blogspot visitor
Generally Recognized As True

Thursday, November 16, 2017

The Paradise Papers and you

There are at least a couple of ways to tell whether someone from Canada that complains about the injustice of the offshore tax avoidance schemes revealed in leaks like the Panama Papers or Paradise Papers would participate in the same schemes if only they could afford to.

These are both middle-class versions of the same thing:

  1. Regular cross-border shopping in the US: Get the benefits of living in Canada while reducing your cost of living by diverting your spending to a nearby country you probably would prefer not to live in to save a bit of money. Pretend that the lower cost of living doesn't have anything to do with the reason you'd rather not live there.
  2. Paying in cash: Pay for your services in cash for the purpose of tax evasion (avoiding HST for yourself and income tax for the recipient). Lowering your own cost of living at the expense of society.
While I'd consider #1 to be unethical, #2 is illegal.

It'd be interesting to know how many people that do the above are maxing out their Tax-Free Savings Account (TFSA) as that is a very legal means of eliminating your tax obligation on a portion of your investment growth.

This isn't meant to say that I think the schemes revealed in the Paradise Papers are ethical. It's to say that they're all wrong, and that your righteous moral ground is significantly nearer to sea level if you're partaking in the schemes like those in the list above as you give every indication that you'd do the same thing, if only you had the resources.

Saturday, October 14, 2017

Algonquin - Western Uplands Backpacking Trail - October 2017

As mentioned in my 2016 post on the Algonquin Western Uplands backpacking trail, I had planned to complete the trail again in 2017 without suffering the same knee and foot injuries. I succeeded in this, and attribute this to:
  • Pacing myself for the long haul. I over-reached on the previous trip, in some cases from frustration. Going in knowing what to expect over the long run makes a difference.
  • Better, larger boots. Specifically, Scarpa Zanskar GTX in a EU size 46. This is roughly equivalent to a US size 13 and is therefore about 1 full size larger than I'd normally wear. Very good boots, and kept the water out on what was a much wetter and muddier trail than it was in 2016.
  • Heel lock lacing pattern to keep my heel from slipping in the larger boots. Combined with some grease rubbed on my heel each day for anti-friction (I normally use Burt's Bees Hand Salve but for this trip used a Burt's Bees lip balm stick due to the much smaller weight/size), I avoided heel blisters for the first time on a backpacking trip.
There's not much else to add about this trip, as it was largely a repeat of the 2016 route with largely the same gear with some things left behind 35lbs of equipment, which was down to 25lb by the end (due to food and fuel consumption).

Some notes on relative difficulty:
  • Day 1: Entry to Maggie Lake E: Average difficulty.
  • Day 2: Maggie Lake E to Pincher Lake N: Second most challenging day. Shorter distance but more terrain variation.
  • Day 3: Pincher Lake N to Brown's Lake: Longest distance but counteracted by less variable terrain. This was the only day it rained significantly and when the first picture below was taken.
  • Day 4: Brown's Lake to Susan Lake: This was the hardest day and where my feet suffered the most.. The trail is narrow and slanted in many places as well as being rocky or laden with tree roots, increasing the friction between your shoes and feet.
  • Day 5: Susan Lake to Exit: I had an overwhelming memory of the 5th day being easier from the previous trip, but I must have been remembering the relief offered by the final few kilometres. The early part of this stretch is as challenging as the rest of the trail.
There aren't any grand lookouts on this trail, but I've attached some pictures from along the way.








Demise of Sears Canada

In what already feels like old news in the news cycle of today, Sears Canada will eventually be no more.

Here's what I take away from the coverage so far:
  • Nobody is surprised
  • Online shopping is partly to blame, but so is a lack of investment on the part of Sears.
  • Sears is a source of memories of bygone days. It's mostly older people that lament the passing of Sears, and they sound as if they are talking about Werther's Originals.
From my own perspective, it's been awhile since I shopped there with intent. There isn't a Sears close by, and when I did have a chance to visit one I used it for comparison shopping with The Bay (since they were frequently at opposite ends of whichever mall contained one or the other). In those cases, I usually ended up buying from The Bay because I liked their offerings more.

There was a Sears mattress and appliance store in town from which you could pick up catalogue or online orders, but it just seem to have disappeared one day.

Some general thoughts:
  • Outlet malls and high-end malls that have tightly-focused, branded offerings seem to be doing well.
  • Online shopping isn't the only part of online that's to blame. Direct marketing by brands is also a factor - many people no longer go to a store looking to be sold something in a particular category. They go looking for the exact thing they've already been sold online and just need a place to buy it.
  • The vast number of products sold under even a single brand produces cross-brand permutations of products that are now too large for a single department store to hope to satisfy and carry.
  • This makes outlet malls and high-end malls the new department stores. It also makes a lot of sense why The Bay is both present at outlet malls and has subdivided many of their stores into brand-focused departments within category-focused departments. It also makes Sears' selling off of their high-priced real estate (in high-end malls) look especially counter-productive.
  • Small towns are said to be affected. But the writing must have been on the wall in small towns more than anywhere else because they are just as reachable by online shopping as are major centres. If the Sears catalogue combined with local pickup drops was of particular benefit to small towns then I don't understand why online shopping where the products are delivered to your door isn't many degrees better.
I respect the challenge that they faced. Running a large, legacy business is hard during times of change, but they did not make the same effort as The Bay to stay current. The Bay is also not doing that well financially, but they at least seem to have identified what their modern market looks like.

Like many other people, I lament the passing of Sears as it's a part of my past, but it won't affect my present very much at all.

Sunday, August 20, 2017

Ten photos: Ottawa - Montreal 2017

It's hard to pick just ten, but here are ten photos from my recent trip to Ottawa and Montreal.

Ottawa - Changing of the Guard

Ottawa - Parliament Hill

Ottawa - Changing of the Guard

Montreal - from Mont Royal

Montreal - from base of Mont Royal

Montreal - Botanical Gardens

Montreal - Monumental Dougherty

Montreal - Butterfly on milkweed

Montreal - Botanical Garden

Ottawa - Night-time neon!


Saturday, August 05, 2017

Steven Wilson - Refuge

I have a feeling that this will be one of the best albums of the year for me.



The studio video is interesting, too...

Friday, August 04, 2017

Theodore Dalrymple on Bureaucracy

The latest work by the erudite Theodore Dalrymple - The Knife Went In - summarizes the ease with which bureaucracy proliferates in comparison with the higher standard applied to work of a more technical nature, and suggests one possible reason that this is sometimes the case.

In this section, he recalls an occasion from his work as a doctor and psychiatrist within the British prison system:

[...] There was an all too evident distinction made between the ‘scientific’ rigour with which the value of [technical] work was assessed, and the dubious standard which was used to assess that of the proliferating and vastly more expensive administrative procedures introduced almost daily into the service.
.
.
New procedures mean new forms. These are invariably longer and more inclusive than the old, because more information is always better than less. Information-gathering is the process that will solve any problem, so that for every problem there is an apposite form. It doesn’t exactly do anything about it, but it shows you have done something. Belief in forms is to us what belief in rain-makers was to African tribes subject to drought.

During my time, the Prison Service became worried about the numbers of suicides in prison — or rather about the publicity given to the numbers of suicides in prison at the time. It therefore decreed the use of a new form to be filled out on every prisoner thought by any member of staff to be suicidal or potentially suicidal.
.
.
The form was of such complexity that it would rarely be filled out correctly (which, as I shall explain, I came to see as its main virtue and purpose in the eyes of those who devised it). I recall being trained in its use by an officer who had himself been trained in its use and proselytised it with the zeal of a convert. [...] I knew the officer concerned to have been a perfectly reasonable, and even cynical, human being before his conversion. Give a man something absurd to do which he cannot avoid and he will soon become enthusiastic about it.
.
.
Much of the prison officers’ time was now occupied by filling out these forms. There was, of course, no guarantee that they filled them honestly: if you can’t trust a man to do his best, you can’t trust him to follow procedure honestly. The last suicide in the prison before my retirement occurred was when there was a much reduced staff in the prison. Everyone else was away at a ‘suicide awareness training’.
.
.
Some time after the form was introduced, I was called to the coroner’s court to give evidence on a prisoner who had hanged himself. [...] The barrister for the family, a young man, rose to question me. It was his aim to make the man’s death everyone’s fault but his own. ‘It’s true, isn’t it, doctor,’ he asked in a tone of menacingly unctuous politeness, ‘the 20/52 SH [the designation of the form, SH standing for Self-Harm] was not filled out correctly?’ The implication was that, if it had been filled out correctly, naturally the man would not have died.

‘Yes, it is true,’ I replied (though not actually knowing whether or not it had been filled incorrectly), ‘but it is also true that the suicide rate in prisons has risen since its introduction.’

Sunday, July 02, 2017

WannaCry overshadowed a more serious attack on credentials via DoublePulsar and foreshadowed Petya

The global impact of the WannaCry ransomware attacks made international headlines, but a recent story in the New York Times suggests that the noise from this event may have overshadowed a more serious attack that stems from the same leaked NSA hacking toolkit as WannaCry but is much more difficult to detect.

One company affected by this alternate attack - IDT Corporation, a US-based telecommunications company - was hit two weeks prior to WannaCry being unleashed. The exploit that affected IDT used the same technical attack vector as WannaCry, but then layered a second kernel-based attack called DoublePulsar to first steal an employee's network credentials and then turn into a standard ransomware attack, apparently to hide the more nefarious motive of credential theft.
... the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines. Worse, the assault, which has never been reported before, was not spotted by some of the nation’s leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts or the F.B.I., which remains consumed with the WannaCry attack.
...in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually for urgent information failed to report it.
The unanswered question is: how many organizations are affected but do not realize it? In this case, when the ransomware is cleaned up, the problem is not over... and this fact isn't easily discovered.
Were it not for a digital black box that recorded everything on IDT’s network, along with Mr. Ben-Oni’s tenacity, the attack might have gone unnoticed.
Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons.
Attacks that are widely-detected and have serious visible impact grab the headlines, but attacks that are allowed to go on for months without detection are arguably far worse as they can either provide ongoing entry to a private network at will, or can set the stage for triggering some future large-scale, coordinated attack using agents that have been spread throughout a network.

Also interesting is that, although the IDT attack preceded the latest revision of the Petya attack, it shares the above advancements with Petya (NotPetya) as the latter not only tries to exploit the same SMB vulnerability as WannaCry but then tries to steal credentials from the local credential store and make further authorized connections around the network using legitimate channels.

As with WannaCry, the following factors contributed to prevention:
  • Anti-phishing programs: Malware commonly enters an organization's network via e-mail attachments that are clicked on and run by an employee.
Once malware has entered the network, the extent to which it succeeds spreads is determined by the points that follow.
  • Regimented OS patching program: Ensuring that software (especially OS) updates are applied in a timely manner across the entire organization. To spread over the network, both attacks used the same SMB-based vector that had been patched in March 2017. The IDT attack used a second vector that was also patched at that time.
  • Privileged access management: Although some ransomware limits itself to the user space, those like Petya will request and use administrator privileges if they are available to infect the file system and take over the entire PC during the next reboot. Consider what this means when your credentials are stolen and are then used in conjunction with administrator-level privileges on a Windows server to remotely execute code on that server.
  • Managed end user devices: IDT had patched its corporate systems but was affected when a contractor connected to the company network from a personal computer highlighting the potential risks of unmanaged bring-your-own-device (BYOD) facilities.