government, they are not voting for or against a platform. They're trying to form a government based on compromises; attempting to force the parties to check and balance one another. What is written into the party platform is largely discarded, as logically in a minority situation, it can not be expected that a government will have the votes necessary to implement that platform.

Ask any voter why they voted the way they did, and you will get a variety of answers. The one answer that does commonly crop up is along the lines of  "Tim Hudak says he'll create a million jobs after firing 100,000 people? Right. Pull the other leg." People did vote against that message, which means if any conclusion is to be drawn, it was the message, not fiscal conservatism that was rejected. It is a tenuously drawn argument that links Tim Hudak's message of "firing 100,000 people equals hope" to a platform of fiscal restraint. Andrew Coyne tried, but even that argument was unconvincing. Granted, Tim Hudak was not going to fire 100,000 people, he was going to let attrition account for most of that. Not hiring replacements does not equal firing. However, the phrase "fire 100,000 people" stuck like glue to him. And he did sweet dang all to change that perception. If you want a concrete conclusion of what people rejected, it was that nobody believed Tim Hudak, and thought he was a bag full of bovine excrement. People can support the message of fiscal conservatism but reject the messenger. And unfortunately when at the ballot box, that's about all voters can do. It's not like voters can add a rider to their ballots, "I support the PC Party, but their leader is a moron and needs to go."

But I believe that the larger message that is being ignored is that there was a very vocal expression of voter unease leading up to the election. And as a result this election appeared to be more emotionally based then in the past. A prevailing sentiment was that voters were choosing the least worst option. Given that the PCs still finished in second place and that the Liberals were seen as the least worst, this wasn't a clear vote for a free-spending government. It was a wishy-washy collective "hold-our-noses and mark our X" vote. Draw specific policy conclusions at your own peril.

That general sense of voter unease and dissatisfaction is what we need to discuss and bring to light. Maybe many do want more fiscal responsibility out of this government, but no one is bloody well asking us. The results of the election selected winners and losers, and that's it. And that's just not good enough, which is true most of the time, but more-so for this election result in particular.

So what do Ontarians want from this government? It would be nice if someone asked us. Maybe then we can draw clearer conclusions. But to think that one ideology or another was clearly endorsed at the ballot box? To borrow Andrea Horwath's term, bullspit.

Ontario Election 2014, Post Thoughts - Part 1

With the latest round of voter malaise given voice by the recent Ontario election, Alheli Picazo took aim at the 'Decline your Vote' meme that started to gain popularity. While I agree with the spirit of the argument, I find that I cannot accept the logic of it.

She had two main points, "declining your ballot succeeds in 'sending a message' about as well as abstaining achieves a 'total revolution.'" and "after ballots have been counted, get involved. Become politically engaged with your party of choice." Let's start with first point. People want to decline their ballot because they want to send a message or make a point. Alheli is correct in the larger sense, this really matters not a whit when all is said and done. While a formal declining of the ballot will be counted (unlike spoiling your ballot) nobody in politics really cares what that count turns out to be. To a point. Where the argument fails is that it assumes a legitimate vote does send a message, that it means something. Unfortunately, the most a vote for a candidate does is add one to the sum total of votes. If your vote is for the winning candidate, congratulations, you had 1/1000th (or much less) of an impact! If you voted for a losing candidate, you had exactly zero impact. The same as if you had declined your ballot. No party that forms the government ever cares what the final numbers were for anyone else. They won. That's all that matters. Any larger message hidden behind the votes tallied is lost and ignored.

The recent win by the Ontario Liberals puts this point in sharp contrast. The Liberals won a majority of seats, resulting in a majority government. A very large segment of the population did not want that result. They wanted a minority government. (Listen to the views expressed during Ontario Today for an example of that.) The support for this majority government is very soft. One of the most tenuous majorities other than the one granted to Bob Rae in 1990. (That election still casts a shadow over Ontario politics to this day. Ontario had a one night stand with the NDP, and it has never wanted a second date.) But it is unknown how aware the Ontario Liberal party is that the message behind the result is they have been granted a pass with strict conditions. They won. They have four years to do whatever they want with all the power of a majority behind them. Will they just count on voters being fickle with short memories? We will have to wait to find out. So much for sending a message via a ballot. In the end your vote is nothing more than a number. A tiny sliver of a percentage point. It is the cumulative result that sends a message, and the winners get to pick what that message is.

The ballot box is a poor vehicle for sending a message, but it is one that all of us have. Because it has such limited power, I believe it can be used to send any message you want. Decline your ballot, spoil your ballot, vote for a no-chance candidate. Heck, drop trou and leave a big steaming pile in the middle of your ballot. I'll even cheer you on. (The police will likely not be as supportive.) If you choose one of the options of not voting for a candidate, there is a threshold at which a message will be sent. What will happen if electoral turnout/valid ballots cast drops below 40%? 30%? 20%? Can we agree then that the message is the electorate is dissatisfied with the electoral system, and that we have a crisis of confidence in how our governments are formed? We all better hope so.

As to becoming involved with the party of your choice, that isn't a realistic option for everyone. It's an option for the few. Personally, I prefer to remain none-partisan. I want to choose from the buffet table of political options. (As dismal as they are.) But not everyone can, or will, be a member of a party. It's rather the point of an electoral system; citizens don't have to be deeply engaged because the powers are being delegated to others. And yes, by choosing to delegate, you lose the power of your own voice. But how much of a voice do you have in a large party? Too many voices will dilute your own. It takes a certain personality to put up with being ignored, constantly being optimistic about your own input, and about being part of a team with a minor role. Not everyone has that fortitude, I suspect it is a minority of people that do. The party system only attracts certain kind of people for any length of time. That's a reality that's not going to change.

I do encourage everyone to stay politically engaged. The system we have may not be perfect, and could have a long way to go before being perfected. But it is the system we have. Make your voice heard; with friends, colleagues, heck even strangers. Use twitter, blogs, or any other online platform. Join a party, vote, write letters to the editor, stand on a soapbox with a megaphone. There's lots of ways to add your sliver of a percentage to influence change. But don't let that sliver drop to zero. I think on that last point Alheli and I can find 100% agreement.

Sunday, 18 May 2014

Dear Everyone, You're Part of The Problem

As everyone in Canada is aware (whether they want to be or not), Ontario is having a provincial election. Support for the current Liberal minority was tenuous, and the unofficial Liberal/NDP coalition fell apart.

I felt it was about time. Especially as, in my view, the Wynne Liberals had introduced a budget that tried to out NDP the NDP. People called it the most progressive budget ever. I thought it was just a huge grab bag of spending commitments that this province couldn't afford. Not to say all the ideas presented were bad, they were just all grouped together like a Christmas gift giving spree that would cause regret when the bills came due in January.

I saw the budget as pure political calculation designed to challenge the NDP, double dare them to vote down the budget and trigger an election. The budget wasn't about Ontario's future, it was all about the Liberal party's desire to beat the NDP at their own game.

My political affiliation leans liberal, but I cheered when Andrea Horwath stood up to the dare and said she would not support the budget. While it was a political decision, it was a principled decision in my view. And then the mockers came calling.

"Elections are expensive and unnecessary."* "Congratulations Andrea, you've just handed Ontario to Tim Hudak."** "That budget was awesome! We'll never see it again!"*** "Proposed legislation before the government that I support is gone!"*** and these were comments I saw from NDP supporters. Liberal and PC partisan hacks I expected, but from NDP supporters?

*In a democracy elections are an essential, and often the only, way for citizens to exercise their democractic rights and obligation. A government of the people needs the people to participate. And minority governemnts may need that input more often than we are used to. They are a sign of an unsure population, of tough issues needing more input and direction.

**In an election, campaigns matter. If the outcome is predetermined when the writ is dropped, why do we vote? Granted, Horwath is running a lack-luster campaign so far, but that wasn't predetermined when the election was called. Her campaign is an indictment or endorsement of her fitness to lead this province.

***If there were good ideas in the budget, and I grant that there were, then they can be reintroduced by any future government. To wail and weep at the loss of the budget over the measures proposed is to support the notion that ideas have a lifespan, that they can never be proposed again. Same with any legislation that died. Ideas have a life of their own, they survive, change and grow. If they are good ideas they will be introduced again. If it is something that you really care about, push for new governments to support them. You know, like in a democracy where people have a voice.

People complain that there is too much politicing and not enough contest of ideas in our political system. But the very voters that complain about this, resort to playing politics and attack the personality, the motives and the character of those that run to lead us. They express the worst aspects of the political process they profess to hate.

Yes politics is often a depressing and soul sucking experience. But an election is our, your, opportunity to effect positive change. If you want to make it better, break the cycle and participate. Call out the pointless partisan attacks on all sides (muffin expenses, really?) and engage the ideas and the policies. Shout down those that engage in personality sniping. If you want politicians to rise to your expectations of behaviour, show them how it is done. Because otherwise we are getting the "government of the people" that we deserve. Don't like it? Look in the mirror first.

Monday, 28 April 2014

Lament for the Arcade

Nothing makes me feel like a fossilized old nerd like modern video games. I just can't play most of them. It's not that I don't want to, I just don't have the time (or want to devote the time) required.

I grew up in the arcade era with Pac-Man, Q-Bert, Defender, Karateka, etc. I owned and played on a Coleco Adam, Commodore 64 (then a 128), and migrated to IBM PC games through the 386. One consistent theme ran through all those games that I call "Arcadability."

Arcadability is how easy a game is to learn to play; if you only had a $0.25 and 15 minutes can you figure out the basics of the game and still have fun? This Arcadability factor could still be found on the Nintendo Wii and the Sony Playstations 1 and 2. There were quite a few games that you could just pickup and play and not have to devote hours upon hours in mastering.

The first games to lose their Arcadability were the sports games. I started to notice a pattern where I could quickly master the Beginner level of almost any sports game. Very quickly I was beating the computer with absurd, unrealistic scores. For instance take hockey. I could regularly beat the computer 24-1 in three 5 minute periods. Gets a little boring. Up the level from Beginner to Intermediate, and the computer smokes me 15-0. So I went from bored to frustrated. I wanted to be to increase the challenge of the game, not be dominated by it. Now? I can't even beat the computer at the beginner level. This really hit home when I tried MLB 2012 The Show. When it was my turn up to bat, I couldn't hit a damned pitch. I searched online and found a few forums that recommended you devote hours to batting practice before playing your first game. What. The. Fuck. I don't want to be a pro baseball player! I just want to be entertained and distracted for an hour or two.

Serious gamers wanted more in-depth games. They wanted more realism, to be the coach and the player. They wanted big involved worlds with mystery that they could immerse themselves into for hours at a time. Me? I lost that desire a long time ago. I only have a few hours per month (not per week, per month) where I'm playing console based games. But the video game market now largely caters to the hardcore gamer. And I started to think that I was in a market segment that game developers didn't care about.

And then the Flash Game and the tablet based game phenomena happened. Here were a ton of games that you could download and have an arcade like experience. Angry Birds, Plants Vs. Zombies, Bejeweled, etc. all found a huge untapped market. Arcadability does sell. But now they want in-game purchases to suck your wallet dry. But that's another topic...

I still enjoy playing on a console based system. It's just a better overall experience. If developers repackaged and upgraded some of my favourite PS2 games like SSX Tricky, Splashdown, ATV Off-road fury, etc. for the PS3 (or even the PS4) I would buy them. These games were fun, easy to learn, and relatively easy to master. They also allowed multiple players to share one screen...

Aside: God I hate the online gaming phenomenon. Why? Because mutli-player games have evolved to only allow you to play online against others. There's four of us in this house that want to play each other, but we can't, because we only own one console hooked up to one television. To play against each other, we need four consoles, four televisions, and four copies of every game. That's frigging ridiculous. I spent several evenings with my friends crowded around a Sony PS2 and a 27" CRT divided into 4 little boxes so that we could play each  other. And we had a blast. I now have a larger LCD High Def screen and I can only play by myself. What the hell? Why did split screen gaming die? It was a major reason the Nintendo Wii was so popular with families, which included adults. I was looking forward to having this experience with my kids, but it just doesn't exist anymore!

Console game developers are not writing for me anymore. I'm not sure why not. Sure the hardcore gamers are a huge part of the market, but I have dollars to spend too. I just can't believe that my money is worth nothing to game development shops.

Bring back the arcadability factor, and you'll have a customer. But ignore that? Well then I guess you just don't want my money.

Sunday, 5 January 2014

In Defense of the Right to Be Outrageous

"Going to Africa. Hope I don't get AIDS. Just kidding. I'm white!"
Justine Sacco via Twitter.

The viral reaction to the above tweet resulted in Justine Sacco losing her job. Many condemned and judged her as racist and agreed with this as just punishment.

My reaction to that sentiment, "What the fuck is wrong with you people?"

I don't find that statement racist. I find it to be beautifully satirical. It brilliantly illustrates white western privilege and how we view other cultures through our sheltered personal lenses in less than 140 characters. When reading that tweet, I didn't use it to judge her behaviour, I used it to judge my own. And I found myself wanting. And I laughed, because it has a kernel of truth in it, as all great satire does.

And that is the point of outrageous commentary. Professional comics use it to devastating effect to yes, get laughs, but also to poke fun at themselves, their audience and our society in general. Outrageous satire has been part of human culture for as long as we have an oral history. And with the dawn of the internet, the great voice of the people, we all now can participate and share our comments with each other. Satire, sarcasm, parody, exaggeration are all tools that should be available to us to use. But a new troubling social order is arising.

For now that we have given a voice to the mob, we have also given the mob a tool by which it can render a perverted sense of justice. Say something that offends someone on the Internet, and the mob will judge, condemn, and sentence you all within a matter of hours. You have no presumption of innocence, you are not even allowed to defend yourself. You have been judged, found wanting and you must be punished, and the preferred current punishments are that you lose your job, be hounded into suicide or
at minimum just hounded off of the Internet. We have lost the right to be offensive.

And people condemn those that choose be anonymous on the Internet.... I say we have damned good reason. The biggest threat to my person is not the NSA, nor corporations, government or other agents of the state. The biggest threat to my safety is you, the common citizen. For by viewing any statement through the lens of racism, sexism, homophobia etc. we automatically discard the notions of satire, sarcasm, parody and exaggeration. Those tools are not ours to use, because they be misinterpreted. And we just can't have that.

(I cannot understate how ironic I find that Justine lost her job, while those that condemned her by calling for her rape or murder get to keep theirs. The mob's sense of justice is very selective and very arbitrary about what is fair to say and what is not.)

There's been quite the amount of mob outrage lately, and some of it has been over truly honest and hateful comments. But our efforts to wipe out hate are so widespread, so instantaneous and so arbitrary that we have lost any notion of justice. In every other aspect of western society we are distrustful of vigilante justice because we know it can go so horribly wrong. So why do we put so much faith in it when dealing with online communications? Why can anyone lose their job over something they said that anyone else can deem hateful and offensive? Because of the various self-righteous "tribes" on the internet, anything anyone says can be hateful to someone else. And if everyone is hateful....

"The path to hell is paved with good intentions." A statement that should serve as a warning to those that mean well, but haven't thought through all the consequences of their actions. And this trend of involving a person's employer is a thoroughly hellish journey.

Consider for a moment the repercussions of threatening a company's brand over something an employee says. This notion therefore means that a company must police all employee online communications; whether at work or in private and shutdown any behaviour that threatens the company's reputation. The best defense is a good offense, so every organization should monitor and control what employees are allowed to say or access online while in the office. Not only that, but they probably should put in their employment contracts that employees must allow the company to monitor all personal devices for any activity that could harm the company. This is the logical conclusion. If the mob threatens a company over an employee's actions, then that company has a right to prevent those actions from happening. And before hiring an employee, it is only right and just that all online communications be handed over to be judged by HR for troubling commentary. Why hire potential trouble?

By threatening corporate brands, the mob citizenry is giving the very power to corporations that they most loathe corporations for using. Not only giving them that power, demanding and pleading that corporations take it and use it.

Mob justice, just as frightening as it ever was. Maybe when you see something that offends you, pause and reflect a moment. Will your actions truly act as a public service? Or will you just be adding another brick in that path to hell?

Tuesday, 24 December 2013

Mayor's Weather Event Guide. Coles Notes Edition.

When faced with a major weather event, keep this shortlist handy. The full guide can be found somewhere within city records somewhere, but what mayor has the time to read? Instead keep this one-page list handy as a quick reference guide.

Remember: There's a fine line between being a leader and making people dependent on you. You must teach the core principals of self-reliance and independent thinking. Follow these steps with that thought foremost in your mind.

Weather Event Coles Notes - For Mayor's Eyes Only

  1. If forecasts call for a major event (E.g. an ice storm) several days in advance, do not formulate an emergency response plan. Do not update the populace as providing them information may cause a panic. People in a panic will run out and empty store shelves as they build up supplies. It is absolutely critical that you have first crack at liquor, beer and drug-house merchandise. If anything, take this opportunity to build up your own emergency supply. (In the hours leading up to the event, take the opportunity to get absolutely blotto. You will not have much time once the event hits. Enjoy yourself while you can.)
  2. Do not prepare any city resources in advance. This encourages laziness in your staff. A sharp crew has to think on their feet.
  3. Lead by example, take care of your own family first. And second and third and fourth. Then deal with the city.
  4. If a widespread power outage occurs, move your family into an expensive hotel. A man of the people cannot be seen to be taking $85 a night rooms away from his fellow citizens. Take the expensive option, the poor will thank you. The rich will be inspired by your selfless example.
  5. Contradict and disagree with city staff. Appearance of effective government teaches dependance.
  6. During press conferences, do not know the answers. Guess. Teach people to rely on themselves and investigate the solutions themselves. For cripes sakes, they have the Internet and the city pays for libraries. Don't make them rely on you.
    • Always be late for press conferences. A busy leader has a hectic schedule. Do not appear to be readily available, especially to the press. They're not doing anything to help, so feel free to waste their time.
  7. To appear to be an effective leader, show that you are taking some action. Find the hardest working crews in the city and pose for photo opportunities with them.  
    • Note for male mayors: Do not pose with women. Doing so may remind people that you are staying home, while women are out saving the city. This is bad for your image.
  8. User your own situation as a barometer on whether to declare a State of Emergency. If you are safe and sound, assume everyone else is.
Above all: Do not ask for help. This causes other people to take charge and start offering solutions. Control the situation, the only person that can decide your level of usefulness is you. It's your image at stake here, own it.