Wednesday, April 30, 2008

Why Did The Turtle Cross The Road?

Apparently to check out the underbody of my car. He was crossing Highway 10 between Perth and Westport.

Saturday, April 26, 2008

Doing the right thing

With so many causes and issues flying around it's pretty easy to find contradictory positions and advice on almost anything.
"Researcher discovers breathing is bad for your health", etc.
I'm going to take on a some issues and causes here to figure out and share what I think is the right thing to do. Not big ones, mostly small ones. No answers today, just a list:

  • Plastic shopping bags - The latest fad is to not use plastic shopping bags for groceries etc, using cloth instead. OK so far, but for years I've been re-using those same plastic bags in the kitchen garbage. If my supply is cut off, and I start using regular plastic garbage bags, is the world any better off? What's the alternative in the kitchen?
  • The kids had $20 lying around from a recent pet sitting gig. They've been donating profits and for Malaria Day yesterday I suggested they buy some nets. Then while explaining the Malaria issue to them I noticed a mention of the nets being diverted for use as overly effective fishing nets. I'm hopeful the nets are really a 'net' positive but will do more research. We donated the nets anyway.

Monday, April 21, 2008

Zimbabwe: Olympic Torch Relay Returning To Africa?

Could this boat have the Olympic Torch Relay entourage hidden in one of the containers?

It seems certain whatever is in the hold is intended to ignite something.

When I was a kid we went to the Ontario Science Center in Toronto pretty regularly.
They had a simple forest fire-fighting simulation game. Graphics were REALLY simple back then kids, so the fire started as a single square in the middle of the screen and spread to surrounding squares. You could build firewalls by bulldozing swaths of squares, water bomb areas, etc.

You soon learned that if you immediately dropped a water bomb on the single square you won. If you missed it, you were toast and the whole forest burned down.

That boat reminds me a little of that single square of fire - kudos to the dock workers for refusing to unload the weapons. A beacon of sanity!

At some point the world missed it's chance to waterbomb the single square in Darfur and Rwanda. Let's not miss it again.

China shouldn't be allowed to play with fire - someone take that torch away!

Mugabe orders partial recount as boat containing regime's 77 tonnes of Chinese arms is marooned off South African coast

From This is Zimbabwe:

Enquiries over the contents of a cargo of arms aboard the An Yue Jiang have sparked a media frenzy, however various government departments have declined to comment over the ship and its cargo.

Noseweek editor Martin Welz told Sapa on Wednesday that “the cargo ship was openly delivering a containment of arms for Zimbabwe”.

He said that he had copies of all the documents.

The controversial cargo packed into 3 080 cases includes three million rounds of 7.62mm bullets (used in the AK47 assault rifle), 69 Rocket Propelled Grenades as well as mortar bombs and tubes.

Chinese troops are on the streets of Zimbabwean city, witnesses say

By Ian Evans in Cape Town
Saturday, 19 April 2008

Chinese troops have been seen on the streets of Zimbabwe's third largest city, Mutare, according to local witnesses. They were seen patrolling with Zimbabwean soldiers before and during Tuesday's ill-fated general strike called by the opposition Movement for Democratic Change (MDC).

Earlier, 10 Chinese soldiers armed with pistols checked in at the city's Holiday Inn along with 70 Zimbabwean troops.

One eyewitness, who asked not to be named, said: "We've never seen Chinese soldiers in full regalia on our streets before. The entire delegation took 80 rooms from the hotel, 10 for the Chinese and 70 for Zimbabwean soldiers."

Officially, the Chinese were visiting strategic locations such as border posts, key companies and state institutions, he said. But it is unclear why they were patrolling at such a sensitive time. They were supposed to stay five days, but left after three to travel to Masvingo, in the south.

China's support for President Mugabe's regime has been highlighted by the arrival in South Africa of a ship carrying a large cache of weapons destined for Zimbabwe's armed forces. Dock workers in Durban refused to unload it.

Dock workers and police send China arms ship packing from South African port

The South African government gave customs clearance for the weapons, which include more than three million rounds of AK-47 rifle ammunition, 1500 rocket-propelled grenades and more than 3000 mortar rounds and launchers.

But Randall Howard, general secretary of the South African Transport and Allied Workers Union (Satawu), to which the Durban dockers belong, warned: "As far as we are concerned, the containers will not be offloaded. The ship must return to China. If they the Mbeki government bring replacement labour to do the work, our members will not stand and look at them and smile."

Saturday, April 19, 2008

Prep for Ottawa Tulip Festival

Prep for Ottawa Tulip Festival
Originally uploaded by acodring
These beds are on track for the May Tulip Festival.

These shots were mostly an excuse to play with my new 50mm F1.8 lens. I had forgotten just how shallow you can make depth of field...

Closed: Michael's Classico Barbershop

Mike moved to Belleville to be closer to family.
This was a real, old school, Italian style barber shop, except for the reading material.
Mike knew pretty much everyone's name and waved even if he didn't.
Bank Street and Old Ottawa South will miss his style.

Thursday, April 17, 2008

Server Gated Cryptography (SGC): Aiding and Abetting?

I’ve made my views on SGC known before, but this week I was asked to restate in a more condensed way.

How’s this?

Enabling Server Gated Crypto on your web servers is tantamount to aiding and abetting cyber criminals.

“Of course it isn’t!” your SSL certificate salesperson will say. “SGC enables all your customers to use super strong 128 bit cryptography, even if they have older browsers.”

There’s the rub. Those older browsers are the only ones that need SGC. Unfortunately , those older browsers are also so full of unpatched security holes that you could encrypt the pipe between the browser and the web server with 256-bit AES and the criminals wouldn’t break a sweat as they collected your customer’s login information or credit card number.Photo Credit: Drunken Monkey

The bad guys are able to install software on those older, unpatched systems that lives inside the browser or inside the operating system. That malicious software can log keystrokes or view submitted information before it is encrypted by SSL. The rogue software can then submit the collected information to a central place for aggregation and collection by the criminal group.

If you haven’t heard of botnets yet, that’s what we’re talking about here. They’re not new - if you’re a details person this three year old paper on botnets is a good introduction to the topic. Shadowserver Foundation has some interesting stats on bot counts and locations – today they’re showing ~110,000 infected systems. These are only the ones that are actively being controlled by a command and control server, and obviously they’re only the ones that they know of.

As for the accusation of “aiding and abetting”, it’s mostly tongue in cheek, but think about it. I’m no lawyer, and neither is Wikipedia, but this is what the Wikipedia community consensus says:

Where available, aiding and abetting liability generally requires three elements:

  1. an underlying violation by a principal; [AJC: Credit cards are being stolen. Check!]
  2. knowledge of that violation and/or the intent to facilitate the violation; and [AJC:You’ve read this post. Check! ]
  3. assistance to the principal in the violation. [AJC: You put up the SGC cert. Check!]

You have visibility into your users' configuration through user-agent info when they connect. Don't give them a false sense of security.

You owe it to your customers to help those with unsafe systems understand the risks and to strongly encourage them to upgrade their systems.

Are you doing the right thing?

Feedback welcome in the comments or by email.

Wednesday, April 16, 2008

Spammer shamelessly exploits young girls with customized hockey mats

Hi Alaina,
Not sure if you 'bought' access to this OGHA girls hockey team mailing list, but every time you send an email through it you are building your reputation with me as a spammer. Someone I don't want to do business with.

As far as I recall you haven't asked for or received permission to interrupt my day. Am I wrong? I'll assume you're not officially a sponsor since your name doesn't appear in the sponsors list on the OGHA site.

I'd recommend starting with Seth Godin's books and/or blog to get an understanding of what permission based marketing is about.

Instead of spamming have you thought about improving your search ranking? Google doesn't think you're relevant to Canadian people looking for custom hockey mats and that's very bad for you. Look into 'search engine optimization', soon.

While you're at it, look into Google Adwords too. While I'm wasting my time replying to your email, your competitors have sponsored ads all along the side of this email message in my browser window - you don't show up. Gmail knows I'm reading something about custom hockey mats and they're showing me ads related to that topic.If this was a legitimate conversation about hockey mats and I was interested in buying some, then those ads would be very timely.

I had a look at your web site and I couldn't see any signs of a web analytics tool. For your sake I hope you're on that at least.

The neat thing is, I've BCC'd Andrew Codrington's Unprofessional Blog with this email. If things work as expected two things will happen:
  1. My (admittedly small) readership will see you referred to as spammers, and
  2. Google Adwords will see the term 'custom hockey mats' throughout the blog post and show an ad for one of your competitors beside my blog.
That last link from the term "custom hockey mats" back to my blog was just for kicks. Oops! I did it twice! As a result my blog could very well show up higher than your web site in searches for 'custom hockey mats'. Doh! Just can't stop linking! :-)

You should be able to click through to my blog to see if it worked. I know I will!


2008/4/16 Pulse Inc. <>:

Alaina Boven

Pulse Inc.

Sales Manager

Tel: 416.357.4818

Fax: 1.888.819.6112

Tuesday, April 15, 2008

Commuting with economists

Despite Ottawa suffering from both low density and sprawl my commute is only about 1/2 hour. To keep it interesting on Sunday night I sync my iPod Touch with a load of podcasts and listen to them in the car through the week.

The first ones I listen to are almost always from The Economist.

"From the Paper" is a short summary of the in print edition and "The World Next Week" takes a stab at guessing what issues will bubble to the top.

Here's the summary of "From the Paper" for this week:
April 12th 2008
Selections from The Economist
America's recession, a public-relations tip for China, malaria's breakthrough moment, and the Princess Diana inquiry

The World Next Week was obviously recorded before Obama's "bitter" comments as they don't even mention it. The dangers of the crystal ball! Still a good listen.

Their summary notes:
World leaders gather to discuss Iran, the Olympic Torch Relay continues and Gordon Brown visits Washington for talks with George Bush

Both podcasts are highly recommended for fellow commuters!

Monday, April 14, 2008

Under New Management

This morning's commute was lightened by a truck delivering some signs. The sign I could see reminded me of Seth Godin's post on the negatives of "Under New Management" signs.

"If I liked your store before, now I'm on notice to be careful--it might not be as good.
If I didn't like your store before, why on earth am I paying attention to your little sign and why should I go out of my way to take another chance?
This is a vivid symbol of the ego-centric nature of most marketing. The sign is about the owner, not about the prospect."

Maybe the bar owner had read the post, because they had a definite message for the prospect. I don't have a camera phone, so I'll just have to type in what it said:

"Under New Management. Colder Beer."

It didn't include the name of the bar, otherwise I might be there now!

Sunday, April 13, 2008

Saturday, April 12, 2008

Heaping Praise: CBCR3, HypeMachine, and MusicIP

Originally uploaded by e-magic

One of my goals in life is to not be listening to the same music in the old age home as I did in high school.

As a parent it's tough to actively follow the scene's and find out about new music. Lots of tools and services on the Internet make it easier, but when it comes down to it you need to quickly find stuff and be able to listen to it.

CBC Radio 3 has been a huge part of finding out about new Canadian music for me. It's pretty stunning that it exists and even more amazing that it's been able to maintain such a high level of quality and freshness over the years. As I told Grant, it makes me happy to pay my tax bill. Daily and weekly podcasts on my iPod make running and the commute a lot more fun.

The Hype Machine is another one that surprises by it's ability to continue operating. I'd expect the RIAA to treat it as a WMD (Weapon of Music Destruction). It aggregates huge volumes of podcasts into a single RSS feed of mp3 tracks that pile up in a folder on my machine. Lots of crap, lots of gems.

MusicIP Mixer is what brings it all together. Wendell tirelessly helped me and thousands of others get it set up - in my case plugging into SlimServer - and Rachel was kind enough to give me a full licence for Christmas a couple of years ago.

MusicIP Mixer analyzes and fingerprints all your tracks and then can create mixes based on seed tracks you select. It doesn't suffer from the memory problems and unfounded biases that I do ("I forgot I had that John Bottomley", or "Led Zeppelin, Herbie Hancock, and Sparklehorse do not mix") and puts together mixes of whatever length you ask for. It dips into my regular collection and also pulls out the tracks that come in from HypeMachine to introduce me to new artists and styles all the time. I think I've just made a big step towards Shari liking it too, as I figured out how to create a filter to keep Tom Waits out of any mix - the sound of his voice turns her off within milliseconds!

You can download and try MusicIP Mixer anytime - without the full licence they limit mixes to 75 songs and disable a few advanced features but it's still completely usable. Be patient if you've got a big collection - the initial analysis can take hours or days! Dig around in the preferences first to turn on 'Archive Analysis' - that'll save the fingerprint right in the mp3 file and save you tons of time if you have to start over and re-analyze. The new iTunes plugin might be better suited for people who live in that app all the time.

You know when you're in a cool cafe and some great tune comes on - if you're like me you run over and ask "Who's that playing?". With the above three tools and services that happens in my house pretty regularly.

Then, like a good consumer I run off and buy it. I'm an subscriber and have used other services but so far I haven't spent a dime at iTunes. Can't get my head around Steve Jobs or another music exec being able to "turn off" my music collection with his DRM. If you decide to try emusic let me know and I'll "introduce you" - they give both of us extra free tracks!

Friday, April 11, 2008


I never said I was going to stick to one topic here....

CBC Radio's The Current interviewed a scatological author this morning and when he described 'poophoria' (a feeling of elation after a quality movement...) I would have crashed the car if I hadn't already stopped in a parking space.

"Also, Oprah's getting scatological and ads for pro-biotic yogurt are everywhere. Since when did it become acceptable to talk about poo in public? And is it really necessary, or just grossly self-indulgent? We'll talk to the author of the new book, What Your Poo is Telling You."

The audio wasn't available yet, but should appear here later today.

Thursday, April 10, 2008

RSA Show Summary - Security Incite

Break Time
Originally uploaded by makelessnoise
Mike Rothman seems to have the right take on the show, mostly written before he went.And no, there's no sour grapes that my plans to attend fell apart at the last minute. :-)

10,000 vendors and 2 customers
RSA Day 2/3: Yawn...
Top 3 RSA Themes:
  • Virtualization Security
  • GRC
  • Security in the cloud
  • What you won't see:Innovation
I didn't get the memo that 'Compliance' got it's own TLA (GLC for Governance, Risk and Compliance). Mike is always educational!

Tuesday, April 8, 2008

The Answer to How Is Yes: Acting On What Matters

This book review from here caught my eye and highlights a better approach to difficulties I've often run across. Haven't read the book...

The Answer to How Is Yes: Acting On What Matters

Block, Peter

Another set of insights from Peter Block. This one is less about specific tips on how to be a better consultant/advisor. Instead it focuses on the impact of our default attitudes and assumptions on how we handle change, particularly in organizational settings. In particular, Block takes aim at the debilitating affects of always and quickly shifting discussions about any kind of proposed change to discussions of how things should be done or how they are impossible to do.

He argues, successfully, that our disposition toward leaping into questions of implementation is a disguised way to block change. The first question should never be "how can we do this?" as pragmatic as that might appear. Instead, we need to begin with questions of value. "Is this something that we want to do or that we need to do?" If the answer to that is truly "yes" then we will find the answers to the "how" questions as they appear.

Monday, April 7, 2008

Chocolate = Willpower

Very important findings here:

What limits willpower? Some have suggested that it is blood sugar, which brain cells use as their main energy source and cannot do without for even a few minutes. Most cognitive functions are unaffected by minor blood sugar fluctuations over the course of a day, but planning and self-control are sensitive to such small changes. Exerting self-control lowers blood sugar, which reduces the capacity for further self-control. People who drink a glass of lemonade between completing one task requiring self-control and beginning a second one perform equally well on both tasks, while people who drink sugarless diet lemonade make more errors on the second task than on the first. Foods that persistently elevate blood sugar, like those containing protein or complex carbohydrates, might enhance willpower for longer periods.
I extended the research by eating chocolate before writing this post.

Post written. QED chocolate is a willpower enhancing substance.

Self-Centred User Sends Warm Wishes to User Centric Interop Team From Afar

From where I stand (far away from San Fran) the user centric identity interop event at RSA is a good thing.

Career Wildfire?

On constantly dealing with fires in the workplace, Seth says:
Add up enough urgencies and you don't get a fire, you get a career. A career putting out fires never leads to the goal you had in mind all along.

Note to self: Take heed.

Hannaford: Has PCI Met Its Killer Rabbit?

How far do you have to go to be ‘safe’ from such insidious evil?

I don’t normally bother to comment on the stream of ‘breach’ stories but Hannaford was different from the beginning. They were doing the ‘right thing’ and were PCI compliant, yet were the apparent source of a large number of credit card fraud cases. Hordes of security vendors building franchises around the credit card industry’s self imposed Payment Card Industry Data Security Standard cowered as the story took shape, and one of Hannaford’s own PCI providers engaged in some ‘customer reference’ gymnastics.

The story is still emerging, but it sounds like Hannaford didn’t detect it internally, rather normal card fraud alerts pointed back to them. Despite missing the breach itself, kudos to Hannaford for fessing up once they became aware.

Most of the ‘how it happened’ guesswork is pointing to malicious software that was able to spread inside the Hannaford network onto systems behind the protective measures prescribed by PCI DSS: “One piece of malware on one machine leaped to 300 other servers”. “Leaped”? That must be a new malware attack vector they’ll reveal this week at the RSA Conference.

Some are saying this shows PCI is ineffective: “In other words, PCI is worthless

I disagree. (Even though one of my own credit cards was apparently duplicated in the last couple of weeks, giving someone a lucrative weekend shopping spree through central Ontario…)

While the Hannaford breach clearly demonstrates that PCI needs to go further before it is an effective weapon, there is no doubt that it is moving the payment industry in the right direction.

Friday, April 4, 2008

Societal ills

I'm listening to a CBC Ideas podcast that's exploring the roots of good and bad health this morning.
No easy answers, but it goes far beyond "an apple a day", or "eat your veg and get plenty of exercise".
It includes compelling arguments for investing in people's health very early in life (<4yrs old). Do you read to your toddlers? Apparently they'll thank you when they're 40.