Wednesday, March 17, 2010

My Grandmother's St. Patrick's Day Cookies

Anybody who knows me well knows two things: 1., April Fools Day is Sacred; and, 2., Every Day is April Fools Day.

But the best April Fool's Day joke I ever pulled wasn't on April Fool's Day at all. It happened on St. Patrick's day, and the joke was on my then 72 (and now 86) year old grandmother.

All throughout my childhood, my Grandmother was always baking things. Desserts. Pastries. Treats. And she still makes them, too - "Dainties," as she calls them. Best of all, though, she makes particularly good cookies, so it was always a real treat to get a plate full of dainties several times throughout the year - cookies, buttertarts, nanaimo bars, peanut butter marshmallow thingies - the variety depended only on the occasion. Christmas, Thanksgiving, Valentine's Day, and Easter all had accompanying treats, including the extra-special fresh Hot Cross Buns on Good Friday.

So a number of years ago, while in the mood for cookies, I happened to realize that it was March 17th, and a nefarious little plot began to hatch inside my head. I picked up the telephone, called my Grandmother, and asked, "Nan, where are the St. Patrick's Day cookies?"

She replied, "David, I've never made St. Patrick's Day cookies in my life."

"Sure you did," I said. "Every year. Don't you remember?"

She emphatically denied it, but four hours later, she showed up with perfectly-shaped shamrock cookies, artfully decorated with green icing.

While I was duly impressed with the results of my little joke, and quite happy to have the cookies, I found out years later that there was in fact more to the story. In the time period between my phone call and her showing up with the cookies, she had phoned my Aunt Colleen, as my grandmother was suddenly really starting to doubt her sanity.

My Aunt later told me that my grandmother had recounted our conversation to her and then asked, "I never made St. Patrick's Day cookies, did I?"

My Aunt, somewhat preoccupied at the time for a reason I cannot recall, answered, "Sure you did."

"I did?" my grandmother asked.

"Every year," my Aunt added.

Apparently my grandmother was somewhat bemused. "Then what did I use for a cookie cutter?"

My Aunt, growing ever more annoyed at what was turning into a lengthy interruption, abruptly said, "I think you used the club from the cards set or something," and got my grandmother off the phone. It wasn't until later that my Aunt gave it more thought and realized that she'd been mistaken.

In the meantime, my grandmother had checked her cookie cutter drawer, and sure enough, the club cutter was there. She mixed up some dough, cut out some clubs, and then took a knife and cut off a piece of the bottom to give it a curved look and make it look like a shamrock. She later told me that she thought to herself, "Well, it actually looks pretty good; that must have been how I did it," and she proceeded to bake a batch. She made the accompanying green icing, decorated them, and I imagine was somewhat relieved that she didn't miss this longstanding St. Patrick's Day ritual which, for some reason, she couldn't seem to recall for the life of her.

In my defence, I did own up to it a few weeks later. We enjoyed a good laugh as she told me how she had seriously began to wonder, and I gloated over the well-executed results of my somewhat impractical joke.

The incident was all but forgotten and things were quiet until the following winter, when my sister and I conspired to relive the magic. My sister went shopping and found a Halloween cookie cutter in the shape of a cat, and snuck it into the cookie cutter drawer while our grandmother was away on vacation.

Our grandmother returned home from her trip at the end of January as scheduled. On February 2nd, I called her up, and asked, "Nan, where are the Groundhog Day cookies?"

"David," she told me, "I've never made Groundhog Day cookies in my life."

"Sure you did," I told her. "Every year…"

Labels: , , ,

Friday, November 06, 2009

Hacking Humanity: how viruses REALLY spread

I'm sceptical about pretty well the entire internet, and out of an abundance of caution, I suspect just about every link. Computer viruses can be nefarious things, so I'm very careful about where I click. I try to satisfy myself as to the link's authenticity before I dare click, and I have to admit I'm sometimes downright paranoid about shortened Twitter links.

Because of the popularity of online communication and social media, a great number of viruses appear to come from good friends. Worse, the message triggering the virus is usually something designed to look real and go unquestioned by the recipient.

The term "virus" is used loosely here - the same principles can apply to most any program, script, or other malicious code. But almost all have one important thing in common: the user usually has to do something to get infected, even if simply clicking a link or opening an attachment.

Whatever its form, malicious code is famous for its ability to promulgate through exploits of security vulnerabilities. Sometimes these are due to flaws in an Operating System, or in a software program such as a web browser.

The code takes advantage of the flaw to take over, creating another version of itself, and both then continue to seek out new victims. New exploits are being reported all the time, but the software vendor is usually quick to release a patch that seals up the exploit and protects you, and the hackers who release the program are getting quite creative. Some new variants of exploits even masquerade as anti-virus or anti-spyware programs that flash warnings of infection which lull the user into a false belief of being protected, while the malicious software carries out its purpose, whether spam, porn, or identity theft.

(I'm still waiting for a creative hacker to release an exploit that uses the victim's computer resources to surreptitiously contribute to scientific research via projects like BOINC or http://setiathome.berkeley.edu/.)

Patches only work, though, if you hunt them down and apply them. Keeping up-to-date on security releases is very important, but what's most important is to exercise common sense.

Most of the viruses people seem end up with are spread through email or IM, and usually involve some sort of social engineering. And what is social engineering, you ask? It is simply tricking you into doing something innocuously and unconsciously, so that you probably don't even notice the results, and nothing registers on any conscious radar screen as being dangerous.

Say Alice signs on, and a screen pops up from Bob, suggesting that Alice check out pictures of her. She clicks, and is whisked away to some decoy site while the code safely ensconces itself within Alice's hard drive, curling itself almost inextricably around her operating system, so that the two now operate as one. And it all happens so slick that Alice doesn't even notice, until a couple of weeks later she gets a phone call from a friend who tells her to run a virus scan already because her friend is sick of getting ads for teeth whiteners from her.

Sound like a realistic scenario? Naming off the dozens of examples you've seen yourself? Almost got tricked by one, or did and are too ashamed to admit it? This is how these viruses are spread; they rely on the trust of the user.

The more reliable the message seems, the less likely it is to raise any red flags. Social engineering is used in these cases to exploit natural human tendencies as a means to promulgate the virus, whether it's unleashed by a bored teenager on a weekend with nothing to do, or spread as part of a major billion-strong foreign botnet.

Fortunately, many of the IM and email viruses that rely on tricking the user are not usually too sophisticated on the software side of things. Removal is usually as simple as identifying what variant is at fault and searching for the proper removal instructions.

Searching the name of the virus and "remove tool" might bring up a handy little program that you can download, run, and have it scrub your machine free of all trace. By this time, though, hopefully you've learned to approach links with scepticism, and you don't automatically download the first thing you come across. Discernment is crucial; be careful where you click.



Labels: , , , ,

Saturday, October 31, 2009

Twitter Weekend of Terror

Halloweens all seem to be pretty much the same. Whether you go to a bar or a party, what you're going to run into are a bunch of slightly-to-severely inebriated people wearing semi-passable costumes explaining to everyone they meet what they're supposed to be dressed up as.

This year, I just don't have the energy for it. I've decided to stay in, and get the jump on a bunch of work-related projects and assignments; not only work relating to the legal field, but also some writing projects that I've had on the backburner for considerably way too long.

Work has been rather demanding lately, and I'm almost at the point where I've got everything caught up, but the demands of the past few months have really impacted on my ability to particpate on Twitter. I feel in some ways like I've been neglecting a best friend. I've been around a little more frequently the past couple of weeks, but still, there's no comparison to the times a few months ago when our group would regularly end up "in #twitterjail" for having posted too many times in an hour.

So, while discussing halloween plans with Verleen, we decided... why not haunt our favourite haunt? Why not spend the evening creating mayhem and raising cain, just like we used to, on Twitter? Seems like the perfect night for it!

And so begins the inagural Twitter Weekend of Terror. Join us - @verwon and @Lurquer - for a fun-filled time of screams and riots! And watch out for #twots!



Labels: ,