The [Supreme] court didn’t find for the appellants on the grounds that “the kirpan is not a weapon”. Indeed, all parties to the suit accepted the premise “that the kirpan, considered objectively and without the protective measures imposed by the Superior Court, is an object that fits the definition of a weapon.” The court found for the appellant because the school board’s zero-tolerance policy towards weapons, based largely on fears that the presence of a knife would somehow allow spooky negative vibes to propagate throughout the school, did not constitute a minimal infringement upon the rights of a religion that happens to insist upon the carrying of a weapon. (Anyone who has studied the remarkable history of the Sikhs can only be surprised that they don’t carry about five of them.)
I hate to break it to Nav Bains and to admirers of leading comparative-religion scholar Michael Ignatieff, but reciting “It’s not a weapon” won’t give us a magic wormhole we can all leap through to avoid debates over religious accommodation in public services. As I understand matters, and I am perfectly prepared to receive instruction on this point, the whole point of the kirpan is that it’s an avowedly defensive weapon. The reference books, including those written by Sikhs, tell us that it is worn precisely to signify and reinforce the Sikh’s wholly admirable preparedness to protect his faith, his community, and innocent human life. I suppose I could have added the words “just as a handgun might be”, but that would send altogether too many of my readers scrambling for the Preparation H.
Respectable efforts to establish a modus vivendi on the kirpan in secured public spaces can’t begin with evasion if they hope to be successful (and certainly it sets a terrible precedent for evasion to be designated courage). I’ll add that the problems are not really all that thorny for those of us who have never consented to fanaticism about security theatre or to cretinizing “zero tolerance” of blades in schools
Colby Cosh, “That non-weapon sure is pointy”, Maclean’s, 2011-01-21
January 22, 2011
QotD: Sikhs, the kirpan, and the courts
December 16, 2010
Bruce Schneier on Security in 2020
Aside from all the ugly new terms coined to describe the phenomena, the evolution of security is one of the most under-appreciated stories of the decade. The next decade is going to be even more important to how we live our lives:
There’s really no such thing as security in the abstract. Security can only be defined in relation to something else. You’re secure from something or against something. In the next 10 years, the traditional definition of IT security — that it protects you from hackers, criminals, and other bad guys — will undergo a radical shift. Instead of protecting you from the bad guys, it will increasingly protect businesses and their business models from you.
Ten years ago, the big conceptual change in IT security was deperimeterization. A wordlike grouping of 18 letters with both a prefix and a suffix, it has to be the ugliest word our industry invented. The concept, though — the dissolution of the strict boundaries between the internal and external network — was both real and important.
So, that was then. This is now:
Today, two other conceptual changes matter. The first is consumerization. Another ponderous invented word, it’s the idea that consumers get the cool new gadgets first, and demand to do their work on them. Employees already have their laptops configured just the way they like them, and they don’t want another one just for getting through the corporate VPN. They’re already reading their mail on their BlackBerrys or iPads. They already have a home computer, and it’s cooler than the standard issue IT department machine. Network administrators are increasingly losing control over clients.
This trend will only increase. Consumer devices will become trendier, cheaper, and more integrated; and younger people are already used to using their own stuff on their school networks. It’s a recapitulation of the PC revolution. The centralized computer center concept was shaken by people buying PCs to run VisiCalc; now it’s iPads and Android smart phones.
I’ve certainly noticed this myself: it was forced to my attention a couple of years ago, when a change of employment required me to buy and maintain my own “business” computer and software. Without seriously stressing my wallet, I was able to buy far more capable equipment than my previous employer had provided. Being able to check my email on multiple devices was very important, and once I’d started doing that, I realized the need to do many other things regardless of the machine I happened to be using. There are, of course, trade-offs involved:
The second conceptual change comes from cloud computing: our increasing tendency to store our data elsewhere. Call it decentralization: our email, photos, books, music, and documents are stored somewhere, and accessible to us through our consumer devices. The younger you are, the more you expect to get your digital stuff on the closest screen available. This is an important trend, because it signals the end of the hardware and operating system battles we’ve all lived with. Windows vs. Mac doesn’t matter when all you need is a web browser. Computers become temporary; user backup becomes irrelevant. It’s all out there somewhere — and users are increasingly losing control over their data.
Anyway, there’s lots more interesting stuff. Go read the whole thing.
December 14, 2010
No surprises at all in Gawker’s 50 most-popular passwords
An article in the Wall Street Journal has the 50 most popular passwords from the Gawker data heist:
Recognize the pattern? Here’s a word cloud from my last post on passwords:
Other posts on this topic: Passwords and the average user, More on passwords, And yet more on passwords, and Practically speaking, the end is in sight for passwords.
December 11, 2010
“They came close to drawing their guns on protesters, who were heard to chant ‘off with their heads'”
The close call reported earlier now seems to have been even closer:
Officers guarding the royal couple were using radios on a different channel from those patrolling Thursday’s student riots, meaning they received no warning that protesters were blocking their route.
As a result, dozens of thugs subjected the convoy to an attack in which the Duchess was jabbed in the ribs with a stick through an open car window as the couple were being driven to the Royal Variety Performance.
Sir Paul Stephenson, the Metropolitan Police Commissioner, praised armed protection officers for showing “very real restraint”, suggesting that they came close to drawing their guns on protesters, who were heard to chant “off with their heads”.
I’m pretty far from being a staunch royalist, but this incident was an “own goal” on the part of the protesters. There are many ways to express your concern and anger, but attacking innocent bystanders will usually lose you the public support you might otherwise be able to depend on. Attacking members of the royal family — who don’t have a constitutional role in setting government policy — is just plain stupid.
H/T to Chris Greaves for the link.
Update: Chris followed up with this observation.
[. . .] just between you and me I was struck by the parallels between the accounts of Charles & Camel, and the minute-by-minute goof-ups of Archduke Wossit and his morgantic wife; the chauffeur taking a wrong turn on the way back from the town hall, the poor security in place, etc.
Any would-be republicans should be blessing their luck that this turned out to be less harmful than the Sarajevo incident in 1914. Had any harm come to the Prince of Wales, British public opinion would (based on past events) have swung heavily in favour of the royal family. Prince Charles is perhaps the least well-liked royal at the moment, but if he’d been “martyred” by the mob, do you think there’d be any hope for getting rid of the monarchy for at least another generation?
December 10, 2010
The Economist: “America … should learn from its mistakes in the past decade and stick to its own rules”
A very good column in The Economist seems to cover the issues quite well:
BIG crimes deserve tough responses. In any country the theft and publication of 250,000 secret government documents would deserve punishment. If the leak costs lives, let alone the careers and trust that have already perished amid the WikiLeaks disclosures, the case for action is even stronger.
[. . .]
For the American government, prosecution, not persecution, offers the best chance of limiting the damage and deterring future thefts. The blustering calls for the assassination of Julian Assange, the WikiLeaks founder now in custody in London awaiting extradition to Sweden on faintly mysterious charges of sexual assault, look both weak and repellent. If Mr Assange has broken American law, it is there that he should stand trial, just like Bradley Manning, the alleged source of the stolen documents. If not, it may be some consolation that the cables so far reveal a largely flattering picture of America’s diplomats: conscientious, cool-headed, well-informed, perceptive and on occasion eloquent.
[. . .]
If America sticks to those standards now it will display a strength and sanity that contrasts with the shrill absolutism and cyber-vandalism of the WikiLeaks partisans. Calling Mr Assange a terrorist, for example, is deeply counterproductive. His cyber-troops do not fly planes into buildings, throw acid at schoolgirls or murder apostates. Indeed, the few genuine similarities between WikiLeaks and the Taliban — its elusiveness and its wide base of support — argue against ill-judged attacks that merely broaden that support. After a week of clumsy American-inspired attempts to shut WikiLeaks down, it is now hosted on more than 700 servers around the world.
The big danger is that America is provoked into bending or breaking its own rules, straining alliances, eroding credibility and — because it will not be able to muzzle WikiLeaks — ultimately seeming impotent. In recent years America has promoted the internet as a menace to foreign censorship. That sounds tinny now. So did its joy of hosting next year’s World Press Freedom Day this week. Chinese and Russian glee at American discomfort are a sure sign of such missteps.
H/T to John Perry Barlow for the link.
Update: This certainly matches what I expected Julian Assange’s personality to be like:
Defectors include Daniel Domscheit-Berg, otherwise known as Daniel Schmitt, who made a high-profile exit from WikiLeaks in September, and Herbert Snorrason, an Icelandic student. Both resigned in September. Snorrason is quoted as telling Assange, in an online chat log acquired by WiReD:
And you’re not even fulfilling your role as a leader right now. A leader communicates and cultivates trust in himself. You are doing the exact opposite. You behave like some kind of emperor or slave trader.
Snorrason’s departure was fomented by this declaration from Assange:
I am the heart and soul of this organization, its founder, philosopher, spokesperson, original coder, organizer, financier and all the rest. If you have a problem with me, piss off.
And he did.
September 15, 2010
Recognize your password?
Password Authentication Tag Cloud
Earlier posts on this topic: Passwords and the average user, More on passwords, And yet more on passwords, and Practically speaking, the end is in sight for passwords.
H/T to Bruce Schneier for the link.
August 16, 2010
Practically speaking, the end is in sight for passwords
Advances in computing are not always uniformly beneficial: short passwords are increasingly vulnerable to brute-force cracking:
The availability of password-cracking tools based on increasingly powerful graphics processors means that even carefully chosen short passwords are liable to crack under a brute-force attack.
A password of less than seven characters will soon be “hopelessly inadequate” even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. The security researchers recommend passwords at least 12 characters long.
The number crunching abilities of graphics processors were recently applied to commercial password auditing and recovery tools from Russian developer ElcomSoft. It’s a safe assumption that black hats are able to use the same type of technology for less laudable purposes. Richard Boyd, of the Georgia Tech Research Institute, told the BBC that the number-crunching capacity of graphics cards compares to those of supercomputers built only 10 years ago.
Passwords are going to go away, sooner rather than later. All of us have too many passwords to remember that it’s pretty much guaranteed that you’re using one of the following coping strategies:
- Using the same password on many different sites (or, shudder, all of them)
- Using a simple password (among the most commonly used are “password” and “letmein”)
- Leaving a sticky note on your monitor or your keyboard with your passwords listed
- Using the name of the site as your password for that site
There are tools available to generate passwords that avoid the most obvious pitfalls (too short, no numeric or non-alphanumeric characters, using full words), but very few people use them consistently. I don’t know what the replacement for passwords will be, but we clearly need to move to more secure ways of verifying identity as soon as we can.
August 10, 2010
Travel advice for unsettled times
“Gulliver” offers some useful travel tips for people going to dangerous cities:
The first concerns how not be blown up when in Kabul, and comes courtesy of an American TV journalist who was on the course with us. You do not need Kevlar, or night-vision goggles, or an armoured car to evade the Taliban, he said: your secret weapon is to have a jolly good long lie-in every morning. In Kabul, at least, suicide bombs apparently almost always go off early in the morning. Have a leisurely breakfast and, once you venture out after 11am or so, your chances of being killed are drastically reduced. The explanation given was that the bombers spend all night psyching themselves up, then say their prayers at dawn, and go off to murder. A second helping of Corn Flakes could save your life.
The second tip is useful even for those of us who don’t travel to warzones. When booking a hotel, we were told, try to get a room between the second and sixth floors. Being on at least the second floor means you’re a little further away from whatever dangers may lurk near reception: opportunist robbers won’t venture deep into the hotel, and if things get nastier — car-bombs, shootouts and so on — you’re a little further away from the action. So far, pretty obvious.
But why not go above the sixth floor — wouldn’t that be even safer? Apparently not. More likely than a bomb or a shootout is a plain old fire, in which case you will want to make a hasty exit. More storeys mean more stairs and more delay, of course. But the killer, literally, is this: if the stairs are blocked, you will need rescuing from your window by a ladder. And in many parts of the world, the sixth floor is as high as the local fire-engines can reach.
August 9, 2010
IPv6 still not ready for primetime?
As you’ve probably heard, the current internet addressing system, IPv4, is running out of unallocated addresses. The replacement is called IPv6 and was supposed to be in use by now. Security concerns are holding it back:
The internet’s next-generation addressing scheme is so radically different from the current one that its adoption is likely to cause severe security headaches for those who adopt it, a researcher said last week.
With reserves of older addresses almost exhausted, the roll-out of the new scheme — known as IPv6 or Internet Protocol version 6 — is imminent. And yet, the radical overhaul still isn’t ready for prime time — in large part because IT professionals haven’t worked out a large number of security threats facing those who rely on it to route traffic over the net.
“It is extremely important for hackers to get in here fast because IPv6 is a security nightmare,” Sam Bowne, an instructor in the Computer Networking and Information Technology Department at the City College of San Francisco, said on day one of the Defcon hacker conference in Las Vegas. “We’re coming into a time of crisis and no one is ready.”
Chief among the threats is the issue of incompatible firewalls, intrusion-prevention devices, and other security appliances, Bowne said. That means many people who deploy IPv6 are forced to turn the security devices off, creating a dangerous environment that could make it easier for attackers to penetrate network fortresses.
July 28, 2010
What is a “fusion center”?
Wendy McElroy thinks you should know how much domestic surveillance has increased in recent years:
The Fort Wayne Journal Gazette reported on July 25 that “there are 72 fusion centers around the nation, analyzing and disseminating data and information of all kinds. That is one for every state and others for large urban cities.”
What is a fusion center?
The answer depends on your perspective. If you work for the Department of Homeland Security, it is a federal, state, local, or regional data-coordination units, designed to improve the sharing of anti-terrorism and anti-crime data in order to make America safer. If you are privacy or civil-rights advocate, it is part of a powerful new domestic surveillance infrastructure that combines data from both the public and private sectors to track innocent people and so makes Americans less safe from their own government. In that respect, the fusion center is reminiscent of the East German stasi, which used tens of thousands of state police and hundreds of thousands of informers to monitor an estimated one-third of the population.
The history of fusion centers provides insight into which answer is correct.
June 30, 2010
Questionable police tactics at the G20 protests
Jon, my former virtual landlord, sent me a link to this video, saying “My support for the police evaporates with [this] video. What the hell were the police thinking?”:
He then suggested that this is a Toronto Police Services training video:
Update: Even better than the ragged charge shown in the first video, now the police are showing off some of the “weapons” they collected during the G20, including LARP (Live Action Role Playing) gear confiscated from a gamer:
Toronto Police are on the defensive this week as they attempt to defend their heavy-handed tactics during the G20. To prove the seriousness of the threat to public security, they took police on a tour of weapons confiscated from activists.
Only there’s a problem: some of these weapons were taken from people who weren’t demonstrators. And some of them weren’t weapons — the police proudly displayed the blunt arrows and chainmail they confiscated from a live-action role-player who was taking the train to a game
If they’d found a random SCA heavy fighter to take the armour and weapons from, they might have a slightly better case: SCA heavy combat gear would be comparable to (in many cases better than) police riot gear. SCA weapons are solid rattan covered with silver duct tape to make them appear to be metal — LARP weapons are non-functional foam or other light material (similar “weapons” are called “boffers” and are used as safe toys for kids). SCA shields are fully functional as protection — LARPers generally carry lightweight shields that just look like protection but would not do much in a real confrontation.
I liked this comment to the BoingBoing post:
I remember seeing this same police press conference, only it was in Miami in 2004 during the FTAA summit. Among the items they presented as having seized from activists:
– Tire iron
– Gas can
– A map of Miami (see, they could use it to plan out their terrorist strike!)It took me a minute to realize they had just pulled all this stuff out of the trunk of some unfortunate activists’ car, where you’d totally expect to find it.
This kind of press conference is a standard component in the “new model” of protest suppression. It gives the police the hilarious task of taking a whole bunch of mostly innocuous stuff they seized and making up stories about how it could be used to maim, kill, and generally cause mass destruction.
I mean srsly – an empty water bottle could be used to fill with gasoline and throw at cops?
Bruce Schneier would be proud.
June 29, 2010
Even though the G20 is over, the atmosphere remains
Mike Brock discovers that the hostile environment on the street hasn’t dissipated with the end of the formal protests:
I was sitting down on University Avenue, when a group of police officers approached me and said they wanted to talk to me. Stunned, I opened my mouth getting ready to reply to the request, when one of the officers at the top of his lungs yelled: “I DON’T GIVE A FUCK WHAT YOU THINK!”
Another officer said they didn’t want to hear about my rights.
They then proceeded to demand I remove the earphones from my ears, forcing me to get off the phone with my colleague. I told them I was on the phone to which another officer responded, “we don’t care.”
Then they said they wanted to search my bag, because I was “wearing a black shirt”. To which I replied, that I did not consent to any searches. I told them that I would not resist them, and that any search they conducted was under protest. They simply said, “we don’t care. We want to make sure you don’t have any bombs to kill us with.”
The protests may be over, but the malady lingers on. If this is the way the police are now treating members of the public, they appear to be letting off steam after the events of the weekend. If they were trying to prove the point of all the overwrought “OMFG!! We’re living in a POLICE STATE!!” posts on various blogs over the weekend, this is a pretty good way of doing it.
Update: StageLeft suspects that a complaint about police behaviour will get the standard boilerplate response:
Our investigation of our behaviour and conduct in case #xxxxx found that the police officers involved acted properly and in accordance with the law and standard police procedure… next case please.
June 28, 2010
June 27, 2010
QotD: Toronto Saturday Night, G20 edition
You can walk a block or two from the action and Toronto is seen carrying on as normal. It’s not quite dangerous, but it’s not quite safe. The crowds are a mix of the indignant, the earnest and the opportunistic. Some obviously carry bad intentions. A lot seem simply bored. When the lights went out in 2003 and order unravelled slightly, Toronto turned into a party. Tonight, again, people are out in the streets, but the mood is simply dumb.
Aaron Wherry, “Toronto, tonight”, Macleans, 2010-06-26
June 26, 2010
The smell of burning police cars
Just when you think the anarchists have decided to let the government look like fools, they pull stuff like this, allowing the security forces to justify the billion+ they’ve spent on the G8/G20 summit meetings:
Pic from Eric Squair.
Pic from Pete Forde. The second police car in this photo also gets the warm treatment from the anarchists.
For those not familiar with Toronto, this is approximately here:
Update: Michael Coren has a suggestion to get the police more involved in deterring the rioters:
An idea. Tell the cops that these anarchist criminals are actually confused, gentle Polish visitors trying to find help at an airport. Not only will deadly force ensue but the police will lie about it all after the fact.
Update, the second: Another burning police car, further east at (I assume) Queen King St. and Bay St.
Pic by Marissa Nelson.
Update, the third: In spite of all the images available of burning or burnt-out police vehicles, the three above were the only ones. Rarely have so many twittered so much about so few . . .
