Saturday, December 30, 2006
Beginning with Matisyahu, whom I had hoped would be as good live as his first ‘Live at Stubbs’ CD and who had morphed, two short years later, into a lame-ass down-beat rockstar type of act. The show was slow, boring, and we didn’t stay long enough to hear ‘King without a Crown’. The lighting was the most notable aspect of the show, being much better suited for Gun 'n Roses than a down-tempo reggae act.
The most embarrassing part was when Matis hauled one of his roadies onstage and introduced him 'everyone this is Chris' and went on to explain that Chris had almost been stabbed to death and the guy who did it got off, and somehow God made that better. Chris nodded weakly in agreement, he wasn't as convinced of divine retribution as Matis was, that much was clear. Maybe Matis will face his for the deathly third album, over-produced by Bill Laswell. Interestingly, his band did a collaborative thing with Laswell of some dub that was astounding ... check out Roots Tonic Meets Bill Laswell
Next up were the Afro-Cuban Allstars; it is always hit and miss with Cuban groups because they are pretty much generic brand-names under which they send out travelling musicians – sometimes great, sometimes very very ‘cruise ship’ quality. Their last gig in Montreal was of the latter quality, with 19 musicians you’ve never heard of being trotted on and off stage. We didn’t stay long enough to hear ‘Guantanamera’.
Then, tickets to the Alouettes getting their asses kicked by the Toronto Argonauts (albeit on the 50-yard line) seemed like a bit of a waste, though mitigated by the Als win during the playoffs a couple of weeks later, which I also saw. My cheapskate friend Paul, with whom I was with, was steadfast in his refusal to leave early and not get every penny he paid for, so we did stay long enough to hear the final whistle, even though the score was a blow-out.
But I was beginning to get the impression my gig-luck had run out, perhaps I’d lost my ability to pick the winners, but Spamalot mitigated all that. I saw the production in London a few days ago, and it was great. As sly and smart, crude and louche as one would expect, with killer rabbits, a flying vache, a priest dirty dancing with a nun, and Tim Curry as Author, King of the Britons (discernible as the one without shit all over him). John Cleese is God or at least plays him 'onstage'.
I can’t say much more than has already been said about the show itself, but I did have a bit of an experience, in that I was ripped off by a scalper, I paid 40 BP for a 20 BP ticket. He was very good, and I would have taken him for legit, as he was positioned in a little ticket booth forming part of a junk and t-shirt shop. He indicated I was only “five rows back” when he showed me the ticket, conveniently covering the word ‘balcony’ (and the price) with his thumb, before he hurriedly stuffed the ticket in an envelope, to ‘keep it safe’, and handed it to me in exchange for cash. Nicely done, very slick.
The Southbank Show Vod & Podcast here with the Pythons, and some other very cool people talking about non-spamalot things – Nick Parks, J.G. Ballard, and so on.
Monday, December 25, 2006
I was lucky enough to see James Brown perform twice, once about 15 years ago in Montreal, and two years ago at an outdoor venue in Toronto - an abbreviated gig, James did all the right things, but for less time than one would have liked, but worth it, if for nothing else than the earnest Torontonian standing nearby who kept telling his friends how great the "grandfather of soul" was. JB will always be living in America. Check out any one of these Vids and tell me I'm wrong.
The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost.
An executive summary (of sorts) of this post, oriented at the sender community, can be found HERE
How we got here
In 1995 the anti-spam community coalesced as spam became more prevalent. Over the years it evolved from a grass roots effort to make the shift to several mostly-independent streams of attack: the professionals: Anti-spam technical services, lawyers, governments and NGOs, industry coalitions such as Messaging Anti-Abuse Working Group (MAAWG), the Anti-Phishing Working Group (APWG) The Anti-Spyware Coalition (ASC)), and the volunteer ‘amateurs’ such as The SPAMHAUS Project and CAUCE (the Coalition Against Unsolicited Commercial Email) who continue to contribute immensely valuable services to the goal of mitigating spam.
Additionally, the independent streams of anti-virus technologists and companies, and those focussed on spyware have developed and flourished.
Spam, too has gone from amateur to professional in nature; when initially sent by individuals from their own email accounts, direct to unwilling recipients, blocking junk email was fairly easy. By filtering on a specific sender name or email account, receiving sites could refuse mail.
Formative public blacklists had lists of sender addresses and sites known to be a source of spam. I helped write and maintain one of the very first of these for Concordia University in Montreal, Canada. Deceptive techniques immediately arose to circumvent these blocks, by forging sending addresses, and then by making use of machines, which would freely transfer mail from anybody to anybody – so-called ‘open relays’. A campaign to shut down open relays evolved into additional blacklists.
Blacklists and spam-blocking programs had already evolved to cover content as well, and so too the spammers adjusted, by obfuscating words they knew to be blocked, including paragraphs of randomly generated nonsense text to create a series of unique messages. The foundation was laid for the era of ‘false positives’, legitimate email flagged as spam.
Starting in mid-2001 the spammers evolved again, with the creation, distribution and use of virus programs which would install a mailer or ‘open proxy’ on infected machines, allowing them to send mail via desktop computers, unbeknownst to the owner of the machine. Again, blacklists adjusted, by listing IP addresses from which mail might never legitimately come (often times best-guess estimates of dynamic address ranges at ISPs, companies and institutions). The arms race between spammers' and anti-spamming technologies was full on.
This era also marked the first collaborative efforts between spammer and virus makers. The latter were to this point mostly mischievous hackers doing fairly benign and easily detectable infection runs, and affecting a handful of high-profile attacks on online sites, government system probes and the like. Viruses tended to operate by planting an enticingly (deceptively)-named program on a website, and infecting the rubes who downloaded and ran it. Self-replication began to be seen more frequently around this time – viruses would begin to mail themselves using resident address books of infected computers.
Plainly, putting the ability to infect massive numbers of computers by way of spam into the hands of virus makers, and the ability to send mail from millions of infected computers into the hands of the spammers was a natural synergistic relationship. A marriage born in hell, some would say.
Penny stocks are chump change: Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'.
Spammers have jumped on the new technology of ‘image-only’ payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective. Image spam is entirely useless for payloads requiring a user to click through to a payload website, because the URLs underlying these clicks can only morph slowly, and the high degree of effectiveness of blacklists such as SURBL remain the best line of defense to deal with that. In practice what this means is that so-called ‘image spam’ tends to be touting penny stocks that the spammers pump and dump, with mention in the graphic of the stock symbol.
Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase.
Phishers now trawl netting: Far more serious, phishing is the vastly popular newish-kid on the block:
- Netcraft saw 41,000 different phishing and malware URLs submitted in 2005. In 2006 that number soared to 609,000, going from a maximum of 20,000 reported per month to 45,000 in October, 135,000 in November, and 277,000 in December. Sophistication in phishing techniques grew as well
- Symantec now see 900 unique phishing URLs daily
- Phishtank saw over 21,000 discrete submissions in December 2006
- The Anti-Phishing Working Group saw a six-fold increase to 38,000 phish in October 2006 from the year previous.
In terms of efficiency of sheer revenue generation, it makes sense for the spammers to have embraced phishing. After all, why inundate users with advertisements for entirely useless body-part enhancement or reduction potations with hopes that a tiny percentage of the recipients will actually make a purchase, when you can trick end-users into revealing personal information allowing you to reach into their bank account and clean it out?
Personal Information is the currency used between criminals on the net. An entire life’s aggregation of data (name, address, phone numbers, credit cards, social insurance number, driver’s license, and so on) generally brings the depressingly low prices (so-called CC Full - A credit card number with billing address sells for $2-$5), and a shockingly high price tag to the person whose ID is sold (2006 saw the proliferation of Personal ID Insurance and credit bureau reporting services. Reports of the ineffectiveness of these approaches to ID theft mitigation surfaced towards the end of the year).
Of course, this does take one a few steps up the criminal food-chain, from ‘high volume email deployment’ service provider to spammer school operator like one certain court-rendered judgement-neutered ‘former’ spammer, to conman, to bank robber.
Chicken Little comes home to roost
The effects of all these disparate but related and coordinated threats are definitely being felt. End-user confidence in e-commerce is already taking a massive hit. Michael Binder, Assistant Deputy to the Canadian Minister of Industry gave a remarkable presentation making specific note of the precipitous drop in consumer confidence at the Anti-Spyware Coalition meeting in Ottawa in May, 2006
What is marked about the drop in confidence noted by Binder is that it all predates the current levels of phishing and online fraud. The latest studies show that as many as 90% of consumers polled expressed deep scepticism in their ability to conduct business safely online, yet paradoxically the rate of growth of online commerce continues apace.
It is safe to say that the growth has been attenuated to a degree, and as consumers increasingly know victims personally, they will back away from online purchases and return to traditional retail outlets.
A cataclysmic failure of a major online financial service could hasten this process. For example, DNS poisoning of an ISP’s servers to divert users to fraudulent banking sites would need no overt prompting from a phish email, and the number of victims would be far higher than from a phish mail run. That would make for massive and quite possibly irrecoverable damage to the reputation of not only the firm affected, but all online financial service providers.
To date, banks have been making goodwill compensatory gestures to cover consumer loses due to phishing. It remains to be seen if that will happen when the losses add up to a significant amount; legally most financial institutions are not obliged to do so under the terms of typical client service agreements.
However, shaken consumer confidence in online commerce is only a canary in the coalmine.
There is no greater calamity than to under-estimate the strength of your enemy - Lao Tzu
From a technical viewpoint, spam and spammers have quickly evolved from porn and penis-pills to phishing, and the use of viruses, worms, Trojans, and spyware to deliver more of the same. Spam infects computers, which then become part of botnets, which are used to disseminate more spam, spyware, and viruses. And round and round it goes …
There is clear indication that organizationally the walls between the virus-makers, hackers, spyware creators and botnet herders controlling vast networks of zombie'd home and business desktop computers numbering in the hundreds of millions have long been broken down.
There is now full integration with the bad-guy technologists and sophisticated groups of computer-aware criminals bearing absolutely no conceivable relation to the too-often touted cliché of a ‘teenager in his parent’s basement hacking into government computers’ the press frustratingly loves to put forth as the cause of present-day computer problems. That may have been the case in the 1980s and 90s, but no longer.
This stereotype has to be a source of much mirth for those behind the blended threat, as they are often associates or members of traditional organized crime gangs. As big money began to be made with spam, it attracted the usual suspects. All the big players are involved now, the Russian Mob, Italian Mafia, Hell’s Angels, and of course Colombian drug-dealing cartels.
There have been some mentions in the press of late that organized crime in eastern Europe is now paying the way for promising young programmers to attend computer science programs in American universities. The under-written graduates are then set to work doing the bidding of those to whom they are beholden. It is quite true, indeed this has been happening for years.
What the future holds
The latest spam/malware threat that has a name, SpamThru, has only been used to a tiny percentage of its capacity, and questions arise whether spam is indeed the end game, or rather merely a way to test the implementation of a monstrous creation which will be put to other use as time goes on.
SpamThru has driven the spam volumes through the proverbial roof, some sites noting an 80% increase in the last 3 months alone. Forensic analysis of this mechanism shows that it attaches itself to a so-called ‘stud’, a small and difficult-to-detect mechanism previously distributed. When a removal program is run against SpamThru, it kills the active malware, but leaves the stud able to download SpamThru II or any other new malware the criminals tell it to. Highly placed technologists feel that SpamThru-infected machines are being used at 20% of their capacity.
Other technologies currently in common use are polymorphic 'Queen bots', which change profile and do various things at different points in time to control subservient zombies computers, and 'fast-flux dns' which is a DNS server hosted on an infected machine which resolves human- recognizable URLs, for example, http://phishingvictim.ca to a multitude of similarly infected machines. If an anti-spam researcher files a complaint for take-down of http://phishingvictim.ca residing on IP address 18.104.22.168 there maybe dozens more sites also (unknowingly) hosting the site - 22.214.171.124, 126.96.36.199, and so on
Several things come into play here. Anti-spam technologies have become quite effective at blocking spam at the inbox level, though there is a cost in resources to ensure the machines and staff to maintain them do not become overwhelmed, and the spam is blocked at the periphery of a given network.
Data point: AOL reported that they blocked half a trillion spam emails at the entrances to their network in 2005.
Data point: Ironport noted spam volumes doubled from the year previous, seeing an estimated average of 63 billion sent daily in October, 2006. In November they measures two daily mega-spikes hitting 85 billion.
Data point: Major receiving sites (corporate, ISP and freemail) have said privately that their systems are all but overwhelmed by the new levels of spam.
Medium, Small and regional ISPs, which traditionally have thin financial margins are beginning to incur disproportionately difficult expenses as they hire new staff, increase their hardware budgets and pay for additional out-sourced anti-spam products and services.
Ironically, the spammers might have inadvertently invented a 100% effective solution to spam, as they devastate and overwhelm systems, networks, one-another, and more. Dead systems tell no SMTP.
Spam can easily expand and increase in a number of ways:
- More messages (increased message count)
- Larger messages (on a per-message basis)
- More senders (in rotation over the course of a day)
- More concurrent parallel senders
- More targeted sending (e.g., instead of sending a little to everyone, sending twice as much to half the number of targets)
"The Internet is down!": Although not inevitable, the complete obliteration of the continued, secure operation of electronic communication, e-commerce other legitimate end services looms close enough for the utmost degree of concern. It is now well the within the capacity of botnet operators (“herders”) to attack any site, network, even an entire country and severely degrade operations, even to the extend of driving them off-line. If the current trends continue apace, the ability to use the email and even the Internet itself may indeed be 'not at all'.
Virtual attacks on the real world: Botnets can be used for many things, and have been:
- An attack that interfered with the computerized functions of intensive care facilities at a Seattle, Washington hospital saw the sociopath behind that insane action face swift and severe justice earlier this year. The botnet related to this attack was being used to install adware in an attempt to generate revenues for the criminal.
- In 2002, a 9-1-1 emergency system in the American state of Washington was disabled with a botnet.
- Major airlines, banks, large parts of the U.S. military, railways and nuclear plants infected (a depressingly-dated article from three and a half years ago lays out many of the scenarios which have now come to pass with nothing being done to mitigate the potential for real-world, bricks and mortar disaster).
How long until Al Queda makes good on their threat to launch a computer attack the American financial system? The United States’ Department of Homeland Security deemed it a credible enough threat to issue a public statement dismissing it as incredible, and assuring the public ‘everything was fine, nothing to look at, go back to your homes’. Was this burp in the credit card processing and money transfer system part of the attack?
The good guys: Moving from Keystone Cops to U.S. Navy SEALs
It became painfully evident during the many conferences I attended this fall(1) that presenters and attendees universally agree we are losing the war, and to my mind the losses are mostly due to the good guys being disjointed and disorganized; the criminals take full advantage of this fact.
There is an immeasurable amount of hard work by some of the smartest, most creative talented people on the planet undertaken to fight on-line attacks. But it is uncoordinated. The criminals don’t have to be politic or polite nor do they have to respect co-workers feelings, or intra-governmental diplomatic considerations, or the institutional ego manifest in marketing and public relations considerations; they operate on a plane well beyond the constraints we deal with daily.
Major companies and governments send entirely different teams to various industry functions (spam, virus, spyware, network security), from entirely separate departments or divisions that rarely, if ever, provide proper reporting let-alone in-depth briefing to one-another.
As well, limited resources, and other factors leads to sending staff who are ill-suited to participate and properly contribute to specific industry coalitions. Sometimes decisions are driven by concerns concentrated on public image rather than on effective participation; top-management unawareness of the opportunities being missed may well end up in a catastrophe.
An alphabet soup of industry groups all fighting a unified enemy pell-mell is an entirely inefficient way to deal with a problem more urgent than ever; off the top of my head, OECD, LAP, CSNA, MAAWG, APWG, ICANN, IETF, IRTF, ITU, ASC, APECTEL, CERTs, ESPC, DMA, CMA, SANS, and countless other marketing, anti-spam, virus, spyware and security organizations meet, discuss, and plan independently.
Participation by all stakeholders: technical, legal and government relations representatives, marketing, and mid- and executive-level administration staff members is critical to success. As well all sectors - government (policy and law enforcement), educational, infrastructure operators (DNS, domain and connectivity providers), financial institutions, and numerous associated areas must not only be consulted but solicited to actively participate in coordinated efforts towards a solution.
Happily, there is newly founded current trend to send a representative or two intra-group, or hold joint meetings. Sadly, that falls well short of what we need.
Take back the net
The fight against computer-aware criminals is now at a critical juncture demanding we de-silo the false barriers between types of threats and the people who deal with them, because the nature, power and scope of the blended attack (spyware, spam, viruses, phish and bots) that currently exists is actively threatening the very foundational infrastructure and continued viability of the entire Internet. We, like our opponents have done, must break down the walls between industry groups and stakeholders and take a coordinated approach, beyond that, the approach has to be entirely proactive, not meekly reactive as it has been in the past: We must work towards the active prosecution of computer-aware criminals and aggressive mitigation of their on-line activities in all manners at the disposal of the keepers of the net.
Intitially what is needed is the organization of a series of meta conferences presenting legal, international cooperation, and technological tracks attended by rain-makers and decision-makers, and highly-informed experts from the trenches to help those people operating at more ethereal levels to hear what is happening, and give these latter their marching orders. This is likely going to have to take place under the auspices of the United Nations or another organization of similar scope.
At such an event there be frank, open discussions about the scope of the problem as it exists, and the somewhat unpalatable steps we need to consider to deal with the problem at hand.
Such an approach will require other organizations to scale back on the frequency of their meetings at least for a short while, to allow their invaluable member participants, already over-taxed by the cost, time and energy expenditure of numerous business trips to countless other conferences to devote time and energy to a united front.
The ineffective reactive stance traditionally taken has been ‘things are this bad, we need to do something’. Targeted goals need be set, monitored and administered.
Governments (and private industry) must allocate staff and financial resources to attain these goals. Governments in particular cannot push more responsibilities onto over-worked, under-trained policy, investigative and prosecutorial staff with no legislative tools at hand. They must address and resolve their shortcomings, or bear the responsibility for their inaction.
It is my fervent hope is that the blended threat is dealt with in the manner suggested above, and well in advance of what indeed faces us; to avoid reactionary changes likely to be taken after a disastrous Titanic moment. The Titanic, you see, was the catalyst for the imposition of regulation in the radio industry in North America. Until the inability to find open radio trasnmission frequencies hindered rescue operations radio was as free form and anarchistic as the Internet. We have seen what pap radio has become, I would bemoan such a fate befalling the Internet in that the free and open network is the creative grist for the mill we all enjoy so much.
Neil Schwartzman is:
- The Chair of CAUCE Canada
- A partner in Blackvine Consulting
- The Sender Score Certified Compliance Officer for Return Path Inc.
- A sitting member of the Canadian Task Force on Spam, and Co-chair of the Authentication Working Group
- A sitting member of the London Action Plan
- A sitting member of the Anti-spyware Coalition
- A rogue and a scoundrel who is joking most of the time, but definitely not now
The author wishes to effusively thank DJSS, who wishes to remain low-key but whose invaluable input to, and review of the above scrawling was top-notch, and John Levine's eagle eye helped to smooth out some rough grammatical and syntactical patches.
(1) Conferences, meetings and gatherings I've attended late this year
- Presentation to CIPPIC at University of Ottawa Law School, Ottawa Ontario August 2006
- Anti-Spyware Coalition Workshop - Seattle, Washington September 2006
- Messaging Anti-abuse Working Group Conference – Toronto, Ontario October 2006
- Virus Bulletin – Montreal, Quebec October 2006
- London Action Plan / EU Contact Network of Spam Authorities, Brussels Belgium December 2006
Wednesday, October 04, 2006
The state of Quebec roads ... always a third-world country experience when driving here.
I love the bit in this news report where Transport Quebec knew about pieces of concrete falling from the overpass and issued a media release. Will somone lose their job over this? Of course not. This is Quebec, where everybody is unionized.
Well the final tally is in, and it's five dead, even though the cops were alerted to falling bits of concrete and hour before the collapse. I'll refrain from mentioning the indignity of Reuters filing the piece from Toronto; I don't blame them from not driving to the site to do their reporting.
Transport Quebec spokeswoman Josée Seguin told the Canadian Press the overpass was built in 1970, but she didn't know when it was last inspected.
She said the department heard about an hour before the accident that pieces of concrete were falling off the overpass. Transport Quebec then issued an advisory to some media, she said.
Oh, this keeps just getting better - Transport Quebec sent an inspector, who cleaned up the bits of fallen concrete, but didn't order the overpass closed. I thought you'd have to go all the way down to New Orleans to find this kind of breath-taking incompetance.
The latest update - buck-passing between the cops and the Transport guys. Seems someone was onsite for about ten minutes with a broom and a dustpan:
"There was a call to the department [of transportation] from the Quebec police force at 11:25 a.m., pointing out there was concrete on the highway," provincial Transportation Minister Michel Després told reporters.UPDATE 10/04/2006: The incompetents at Transport Quebec had to be ordered to stop destroying the evidence by the head of an inquiry into ... their incompetence.
"At 11:58, a representative from the department was present. They recovered the rubble there. They assessed the situation, and during that time, there was nothing detected by the person who had been sent there which would require the immediate closure of the overpass."
At 12:33, there was a second call from police to report that more concrete had fallen. Four minutes later, the overpass collapsed, Després said.
The former Quebec premier appointed to head the inquiry into the deadly Laval overpass collapse has ordered transport officials and provincial police to stop clearing rubble from the site so that he and other investigators can examine the remains.
Provincial transport officials believe concrete samples from the overpass could hold clues to explain the weekend accident that killed five people and injured six. But Pierre Marc Johnson said experts need to look at the scene first hand, before the collapsed overpass is demolished.
Provincial transport officials had planned to destroy the structure's remains starting late Tuesday. La Sûreté du Québec was assisting clean-up efforts at the site, as part of their investigation into the collapse.
Check out a bunch of pictures of the collapse - click this one below:
These days, I really don't like phish, so my hobby is to file reports about them and get them taken down.
See what I mean here and here.
Sunday, October 01, 2006
Saturday, September 30, 2006
I can't help wondering if the current generation is anesthetized by all the entertainment available to us. In the 60s, there were constant anti-war demonstrations. Now, we have the 'power' of blogs.
People were scandalized when the Republicans set up 'free speech zones' in NYC coincident with their convention there. I wonder how they would have reacted if protests were dealt with in the good old-fashioned way, like during the Democratic National Convention in Chicago in '68.
Thursday, September 28, 2006
RCMP chief apologizes to Arar for 'terrible injustices'
"Mr. Arar, I wish to take this opportunity to express publicly to you and to your wife and to your children how truly sorry I am for whatever part the actions of the RCMP may have contributed to the terrible injustices that you experienced and the pain that you and your family endured," - RCMP Commissioner Giuliano Zaccardelli apologizing to Maher Arar on Thursday and indicating he accepts all the recommendations of a report criticizing the RCMP's role in the Canadian's deportation to Syria, where Arar was tortured.
Senate Passes Detainee Bill Sought by President Bush
WASHINGTON, Sept. 28 — The Senate approved legislation this evening governing the interrogation and trials of terror suspects, establishing far-reaching new rules in the definition of who may be held and how they should be treated.
The vote, 65-to-34, came after more than 10 hours of often impassioned debate touching on the Constitution, the horrors of Sept. 11 and the nation’s role in the world, but it was also underscored by a measure of politics as Congress prepares to break for the final month of campaigning before closely fought midterm elections.
The legislation sets up rules for the military commissions that will allow the government to prosecute high-level terrorists including Khalid Sheikh Mohammed, considered the mastermind of the Sept. 11, 2001, attacks. It strips detainees of a habeas corpus right to challenge their detentions in court and broadly defines what kind of treatment of detainees is prosecutable as a war crime.
Wednesday, September 27, 2006
That is all. You may now continue about your business.
Monday, September 25, 2006
I have a bunch of old CD data back-ups. Yes, that's right, I am one of those people who actually makes back ups of their data. Having messed around with computers since about 1985, I've lost more data than I care to think about. So, daily back-ups, rotating sets, offsite archives - the whole gamut.
I recently bought a DVD burner so I could keep the piles of plastic disks lying around the office to a minimum (well, actually, I bought it because Mac OSX 10.4 only comes in DVD format, and I had to recover the computer from a seriously corrupting crash). So what to do with the old CDs, to prevent dumpster-diving identity thieves from getting ahold of any personal data?
So I asked on a geek list for creative suggestions. Here are some of them, so far:
- Shotgun blast (too violent, and I'm an anti-gun nut)
- Solvent (might be carcinogenic)
- Fireplace/open fire (ditto)
- Office paper shredder (see photo - mine won't allow such things)
- Microwave (one website promised a 'spectacular light show', which indeed was the case, and very effective in destroying the CD).
Tuesday, September 19, 2006
We made a little pilgrimage last night, we bought some pink orchids at Costco (a plant, not in a bunch), and went by the spontaneous, ersatz wall of flowers and posters expressing support and grief for the students who were injured physically and mentally by the violation. We placed our little plant at the end of a long row, and then walked slowly, reading the signs, smelling the flowers, almost overwhelming in scent. The signs varied in 'quality' in that some were done with stencils, others by hand, some with a now-ubiquitous picture of the dead girl, Anastasia DeSousa.
It reminded me of a trip I once made to the potters' field on Mount Royal. Rather than your typical headstones on granite, the poor improvise - markers made from coat hangers and old car antennas, a small sign with a grandchild's picture and 'je vous aime gran-mama' written in crayon underneath. So much more powerful than any carved monument, the expression of love is all truly there, in fleeting, less permanent media. And so it was at Dawson College. 'Rester forte le jeunes - stay strong, young ones', besides hundreds, perhaps thousands of bouquets.
I'm a little pleased with our (Mouse and my) choice of the orchids, pink, Ms. DeSousa's favourite colour, and also the most transient of flowers; they seemed apropos. I'm glad we went and paid our respects, to Ms. DeSousa and the many other students scarred by the incident. I was working at Concordia University in 1992 when a maniacal, murderous professor went on a killing spree, indeed, it was what prompted me to get my first Internet access; I wanted to read his USENET posts to grasp why he did what he did. In the end, it was in part a failure of politically correct upper management, desperate not to offend who ignored the warning signs and facilitated that tragedy (the shooter, Valery Fabrikant asked the Rector to sign his gun permit application), in this case, there were few warnings, and no premonitions of what was to come.
There is the usual - 'he was a blogger - blame the Internet', 'he was a gamer - blame video games' but Kimveer Gill was one among millions of people who play and blog and don't devolve to the point of murder. The ability and inclination of some to slide into an insane murderous rage is puzzling, scary. Enveloping oneself in a dire, xenophobic culture (he was a Goth) might be a way to grease the wheels, but there again, there are plenty of Goths who don't do crazy shit ... so why him?
The Montreal Gazette editors and publishers once again proved themselves unworthy of the public trust, or anything really, apart from contempt; I can't find it now and wouldn't provide a link if I could, but their abominable lack of taste and sensitivity left me gasping last week: they had an online photo essay up, with shots of the aftermath, a slide show. Plunked alongside each shot was an advertisement - for Royal Bank, and the other regular sponsors. Now, doubtlessly some webhack charged with putting the shots (no, better, photos) up used a template. So the fuck what? Did it not occur to him/her/ them that maybe, just maybe they should drop the ads, just for one day? Apparently not. Low-class bottom feeders. At least they didn't make the coverage part of their pay-for-play coverage.
What puzzles me more than anything about this whole mess is my reaction to it. I feel deeply saddened, but I don't know why. Yes, it is a tragedy, yes, it happened a few blocks from my home. But why then, given so many horrid bloody murders happening constantly elsewhere do I feel empathy to the degree I do here? At the end of this month, a mere 11 days from the posting of this entry, the African Union soldiers will leave Darfur. Most experts expect that the Jemjaweed gunmen will then attack and murder scores, hundreds, thousands of innocent, vulnerable people, men, women and children, as they have done these past few years, but unhindered by bothersome international oversight. Where are my tears and aching heart for those people? The feelings do of course exist, but nowhere near the degree I feel for a local student.
In the end, beyond the talk of looking hard at Goths, or video games or blogs on Vampire sites ... we need to take a look at guns. In a completely impractical stance, I'd say ban them all. I acknowledge there is no way to enforce such a ban on the existing stock, but it might help avoid future generations of Goths, or just plain vanilla suburban kids from having the tools at hand to affect their insanity upon others, so permanently.