About once a month or so, I’m tempted to dump 25 bucks on Flickr to upgrade to a ‘Pro’ account, just so I can plop more than 200 photos into that particular bucket. I admit I’ve been on the cusp a couple of times.
But I never do. The plain fact is that Flickr is a terrible photo viewing interface.
[This week’s Communications column for the Vanuatu Independent.]
[Yes, it’s a re-hash of this rant. ed.]
As a computer geek, I’m supposed to be suffused with enthusiasm and excitement over the features of the latest software. By rights, I should be the one carrying the techno-tablets down from the mountain, telling you how the latest in frobnalising ephemetry is going to change everyone’s life. I’m the one supposed to show you where to sign up and what to do with it once you’ve got it.
I have a confession to make: I hate most software.
90% of software is crap. As author Theodore Sturgeon famously said, that’s because 90% of everything is crap.
I save a particular loathing for word processors. For any but the simplest tasks, their interfaces are utterly ridiculous. I haven’t liked a word processing interface since WordPerfect circa version 5, which ran on DOS (remember DOS?). If I had my own way, I’d still be using it.
Timor-Leste’s tortuous history since the mid-1970s is a sad chronicle, alternately agonising and enraging. Even its high points seem to be characterised more by pride than joy. None of them end very well, and those few that do… well, one senses that they are unfinished, unresolved.
One of the most striking individual stories is that of Major Alfredo Reinado. Respected by all and lionised by many, he died during a 2008 firefight that erupted at the residence of President Jose Ramos Horta. The President was gravely injured during the attack and spent months convalescing in Australia.
On the same morning, Prime Minister Xanana Gusmao, riding in a three car convoy with his security detail, was shot at on the road to Dili. This attack was perpetrated by Alfredo’s second-in-command, Gastão Salsinha.
Reports of the incident characterised it alternately as an assassination attempt, an abortive coup and as a meeting between the rebel leader and the President that went tragically awry.
Hundreds of people attended the Major’s funeral. Ramos Horta publicly forgave him and, far from vilifying him for his role in the turmoil that displaced as many as 150,000 people, most people remember him as a patriot and a hero.
Horse traders in Ireland famously spit into their palms before shaking hands to seal a deal. A great deal of spitting goes on in Vanuatu-style horse trading, but it’s almost all kava-induced.
Almost all.
The political scene here is small enough that everyone knows each other. In some cases, this acquaintance borders on respect, even camaraderie. But in a few cases, familiarity has bred a special kind of contempt. As potential coalition line-ups are considered, the question, often enough, is which players are capable of sitting together in the same room long enough to agree about anything.
The very first election results are starting to trickle in. They’re very preliminary, incomplete and subject to change.
This is gossip, not reporting.
Final Update: Okay, it’s time to call it a day on this thread. I’ve been cross-referencing sources all over town, and the only thing that’s clear is that nothing is clear. The electoral office is not releasing numbers, and until they do there’s just too much inaccuracy – some of it certainly agenda-driven – to rely on at all. I won’t suggest you completely disregard what lies below; just take it all with a bucketful of salt.
(Update: Note that this page seems to contradict the previous. Ralph’s site was down just a little while ago, so they might have reverted to an earlier version to get the site back online. One source told me that they kept updating until late into the night, but ultimately left off. I take this to mean that his site is not at all accurate at the moment. Only goes to show that everything we say about the results at this stage is nearly pure speculation.)
(‘Nother update: I’ve talked to a few more people, and though minor details vary, the numbers in the first link appear to be indicative of the situation, if not perfect in detail. Candidate names, as compared with three other sources, seem to be more or less correct, and increasingly complete. Just got feedback from someone who’s a bit of an authority on this stuff, and apparently there are some significant discrepancies in the list above. Unfortunately, there is no canonical site for this, and little authoritative information online anywhere. That doesn’t change much of the prognostication below, however.)
(September 4, 08:00: Updated yet again to reflect new information and comments below.)
As the passing of a single day has shown, it’s remarkably easy to be wrong about even larger details. This article is starting to look like wikipedia in the middle of an edit war, but I’ll not be removing details, no matter how embarrassing to me. I feel that this is the best testament to the fluidity of the situation, and perhaps the most persuasive argument possible for greater transparency and information sharing.
My back-of-the-napkin analysis is getting rather long-winded, but I’m not (yet) willing to split it out into separate posts, so I’ll push it below a cut. Many more details follow….
This week’s column for the Daily Post is about Vanuatu’s imminent general election, to be held on September 2nd. In the course of researching this country’s political and electoral history, I found far more than I could reasonably fit into a spartan 850 words. So here’s a rambling brain dump about some of the more interesting peculiarities Vanuatu’s electoral landscape….
[This week’s Communications column for the Vanuatu Independent.]
In July 2004, the World Bank presented a report on the state of Vanuatu’s public utilities to the public.
This was a watershed moment. From that moment, the government of Vanuatu formally committed itself to a process that ultimately led to the break-up of the telecommunications monopoly and the creation of the Utilities Regulatory Authority.
The transformation since then has been nothing short of remarkable. Nobody seems to have anticipated just how widespread and immediate the effects of telecoms liberalisation would be. Some of the expectations outlined in the Infrastructure Regulatory Review appear now to be quite conservative, in some cases landing nearly outside the ballpark.
Perhaps most telling is the report’s contention that ‘low income, low population base, low urbanization and low literacy rate are characteristics which suggest that demand for telecommunications services in Vanuatu is likely to be constrained.’
Experience seems to indicate quite the opposite.
Continue reading
One of the items in yesterday’s brain dump was a talk I presented to the Pacific Network Operators Group (PACNOG) at the Sebel Hotel. It’s titled ‘Network Effects: Social Significance of Mobile Communications in Vanuatu‘. It explains Network Effects and how they manifest themselves in village life, then looks at some obvious and not-so-obvious implications for network providers in the Pacific. Briefly, my point is that village life features very tight communication loops from which no one is exempt. The one-to-one (but not the one-to-many and many-to-one!) aspects of village communications will be enhanced by mobile comms, and smart network operators should do what they can to enhance this effect. The result will be that our island geography (and gestalt) creates more value per user than traditional business analysis might lead us to believe.
One of the questions that came up regularly when I asked for feedback on my talk was how people would be able to afford mobile services. Given that 5000 vatu (about USD 50) per month is not an unusual family income in the village, even topping up with 200 vatu credit (currently the smallest increment available) would be a burden, would it not? The answer is yes and no.
There’s an interesting relationship between commodity prices and agricultural production here in Vanuatu. When the price of commodities like coffee, copra and cacao rises, production actually decreases rather than increasing. The reason for this is that the need for cash in rural areas is quite limited. Once a villager earns enough to pay school fees, clothing and a few staples, there’s no more need to sell their crop. So when they can earn the same amount of money for less effort, they do so.
This is one of the factors leading to a kind of economic insulation for the average ni-Vanuatu. I wrote a bit more about other aspects of this phenomenon in this article for the Daily Post.The bottom line is that the cash economy remains small in rural Vanuatu because the cash economy is only a small part of the whole picture.
When mobile communications are introduced, the perceived need for cash increases. In the short term, this puts stress on the pocket book, but things can probably work themselves out through a nominal increase in the amount of cash being generated (e.g. through cash crops). Add to this the increased efficiencies that come hand in hand with better communications, and we’ll likely see more prosperity and economic activity – in cash terms – than less.
In other words, this is not a zero sum game.
That detail is still lost in many traditional planning processes. In fact, ignorance of this dynamic is a bigger inhibitor to growth than many other external factors. If people can’t forecast capacity properly, their estimates come out consistently low, and because products and services don’t meet the need, they don’t have the effect they’re intended to, so people don’t invest in them.
Very often, taking the last few years’ numbers and extrapolating linear growth creates a self-fulfilling prophecy in which growth remains linear only because that’s as much as it can grow. Unfortunately, it allows analysts to sit back and say, ‘See? I told you so.’
Update: Looking a little further down this continuum: Once the inherent economic elasticity in this system is used up, however, poverty sets in. An example would be people planting cash crops in places once reserved for food crops. It’s a fine line between building the cash economy and building dependence on the cash economy in such as way that a person’s outputs can’t meet their costs.
The rain drives the tourists off the sidewalks, diminishes the Pacific to a neighbourly size, and melts all my plans like ice cream.
I open the paper and read a wandering, questing letter about the ‘beautiful, innocent people of Vanuatu‘, and ache a little because it’s so nearly true.
In the wall-high mirror, a woman spins her Mickey Mouse umbrella, angles it into the wind, and passes the doorway humming. Her vibrant purple and white island dress is garlanded with ribbons and bows.
An obese Hyundai motor coach lumbers to a halt beside the cafe. Emblazoned in heavy capitals along its side: ADVENTURES IN PARADISE. There is no one on board.
I wrote those paragraphs back in 2003. I’d just arrived in Vanuatu, and was trying to express my first inklings of the nature of the people and the place.
The beauty of Vanuatu and its people has worked itself into the very fibre of my being. The ability to remain gracious and smiling through the most arduous circumstances, to snap out a bawdy joke without missing a beat, to remain impassive in the face of gross affront – these aspects of the national character have impressed, confounded and ultimately seduced me.
But this is no one’s Paradise. Nor will it ever be.
Over the weekend, I’ve been thinking about last week’s disclosure concerning Debian’s OpenSSL package, which in effect stated that all keys and certificates generated by this compromised code have been trivially crackable since late 2006.
There’s a pretty good subjective analysis of the nature of the error on Ben Laurie’s blog (thanks, Rich), and of course the Debian crew itself has done a fairly good job of writing up the issue.
The scope of this vulnerability is pretty wide, and the ease with which a weak key can be compromised is significant. Ubuntu packaged up a weak key detector script containing an 8MB data block which, I’m told, included every single possible key value that the Debian OpenSSL package could conceivably create.
The question that kept cropping up for me is: This one-line code change apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it? Numerous exploits on Microsoft Windows would have required far more scrutiny and creativity than this one. Given the rewards involved for 0-day exploits, especially in creating platforms for cross-site scripting attacks, why is it nobody bothered to exploit this?
My hypothesis – sorry, my speculation is this: People at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn’t notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.
The change itself was small, but not really obscure. It was located, after all, in the function that feeds random data into the encryption process. As Ben Laurie states in his blog, if any of the OpenSSL members had actually looked at the final patch, they would almost certainly have noticed immediately that it was non-optimal.
In all this time, apparently, nobody using Debian’s OpenSSL package has actually (or adequately) tested to see whether the Debian flavour of OpenSSL was as strong as it was supposed to be. That level of trust is nothing short of astounding. If in fact malware authors were guilty of investing the same trust in the software, then I’d venture to state that there’s a fundamental lesson to be learned here about human nature, and learning that lesson benefits the attacker far more than the defender:
Probe the most trusted processes first, because if you find vulnerabilities, they will yield the greatest results for the least effort.
P.S. Offhand, there’s one circumstance that I think could undermine the credibility of this speculation, and that’s if there’s any link between this report of an attack that compromised not less than 10,000 servers and the recent discovery of the Debian OpenSSL vulnerability.