Saturday, October 27, 2007

The imaginary Crown

I just got back from the rally against police oppression of thought criminals in Aotearoa. We had a good turnout despite the shite weather. People were fluffy. There were no cops apart from those lined up outside Wellington nick trying to look staunch (only one of them had a coppers beard - what's with that? Are they going out of fashion or are they auditioning for undercover work?)

One of the speakers, as is traditional, used the term "Crown" to describe the NZ government. I so don't like that shorthand - here's why:

The decisions to send armed cops against Tuhoe and arrest peaceful activists in Te Aro aren't being made by an old lady in a castle in England.

They aren't really being made by a younger lady in an office block in Wellington (who believes that a right-wing government run by her is better than one run by John Key).

What drives those decisions is the attitudes of a bunch of New Zealanders listening to talkback radio on their way to the mall.

- They think that because they pay rent to a bank instead of a landlord, they actually "own" their house.

- They think that their tax money, rather than being coming straight back in services and benefits, is being handed out to The Other to subsidise indolence.

- They think that because they have a desk, phone and business card, they're actually partners in the enterprise they work for rather than human machinery.

- They think that the passage of 150 years erases the property rights of brown people and makes any attempt to reclaim those rights an act of racism.

- They think that spliffs and pills are bad, evil drugs; but their six pints while watching a rugby game is a chap's reasonable refreshment.

- They believe that all of this is not a political stance, but something called "common sense" and that the media which echo this all back are "impartial".

Which is all a lot harder to deal with than to just rail against an imaginary "Crown".

That's my rant for today. Have a good one.

Thursday, October 11, 2007

Crap security advice

If you use a corporate provided computer system, you probably have a number of passwords to "remember". You probably have these written on a postit attached to the monitor or stored in a convenient file on the desktop called Passwords.doc.

Here's some advice a dude with dodgy hair at Computerworld that explains why:
Use strong passwords: No user password should be shorter than eight characters. It's even better if they are nine or 10 characters long. Elevated accounts should have even lengthier passwords. Passwords should not be shared between internal and external sites, and they should be changed every 90 or so days.

Users won't remember those passwords. Particularly if they access an "elevated" system like payroll that only needs to be accessed every quarter. They'll be on postits or in files.

Look, if the data/system is too important for a six character password it should be protected by two factor authentication, like one of those security dongles you see. Otherwise you might just as well hand your users a printed card with the password on and tell them to keep it safe.

And while I'm at it, something that wasn't recommended in the article, but which is very popular, is to have a convoluted system of forms and approvals to get a login. Which pretty much guarantees that once Doris in accounts has finally obtained a password for the payroll system, it'll be written on the whiteboard for the whole office to use.