Correlation != Causation

One of the things I love most about science is hearing other people call science a “thing”. “Science says the planets are round”. “Science says vaccines reduce the spread of herd diseases”. While these conclusions are true, the way in which they are spoken belies some level of ignorance as to what science is.

We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.- Carl Sagan

Science is a way of thinking. It is a process that has been developed over generations to support the human endeavour to figure out how things work. The scientific process is not perfect and it certainly has led to some incorrect conclusions from time to time. But a big strength of the scientific process is that it is self-correcting. If you’ve ever spent any time in the open source community, you know how it works. The same organized scepticism and peer review that keep open source projects churning out good code are the same facets of the scientific process that keep good ideas flowing.

Continue reading “Correlation != Causation”

Jon Watson

View Jon Watson CD, Linux+'s profile on LinkedIn

I am a Linux sysadmin. I currently work in the security industry, but I’ve worked in a lot of verticals in my career. Banking was the most regulated, defence was the most secure and entertainment was the scariest. Terrifying.

I’m a capital ‘ST’ STEM guy. I love science and technology and how it changes the way in which we interact with the world. I don’t know much about engineering and my math skills are tragic. I have a college diploma in Computer Information Systems, and I have been in this field long enough to figure out that a deeper understanding of the science of computing is required in order to continue doing interesting things. To that end, I’m in the middle of a Comp Sci degree. For kicks I do things like maintain a Fidonet BBS. My personal blog is here and I write security and privacy related articles for Comparitech here. I also do a weekly-ish tech-ish podcast with my wife called The JaK Attack! podcast here. Here’s a list of some other things I’ve done that may or may not interest you.

Open Source Projects


WordfyFace: Pebble Classic watch face written in C.


Duplicity Menu: A console based front-end for the Duplicity backup application written in C++.

Post It Once: PHP script that allows web users to post status updates and full blog entries to their Twitter, Facebook, and WordPress blogs in one fell swoop.



A History of Computer Operating Systems.

Linux Journal

VirtualBox: Bits and Bytes Masquerading as Machines.

Break the Hardware Upgrade Cycle with Win4Lin Windows Virtual Desktop Server.

Podcasting for the Penguin!

Linux Magazine

Convenient Castle.

Sound Saver.

I also manage the Top Canadian VPN website.

Looking for hacking activity in Apache Logs

This is my first post with Ghost and since it contains code snippets and command line goodies I thought it would be a good test for Ghost’s markdown language. Let’s see how it goes.

The sheer number of bad people on the planet mean that there’s a really good chance your website has at least been probed to see if it is a good attack platform. It may also mean that your website has already been compromised and is doing bad things for some other person as we speak. Some people I talk to say things like “well, if I get hacked, I’ll deal with it then”. But that’s dumb. It’s dumb because when someone compromises your website, they’re not going to put a big banner on it letting you know. It may be days, weeks or months before you notice.

Continue reading “Looking for hacking activity in Apache Logs”

I am 1:249/207 Hear me Bark!

I was assigned a Fidonet node number tonight. That will mean almost nothing to anyone, but to me it’s an accomplishment. It took me 3 days of hacking around to get this thing set up.

Fidonet was the predominant pre-Internet message network which was created in 1984 and had an initial 12 nodes (BBSes), peaking in 1996 with ~40,000 nodes and down to about ~2,000 now.

I’ve been a Linux hacker (the good kind) all my adult life and have therefore been surrounded by other hackers of varying degrees of competency. Through those people I’ve learned that anyone can run a script, but the true mark of a craftsman in any trade is the ability to apply abstract knowledge to new situations.

Continue reading “I am 1:249/207 Hear me Bark!”

My Pebble Watch: First Week Using and Coding

One of my gifts for Christmas was a Pebble “classic” smart watch. I’ve wanted one for a while because the idea of smart watches and other wearable computing devices is interesting to me, but having never had any experience with one, it was hard for me to determine if I’d actually like it. The Pebble Classic is cheap enough ($109 here in Canada, generally) that it’s worth the risk. I’ve had my Pebble for a little over a week now and here are my thoughts.

The Concept

The million dollar questions is why would anyone need yet another device to tell them when they have an email or a text message? It’s a good question and part of the reason why I was not 100% sold on the idea, but here’s what I thought the advantages would be and so far it has worked out as I expected.

Continue reading “My Pebble Watch: First Week Using and Coding”

Pebble: Moving Beyond the Basics

I’m into month two with my Pebble Classic and in that time I’ve gone through almost every app and watch face in the Pebble App store. That has enabled me to gain a lot of insight into how I use my Pebble and the surprise ending is that although notifications are a big part of its usefulness, I use it for much more than that.

I decided to write this post after reading David Breger’s post on LinkedIn about why he does not wear his Pebble any more. I tried to comment on the post but the Submit button would not enable for me, so I ended up thinking about his post and about how my experience with the Pebble so deeply differed from his. I finally came to realize that David’s post solely focuses around notifications and he has completely missed, or at least did not talk about, the rest of the Pebble ecosystem. So I aim to fix that.

Continue reading “Pebble: Moving Beyond the Basics”

What can I do with a Chromebook?

I recently bought a Chromebook. Over the years I have had a short, unimpressive experience with one of those “Netbooks” that tried to create a place in the market so I was prepared to be a little disappointed. However, the critical role this thing had to fulfill is to be a backup computer to RDP into work if my primary system died so I was willing to put up with some limitations as long as it could plug that hole.

The first thing I learned during this process is that customer reviews from Chromebook users are almost totally useless. They mostly consist of incredibly naive and clearly non-technical people who were shocked and dismayed that their $250 “laptop” did not run Windows or MS Office. I doubt the critical thinking skills of these people because if it were possible to produce such a beast at that price point, it seems obvious to me that the market would be flush with them. Having said that, there are some low end $350 full-blown laptops out there from Acer and HP so the market is pretty close.

Continue reading “What can I do with a Chromebook?”

Breaking crypto: Not like the movies!

Web encryption is at the top of the discussion list these days in geek circles and with good cause. The revelations over the past few months that many countries are collecting wide swaths of Internet data on their own and foreign citizens has made us all stop and re-think things. We used to think it was fairly near impossible to collect every email and every web session that passes through the Internet but that assumption is now being challenged. Even the security of our encrypted web sessions using the tried and true Secure Sockets Layer (SSL) technology has now been revealed to be orders of magnitude less secure from government prying than we thought. As we work our way through this maelstrom of blows to the head it’s becoming clear that the only answer to true privacy on the Internet is Trust No One (TNO) encryption.

Who uses encryption, anyhow?

Continue reading “Breaking crypto: Not like the movies!”

Why loosing Lavabit and Silent Mail doesn’t change anything.

Here’s a non-concept for you: secure email. There’s a lot of media frenzy surrounding the recent shuttering of Lavabit and Silent Mail and most of it is unwarranted (see what I did, there? Warranted?) While any security is certainly better than no security, the media is presenting the loss of these services as something that matters and honestly, it really doesn’t. Email is so inherently insecure and the laws of most countries allow law enforcement to warrant emails anyhow, so there’s almost no advantage to using a secure email service if your intention is to be bad. In short, there is no such thing as secure email.

I had never heard of Silent Mail before a few days ago but I have both a Lavabit (had) and a Hush Mail account; both provide encryption bundled into their email service and from the press surrounding Silent Mail, I assume it offered a similar service. Continue reading “Why loosing Lavabit and Silent Mail doesn’t change anything.”