Updates from January, 2013 Toggle Comment Threads | Keyboard Shortcuts

  • Kate 23:10 on 2013/01/20 Permalink | Reply  

    This is going to be the week’s story: a student at Dawson who found a flaw in the system used to store student data has, instead of being rewarded and thanked, been expelled.

    Later: the story has reached BoingBoing.

     
    • Ian 23:21 on 2013/01/20 Permalink

      I predict that Al-Khabaz is going to be hired without completing any degree as an ace whitehat, and will probably be invited to complete his coursework at a prestigious university. Good for the National Post to bring this to national attention; you couldn’t ask for better publicity. You can’t write an NDA that prohibits acknowledgement of the NDA; Skytech has overstepped themselves and have succeeded in looking like a bunch of heavy-handed buttclowns. I anticipate much mocking of Skytech in tech circles.

    • steph 02:05 on 2013/01/21 Permalink

      He wasn’t expelled for finding the ‘sloppy coding’, he was expelled for using Acunetix, a white-hat vulnerability scanner without permission. Using such scanners on infrastructures is illegal without permission from the owners/admins.
      You could compare what he did to pulling a fire alarm to see if it worked.

    • Philip 02:31 on 2013/01/21 Permalink

      I don’t think it was at all smart or just for Dawson to expel the kid, but I can’t comment on how ‘dangerous’ it was for him to run that scanner. Part of me feels like only computer scientists ought to be able to judge whether or not it was OK for him to run that scan. I think it’s too easy for someone who vaguely understands this stuff to say that it isn’t that big of a deal.

      I have no idea how Acunetix works, but something tells me that there are some big “DOING THIS WITHOUT PERMISSION IS ILLEGAL” warnings to get past before launching a fake attack on a site. But again, how can I know?

      Either way, that guy has his future paved now.

    • Faiz Imam 02:55 on 2013/01/21 Permalink

      Being expelled for using Acunetix is a massive red herring.

      The company contacted him, heavy handedly requested an NDA then stopped pushing when he signed.

      The school then went ballistic and expelled him without him having a chance to explain himself.

      This is very strange behavior that suggest more going on that we know. Did the company decide the NDA was not enough and was not willing to pursue him directly? do the school administrators have relasionships that were someway threatened?

      We know that the actual flaw was corrected at some point, so there was no actual threat. I hope that more background information will come out as the local media gets on the case.

      It should get a lot of coverage, especially after the Aaron Swartz situation, which is part of this same trend of strongly punishing “hacking” regardless of harm.

    • Philip 03:23 on 2013/01/21 Permalink

      I’m just trying to judge if the guy was being a dumbass. The expulsion thing is ridiculous, stupid of Dawson. But did Al-Khabaz know he wasn’t supposed to be running Acunetix on a site he didn’t own?

      With Aaron Swartz, from what I gather (and tell me if I’m wrong) was doing things that weren’t obviously “wrong” and got into huge legal problems because of it. I don’t think at any point did a box pop up on his computer that said “What you are going to do is illegal.” In the situation with Al-Khabaz, though, I don’t think it was so vague.

      I feel like I could download Acunetix right now, and try to blow up http://w5.montreal.com/mtlweblog/. And something tells me that this Acunetix program is going to let me know plenty of times that I should have permission to be doing these things. In which case, it is kind of like pulling a fire alarm to see if it works, but in this case it’s one of those primary-school fire alarms that has warnings all over it.

      But again, I don’t know how these fancy computer software security affairs work, and maybe Al-Khabaz had no idea what he was doing was wrong.

    • Stefan 04:22 on 2013/01/21 Permalink

      that’s why experienced white-hat hackers use due process:
      contact software maker (if need be, anonymously), give them a reasonable time period to fix the bug. after expiration date, if not fixed, put the exploit in public for everyone to use (that will make them fix it, and they’d had their chance). of course, that requires re-testing.
      the responsibles for that data nightmare (who knows who had exploited the data base? if so, it sure won’t get publicized) should be grateful that he wasn’t a black-hat cracker (who’d just exploit the bug for their own personal gain). stories like the above won’t help motivate people to become white-hat.
      the NDA and expellation may be a sign that something is going on that the public is not supposed to know about …

      a better analogy to a real life situation (if there is such a thing) i think is:
      1) to check if a house door, which looks broken, when passing by, is actually open
      2) alarming the owner to it, and
      3) checking back to see if the broken lock has been fixed.
      (and all of that using your own time, and without pay)

      running software is illegal because it can crash your server? technically, you’re offering a service and this offer can be taken up. that’s the consequence of connecting any unsecured computer to the internet. the difference to real life is that it is accessible to billions of people, and they can access with practically no effort.
      of course, legislation could make it illegal to touch other people’s doors, but would that make sense?

    • Ian 05:55 on 2013/01/21 Permalink

      I suspect that an NDA that disallows any mention of an NDA is on shaky legal grounds to begin with. The expulsion I’d love to hear more details on, but I’ve seen the wagons circle before and once the school feels threatened they tend to shut up very thoroughly. An experienced whitehat would know to dance through the hoops more delicately, but it still boils down to “student whitehat tries to help out Dawson college, gets expelled because the software vendor throws a shit fit.” If we ever hear another peep about this from Dawson or Skytech.

    • sophie 08:59 on 2013/01/21 Permalink

    • Marc 09:35 on 2013/01/21 Permalink

      Fuck Dawson. It will work out for him in the end. He’ll easily land a sweet position as an IT security manager or start his own company. He doesn’t need some piece of paper hanging on the wall indicating that he went to school.

    • Kate 09:53 on 2013/01/21 Permalink

      It also crossed my mind if he’d been called James Wilson or André Tremblay instead of Ahmed Al-Khabaz, the story might’ve played out differently.

    • Marco 13:17 on 2013/01/21 Permalink

      I was expelled for trying to hack a live server. Simple as that.
      He should have done so in consultation with the company if his intentions were good.
      By saying “I was going to tell them” after the fact sounds like the same excuse a ten year old would make when caught stealing.

    • Ian 15:35 on 2013/01/21 Permalink

      Now that this story has been picked up by the Gazette, CBC, the National Post, reddit, boingboing (etc) the “hack” is simply changing a couple of characters in the URL. Not exactly “hacking a live server”. Apparently Omnivox and Dawson knew for years that anyone could access the records of hundreds of thousands of students using this method. I think a class action suit by all Dawson students from at least the last 10 years against Dawson is in order. While it’s possible that Acunetix could have overloaded the server that’s just a red herring (as Faiz pointed out much earlier in this thread) since it actually didn’t.

    • Ian 16:07 on 2013/01/21 Permalink

      follow-up – Skytech, the software vendor, is paying for his education in the private sector and has given him a part-time job. Dawson remains silent. http://www.cbc.ca/news/canada/montreal/story/2013/01/21/montreal-dawson-college-hack-hamed-al-khabaz.html

    • steph 16:30 on 2013/01/21 Permalink

      Best PR advertising money Skytech ever spent!

    • Stefan 03:20 on 2013/01/22 Permalink

      @ian: it says in the article that skytech ‘will offer him a scholarship’. this announcement, i suspect, is primarily for good publicity and has not cost them anything (if the offer will not materialize, or Al-Khabaz refuses, because whatever they offer is not real or reasonable, i’m afraid it won’t make the news …).

  • Kate 22:31 on 2013/01/20 Permalink | Reply  

    Homeless shelters are running short of resources to help everyone needing to come in from the cold snap coming this week.

     
  • Kate 15:54 on 2013/01/20 Permalink | Reply  

    CBC looked at how the Grande Bibliothèque handles the many homeless folks who use it as a refuge.

     
    • Bill Binns 17:03 on 2013/01/20 Permalink

      “600 interventions related to homeless or intoxicated people” in 2012. Likely worse than the worst bar or nightclub in the city. The library was the first place I was allowed to go to unsupervised when I was around 6 or 7. I guess those days are over.

    • Kate 17:13 on 2013/01/20 Permalink

      I don’t think you need to catastrophize this. That would be, on average, one or two people a day woken up and asked to leave.

      CBC didn’t ask, but I very much doubt anyone who looks like an unaccompanied male adult is allowed to hang around the kids’ section of the library.

    • jeather 17:27 on 2013/01/20 Permalink

      I haven’t ever fallen asleep there, but I have fallen asleep in many a library. I wonder if they only wake up people who appear to be homeless or if they have a general no sleeping rule.

      I would bet that the children’s area is more heavily supervised by librarians than the rest of the library and doesn’t pose any extra risk to kids.

    • Anto 17:57 on 2013/01/20 Permalink

      @Kate: Why couldn’t an unaccompanied male adult go to the kid’s section?

    • Bill Binns 18:00 on 2013/01/20 Permalink

      It’s not clear from the article if the “woken up and asked to leave” cases are counted in the 600. The one example they give of a shirtless man passed out on the floor with his hands in his pants does not sound quite so innocent.

    • Kate 18:00 on 2013/01/20 Permalink

      Anto:I didn’t say “go to” but “hang around” – why would a man, unaccompanied by his own kid(s), be hanging around the kids’ library?

      Bill Binns: I don’t doubt there are occasional more unpleasant incidents, but I’m just saying: let’s not all start shouting about how the library is now unsafe. That’s so American. The library is fine.

    • Faiz Imam 19:53 on 2013/01/20 Permalink

      “Likely worse than the worst bar or nightclub in the city”

      It’s also obviously much larger and attracts a much larger volume of people, and is also adjacent to one of th most problematic parks in the city.

      I really like the idea of social workers going to the library to help people. I hope that initiative is built upon to do even more.

    • Kate 20:21 on 2013/01/20 Permalink

      Also being near the bus terminal can’t be great, in terms of bringing in people at a loss where to go.

      I’ve spent a bit of time at the library and only once noticed someone overtly sleeping.

      My main kvetch with the place is the elevator dings. I’m usually good at concentrating on my work, but if I’m having any trouble with it, the constant ding, ding, ding from the elevators eventually drives me out. I wish there were some other way to manage that.

    • TC 20:26 on 2013/01/20 Permalink

      The Boston, MA library has a no sleeping rule. I found out when I dozed off one day and was awakened by a security guard.

    • jeather 20:40 on 2013/01/20 Permalink

      If the kid’s books are kept with YA, there are lots of reasons for adults to be “hanging out” (aka browsing, which generally includes reading in a library) in that section. But I don’t know what the layout is.

    • Tom 20:44 on 2013/01/20 Permalink

      “why would a man, unaccompanied by his own kid(s), be hanging around the kids’ library?”

      …presumably to pick up books for his kids who may not be with him at the time.

      “That’s so American”.

      What a Canadian thing to say. You’re the one assuming that unaccompanied men in the children’s section are up to no good, yet you’re urging that we not jump to conclusions about the safety of the library.

    • mare 21:11 on 2013/01/20 Permalink

      I’ve been kicked out of the children’s section once. There are really groovy seats and I just sat there reading, there were no kids so it was actually very quiet, and I hadn’t even realized it was the children’s section and that that is prohibited terrain.

    • Raoul_Duke 21:33 on 2013/01/20 Permalink

      “why would a man, unaccompanied by his own kid(s), be hanging around the kids’ library?”

      Why would a woman, then, for that matter?

    • Kate 22:42 on 2013/01/20 Permalink

      My only point here was that if librarians are aware of homeless people coming in, that would apply particularly strongly for the children’s library, thus meaning it’s a safe place for kids to be. I was only countering Bill Binns’ initial ONO OMG response to the CBC story about some homeless being seen in the library. Those librarians know what they’re doing.

    • Bill Binns 23:01 on 2013/01/20 Permalink

      There has been a trend in the last number of years to simply assume unaccompanied men anywhere in the vicinity of children are all pedophiles until proven innocent. This is talked about a lot on photography forums since the effect is greatly magnified if you happen to have a camera in your hand.

    • William 23:04 on 2013/01/20 Permalink

      I for one enjoy reading children’s books. I think they’re a very interesting mirror of what we value as a society, and as a bonus, they’re attractive and very quick to get through :)

    • Ian 23:25 on 2013/01/20 Permalink

      I’m a illustrator, and to be obliquely banned from one of the areas of the library most relevant to me harshes my mellow. I do have a couple of young daughters than tend towards bookishness, though, so it’s not so weird for me at present. Hopefully by the time they are past being interested in kid books I can play the young grandfather card (as a premise, not in real life OMG).

    • Kate 23:31 on 2013/01/20 Permalink

      I seem to have stirred up a lot of feeling with a casual comment on a link I thought was mildly interesting but not controversial here.

      I do not know for fact that men would or will be banned from the kids’ part of the library. But I think if someone who looked homeless showed up there, they wouldn’t be there for long.

      Ian, in your case I’m sure if you spoke to a librarian about your interest in illustrated books, that would be sufficient.

      In the city we’re always finding ways of subliminally reassuring each other we’re not dangerous.

    • Ant6n 09:22 on 2013/01/21 Permalink

      I sometimes read comics in the young people section, haven’t had a problem so far.

    • Jo Walton 09:27 on 2013/01/21 Permalink

      Kate, on the ground floor off past the auto-checkout and the reservations section there’s a little area that’s out of range of the “ding” of the elevators. That’s where I go to work when I’m working in the library, which I do more often in the summer than the winter. I can heat my apartment for winter, I can’t cool it enough for summer. And since I make use of the city’s free resource to hang out in reasonable temperatures I have no objection to other people doing the same. I often see homeless people in the Grande Bibliotheque, usually reading something.

      I don’t understand the reaction to this as if they’re dangerous predators. They’re just people who don’t have homes. Sometimes they’re dirty, that’s the worst of it, and that’s hardly their choice. They’re not disruptive. They’re not going to hurt anybody. And the library have plenty of people going around making sure everyone is quiet and behaving appropriately.

      And that’s the thing with the children’s section too. Anyone behaving appropriately whatever their age or gender isn’t going to have a problem. Though you seldom see unaccompanied little kids in the Grande Bibliotheque anyway because of where it is.

    • Kate 09:49 on 2013/01/21 Permalink

      Jo, that’s a lot of good sense. The issue of the homeless possibly being dangerous was a theme that came in because someone in the initial story was described as being seen with his hands down his pants. Not a salubrious sight but not an attack on anyone.

      (I’m also glad you mentioned the elevators: that “ding” is one of the reasons I spend less time in the library than I’d like. If I’m really focused I stop noticing it, but if I’m not, it can drive me to distraction.)

    • Ephraim 13:43 on 2013/01/21 Permalink

      @Kate Why specifically an “unaccompanied male adult” and not an “unaccompanied adult”. Sorry, but there are both male and female molesters.

    • david m 13:55 on 2013/01/21 Permalink

      well, i definitely wouldn’t want some lone male lurking around the children’s section of the library where my kids are innocently reading or playing games. it’s not just paedophilic creeps, it’s also drunks, mental cases and druggies, all three of which are a daily occurrence at the bn.

    • Ephraim 14:14 on 2013/01/21 Permalink

      @David So you don’t mind the drunks, mental cases and druggies if they are women? I don’t care if they are male or female, if they don’t belong, they shouldn’t be there around the kids. Sex offenders aren’t predominantly male… those that are reported are predominantly male. Not the same thing…

    • William 14:31 on 2013/01/21 Permalink

      The thread is distracted. In any event, I disagree with Kate that two interventions per year is few. That two expellable interventions. I wonder what exactly you have to do to get thrown out of the library? And I wonder how many people are dissauded from using this resource? I’ve seen people shooting up in the toilets there. The National Library is currently a National Disgrace, but it’s not the institution’s fault.

    • Kate 20:47 on 2013/01/21 Permalink

      Ephraim, it’s funny then that we hear of so many priests being sketchy around kids, but no nuns.

      Statistics Canada says 97% of persons accused of sexual offences were male in reports from 2004 and 2007. That’s a ferocious majority, considering.

    • jeather 21:25 on 2013/01/21 Permalink

      That statistics sheet also shows that the majority of sexual offenders were known to the victim, so your children aren’t really at major risk from strangers in the library. (The rate is 55% of friends/family/acquaintances for victims over 15, but 82% for all victims including children.)

    • Ephraim 22:08 on 2013/01/21 Permalink

      @Kate unfortunately the stats are skewed by the fact that people look for men. Ask anyone who is black about the perceptions for shop lifting. You may want to look at http://toysoldier.wordpress.com/2009/05/09/are-there-women-pedophiles/ among other articles. The reality is that we dismiss it. It’s no less damaging to children, who should be free of all such worries. Reminds me very much of those people who believe that men can’t be raped… they can. And women can molest children. It’s all inappropriate and reprehensible.

    • Kate 22:19 on 2013/01/21 Permalink

      “People look for men”? Or is it that men would be too embarrassed to report that a woman had aggressed them sexually?

      I have to admit that in a lifetime of living a non-sheltered existence I can list you half a dozen instances of being grabbed or touched (in an unsolicited sense) by men I didn’t know – starting from an incident when I was 12 – plus a couple of weird instances of being attacked by a man – not sexually – and countless experiences of general verbal harassment from men. No woman has ever forced her attentions on me.

    • Ephraim 13:51 on 2013/01/22 Permalink

      Kate I think they say they stats are about 1 in 5 and statistically it would be the boys that they would be going after. The same way that statistically men would go after women. Oddly enough, the number of straight men and boys is surprisingly high. In any case, the control shouldn’t make presumptions.

      Reminds me years ago of a Lesbian who went to the battered women’s shelter. The presumption was to keep out men, so he batterer had no trouble entering the establishment… until they set up new rules to deal with reality rather than perception.

  • Kate 14:38 on 2013/01/20 Permalink | Reply  

    A sudden wind squall knocked a construction crane into a building at Stanley and René-Lévesque on Sunday morning, breaking windows but not causing any injuries. Some streets were closed from concerns the crane could topple, but it was dismantled in the course of the day.

     
  • Kate 12:45 on 2013/01/20 Permalink | Reply  

    Francophone media are mourning Richard Garneau, a longtime sports commentator on Radio-Canada whose voice was familiar to many. He held a world record for number of Olympic games covered as a journalist. Lots of kudos on Twitter. He was 83.

     
    • Anto 14:28 on 2013/01/20 Permalink

      The average quality of spoken French on the radio has just dropped a bit.

  • Kate 11:34 on 2013/01/20 Permalink | Reply  

    We’re on the cusp of a week of Arctic temperatures that will begin Sunday afternoon, so take this oppo to dig out the long johns and insulated accessories. We won’t get any relief till Friday, and even then it won’t exactly be tropical.

     
    • Marc 12:12 on 2013/01/20 Permalink

      And shovel off the slush from driveways/walkways. That stuff ain’t coming off after tonight…

    • Kate 12:21 on 2013/01/20 Permalink

      Yes, after I posted that I realized the same thing, and cleared my front steps properly. It’s going to be cold enough that salt won’t work – it doesn’t have any effect below –10°C – so this really is the moment. I can already hear the wind roaring as the fimbulwinter arrives.

    • Robert H 14:32 on 2013/01/20 Permalink

      “Fimbulwinter”…again, Kate, you’ve embiggened my lexicon.

    • Doobish 16:35 on 2013/01/20 Permalink

      This morning’s forecast was so awesome I had to screen-cap it. Weather status: insane.

      For sure we’re in for some ugly stuff tomorrow. Be safe, everyone.

    • Ian 16:47 on 2013/01/20 Permalink

      I only seems cold because we’ve been enjoying such relatively mild winters the last few years. When it starts dipping below -30 we can start cracking wise about fimbulwinter. -15 and and sunny isn’t ugly, it’s actually pretty decent for this time of year considering that historically January is the coldest month in Montreal.

    • Doobish 21:55 on 2013/01/20 Permalink

      My “ugly” was in reference to the square kilometers of frozen slush we’re going to be dealing with in the morning. It was bad enough strolling around town tonight when it was only in a half-frozen state.

      You’re entirely right, though. I’ve lived here nearly all my life and know how to dress properly. Minus 20-ish I can deal with. It’s mostly the sweating to death on the bus and the metro that gets me.

    • Ian 22:39 on 2013/01/20 Permalink

      Yesh, I know, right? When it’s super cold it seems even more crowded with the heavy coats, and the heating is the same whether you’re dressed for 0 or -25.

  • Kate 11:13 on 2013/01/20 Permalink | Reply  

    Jacob Richler writes about the reinterpretation of Montreal smoked meat including a New York resto that offers smoked meat and matzo ball ramen.

     
    • Ian 23:26 on 2013/01/20 Permalink

      My first instinct is to be revolted but I like the traditional ham with my ramen so why not smoked meat? Matzoh balls, though…. unless they were small, I don’t see that working, and I LOVE matzoh balls.

  • Kate 11:11 on 2013/01/20 Permalink | Reply  

    It was a stabby weekend in the old metrop, two brothers knifing each other up in Villeray and teenager getting cut in DDO. In addition, the suspect in a machete killing last week was charged with second-degree murder.

     
  • Kate 01:32 on 2013/01/20 Permalink | Reply  

    Photo galleries of the Habs season opener.

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel