Friday 31 March 2006

Security: What do these things have in common?

  • Iraq

  • Google

  • French Students

  • The company I work for

  • The Private Finance Initiative

  • It's all about security in one form or another. Life is a constant balance between taking risks and looking for assurance. Different people look for a different balance. At the scale of individuals this is part of what makes life interesting, and also what makes life possible. Much though I'd like to think that humans could all live together in harmony sharing equally the fruits of the labour, with each contributing according to his means, a contented society would largely stagnate. Progress requires risk.
    But why do people take risks? Some people seem to take risks purely for the hell of it. Think about bungee jumping or even skiing. Some people take a more calculated approach to risk. But whichever way you look at it, risk-takers are always looking for some kind of benefit to accrue from their risky behaviour. So if society needs risk to progress there must also be some kind of reward for those who take those risks.
    Reward is needed to encourage risk-taking, but what of the other side of the equation. One thing that tends to get overlooked is that risk, by definition, implies some kind of detriment or discomfort in the event of failure. It's all well and good reaping the rewards, but what if the flip side of the equation doesn't really balance?

    Bet you didn't know this

    Guess what? Scorpions flouresce all blue when you put them under ultraviolet light. This is a completely unadulterated photo of a real live scorpion. Fantastic.

    Wednesday 22 March 2006

    Customer is King - in the British sense

    One of the fantastic things about modern networking technology is that it allows almost completely secure transactions to take place between networked organisations almost instantaneously.

    Of course, this doesn't always suit everyone. Take the issue of transferring money between banks. In the old days, it would take time for funds to move between banks simply because these things presumably had to be done with less automated methods. I still remember the days when automatic bulk bank transfers had to be initiated by writing them to a magnetic tape and sending the tape to the bank. With that kind of background it would be understandable that a cheque paid in to an account would take some time to clear before the funds became available to withdraw.

    Now, though, these things happen far more quickly. Cheques may still take a day or two to physically work through the system, but consumers can easily and directly initiate all sorts of transfers and transactions that don't need physical cheques. In the case of transfers to my savings account, the funds are actually taken by the savings bank directly from my chequing account using the "Pre-authorised payment" method designed for collecting variable bill payments.

    So why the hell does it take seven business days before the funds become available. The transfer at the bank level must happen pretty much instantly. This means that my savings bank basically have 7 days to play around with my money in whatever way they see fit before they actually give it to me. Granted, they do pay interest, but I can't see there's any other reason for it taking so long.

    I was amazed recently when the same thing happened with my chequeing account. I paid in a cheque at a different branch from the one I usually use. The cheque was drawn on an account at the same branch as mine, but I just happened to drop it in at a branch on the way home. 7 days later I was still unable to use the funds.

    The delays are frustrating enough, but what is almost more frustrating is this selective use of the benefits of technology. This kind of thing takes so long to filter down to the customer. Competition helps, but I've done that already. However, it perhaps helps explain why I found the comments of Disney's CEO, "The customer is king" so risible.

    The media content industry is taking all the benefits of technology and making it all totally one-sided. The DMCA effectively prevents customers from taking advantage of technology to their own benefit. If the customer is king in this market, we're talking a constitutional monarchy where Disney, Apple and Sony are the three branches of government and the king just does what they say.

    Tuesday 21 March 2006

    Did I mention...

    It's great to live somewhere you can get views like this less than half an hour from home. This is Mount Baker seen from Cypress Mountain on a cold crisp evening in late February.

    Form over function

    These chairs in the lobby of the Marriott/Hilton/Sheraton/Crowne Plaza at Dulles Airport, Washington D.C. look fantastic. Unfortunately, they are about as comfortable as a bag full of pointy rocks. Nice.

    Monday 20 March 2006

    Man with a Mission

    Went to a place called "Mission" over the weekend. It's on the way to Hope. If you ever find yourself there with energetic kids, the Fraser River Heritage Park on the east side of the city is nice - what it lacks in playground toys (it has none) it makes up for in mud piles, open spaces and the interesting remains of the original Mission after which the city is named. Plus, it has cracking views of the Fraser Valley, the Skagit mountains and the northern Cascades including Mount Baker.
    The ferry across the Fraser River at between Fort Langely and Albion is also fun, although the queue lasted longer than the ride. At least it's free!
    And finally, you could do a lot worse than go to Hava Java for a coffee afterwards - it's in a strip mall next to Safeways off Highway 7 on the west side of town. Their coffees were significantly better than Starbucks.

    Thursday 16 March 2006

    RFID viruses - magnetic stripe and bar codes are next

    Numerous tech media sites, including this one are touting "research" by some dutch group that claims RFID tags "are as susceptible to viruses as personal computers".

    This is, of course, utter nonsense. Like any data-storage device it's possible to store viral code on an RFID tag. It's also theoretically possible to construct an RFID tag that might exploit a buffer overflow exploit in the software that reads the tag data. However, these things are all easy to avoid. The researchers had to actually build their own RFID-reading software with appropriate customised vulnerabilities because none of the commercially available stuff was susceptible to their attack technique.

    Realistically RFID tags are no more a risk than smartcards, bar codes (especially the 2-dimensional high density ones) or even old-fashioned magnetic stripe credit cards: all of these technologies carry arbitrary data that is read and processed by software systems that could have vulnerabilities.

    Scaremongering like this really unhelpful. Security issues are confusing enough for the mass of computer users without getting them worried about phantom scares. The problem (if there is one) is not RFID tags themselves, but sloppy coding which should be eliminated wherever it occurs.

    Mind you, there are plenty of other reasons why ubiquitous RFID tags are a bad thing...

    UPDATE: even the usually-sane BBC was taken in by this nonsense.

    Freaky eucalpyts

    The Australian landscape is pretty varied - everything from barren desert to lush rainforest. Although it has many different types, there is one feature that distinguishes all but the most barren regions. This feature stands out and makes Australian landscape photos instantly recognisable - it's the trees.

    Eucalypts are a kind of tree that has really thrived in Australian conditions and their distinctive shape with tall, sinuous trunks and almost clumpy masses of slender drooping leaves are the thing that make even the greenest of Australian landscapes distinct from pictures of European or American countryside. The picture on the right was taken on the Great Ocean Road in Southern Victoria.

    Which is one of the reasons why I always get a bit freaked out when I visit the Bay Area. Eucalpyts seem to have been introduced quite freely in some parts - including avenues of paperbarks (which are actually melaleucas, not eucalypts but then I never claimed to be a botanist) along stretches of "the" El Camino Real. If it was only a little warmer I could believe I was back in Sydney!

    Monday 13 March 2006

    Walking into happiness

    I discovered this the other day. It's a great use of Google maps. You can plot routes on it and it will tell you the exact distance you've covered. You can even get a graph showing the profile of altitudes you've passed through so you can tell how high you've climbed and how low you've fallen. I bet you haven't fallen as far as this, though: the worst joke for the day - a Cisco router.

    Vancouver has it all

    What a fantastic weekend of weather. Admittedly, I spent most of Saturday indoors, tidying a bit, baking a bit and I don't know what else. Sunday, though, Elder had a party at Grandview Lanes, a bowling alley on Commercial Drive. So I rode over there, in shorts, with Son in the trailer and dropped him off. I was then free to stroll up and down Commercial Drive, sit down, have a coffee, browse the delis, bookshops and grocers and generally enjoy the early spring weather.
    Freedom is overrated, and once I got bored with it, I went back to the bowling alley and waited until the party finished. As I waited I realised that the alley was actually 5-pin bowling - something you don't get in the UK and that I hadn't tried for over 20 years. So I had a couple of games by myself. It's great fun - much more skill required than 10-pin bowling.
    After the party we cycled back home. The views from Commercial and along 10th Ave were spectacular: It was a crisp, clear, sunny day and the Lions' ears were looking particularly perky. The whole thing reminded me of the motto on a souvenir mug I bought during that trip to Vancouver 20 years ago - "Vancouver has it all" - isn't it. Hmmm.

    Friday 10 March 2006

    Skunk works

    Our house is becoming something of a wildlife reserve. We currently have some kind of rodent living in our basement - it seems to have found its way into the wall gaps, or possibly the heating ducts. This rodent, which seems a bit too big to be a mouse, but a bit small for a rat, joins our longer-term resident skunk (or skunks) that nest under the shed where I keep my bike (under our deck).

    I had a close encounter with the skunk last night. When I first realised the skunk was living there (they don't hide their presence well) I tried to block the gap through which it was entering and leaving with a small plank. It kept pushing the plank over. I was reluctant to do anything too drastic like nailing the plank up, just in case the skunk was actually trapped inside. I suspect the one thing that might smell worse than a live skunk is a dead one.
    As I cycled home last night I saw a skunk cross the road not far from our back alley. Having crossed the road, it made a bee-line for the alley as I overtook it. I thought "this must be our skunk - it's out, so maybe I can block the hole now". I quickly got into the garden, found the old plank and wedged it in place. Unfortunately, it had been sitting in the rain since December and was now rotten - it broke. Having blocked the hole as best as I could I proceeded to put my bike away. The door to the shed is directly above the hole where the skunk gets underneath.
    As I was putting the bike in, I glanced down and spotted a white head sniffing my shoe. I jumped backwards, slightly alarmed. The skunk, fortunately, was similarly surprised and ran off towards our neighbours' garden. A bit of an anticlimax for you the reader, maybe, but it is actually the first positive proof (other than the smell) that it is actually a skunk living in our yard.
    Elder was very excited when I told him about this. He wondered why the skunk was trying to get in the hole at the same time I was parking my bike. I suggested maybe the skunk was coming home from work too. And thus I discovered the origin of another bizarre turn of phrase!

    Thursday 9 March 2006

    Things to do in Victoria

    We went to Vancouver Island for the weekend and had a great time, although Youngest was not well. We found a great spot for keeping the kids quiet for an hour or so: Victoria Bug Zoo.
    They have a good collection of creepy-crawlies including giant stick-insects, hissing cockroaches and beetles that play dead. You can touch or hold some of the creatures, under the supervision of a knowledgeable guide who communicates well.
     One creature they have that was new to me was a Vinegaroon - a really cool Arachnid that looks a bit like a scorpion and can squirts concentrated vinegar out of its arse. Every chip shop should have one. Which brings me nicely to the other cool place we went - Willow's Galley - an unpreposessing shack on Estevan Ave in Oak Bay that does great halibut and chips.

    The pros and cons of private enterprise

    As a child of two teachers in the UK in the 70s I grew up with a kind of inbuilt assumption that almost every business or service was ultimately provided by the government. To some extent that was true then, of course, and throughout the 80s I was firmly in the anti-Thatcher camp: selling off our nation's infrastructure to the highest bidder. In reality business has been there all along providing most of the things we need (and much that we don't). On top of that, there's all that other business that provides things businesses need to do business - which has been the source of my living for the past 15 years. I had grown comfortable with that and no longer really thought about it very much, although there was still a part of me that clung on to that socialist view that maybe some things are better off in government hands. But then I moved to British Columbia.
    Don't get me wrong - I love living in Canada for all sorts of reasons but there are two particular things that really piss me off. Both are related to the financial services industry. One is an example of why public ownership is a Bad Thing, and one is an example of why private enterprise is not always the ideal solution.
    Canadians like their cars: not as much as Americans, but when you live in a country as spread out as Canada they do take on an extra significance. The consequences of this are numerous, including lower driving ages in some provinces. In BC it has resulted in the granting of a monopoly on basic motor vehicle insurance to a crown corporation, owned by the provincial government, the Insurance Corporation of British Columbia.
    On the surface the idea sounds great to a closet pinko like me - single insurance rates, based directly on driving record not age, gender or other factors that commercial insurance companies use. On top of all that, they also make ICBC responsible for road safety and driver licensing. This is supposed to give them an incentive to help people drive better in the hope that it will reduce the level of claims and therefore premiums.
    In practice, it kinda sucks. We arrived from the UK last year and inherited an 11-year-old Volvo 850 sedan. The value of this thing is probably no more than $6,000. It's a real family car. Insurance, including a modest amount of loss cover, was over $2,500. In the UK, the last insurance bill for our 3-year old Citroen (worth around £8,000) was under £200.
    The real stinger was the no-claims bonus. Because I had company cars in the UK I have not actually held insurance for several years, but L had over 10 years of claim-free driving. In the UK, and even in Australia when we moved over there, all you have to do is call up, tell them you're entitled to no-claims from your current insurer and they give you the discount up front. You then just send a confirmation from your current insurer that you've racked up the appropriate number of years. Nice, simple, user-friendly.
    Imagine our surprise, then, when the 'broker' who sold us our insurance told us the procedure for getting no-claims discount from ICBC. You have to get a letter from every insurer you've had over the period you're claiming for. This letter must state the dates of the insurance period exactly. You must then send the original letters (not faxes or photocopies), together with a processing fee of $25 to some bunch of pen-pushers in North Vancouver who may, at their discretion, allow a reduction in rate and send a refund. We had to contact around 5 insurance companies, in Australia and the UK. In several cases we no longer had any records of the policies we'd held with them. In one case, they no longer had any record of us as a customer. At least one of them was prevented by their IT systems from sending letters to overseas addresses, so we had to settle for faxes. In the end, we bundled up everything we had and sent it off. They allowed us one year of discount - 10%. Despite the fact that our last insurer confirmed in writing that L had 6 years of no-claims discount.
    So why is it that ICBC see the need to put you through a hell of paperwork and actually charge you $25 for offering what insurance companies anywhere else offer so freely? It is because they are a monopoly. Competition is what makes insurance companies in the UK and Australia so willing to offer no-claims discounts. Competition is what keeps the insurance premiums down. The ICBC as a state-run bureaucratic monopoly has no incentive to recognise any of these things because we have no choice but to go to them.
    But just having an unrestricted market does not guarantee effective competition. The other thing that pisses me off about Canada is the banking system. I opened an account with a large international bank that just happens to be UK-based, partly because we bank with them in the UK and they made it easy for us to open an account here. The first choice I had to make was which fee package to opt for. Although this is now an alien concept to most Brits, where banking has been pretty much free for as long as I've had a chequebook, we did have a brush with fee-based banking when living in Australia. That doesn't mean I like it, though.
    I opted for a package that gave us various benefits, like free chequebooks, and also offered 'free' ATM withdrawals from any bank's ATMs. This seemed like a good idea because although this bank is multinational, they aren't enormously well established outside of areas with significant ethnic Chinese populations. So I went happily on my way, L and I both withdrawing cash from RBC, BMO, TD and other ATMs happy in the knowledge that it would cost us nothing. But not so...
    When we got our first statement it showed a charge of $1.25 for all these transactions. This charge was on top of the $1.50 or so added to the amount of the withdrawal by the bank whose ATM we used. Those from our own bank were indeed free. I called the bank and asked why these free transactions were costing $1.25. They had no good answer and refunded the fees.
    The next statement had the same fees, and the next. In the end, it turned out that the fee was not for using the ATM itself, but a "network fee" for using the network, or something. They refunded it again and since then I have tried to avoid using non-HSBC ATMs. Whenever I do, though, this fee still comes up. Now, if anyone ever reads this and has an HSBC account in Canada perhaps they could tell me how much they get charged for non-HSBC ATM withdrawals. Either way, the promise of "Free non-HSBC withdrawals" is clearly false and misleading.
    But aside from the injustice of misleading advertising, this is again symptomatic of bad competition. The fact that you can be charged $1.50 by one bank, $1.25 by a network and, presumably, $1.25 by your own bank just to withdraw your own money suggests that at some level the banks in Canada are colluding to keep these fees rolling in. On top of all that, remember that one of the big drivers for installing ATMs and encouraging their use was to reduce their costs in handling transactions by avoiding the need for tellers. Again, compared to the system in the UK where there is much more competition, apparently less government intervention and protection of the industry, banks are able to offer fee-free banking and still turn in obscene profits.
    Right, I've got that off my chest so now I can go back to just enjoying the mountains, the ocean and the hockey.

    Thursday 2 March 2006

    Misson statement

    I live in Vancouver. I am not a Canadian. I have two young sons. I work in the data security industry. I think I'm a techie. I've been in business development for three years. I am a musician. I like to read. I am interested. I'm not always certain. I like to travel. I don't like going away. I like to think. I don't like to study. I like to cycle. I don't like exercise.

    I hope that these thoughts will be interesting to someone.