Pie Palace

24%

That’s right. You heard me.

24%

The Green Party received 24% of the votes in London North Centre last night. That’s 9,864 votes. We came in second behind the winning Liberal. CBC described the response by saying “Elizabeth May failed to become the first Green Party member of Parliament” – but they have it wrong. This isn’t a loss, it’s an accomplishment. This is our best showing yet, and (hopefully) a sign of things to come.

Part of me insists that by-elections are weird things, and that this doesn’t necessarily mean anything. Which, in a lot of ways is true. Even if the next federal election is in March, a lot can happen between now and then. But it shows two things: that Elizabeth May can do very, very well in a riding; and that Canadians are ready to give the Greens a chance.

Hat tip: Thanks Ottawa Greens for letting me know about this before I even hit the news sites this morning.

Canada has been abuzz with spy news recently. Across the pond, an ex-Russian spy was allegedly poisoned by his previous masters. In Montreal, an alleged Russian spy was detained as he tried to leave Canada.

Now, is a coincidence that Casino Royale came out this month? I’ve heard that anything is for sale in the new Russia. Has Sony purchased some high priced publicity from the SVR?

Joking aside, the more I read about Alexander Litvinenko’s death, especially when related to Anna Politkovskaya’s murder, the more I get creeped out. It sounds like critics of the Russian government are being systematically offed.

Imagine my surprise when I was reading the XPress on the bus this morning, when I noticed that PiePalace has been listed as one of the best local blogs for 2006!¹

I’d like to say thank you to the one or more people who nominated this blog. It’s always hard to tell who (if anyone) reads what I write. I’m glad that (a) someone reads this thing, and (b) enjoys it enough to go through the trouble of emailing the XPress. And no, it wasn’t my mom. She doesn’t have Internet access.

1. No, not in the main section, in the readers’ choice section. It’s there, down near the bottom. Start scrolling… No, not there, keep going. Down. A bit further. You’re almost there. Oh, nevermind. Just search for “piepalace”. Yes. Search. With control-f. (back)

In my mind, one of the defining characteristics of “Web 2.0″ is the idea that a website should be a forum for users to create and share content they care about. It isn’t about technologies (such as AJAX, CSS, and tags), it’s about the user model.

The first foray of Web 2.0 that I’m aware of is Wesabe. The gimmick behind it is that it watches your accounts at various financial institutions, and provides you with a common way to browse all of those accounts. Their privacy policy states that the good people of Wesabe will happily sell and anonymized version of your financial history to third parties. In return, users get to pay for the privilege of seeing their account information aggregated into one place, and they get to see tips that other users write.

It’s a nifty idea, but I’m not entirely sure what’s in it for the user. When I originally heard about the service, I assumed that it was aimed more at investing, rather than personal account management. What kind of tips can people give me? The demo shows really enlightening stuff like “Don’t shop at Trader Joe’s when you’re hungry!” and “Keep a tally of the cost of the stuff you put in your cart!” Granted, those are only placeholders for real advice that will come from users, but still, I have a hard time seeing how the advice could be that much better.

On top of the $5 a month that the user is supposed to spend so that they can see little bar graphs of their expenditures, the user must also give Wesabe access to their financial accounts. The weird thing about Wesabe is that the account monitoring is performed on the user’s machine. The user installs a program on their box, which they feed with their account details. The program hits the websites as requested, before dumping the semi-anonymous and (theoretically) secure information onto the Wesabe server. Although this probably makes the user feel good (”Hey! My account details stay on my home computer!”), I suspect that the average home machine is probably much less secure than a well run corporate data centre. Then again, I wouldn’t trust Wesabe to store my financial details any more than I trust my home machine to store them.

Regardless where the data is kept, it’s ripe for wholesale theft. In the case of being stored on a corporate server somewhere in the middle of nowhere, the attacker would have to be technically knowledgeable about the defending infrastructure. In the case of being stored on user’s machines, the attacker needs to be able to craft a virus or worm capable of looting that data. In either case, once the data has been stolen, it’s up to the users to play damage control. If half of your savings suddenly disappear out of your account, too bad: it’s your problem, not the institution’s or Wesabe’s.

I guess it comes down to this: what are little bar charts and brain-dead tips worth to you? What portion of your current bank balance? How will your bank react when you tell them that you shared your account information with an anonymous company that accepts no responsibility for the problems with their software? Will they say “Shucks! That $2k that was just wired out of your bank account wasn’t worth much to us! Here, have it back, and here’s an extra $1k for being a Web 2.0 kind of person. Go buy yourself a new iPod, you crazy hipster!” or will they say “That violates the usage agreement of our service. We accept no liability for your losses. Your willingness to give away financial information indicates that you’re a bit of an idiot. Would you like to sign up with our brokerage?”

Financial institutions should provide two kinds of electronic access to accounts: read-only access to records, and owner access to control monetary transactions. Each would require a separate username and password. That way, services like Wesabe could still charge users to read their own records; without exposing the folks that use those services to risk of theft.

I just got an email from the folks at the Under Pressure Collective. Apparently they don’t have the people power to work on a local bus rider’s association. Which really is too bad: Ottawa transit needs improvement, and getting the ridership to band together may be the way to go.

If I had any self respect, I wouldn’t post a link to photos of cats. But that’s what the Internet is all about. In my defense: the photos made me laugh until I cried. (What? You were hoping for my in depth analysis of the Ottawa mayoral election? Maybe in 2010)

To crush your enemies, see them driven before you, and see the flickering green light of a connected high-speed connection!

With apologies to Robert E. Howard.

If you’ve sent me an email in the past few weeks and I haven’t responded. I’ll get back to you in the next few days. Promise.

Keeping with the food theme, here’s another food website: ottawafoodies.com. It seems much more locally focussed than Restaurantica.

Dear Intarweebs,

I know that I come in contact with you every day. When I’m at work, I use your ample resources to learn more about the technology I’m using. When I’m looking to clear my mind, I sometimes I even look at news websites. But those fleeting glances don’t hold the same meaning they did when I was a student. Back then I felt free to give you all of my attention because I wasn’t working on someone else’s time. Don’t worry Intarweebs – I still have the same burning passion for your time wasting ways.

My new job is definitely keeping us apart. The moments we have together must be working interactions. We can’t spend time together like we used to. But soon, Interweebs, that will change. That’s right. I’m getting highspeed access at home. In two days time, we’ll be free to be together forever.

Yours always,
e

I can’t get over the technical trouble our friends to the South are having with their midterm elections. For some reason they’ve decided to use machines to accept people’s ballots, instead of the tried and true paper method. I’ve been a scrutineer during federal Canadian elections, and I have to say the process is easy, reliable, and visibly secure. It goes something like this:

1. Elections Canada (EC) prints ballots and election lists. It then hires people to handle each poll.
   
2. EC staff show up at the poll.
   
3. A representative of each candidate shows up at each poll.
   
4. Voters cast their ballots. The EC staff and the representatives of each candidate watch, and verify that the person is a legitimate voter.
   
5. The ballots close. Each voting box is dumped out in front of the EC staff and the representatives of each candidate.
   
6. The EC staff classify the votes, with the agreement of the candidate representatives.
   
7. The EC staff count each vote, with the agreement of the candidate representatives.
   
8. The number of votes are compared with the number of voters. Everything is recounted until the number of votes add up.
   
9. The candidate reps get unofficial results from each poll, which they can then verify against the official results published later.
   
10. Everyone gets to go home about an hour after the poll closes. The results are phoned in to Elections Canada.
    
11. Paper ballots are kept on file for any necessary recounts.

Let’s compare this to the US system:

1. Some unknown manufacturer builds a machine that may or may not physically perform as expected.
   
2. Some unknown manufacturer writes software to run the machine that may or may not perform as expected.
   
3. Authorities use voting machines without verifying that the hardware and software works as intended in all scenarios. If you’re a programmer, you’ll probably cringe at this phrase. The only way to verify that software works in all situations is to run it through every possible situation. I mean every possible sequence of keypresses, input, memory allocation/deallocation sequences, ordering of interrupts, power glitches, and network hiccups. Even then, there is no guarantee that the tester has thought of every possible scenario. Unless you want to do some deep mathematical proofs (that may be incorrect because they are based on incorrect information about the software at hand), it is virtually impossible to verify that software will perform properly in all situations.
   
4. Election staff are expected to understand how to use systems they are likely not familiar with.
   
5. Candidate representatives are expected to monitor and verify systems they probably don’t fully understand.
   
6. Voters are expected to interact with a system that they have likely not used before.
   
7. Voters are expected to trust the system to register their vote as they intend.
   
8. A large sum of money changes hands. (from the state to the manufacturer of the unverified voting system)

The paper process has a number benefits:

• It’s easy to use.
  
• Local variation in how counting is done at each poll means that an attack on any one poll may or may not work on another poll.
  
• The involvement of lots of people who have an interest in the system (voters, scrutineers from each candidate, EC staff) mean that all the voting system is closely monitored in each and every poll.
  
• The system is transparent enough that most folks can grasp it quickly, and then notice if something is amiss.
  
• Because there are so many people involved, anyone who wanted to attack the system would either have to get every observer in on the attack, or would have to trick every observer.

I’m not sure what the benefits of electronic voting are. Sure, it shuffles public money to bloated corporations with questionable ethics, makes the system less transparent, and makes the voting process easier to subvert; but I don’t think those are good things.