Friday, 28 May 2010

Bistro Breastfeeding

It seems everyone is talking about restaurants and breastfeeding. Surely this is really about USA attitudes, in particular USA snobbery? We already know that these guys have issues, this is nothing new. The next step, if history serves, will be to suggest that breastfeeding is related to terrorism.

Regular readers of this blog will recall that I am particularly partial to restaurant dining - if for nothing better than getting out of doing the dishes. My impression of NZ restaurants is that those who will let babies in at all are very accommodating, and there is even an increasing presence of "we are breastfeeding-friendly" signs - go look.

Patrons in these places can see that there are high chairs provided, other patrons have small children, and they seem happy to accept that this means there will be some childish behaviour around them while dining. Those who would find this erksome, just go some-place else. This is not onerous - there exist restaurants which do not allow you in with a small child.

I have no problem with this. We need places to go and just be adult amongst adults. Restaurants are private property - the business can set whatever rules they like, and if they are prepared to refuse entry to babies that is their choice.

Having chosen to admit babies, if they want to then say "no breastfeeding at the table" then they need to provide some area where breastfeeding is allowed and appropriate. The signal that NZ restaurants are getting from this whole mess is that their patrons do not consider the toilets to be appropriate.

It may be that some restaurants will set a side part of their dining room for breastfeeding Mums. Much as they used to do for non-smokers. Perhaps there is room for a campaign similar to the smokefree one back in the day? An advocacy group could provide shawls and signs indicating a breastfeeding-friendly place?

"Would Madam care to be seated in the breastfeeding or non-breastfeeding section? Breastfeeding? Certainly ... smoking or non-smoking?"

What about the others? Children should remain seated? Children should be quiet? Yeah well - easier said than done. The problem of getting kids to sit still and shut up is one that has vexed parents of any species since protozoa. There is no indication we are any closer to a solution now - so the rule may as well be "no kids please".

Personally I enjoy seeing happy active kids while I eat - it's part of the entertainment.

Tuesday, 25 May 2010

Openness, Copyright, Apache and BS

This in from F-Secure.
It is basically a trojan that pretends to be some sort of evil right-holder representative detecting infringing material on your computer, and demands payment in return for a bogus immunity from prosecution. Does not matter if you have infringing material or not. Only works on Windows, any version.

Quite a lot of people are vulnerable to this sort of extortion, considering that almost nobody checks their downloads for legality. In general, copyright online is ignored, even though we all know there are people prepared to cane us hard for it.

Interestingly, a basic BS test is failed at the opening title: "Copyright Violation: Privacy Content Detected". Privacy content? Surely a legitimate rights-holders organisation (or rather: their lawyers) would write "private content" for better English - or use more accurate legal terms like "infringing", "illegal" or "unlawful"? Copyright violations involve material that is publicly available, and so cannot be considered private at all.

What's more, lawyers are much more likely to act on behalf of their clients by mail, not through an anonymous application. Thus alerted, the message later on that the information will not be forwarded to the rights holder if you pay up reveals the lie.
...all data collected will be passes to copyright organisations and to the court...
Puh-lease: a real legal document is not going to mess up the English like to start with and "copyright organisations" is what the writers are claiming to be one of.

F-Secure make malware scanning tools, and have an online service which they tout on the same page reporting this scam. Now, the problem with that is the number of malware-scanner scams that do exactly this. So statements like:
You can use our free Online Scanner at to check your system.
... themselves fail a BS test.

So how do you demonstrate that your claim is legit when so many identical claims are fraudulent?

In this case the company also provides the data on the malware that will allow you to independently verify it.
The malware is typically located in c:\documents and settings\USERNAME\application data\IQManager\iqmanager.exe. We've seen two versions so far. MD5 hashes of them are cedc2c35bf967027d609df13e937946c and bca3226cc1cfea416c0bcf488082e5fd.
You don't have to use their service so no need to visit the site or use the online scanner (never use an online scanner). Thus you can, at least, verify the information on the web-page even if you don't trust the page itself. This sort of thing is called "transparency" and is a powerful protection against scamming when it is used right.

While the software itself only runs on Windows, the basic vulnerability is the failure to do a basic BS test. You'll see this all the time on TV demonstrations like The Real Hustle (someone accepting your assistance walking does not normally support themselves by grabbing your wrist - they'd use your shoulder, for eg. - so if someone does this, you transfer their hand) which also fails the same BS test: if the mark is a target of opportunity, then how did they set up those multiple camera angles?

In the free software world we have seen a similar gotcha in the Apache crowd. The admin recieves a message from a user to the effect
I am having some problems browsing projects at [your hosting service] URL:
Some admins visited the site, falling victim to the attack which gets their passwords and from there, everybody's passwords for the entire site. From there, other projects were compromised.

Yet the message fails the basic BS test as follows:
  • a legitimate complaint is specific, not vague. You get told what the problem was and which projects the problem is associated with.
  • you don't report a url to the admin using tinyurl. For those who don't know, tinyurl is a legitimate redirecting site used where the actual url is too long to be convenient - maybe it breaks the flow of the narrative (a 10-line url will do that) or it gets broken by new-lines in an e-mail making it unclickable. Neither situation applies here.
These are not just in hindsight - they are well established and aged conventions in reporting problems. The accepted practise for an admin who does get a vague report to ask for details before investigating. I'm not saying that there are no genuine problem reports which are also vague, I'm saying that these are not legitimate reports for investigation. It follows that if you have a genuine report, be specific and verifiable.

However, if you read the link, you'll see how openness and transparency limited the admittedly disastrous effects of this. All places where transparent processes were used were protected. Yet one person still comments:
Don't tell everyone the details of your security measures, let the hackers find out.
That is exactly the thinking that got them into this mess in the first place! If the security measures are any good, then it does not matter who you tell. If they are not so good, then the good guys you tell will say so and why and you can fix them. Further, the analysis is useful for anyone else running Apache servers (which is most web servers). It's a heads-up of an important collection of vulnerabilities, an in-field test of common security measures, and a best-practise guide. Makes everybody safer.

Sunday, 23 May 2010

A Swift Boot

Yesterday there was an install party at the Orewa Library - I did not expect a huge turn-out and I didn't get it. Promotion was minimal, even the in-library posters had been placed where they were unlikely to be seen.

Even so - there were three installations, all of which were completely flawless with no problems at all - even the tricky proprietary video card. I was able to demonstrate the full features in post-install.

A couple of teens waiting for the library computers used one of my laptops on wireless and there was some Q&A. Overall a relaxed and mellow day. This compared to the first one where there were more installations but also more problems, some of which took me into the next day.

One of the machines featured a very light version of windows seven. There is no question that the experience is vastly improved over Vista - though I have not had a look under the hood to check out what is actually going on. One of the more discussed elements is the perceived boot-time. That's not too surprising, the time to boot is the most conspicuous part of performance to the user.  c. XP MS had a habit of faking a fast-boot by presenting the graphical desktop before it could be used for anything. W7 seems to be doing something of that as well, but also something different. My impression, shared by others, is that 10.04 is still faster to boot.

The curious thing is that the oem windows installs are fast because they don't have to guess what HW is installed, the vendor has done that tweaking for you (a true comparison would be between boxed installs) Apple has an even better idea about the HW, while all the linuxes pretty much have to waste time probing the motherboard. One of the recognised ways to speed up a gnu/linux install is to compile it for the exact HW installed and assume nothing will change. In which case, boot times under 10 seconds are routine. This is why Mark Shuttleworth thinks a 10sec boot time for Ubuntu is feasible - the idea is to do all the hardware and feature detection and setup simultaneously. I can get sub-10-sec boot-times right now if I don't expect a GUI.

The best way to get a fast linux boot is to put it on the ROM - this is how core-boot works. Misses out the bios step completely, and already has all the HW info built in. Most processes are already running before the main system is up, so there is less to do. This puts boot times under six seconds.

Unfortunately, core-boot has to be installed at the factory.

In the old days, you could turn on your computer and the OS was up in the time it took for the screen to warm up - 1-2 seconds. The long boot times are indicative of the amount of work we expect modern computers to do just to give us a pretty work-space. Is it possible that we are heading to that sort of thing again?

Thursday, 20 May 2010

Complaints Process Underway

Wow - this just in about my broadcasting standards complaint:

This email is to let you know that the formal complaint process for your complaint regarding Close Up  is underway.

However the process will take slightly longer than the 20 working days normally required due to the large number of complaints coming through at the moment.

Section 1D of the broadcasting act lets the broadcaster delay resolving the complaint, provided they tell me within 20 days, and they tell me the reason. It gives them an extension of another 20 days to figure it out. That's what just happened.

I was sort-of noticing that the quality of TV had dropped a bit lately, seems I'm not the only one.


Since last entry I have been laid out by a cold. Its a dry, rasping cough that leaves my throat sensitive to the air. There was a bit of a fever, which has died down now, and I am loaded with cough suppressants.

The main trouble has been difficulty sleeping at night. During the day is fine - the air is warmer - but there is a particularly cruel drop in the wee small hours which I am always awake through.

This house is always a pain to heat in winter - high, exposed-beam ceilings and floor-to-ceiling windows are great for the space and view in summer but a total mess in winter. I really need to double-glaze the windows - real double (or triple) glazing, not the erzats kind advertised on the telly these days. Heat pump looks attractive too - though, by the coast as we are, the guarantees don't mean much. The famous HRV system is totally pointless: no loft space. So I can see my savings targets for next year. Meantime, I'm wrapped up and watching a lot of TV - all the time conscious of those two papers that are due next month.

Monday, 17 May 2010

Ubuntu 10.04 and hp/compaq nx5000

The nx5000 is a very old machine these days and was distinguished as having been specifically constructed to run SuSE 9.2 for a linux conference. The "made for Windows" sticker it later sold under was the usual marketing (= lying).

I purchased four ex-rentals a while ago for use with my gnu/linux orientation course. They have been running Ubuntu ever since.

The standard desktop CD would not boot on this machine, a problem related to newer graphics routines clashing with the old intel card. I installed using the alternate CD without a hitch ... or so I thought...

On first boot I got the black screen that has plagued this release. It affects intel and nvidia cards, particularly older ones, and results from kernel mode setting.

The work-around for this is usually to edit /etc/default/grub to add i915.nomodeset=1 to the kernel options. But I reasoned that the issue had been around long enough to be fixed by an update - so I booted to recovery mode (hold down the shift key while booting to get the option) and chose the failsafe graphics to get a desktop. From there I was told that there were updates available - checking and sure enough, one of them was a kernel upgrade. Install, reboot, all good.

Now everything works.

If you are stuck with the live/desktop CD and you need the special kernel options to boot it, the secret is to press the space bar when you see the little man-in-circle icon on the screen.

This is something of a warning though - eventually this machine will refuse to run Ubuntu and I'll have to find another distro. With luck the hardware will fail first though.

The last install I did was an upgrade so everything ended up looking and behaving pretty much the same. This, being an install, showed me the new defaults - which are based around the default mac look for decorations, and the brown/coffee theme has been replaced by purple.

I dunno. I still miss the lightning boot from 9.04 - that was an awesome feature.

Thursday, 13 May 2010

Security Theatre and Education

In international news I have been seeing proposed methods to make us safer from recent terror attacks. Typically, none of them are actually justified by the events precipitating them. The Times Square bombing, for example, was a win. We won. The bomb did not go off, nobody was hurt, the perp was caught. No additional police powers were needed to get this result.

Even with the successful attacks (eg. Moscow Subway), additional powers proposed would not have helped. Still we see this call. It is an irrational, but understandable, response when something horrible happens.

At home, I  read about teachers calling for stronger search and seizure powers in connection with a teacher getting stabbed by a student in class.

The problem with this argument is that the ability to search the kids bag would not have saved the teacher from his stabbing. There is no indication that anyone thought the kid a risk for this sort of behaviour: just the opposite. So why would anybody think to search him? Do they want to search all students?

 Just like the terrorist countermeasures, a shocking event is short-circuiting sound judgement. The logic is that "something should be done". "More teacher powers" is something, therefore we should do it.

While this event does not justify greater search powers, perhaps teachers need them anyway? What's the problem?

Typically, a school will prefer to detain a student and call the police. The police conduct the search. If the school asks the kid to submit to a search, there is a risk that the kid will say "No." Then they will need to insist.

The kid's parents may make a complaint against the school, or the kid refuses to consent to the search, does the school have a legal basis to make the search at all? Are they exceeding their authority by insisting?

This whole topic has been addressed by Rishworth (2004)"Search and Seizure in Public Schools" chapter 7 in Recent Developments in School Law (NZLS 2004 p93). I recently had an update on this in that Law paper I was doing last month, so I figured I'd share what I found out.


Fact is that the search issue has not been challenged in court - yet. It is that "yet" which has schools erring on the side of caution. I will argue that it is this uncertainty that is damaging. Schools need to be assured by explicit statement in law about the likely outcomes should this practise be challenged. The existing authority of the school is otherwise sufficient in practise.

When a teacher searches a student, they risk their actions being examined in court. A school search could be brought to court (a) in criminal cases where the defence moves to exclude evidence found in the search, (b) where student who has been searched claims unlawful trespass, or (c) as a tort of invasion of privacy. Any such case could help establish the legal basis of the search.

One of the reasons why the basis in law is important is because it affects practises that are legal under the Bill of Rights act 1990. Statute trumps Rights. So if a school search is OK in law, then being a violation of human rights is, pretty much, a side-issue.

So, if, as a teacher I demand a student submit to a search, and they say no ... do I get to insist? Do I have any power to search?

The NZ Education act 1989 imposes, on schools, a statutory duty to offer a high standard of education in a safe environment.

With duty comes power - which rests in law on sections 72 and 75 of the act, coupled with s76, which makes principles responsible for the day-to-day operation of the school. One of these powers must be the power to search, or these sections are meaningless.

So - if I, as a teacher, have reason to suspect a student of carrying a weapon, I have a statutory obligation to seize that weapon in the interests of providing a safe environment. The kid may not intend to use it, but it's mere presence on school grounds is a danger - of accident, unintentional use, or misuse by someone else. It is on these grounds that I have confiscated loose sports equipment in a science lab and required that school bags be placed under tables.

In Canada, there is a similar situation where a duty of safe education is imposed but no explicit power to search granted. The Canadian Supreme Court has supported this view (eg. in R vs MRM [1998] 3 SCR 393). It seems likely that a similar view would prevail in NZ.

The US situation is similar, though the details vary from state to state. As in NZ, the Federal Bill of Rights acts to protect students from unreasonable search and seizure.

So we see that NZ schools actually have the power they seek. The question under examination is more, "Is it enough?"

The power to search is limited to reasonable searches by section 21 of the NZ Bill of Rights. This is the same limitation placed on the police. What counts as "reasonable" is well established, for example: a police officer needs reasonable grounds, a teacher would just need reasonable suspicion. So teachers, in practise, have greater powers of search than the police. How can anyone argue that this is not sufficient?

So we see that schools have quite broad powers of reasonable search and seizure already. In general, they feel reluctant to use them. Primarily, this is due to misunderstandings about how the NZ Bill of Rights works, and the lack of case law which may make implicit powers explicitly supported. Schools feel underfunded and the cost of defending any of the three possibilities I started with would hurt them.

Students are reported to have become more confident in their rights - often overconfident - with authority-challenging statements like "You can't do that, I know my rights!" reportedly commonplace. It would appear that there is a clear need to educate teachers, students, and parents in the operation of the bill of rights and how this applies to schools. It would also be useful to ensure the smooth and safe operation of schools if teachers could be assured of their implicit powers as an explicit statement in law as well as through familiarity.

What we should not do is allow a rare, shocking, event like the recent stabbing, lead us to hasty legislation which will likely do more harm than good.

Monday, 10 May 2010

Ubuntu 10.04 Upgrade - notes.

I have upgraded my Ubuntu desktop install to 10.04 (LTS) and plan to keep this machine on LTS releases only since it is mission critical. I don't normally trust the upgrade process, so I backed everything up as usual on an old lappy drive I run from an enclosure.

I ran the upgrade overnight to take advantage of the off-peak rates. Some parts at the start and the end need to be supervised - about a half-hour overall. This can actually be automated for specific computers - eg. in a business setting, but I wanted to act as a normal person who doesn't know what to do.

There were no immediate issues and a preliminary check through my common tasks showed no data loss and everything worked. In fact, the only issues I have are with games.

Battle for Wesnoth became unresponsive in windowed mode. This turns out to be due to rushed packaging for the X server (the program that runs the screen) for 10.04 and will be fixed next update. In the meantime it is not all that critical - I can run BfW in fullscreen mode no problem. (ctrl+f while the game is running to set it)

Alien Arena is seriously awesome in the latest incarnation. Sadly my graphics card sucks bigtime and the poor wee atom processor just cannot cope - resulting in jumpy gameplay. It is not Ubuntu's fault I have cheap hardware, and running high-end games was not one of the criterion for picking the Acer e-Machine EL1600. What interests the reading public here is that sound was disabled after the upgrade.

Running from terminal provides the following information:
------- sound initialization -------
dlopen() on failed
Sound failed: Unable to start OpenAL.
Game will continue without sound.

OpenAL is a sophisticated free software audio API and it is new. Using this system is A Good Thing and, had I installed AA the normal way, it would have been included.

Installing libopenal1 and libopenal-dev packages provides sound. Now everything is peachy.

The only other change I noticed is that now sports the Oracle logo instead of the Sun one. Not surprising since Oracle acquired Sun last year.

Overall, a smooth transition. I'll be able to test a fresh install on my laptops later in the week so I'll be up to speed for the Install Party to be held in the Orewa Public Library on the 22nd. The gnu/linux courses are flagged to start the following Thursday.

Friday, 7 May 2010

Back again

Back home again and the work has piled up.

I still have two papers to write - one about using information literacy stuff to help teachers help students to familiarise with gnu/linux computing, and the other on the legal expectation of privacy of students.

My agent also tells me that my May 11 date with Love Birds is still on. So I'll have a whole day on set again, probably so they can get 30 seconds of useable film.

And... I've booked the Orewa Library for HBCLUG's Installfest. This will be on Saturday, May 22nd, and we'll be installing Ubuntu 10.04 (Lucid Lynx). I'll do flyers and posters over the weekend and see if I can get an ad in the paper. Anyone want to help, get back to me.