Rogers vs Bell

So I was hanging out with a friend (who will remain nameless for reasons you'll see very soon) a while back, and I saw his new BlackBerry Pearl:

- So, you got a BlackBerry, huh?

- Yeah man, it's great!

- How do you find the Bell network?

- Actually I'm with Rogers. Cheaper.

- ...

- ...

- Dude, YOU WORK FOR BELL, don't you get service for free or something?

- Nope, it's still cheaper with Rogers


I was floored! If this isn't a great endorsement of Rogers Wireless, I don't know what is. (Yes, I know their data plans still suck, but it seems they "suck less" than the alternatives.) I can't imagine what it must be like working for a company that would treat its employees so poorly they'd sign a service contract with their biggest competitor.


Argh! Missed it!

Totally non-techie post today for food geeks: it seems that La Bottega in Ottawa received a single Spanish jamón ibérico last Friday. I missed my chance to buy a few slices, reading about it only after the fact on Ron Eade's (the Citizen's food editor) blog, which I was only recently made aware of. Damn.

It is easy to underestimate the significance of this news item, but thankfully, in his video post, Eade reminds us that this is quite notable, as it is the first time jamón ibérico (made from pasture-fed black pigs of certified race) is available in Ottawa. In fact, until 2005, it was illegal to export it to North America, and since the ham must cure for three years before being ready to sell, it's only now starting to appear on our shores, and is a tad expensive (La Bottega was moving it at 200$ per kilogram).


[sure, I paid 30$ CAD for the plate above last month but look at that marbling!]

Ottawa food enthusiasts have no doubt noticed that much cheaper (but still delicious) jamón serrano has been available in local food shops for a while now, which is made from white pigs with less restrictions on feeding.


Is Deploying a Wireless Network More Secure Than Not Deploying One?

Yes, I think it is. Long-winded explanation follows.

Me: I'm a guy who loves to work on a laptop. I've owned my little Thinkpad since 2004. I have dragged it between Ottawa and Montreal dozens of times, hauled it through Spain and the United States while vacationing, it's been through several coffee shops in Ottawa, and even tonight, with three other computers in my apartment much faster than this one, I'm in the living room, writing this post on the faithful machine. If you call me up and need help with a build script or a complicated subversion operation, I'll run over to your cube with it and we can hack on the problem together, each on our own screen. Or anyway, I would if there were wireless network access points at the office.

Which there aren't.

(Yes, I'm well aware of the irony of working for a company that makes network equipment. No need to point it out.)

The subject came up on Friday evening, as a bunch of us engineers were sitting around having a beer before leaving for the weekend. Someone (I swear it wasn't me this time) wondered out loud why in this day and age, we didn't have wireless APs at the office. Asked our CTO: "Why don't we just drive to Futureshop and spend the fifty bucks?"

I suppose it's always been a "nice to have" feature of the office, never a true requirement, and commercial-grade WAPs are more expensive than the consumer versions from Linksys. I've also heard mentions that there might be concerns about the security of the setup, given that we lease a floor on a building housing a bunch of other companies. I realized after the discussion, however, that the security argument was bunk, and having no WLAN could actually put us at much greater risk than having one.

It is an oft-repeated saying in security discussions that humans are often the weakest part of a security system. In his book Secrets and Lies, security guru Bruce Schneier again reminds us, as he has before, that an inconvenient security system is self-defeating because humans will simply end up not using it. In Chapter 17, he relates this story:

It has been said that the most insecure system is the one that isn't used. And more often than not, a security system isn't used because it's just too irritating.

Recently I did some work for the security group in a major multinational corporation. They were concerned that their senior management was doing business on insecure phones - land lines and cellular - sometimes in a foreign country. Could I help? There were several secure-voice products, and we talked about them and how they worked. The voice quality was not as good as normal phones. There was a several-second delay at the start of the call while the encryption algorithm was initialized. The phones were a little larger than the smallest and sexiest cellular phones. But their conversations would be encrypted.

Not good enough, said the senior executives. They wanted a secure phone, but they were unwilling to live with inferior voice quality, or longer call setup time. And in the end, they continued talking over insecure phones.

This is exactly the risk that an office takes by not deploying secure, properly configured WAPs managed by the IT team. Wireless networks are a convenience for many. There are some (albeit still rare) laptops appearing that don't even have a network jack anymore; and this is just the beginning of that design trend. Sooner or later, someone will get fed up and install a rogue access point, connected to the corporate LAN, and quite possibly insecurely configured and allowing routing to every resource on the network. It may already have happened. Wishfully thinking otherwise is simply ignoring the human part of the equation, hardly good practice of security.


A Firefox Search Plugin for the Ottawa Public Library

The Ottawa Public Library has a very neat service where you can look up a book online, request it to be delivered to whichever branch is closest to you, and be notified by email when your the chosen tome is available for pickup. If a book is already checked out, you can simply request the next available copy to be delivered.


Seeing how I do quite a bit of reading these days, I set about creating a Firefox search plugin to easily search their catalog. In truth, I just wanted a quick way of looking up a book in the library catalog when I'm on Amazon.ca or I read a book recommendation on a blog.

Installing this search plugin

  1. Navigate to your Firefox profile directory (%APPDATA%\Mozilla\Firefox\Profiles\whatever).
  2. If it's not already created, create a new folder called "searchplugins" (without the quotes).
  3. Copy this file (ottawa_public_library.xml) to the searchplugins folder, then restart Firefox.


It's dead simple. Open the search engines drop down menu and choose the new "Ottawa Public Library" option:


Now type in keywords from the book's title and hit enter:


This plugin does a search using the "Keywords in TITLE" option, as I thought that was the most useful. Hope you find this useful! Tell your geeky friends!

Edit: ah yes, I forgot to say, the XML file includes a copy of the library's logo, taken from their favicon.ico file. I haven't asked the city of Ottawa for permission to redistribute the icon, but I'm quasi-certain it wouldn't cause a problem. If I get complaints I'll put a new icon in there.

Another update: There's been some interest in this, so here's an easier way to install: Click here to install the Firefox search plugin for the Ottawa Public Library


Resolved: Boingo Refunds Their Double-Charge

A couple co-workers have been asking me for an update, so here...

Last weekend, I wrote a post (link) about how after logging on to the Boingo wireless service from two different airports on the same day, I was charged twice despite having purchased a 24-hour pass. At that time, I contacted their phone service, where a customer rep explained it was normal, and advised me to read the user agreement next time.

Luckily, I didn't have to do a credit card chargeback; as a result of my blog post, I was contacted by Boingo's PR firm, and apparently the phone rep I talked to was incorrect: what happened was simply a software glitch. They've refunded the second (erroneous) charge, so it looks like this was just a one-off problem, and not the shady business practice I initially suspected. Phew! All is now well.