Midsummer Madness

Had it not been for Facebook, I might never have realized that so many people regard summer as starting around Midsummer. I suppose astronomical summer (as opposed to meteorological summer) explains why Springwatch feels so late in the season.

In a way, it’s very English to centre summer on the available daylight rather than meteorological patterns, since we’re usually pleasantly surprised by days on which it doesn’t rain. Though I suppose warmer rain has its advantages.

Having only troubled to look into this so late in life, I’m now wondering whether to celebrate the start of summer (again), regret the imminence of the solstice (light-wise, it’s all downhill from here), or wait a few days to wish you a happy St John’s Day (and maybe even St Peter’s Day a few days after). Or maybe I’ll just go back to not thinking about it at all. However, being in Cornwall at the time of Golowan probably makes the latter course of action impractical. I’m already in danger of extreme fascination with this world of Obby Oss (I’d love to have reproduced Charles Causley’s poem here, but you can find it in his ‘I had a little cat’ collection) and Obby’s connections with Old Penglaze and the Mari Lwyd. Not to mention Mirk of Lilleshall and his description of how St John’s Day turned from devotion to gluttony and sin. I think I’ll just leave that there.

David Harley 


Symmetry and Virus Writing

Back in 2003, the University of Calgary started to offer courses in virus writing, much to the annoyance of the security industry. Well, the anti-malware industry: people outside that sector like Bruce Schneier tend to take a contrary view of the hands-on approach to understanding security threats. However, what we still called at that time the AV industry was pretty unanimous:

  • Sophos commented
  • Fridrik Skulason commented
  • Vesselin Bontchev took the idea to pieces in an AVAR paper (and made some sound suggestions about alternative ways of teaching the next generation of anti-malware researchers what they need to know).

Professor John Aycock braved a hail of criticism and has attended a number of security conferences subsequently. I’ve never been able to accept the view that you have to write malware in order to understand how to detect/defeat it, but he is an intelligent and likeable man who has contributed to our understanding of the malware scene, for instance in the (now virtual) pages of Virus Bulletin.

I don’t suppose that the current vicious spate of ransomware owes much to the teaching practices of the University of Calgary. In fact, malware technology has changed so much in the meantime it’s hard to see how it could. And certainly I’ve no particular reason to suppose that any of the students who took that class lacked honesty and integrity any more than the rest of the population.

Still, there’s a certain uncomfortable symmetry in the fact that the University of Calgary has apparently just paid $20,000 CAN to a ransomware gang for decryption keys… I won’t say ‘what goes around comes around’ but I suspect there are those who will.

David Harley