nick@kavassalis.com's blog

So my security related opposition to the G20 was proved very valid. Things got much worse down here in the financial and shopping districts of Toronto that I even imagined though…

Early in the afternoon on Saturday June 26th, all of the peaceful protests were in full swing in downtown Toronto. Despite having what I was told as 10,000+ police officers in the downtown core, a small group of several hundred protesters managed to break away from the marches and began rioting on Yonge St. They destroyed businesses in the name of hurting multi-nationals, Starbucks were a preferred target. Never the less they destroyed and looted many locally-owned stores like the iconic Zanzibar strip club an independent jewler on Yonge. Destruction was wreaked up Yonge from King to College for over an hour before police showed up. Where were the police? The only police I saw were cop cars on fire… Store after store was vandalized, peoples livelihoods destroyed, all afternoon and into the evening.

To put things in perspective for people: they literally hit every store I frequent on a daily / weekly basis (aside from our grocery store which is a bit east of the riots), and I’d been to every Starbucks destroyed, and there were many… Thankfully the Eaton Center was quickly put on lock down to prevent rioting, and for that I am grateful. Apparently anarchists are opposed to people like themselves being employed in the retail and hospitalities industries, because they surely will cause a lot of closures while places pick up the pieces this week… (Yea, guess what, destroying a Starbucks hurts more than just Starbucks Inc. in Seattle)

It hurts me that people would be chanting ‘Our Streets!’ while trashing my city. That riot was a few blocks from my home, on my street, and along my walk to work. There is absolutely no chance these people are downtown Toronto residents, financial district, south of Lakeshore or otherwise. These are not their streets, they have destroyed my neighbourhood. Many people suggests they were bussed in from long distances, specifically Montreal. (Google and Twitter searches on pro-anarchist hash tags have lead me to believe a lot of this anti-G20/anti-capitalism support comes from there as well, not to single them out though…)

There were more such incidents, specifically one on Queen near Spadina in the evening that involving more torched police cars going unchecked for large periods of time from law enforcement. The area near the fence was completely secure, even over night, but rioting went near unchecked across our downtown core. I am very disappointed in our poor security effort, though it was a near unfathomable task by hosting it in Toronto. See my other article on this subject…

The protesters look mostly like white trash. Lots of these so-called “anarchists” look predictably like angry older teens and 20-somethings. If they have an agenda to push, they are stupid beyond words; but I strongly believe they are just angry kids wreaking havoc by trashing property. What it says about our society I don’t know, but it sure is sad. Thankfully many of these protesters and even the so called Black Bloc protesters were photoed, often changing out of their black masks, thanks to journalists doing their part. Publish all the photos, black list these sociopaths.

Aside from the actual protesters, there were huge amounts of onlookers, who I am also disgusted with. Crowds of people supporting the rioters but not causing damage themselves, crowds of people with cameras (the small DRebel-esque SLRs seemed very popular) and cell phone cameras standing around photoing destruction in the city disgust me. Nobody aside from an elderly security guard seemed to try and stop the rioting. Are we that apathetic as a society? I even saw a lot of people smiling at the chaos, even if they were only there taking photos. That too is sociopathic behaviour, and is disgusting. These people should be prosecuted as well.

Violence went on over night, though nothing as organized. Trains, subways and even most surface transit is closed still. Hopefully today will be better than yesterday, but I’m not that hopeful. I am saddened by the state of society that caused this havoc, and the people too apathetic to do anything but snap photos for Twitter. Now we have massive damage from King to Bloor, pretty much everywhere between Spadina and Jarvis.

Harper government who put the G20 in *downtown Toronto*: Terrible.  Toronto police who focused too much on protecting the fence and not the rioting: Unacceptable. The human beings who would destroy other peoples property in the name of a political agenda? The worst of all. You people do not deserve the civil and human rights you obviously take for granted in this country.

So again I’ve been slacking on blog posting, but things have been busy. We’d been working on getting a very large and rather-out-of-our-comfort-zone (tech-wise) campaign for the last few weeks. It’s definitely been fun and thankfully the craziness had subsided this week. Onto the matter at hand!

So the G20 summit has descended into Toronto. It does not make me happy for several reasons. The city spent the last several weeks erecting giant fences around Front Street West, around York, Bay and Yonge, around the Westin Harbour Castle, and preparing to close all of the Gardiner off ramps in the area, as well as lanes on Lakeshore. Unfortunately we are smack dab in the middle of it.

So the first issue as far as I’m concerned is the disruption of it all.  Anyone working in that zone, was pretty much let off work unless they were essential. Certainly for many workers especially those working the Front St hospitalities this meant lost wages for 1-3 days. Anyone working in the downtown core, or even commuting through via the TTC or GO was suggested to take the days off, work from home, etc, due to delays, protests, etc. More lost wages surely, and more importantly, massive loss of productivity. So the near $2 billion (I believe) they spent on the summit doesn’t even scratch the surface of nixing Toronto’s productivity and tourism for 3 days. Bad enough.

Anyone brave enough to drive into the city may have been met with random full 427 and Gardiner closures as dignitaries came through. I’m told this was going on even earlier in the week as well since many arrived early. More disruption to massive numbers of people’s lives, many whom live and work very far from the summit. Mind you, if you already were downtown, the roads were empty as nobody had any way to even get off the highway around here :) I’d have done some rallying around the once-in-a-lifetime empty downtown core if the police wouldn’t have shot me. Toronto G20 Supecial Rally Stage-o, fighto!

Why put it *downtown* Toronto? Why not put it out by the airport? Easier to get to *from the airport* Why not leave it in Huntsville (where the G8 was)? Sorry to the Huntsville and airport’ians but the disruptions to productivity, wages and lives would have been minimized.

So my second issue with the G20 here was security. I’m not really sure who the security effort was tailored to stop. Today is the day of the biggest protests, and its estimated to be under 10,000 (unlike Montreal’s 50,000, I’m not sure what that says about Montreal), which is almost half the number of police downtown for the G20. Certainly the protestors stand no chance of… disrupting anything. They are just masochists who dream of getting 15 minutes of fame from a news program. The only risk is that commuters and tourists may get caught in the scuffle, hospitals were ramping up just incase…

I assume the other thing that the massive security budget was for was to stop potential terrorist attacks. Of course having Obama here (and others) you are immediately running the risk of having a terrorist attack, domestic or international. This bothers me because you’ve immediately put the people and businesses at risk in the most dense area in Canada! Anyone commuting through Union Station, or even living here where we are, is at risk of some sort of attack. Frankly, if someone had wanted to do something, they could have snuck something or themselves into any of the buildings next to the Convention Center earlier in the week. 151 Front Street W included. Unless I’m mistaken, police did not sweep datacenters, filled with the property and equipment of tens of thousands of unknown individuals (many of whom are from overseas). Not that I’m trying to give ideas to the terroristas, but these are people willing to die for what they believe in, they are pretty dedicated and don’t need tips from a tech blogger. Just as someone who has worked in the area for years, I’m saying it would be trivial even with the big scary fences and police presence.

So my other problem with security is that our government rather silently took away some of our civil liberties during the summit anywhere near the fence to. Too bad on my walk for *coffee* I pass the fence as does anyone who uses Union Station. Better be ready to submit to search and seizure if they don’t like how you look. Thankfully they did not attempt to take my camera when I visited it, but I was certainly escorted off by 5 officers for taking photos. Scariest bit: The regulation also says that if someone has a dispute with an officer and it goes to court “the police officer’s statement under oath is considered conclusive evidence under the act.” Thank god this is only 3 days… but seriously Canada, you are regressing! Again, the government is certainly not acting with the will of the people in mind.

So as far as I can tell, security would have been cheaper and easier *anywhere* other than downtown Toronto. Lot’s of nearby tall buildings, tall buildings that have lots of places to hide a person or tool of evil. The risk to the population of downtown is the highest anywhere in Canada because we are the most dense, and the risk to businesses is highest because this is where all the commerce (and telecommunications!) are. What the hell was going through the heads of the Harper government when they chose downtown Toronto?

The choice of downtown Toronto does not benefit anybody. If Canada really had to host the G20 (and that’s a geopolitical question for people other than myself), why the hell would you host it downtown?  By the aiport, in Huntsville (like the G8 from earlier in the week), ANYWHERE would have been better than here. By putting it here you ensure that you disrupt the most peoples lives, most people’s livelihoods, and put the most people at risk, by increasing the cost of security dramatically, while lowering the effectiveness of you security.

It’s early in the morning, I’ll likely revise the grammar of this post when I’m more awake, but fuck the Harper Government anyway.

As far as I’m concerned, there is nothing worse than those who crawl through domain whois records for the purpose of emailing me. I get a lot of it. Funny thing is, it’s strictly forbidden in ICANN’s (the sole registrar accreditation body) rules. ICANN’s Registrar Accreditation Agreement section 3.3.6.3 states:

“Registrar’s access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts.”

In fact this has been on the books since 2003. Yet on a daily basis I receive whois-crawled spam. Now yes, you can definitely whois any domain and readily spam the owner. But these people are not just spamming one or two domains, they’re spamming thousands, if not tens of thousands at a time. (As with all spam, you’ve got to fish a lot to catch anything). Access to this requires what ICANN calls ‘bulk whois’, which pretty much any registrar with an API will provide you. However it is up to them to prevent people from using this as a means to spam people. While I realize it is not trivial to track the spam back to the registrar allowing the mass harvest, it’s not like there is an infinite number of registrars. Tracking down the people providing this information to spammers would not be impossible. Considering ICANN is pretty much useless for everything else (it took them how long to stop turning a blind eye to domain tasting? oh right, 10 years), they could at least enforce this policy, track down offending registrars and remove their accreditation. (I kid, ICANN will never do this, their rules are pretty much toothless, and this article is really just to ridicule spammers who take themselves seriously)

Now, whois-crawled spam is a bit different than your usual spam. No viagra, OEM software or luxury watches. No, whois spammers usual take themselves a lot more seriously, which makes it all the funnier because they’re just as pathetic as the guy selling Chinese V1ag4ra. Let’s look at a few of  the types of assholes who take part in this practice. (and some of my favourite examples)

Web hosts offering quality web hosting at low low prices:

(Click to expand)

The idea behind this type of domain spammer is pretty simple. You own a domain name, everyone who owns a domain name has some sort of hosting for it, everyone likes cheaper hosting. Amusingly sales@ and abuse@ evul.net get *tons* of it, which is usually very poorly targeted (and ironic when it goes to abuse@). However, the spam pictured above was actually well targeted, because its offering local large scale hosting, the kind that evul.net might want. However there in lies the problem, why as a web site owner (or a web host like evul.net) would you ever want hosting from a *spammer*. It immediately calls into question the ethics, let alone the quality of such a provider. They all end up getting spamcop’d and in the case of this one, I wrote to the idiots to personally express my disgust, they are locally known and slimy. Hopefully enough spamcop reports will get these wannabe providers upstreams to slap them, as they’re almost always sent from North America.

SEO/marketing experts asking for links:

(Click to expand)

This one gets me. It’s pretty brainless. We get a ton of these at work for any blog that we have our email address on the whois for. The idea is that if you ask nicely enough for a link (they *always* come from female, likely fake, names) someone will give you that link, and your google pagerank will be increased! In reality you are a spammer. It must work enough of the time that it makes it worth while for these people to do it. I try and spamcop these guys, but it’s like pissing in the ocean: the email sources and spamvertised sites are almost always in South America, Asia or eastern Europe. (This particular one came from some ISP in Argentina) I have a feeling they are usually fronts for something else, (get a pseudo legit page pageranked up, use it to then push other pages up) as no legit page bulk emails out begging for links.

People selling ads/ad network services:

(Click to expand)

I save the best for last. These are the most ironic and we get them from time to time at work. People spam our own sites essentially offering their own advertising services. It’s even better (ironic), like in the above example, when they are spamming an obvious campaign site, showing there is likely no human intervention in the spam. They’re just looking for well pageranked sites and spamming the owners. This again begs the question, who actually receives one of these and takes them up on their most reputable (lol) offers. Sadly some people must to make it worth while. Since these are all pseudo legit (wannabe) marketing companies, they’re almost always in the US, so spamcop for great justice.

We received a good one from a company selling a Twitter trending solution recently, again well targeted against an actual twitter-based campaign site, but it begs the question of how new are these people to the internet. How is it, that in 2010 there are people out there who still believe their business has any legitimacy as soon as they send out unsolicited-bulk email to the same people who have been fighting such email for nearly *20 years*. In short, stop buying services/products you see in spam, have sweet dreams of useless ICANN actually enforcing the bulk-whois-marketing rule instead of ignoring registrars who allow it willy-nilly, and spamcop everything for great justice.

And to “Data Centers Canada Inc.”, “Comodus” and “Linkstar”, congrats you are spammers, any hopes you had of every being taken seriously as legit businesses went down the drain when you sent out unsolicited bulk email to domain owners, no matter how well targeted it was.

So first off I apologize for a lack of blogging. It always seems to fall to the side when life gets busy. My main priority right now is working on (and eventually) finishing going through Florida pictures, but everything seems to get in the way including taking more pics to add to the queue.

One thing I’ve wanted to do for awhile though is have a way to manage my interesting links. I read a lot of tech and science news in the morning and like to share said articles with family and friends. So I generally share them with Facebook, or Twitter (which in turn *usually* trickles back to Facebook unless their plugin is broken), but neither is really a trust worthy place to put any information you care about. I really like the way Justin does it, but also wanted to tie a quick push to Twitter (and thus Facebook) in.  So I figured I might as well write a little social bookmarking thing.

The entire hack took about 30 minutes, including the time to register a cheap (i.e. not taken) and very short (3.2) domain name (k4v.ca) for my built in URL shortener as using kavassalis.com?blah seemed a touch long. I have yet to display my links in the blog layout, but I will probably whip up a widget tomorrow morning to appear on the right side of all the pages with the last N links. Anyway the code is pretty ugly and basic but here it is:

The actual link forwarder: (l.php)

if (sizeof($_GET)!=1) { header("Location: http://kavassalis.com/"); }
$code = key($_GET);

$dbUser = "abc";
$dbPass = "xyz";
$dbName = "nick_blog";
$dbHost = "127.0.0.1";

if ($rows == 1) {
$link = mysql_result($result,0,"link");
header("Location: $link");
} else { header("Location: http://kavassalis.com/"); }


(The obvious flaw is that it doesn’t give an error to the user if the database is down, but I didn’t feel like doing that so…)

and here is the link creator: (bookmark.php)

function mkCookie()
{
$pool = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890';
for ($i = 0; $i < 3; $i++)
{ $result .= $pool{rand(0, 61)}; }
return $result;
}

if (!isset($_GET['link']) || !isset($_GET['blurb'])) {
*** FORM HTML WOULD APPEAR HERE, THANKS WORDPRESS ***
} else {

Amusingly the WordPress < code > block really seems to detest HTML, i.e. WordPress renders it even though its inside the block, that just makes no sense… Too lazy to figure out how to do it for a 4 line form. So yea, thats the code. No URL tracking/stats, but thats not really what I was going after. I just wanted an easy one click way to share URLs everywhere at once, and store them somewhere safe.

Things have been generally busy work wise, home wise. I am going to try and blog more again. Today being May 5th means that Mucho Burrito has $5 12″ burritos and I’m going to go and see if I can’t manage to consume two between now and dinner. Toodles!

Ugh! I totally forgot something important in my article about Google this morning. Though thats okay because it was a pretty long rant already, however at this point I am posting an abnormal number of times in a single day…

Some Italian high school students uploaded a video of an autistic classmate to Google video. Let me start by saying this is terrible and cruel, and I cannot even imagine how cruel bullying must be in a post internet world. Google complied with the Italian law enforcement and handed over the details of the users who uploaded it. This is correct practice. If someone breaks the law, even if its over the internet, they are prosecutable, and content hosts are responsible to comply with law enforcement. I have done this many times and complied with Canadian law enforcement on some very interesting cases.

Apparently though this is not enough in Italy. Four Google Italy employees, including one who had left the company in 2008 were arrested, of which 3 were convicted of violating the videoed boy’s privacy rights. The courts demand that Google should have vetted the privacy of the content that was uploaded before sharing it with the world. REALLY? I mean are they serious? I’m sure they must realize how many videos are uploaded to Google/Youtube/etc every minute of every day? And to check to make sure EVERYONE in the video has signed a release as to their privacy? Heck its not feasible at a few videos per day, let alone the 20 hours of video uploaded to Youtube alone every minute of every day. This would be stupid coming from an armchair politician bitching on an internet forum, let alone the policy makers of an entire country. Seriously this worries me about the sanity of the law makers and future of the country.

It doesn’t stop at video, it could be pictures uploaded to Facebook, of which there are over a hundred million PER DAY. Should Facebook check EVERY photo to make sure nobodies privacy is being encroached upon? Get a clue!

My other complaint is why does every local government think they should be able to police the internet? I think Google should just pull its local offices out of Italy and then just let Italy decide if they want to block Google or not. Let all these insane countries play internet nanny for their citizens, maybe they can get a bulk deal on Cisco gear along with China and Australia… Hey Italy thanks for Ferrari but no thanks for your draconian attempts at internet policy!

Read Google’s own blog post on the matter…