Blog for One

Election 2004 in Canada.

Today I exercised my right to vote. I reckon that if you don’t vote, you can’t really carp about the government. It was an exercise in picking the least bad candidate and not so much an exercise in picking the best candidate.

The Fab Four
===========

Liberal Party
Conservative Party
New Democratic Party
Bloc Quebecois

Of course, the Bloc is only in Quebec, so no chance of forming a government on their own, the Liberals and Conservatives seem neck and neck in the polls, and the New Democrats seem less and less relevant to me.

Conspicuously missing is the Green Party which is fielding candidates in all ridings across the country.

Gonna be fun to watch the numbers come in tonight.

Kathy Wilson writes a great
article on Cuba in the Cincinnati CityBeat

One of my favorite quotes:

If Clinton was our first black president — wink, wink — then Castro is Cuba’s.

Castro has for decades appealed to the rebellious nature of politically and culturally progressive black Americans because he’s an intellectual renegade who doesn’t kowtow to America’s white male power structure. And Castro feels our pain.

In a recent BLOG entry, Phil Libin has this to say about passwords:

In his February 11th column, Bruce Blair from the Center for Defense Information gives a rather horrifying first-hand account of the traditionally framed conflict between safety and convenience. In this case, it’s the convenience of being able to annihilate our geopolitical enemies on short notice versus the safety of not starting a nuclear war by accident.

In the 1960’s each of the thousand-odd Minuteman nuclear missiles were fitted with special locks which would prevent launch unless the “secret unlock code” was received from high-authority – presumably the president or secretary of defense. The purpose of the locks was to prevent unauthorized launch either by accident or through a deliberate subversion of the chain of command. The problem was that this extra step was seen as a cumbersome process which had the potential to delay our nuclear response and thereby dampen the retaliation we could mete out in the case of an actual attack. The solution was the equivalent of writing your windows password on a sticky-note attached to your monitor:

The Strategic Air Command (SAC) in Omaha quietly decided to set the “locks” to all zeros in order to circumvent this safeguard. During the early to mid-1970s, during my stint as a Minuteman launch officer, they still had not been changed. Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel. SAC remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders. And so the “secret unlock code” during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO.

Nice.

What’s worse, according to Blair, is that the civilian authorities from the president on down were not informed that this precaution was being completely ignored. Robert McNamara, the secretary of defense for Kennedy and Johnson, was apparently unaware until just this year!

I take away three lessons from this episode:

1. We are really, really, really lucky that the world didn’t get all blown up before the end of the cold war. Sure, the professionalism and relative cool-headedness of many individuals on both sides of the conflict helped a lot, but there was a scary number of close calls. Let’s try not to do this again.

2. Passwords suck. They’re pretty much good for nothing. It’s not sufficient to lecture users on proper password etiquette – passwords must die. If Strategic Air Command couldn’t be bothered with passwords for world-shattering missiles, what hope is there that the average HR department will correctly use passwords for their Windows login or WiFi access? Finally moving away from passwords has got to be near the top of every IT organization’s to-do list – or at the bottom, if they clicked twice and got it sorted backwards somehow.

3. Security vendors rarely have an interest in making sure that their products and recommendations are actually being used correctly. Proper use is often unpleasant and displeased customers usually mean fewer sales. Likewise, it’s often physiologically easier for customers to seek out new technological solutions for security problems rather than admit that they may not be using their existing products to full capacity. Fixing this willful miscommunication is crucial to making security practical and affordable.

Ok, the third point is just a hobbyhorse of mine and not really derived at all from the preceding article. Also, I’d give up #2 if we could be promised #1. Deal?

Late last week a friend of mine got into a bad bike accident and ended up in the same hospital as Caroline.

Then, I learn Caroline has pneumonia.

Day ended on a slightly upbeat note as my accidental cyclist was discharged, and Caroline’s radiotherapy went well.

Oh yeah, there’s this bug known as Clostridium difficile running around local hospitals.

Nice.

Who’s really crazy?
We’re really Crazy!

WHO’S REALLY CRAZY?
WE’RE REALLY CRAZY!

Oh look, more food….