Dan Q

Month: January 2019

Iraq’s Post-ISIS Campaign of Revenge

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The next suspect insisted that he had been arrested by mistake—that his name was similar to that of someone in ISIS. A private defense lawyer explained that his client had confessed to ISIS affiliation under torture—he had a medical examination to prove it—but none of the judges appeared to be listening. As the lawyer spoke, they cracked jokes, signed documents, and beckoned their assistants to collect folders from the bench. Sahar yawned. The trial lasted eight minutes.

“Enough evidence—I ask for a guilty verdict,” the prosecutor said. It was the only phrase she uttered in court that morning.

Iraq’s well out of the news cycle and even ISIS isn’t getting the coverage it once did. But for many in post-ISIS Iraq, the battle is far from over. A country bloodthirsty for revenge against the terrorists who held Mosul, a judiciary more-interested in fast results rather than right results, and a legal system that promotes and accepts confession under torture creates the perfect breeding ground for tomorrow’s disaster.

Repost posted at UTC on .

No comments

Toddler Feelings Helpline

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Hello, you have reached the Toddler Feelings Helpline. Please choose from the following options:

— If Mama went to the store for a minute but you are pretty sure she’s never coming back, please mash all of the keys but mostly 1.

— If you still feel pretty messed up about how they were just going to burn the Velveteen Rabbit, please mash all of the keys but mostly 2.

— If you don’t like the way your shirt is right now, please hit a sibling for no reason.

Repost posted at UTC on .

No comments

Elemental haiku

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Chlorine

Low road or high road?
World War I. Gas in trenches.
Or salt shared, tears shed.

A haiku for every element on the periodic table up to atomic weight 103, and also one for the as-yet-unsynthesised ununennium, I especially like magnesium’s.

Repost posted at UTC on .

No comments

Ending on a High

For the final week of his 52 Reflect series and as a way to see off the year, Robin and I spent the last weekend of the year near Fort William to facilitate a quick ascent of Ben Nevis. My previous expedition to Britain’s highest point was an excuse for some ice climbing but I hadn’t actually come up the “path” route since an aborted expedition in 2009.

Dan and Robin atop Ben Nevis
Probably should have wiped the snow off the lens.

Somehow in the intervening years I’ve gotten way out of practice and even more out of shape because our expedition was hard. Partly that was our fault for choosing to climb on one of the shortest days of the year, requiring that we maintain a better-than-par pace throughout to allow us to get up and down before the sun set (which we actually managed with further time in-hand), but mostly it’s the fact that I’ve neglected my climbing: just about the only routine exercise I get these days is cycling, and with changes in my work/life balance I’m now only doing that for about 40 miles in a typical week.

Robin with the GCG6XD, the Ben Nevis summit geocache
My ongoing efforts to get Robin into geocaching continue to succeed: ice somewhat hampered us in our search for the cache nearest the summit but we got there in the end.

For the longest time my primary mountaineering-buddy was my dad, who was – prior to his death during a hillwalking accident – a bigger climber and hiker than I’ll ever be. Indeed, I’ve been “pushed on” by trying to keep up with my father enough times that fighting to keep up with Robin at the weekend was second nature. If I want to get back to the point where I’m fit enough for ice climbing again I probably need to start by finding the excuse for getting up a hill once in a while more-often than I do, first, too. Perhaps I can lay some of the blame for my being out of practice in the flat, gentle plains of Oxfordshire?

Dan ascending Ben Nevis
I’d have loved to have gotten a shot of me actually managing to get some use out of my crampons, but by that point visibility wasn’t great and we were rather cold and wet to be stopping in a wind to take photographs. So this rocky stretch will have to do.

In any case, it was a worthwhile and enjoyable treat to be able to be part of Robin’s final reflection as well as to end the year somewhat-literally “on a high” by seeing off 2018 in the Scottish Highlands. If you’ve not read his blog about his adventures of the last 52 weekends, you should: whether taking a Boris Bike from Brixton to Brighton (within the rental window) or hitching a ride on an aeroplane, he’s provided a year’s worth of fantastic stories accompanied by some great photography.

And now: time for 2019.

× × ×

Article posted at UTC on .

No comments

Note #12736

Virgin Media password form, requiring 8-10 characters

2004 called, @virginmedia. They asked me to remind you that maximum password lengths and prohibiting pasting makes your security worse, not better. @PWTooStrong

In more detail:

  • Why would you set an upper limit on security? It can’t be for space/capacity reasons because you’re hashing my password anyway in accordance with best security practice, right? (Right?)
  • Why would you exclude spaces, punctuation, and other “special” characters? If you’re afraid of injection attacks, you’re doing escaping wrong (and again: aren’t you hashing anyway?). Or are you just afraid that one of your users might pick a strong password? Same for the “starts with a letter” limitation.
  • Composition rules like “doesn’t contain the same character twice in a row” reflects wooly thinking on that part of your IT team: you’re saying for example that “abababab” is more-secure than “abccefgh”. Consider using exclusion lists/blacklists for known-compromised/common passwords e.g. with HaveIBeenPwned and/or use entropy-based rather than composition-based rules e.g. with zxcvbn.
  • Disallowing pasting into password fields does nothing to prevent brute-force/automated attacks but frustrates users who use password managers (by forcing them to retype their passwords, you may actually be reducing their security as well as increasing the likelihood of mistakes) and can have an impact on accessibility too.
  • Counterarguments I anticipate: (a) it’s for your security – no it’s not; go read any of the literature from the last decade and a half, (b) it’s necessary for integration with a legacy system – that doesn’t fill me with confidence: if your legacy system is reducing your security, you need to update or replace your legacy system or else you’re setting yourself up to be the next Marriott, Equifax, or Friend Finder Network.
  • It’s definitely not the first time you’ve been told. Get your act together.

Note posted at UTC on .

7 comments

Note #12733

12-sided die with multiple "0" stickers placed over the sides

“All #boardgames can be legacy games if you want it enough!” – @fleeblewidget, after drunkenly stumbling upon @thegodzillagirl’s label maker.

×

Note posted at UTC on .

No comments