Category Archives: wonk

Voting for the Man

[Originally published in the Vanuatu Daily Post’s Weekender Edition.]

The 1990s were a time that many in Vanuatu might prefer to forget. Internecine political disputes resulted in a government more changeable than the weather. Senior ministers fought a running legal and ideological battle with Ombudsman Marie-Noelle Patterson. They were so distracted that they utterly ignored the business of governing. Failure to table a budget in 1996 led the VMF to abduct President Lenelcau in order to force payment of nearly 100 million vatu in outstanding allowances. The gutting of the National Provident Fund by politicians and senior government officials brought angry rioters into the streets and resulted in widespread damage.

This culminated in a tragicomedy of errors involving huckster Amarendra Nath Ghosh, a bogus ‘world’s largest ruby’, and the issuance of illegal bonds that would have beggared the nation. The gemstone is the only thing of enduring value. It serves as a paperweight in the Ministry of Finance.

To the casual outsider, it beggars imagination that most of the people responsible for this ungodly mess still enjoy broad voter support. To many ni-Vanuatu, though, the question doesn’t even bear asking.

Continue reading

Then and Now

[This week’s Communications column for the Vanuatu Independent.]

In July 2004, the World Bank presented a report on the state of Vanuatu’s public utilities to the public.

This was a watershed moment. From that moment, the government of Vanuatu formally committed itself to a process that ultimately led to the break-up of the telecommunications monopoly and the creation of the Utilities Regulatory Authority.

The transformation since then has been nothing short of remarkable. Nobody seems to have anticipated just how widespread and immediate the effects of telecoms liberalisation would be. Some of the expectations outlined in the Infrastructure Regulatory Review appear now to be quite conservative, in some cases landing nearly outside the ballpark.

Perhaps most telling is the report’s contention that ‘low income, low population base, low urbanization and low literacy rate are characteristics which suggest that demand for telecommunications services in Vanuatu is likely to be constrained.’

Experience seems to indicate quite the opposite.
Continue reading

Filling the Cracks With Gold

[Originally published in the Vanuatu Daily Post’s Weekender Edition.]

September 2nd promises to be a bloody day, in political terms. In Vanuatu’s 9th general election, at least 334 candidates will battle for one of 52 seats in 17 different constituencies. These candidates represent over 30 political parties, many new, some old. They are opposed by the largest contingent of independent candidates ever fielded. Over 80 will run.

Port Vila voters will witness nothing short of a battle royal. Some of the most venerable names in Vanuatu politics, including ex-PMs Natapei and Korman, minister Willy Jimmy and Opposition Leader Moana Carcasses, are facing numerous serious challengers. Among the most notable contenders: Constitutional Lion Silas Hakwa, Leba president Ephraim Kalsakau, firebrand Independent Ralph Regenvanu, backroom veteran Manina Packete and the ever-popular Moses Steven. In all, 46 candidates will duke it out for 6 seats.

While some seats are safer than others, no candidate can rest easy. Nationwide, roughly 8 candidates are fighting for each available spot. Even worse than the battle to be first past the post will be the positively Byzantine post-election horse-trading that ensues. Right now, it’s hard to see how an actual working government will emerge from the carnage.

Continue reading

Mercenary, Missionary, Manager, Monarch

[Originally published in the Vanuatu Daily Post’s Weekender Edition.]

Being an honest, ethical and competent MP isn’t something that a candidate can easily stump for. That’s mostly because it’s not easy to distinguish yourself from your pathologically dishonest opponent, who’s made a career of lying to everyone, even himself. It’s a rare politician indeed that doesn’t promise to be effective and to stand up for the principles of the people he’s speaking to at the moment, whatever they may be.

Despite innumerable past disappointments, honesty, ethical behaviour and competence should be assumed. They should be right there in the job description.

Should be.

In countries the world over, the political scene attracts the same kinds: There’s the Mercenary: charismatic, mercurial, willing to say or do anything as long as the price is right. There’s the single-minded Missionary: often blinded by the brilliance of his own vision. There’s the Manager, who finds herself organising others because if she didn’t nothing would ever get done. There’s the Monarch, for whom power is an end in itself, not a job but a state of being.

All of these are required in order for a government to operate, though each in its measure. Take any one away and things break down. Allow too many of a given kind… and things break down. The chemistry of government relies as much on manoeuvrability and opportunism as it does on organisation and direction.

Continue reading

PACNOG Talk

One of the items in yesterday’s brain dump was a talk I presented to the Pacific Network Operators Group (PACNOG) at the Sebel Hotel. It’s titled ‘Network Effects: Social Significance of Mobile Communications in Vanuatu‘. It explains Network Effects and how they manifest themselves in village life, then looks at some obvious and not-so-obvious implications for network providers in the Pacific. Briefly, my point is that village life features very tight communication loops from which no one is exempt. The one-to-one (but not the one-to-many and many-to-one!) aspects of village communications will be enhanced by mobile comms, and smart network operators should do what they can to enhance this effect. The result will be that our island geography (and gestalt) creates more value per user than traditional business analysis might lead us to believe.

One of the questions that came up regularly when I asked for feedback on my talk was how people would be able to afford mobile services. Given that 5000 vatu (about USD 50) per month is not an unusual family income in the village, even topping up with 200 vatu credit (currently the smallest increment available) would be a burden, would it not? The answer is yes and no.

There’s an interesting relationship between commodity prices and agricultural production here in Vanuatu. When the price of commodities like coffee, copra and cacao rises, production actually decreases rather than increasing. The reason for this is that the need for cash in rural areas is quite limited. Once a villager earns enough to pay school fees, clothing and a few staples, there’s no more need to sell their crop. So when they can earn the same amount of money for less effort, they do so.

This is one of the factors leading to a kind of economic insulation for the average ni-Vanuatu. I wrote a bit more about other aspects of this phenomenon in this article for the Daily Post.The bottom line is that the cash economy remains small in rural Vanuatu because the cash economy is only a small part of the whole picture.

When mobile communications are introduced, the perceived need for cash increases. In the short term, this puts stress on the pocket book, but things can probably work themselves out through a nominal increase in the amount of cash being generated (e.g. through cash crops). Add to this the increased efficiencies that come hand in hand with better communications, and we’ll likely see more prosperity and economic activity – in cash terms – than less.

In other words, this is not a zero sum game.

That detail is still lost in many traditional planning processes. In fact, ignorance of this dynamic is a bigger inhibitor to growth than many other external factors. If people can’t forecast capacity properly, their estimates come out consistently low, and because products and services don’t meet the need, they don’t have the effect they’re intended to, so people don’t invest in them.

Very often, taking the last few years’ numbers and extrapolating linear growth creates a self-fulfilling prophecy in which growth remains linear only because that’s as much as it can grow. Unfortunately, it allows analysts to sit back and say, ‘See? I told you so.’

Update: Looking a little further down this continuum: Once the inherent economic elasticity in this system is used up, however, poverty sets in. An example would be people planting cash crops in places once reserved for food crops. It’s a fine line between building the cash economy and building dependence on the cash economy in such as way that a person’s outputs can’t meet their costs.

Hodge Podge

Here’s a quick and dirty list of geeky things that I’ve been stewing over recently:

  • Greg Ross’ delightfully intelligent Futility Closet features a very interesting map. Memorising it should be a pre-requisite for any technology discussion. Understanding it should be a criterion for sainthood.
  • Jan Chipchase is exploring that map. He’s a poster boy for the the new geek chic: rambling around the world, finding out how people live their lives, then trying to find ways to make technology that fits. I’d be more condescending about his rock star status, but hey, that’s mostly what I do, too. If he’s the rock star, then I’m the wandering minstrel. I suppose each of us is good for the other.
  • I say it below, but I need to set the proper emphasis here: Mobile communication devices are the application platform for the rest of the world. Power, cost, literacy, localisation and different approaches to network management (i.e. more entrepreneurial space in newborn networks than in established ones) all contribute. 2G, 3G, NG are all great, but think about SMS interfaces first. There’s a huge opportunity space there.
  • Digicel launched their mobile phone service  last week, making a bigger splash than anything I’ve seen since I arrived here.
    • Photos of the mad queuing (and a couple from the party) here.
    • They’ve done admirably in the first 90% of the job, which was getting the network up and running. Let’s see how they do on the other 90% – keeping it running.
    • I bought myself a 2000 vatu (USD 20) phone and a separate SIM card for my Motorola in order to test the service. I’d been using the Digicel service for barely two days, and when I ran out of credit, I swapped in my TVL SIM (with nearly 4000 vt credit in it) and had an important call fail 5 times in a row. I immediately put my Digicel card back in and stumped up another 1000 in credit. In less than two days, I’d come to assume that calls would actually work. This in spite of the fact that I’ve been using TVL’s services (and working closely with them on occasion) for years. I should have been inured to their level of service and surprised by the improvement that Digicel provided, but the opposite was true. Lesson: We only think about the network when it’s not working.
    • I heard rumours that Digicel had to fly a replacement generator to Ambae by helicopter on their first full day of service. The story might be a case of the Coconut Wireless running a little hot, but if it turns out to be true, I would be interested to know whether the machinery died of natural causes or of bush knife. There’s a whole article in here, but briefly stated, here’s the equation: A radio tower is of no value until it’s turned on, so nobody objects to its existence until the service starts up. From that moment on, people have something they can hold hostage, so however generous the initial agreement, there’s almost always a re-negotiation, usually with a metaphorical knife to the throat.
    • Update: I’ve also got reports of an outage in Tanna in the South. How does it go again? One is an accident, two is incompetence, three is enemy attack. Or heck, it could just be birthing pains.
    • Double Update: Turns out it wasn’t outages, per se; it was delays commissioning some of the systems. Sources with a clear view of the proceedings told me that Digicel could not have turned up their service at all even a few before the launch date – that’s how close to the wire things got. To be clear: This doesn’t reflect poorly on Digicel at all. Quite the contrary. I’ve seen projects that were trivial in comparison lose months (even years) because of minor technical or logistical problems. The fact that one or two of the generators weren’t 100% ready on the day does nothing to diminish the fact that they increased communications coverage nationally by an order of magnitude; and that, to my knowledge, is unprecedented anywhere in the Pacific since 1942.
  • On Monday at 09:00, I presented a talk to the Pacific Network Operators Group (PACNOG) at the Sebel Hotel. It’s titled ‘Network Effects: Social Significance of Mobile Communications in Vanuatu‘. It explains Network Effects and how they manifest themselves in village life, then looks at some obvious and not-so-obvious implications for network providers in the Pacific. Briefly, my point is that village life features very tight communication loops from which no one is exempt. The one-to-one (but not the one-to-many and many-to-one!) aspects of village communications will be enhanced by mobile comms, and smart network operators should do what they can to enhance this effect. The result will be that our island geography (and gestalt) creates more value per user than traditional business analysis might lead us to believe.
  • The telecom licensing regime will be opening up a little further some time before the end of the year. I need to find a way to convince local operators to take advantage of this opportunity. It won’t be easy because:
    • There are a bunch of better-funded outsiders who want in, and are willing to sit on losses in order to get market share; and
    • Capital investment for Vanuatu companies can be really, really hard. Most companies here live hand to mouth, so asking them to amortise any kind of investment is a huge demand.
    • Hopefully, the Universal Access Fund will help mitigate the problem. It’s not clear yet how it will be administered, and there will be a lot of flies buzzing around that particular pot of honey, so I’m not willing to get enthusiastic about the opportunity just yet.
  • Now that we’ve actually got the beginnings of truly nationwide communications, we need to deal with power generation. The toughest part will be hardware. See, we’ll never generate enough power to run a desktop computer in every house, and community telecentres are expensive and of limited usefulness, so we need to see how suitable things like the Asus eEe, OLPC and smart phones are to use in the islands.
    • On that front, Wan Smolbag Theatre will be getting about 25 XO laptops soon for their young people’s literacy project. Yay! They’ve also sent an eEe up to their youth center in Loltong on Pentecost island for evaluation.
    • The Mac Minis we first sent there performed in a less-than-stellar fashion due primarily to hardware problems. Even trivial problems (like a stuck CD) can take weeks or months to resolve.
    • The biggest challenge we face is the assumption that being in the tropics means we have lots of sunlight. Uh, maritime climate, anyone? Jungle? Mountains? Solar panel not work good on cloudy day under tree with no flat places. Okay, there are places in Vanuatu where solar power is fine, but unfortunately, it’s least reliable right when you need it most (e.g. hurricane season).
    • One way to mitigate power requirements (and decidedly non-trivial UI/literacy issues) is to leverage SMS-based apps as a computing platform. See above. There’s a lot of work going on in this area in India and Africa. We need to do more here. See this and this for previous rants on the subject. Must find more sponsors….
  • UNDP has finally released funds for the Vanuatu leg of the People First Network. Only 5 years late. (Yes, you read that right: 5 years.) I’ll be doing a little consulting to try to re-frame the project to reflect the changes that have occurred in the last half decade.

Somewhere in here, I eke out a living, write 2000 words a week and try to have a life. I’d love to be a rock star just like Jan and find a Daddy Warbucks to take all my mundane worries away, but I’m not starving, so I can’t complain.

Trust Works All Ways

Over the weekend, I’ve been thinking about last week’s disclosure concerning Debian’s OpenSSL package, which in effect stated that all keys and certificates generated by this compromised code have been trivially crackable since late 2006.

There’s a pretty good subjective analysis of the nature of the error on Ben Laurie’s blog (thanks, Rich), and of course the Debian crew itself has done a fairly good job of writing up the issue.

The scope of this vulnerability is pretty wide, and the ease with which a weak key can be compromised is significant. Ubuntu packaged up a weak key detector script containing an 8MB data block which, I’m told, included every single possible key value that the Debian OpenSSL package could conceivably create.

The question that kept cropping up for me is: This one-line code change apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it? Numerous exploits on Microsoft Windows would have required far more scrutiny and creativity than this one. Given the rewards involved for 0-day exploits, especially in creating platforms for cross-site scripting attacks, why is it nobody bothered to exploit this?

My hypothesis – sorry, my speculation is this: People at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn’t notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

The change itself was small, but not really obscure.  It was located, after all, in the function that feeds random data into the encryption process. As Ben Laurie states in his blog, if any of the OpenSSL members had actually looked at the final patch, they would almost certainly have noticed immediately that it was non-optimal.

In all this time, apparently, nobody using Debian’s OpenSSL package has actually (or adequately) tested to see whether the Debian flavour of OpenSSL was as strong as it was supposed to be.  That level of trust is nothing short of astounding. If in fact malware authors were guilty of investing the same trust in the software, then I’d venture to state that there’s a fundamental lesson to be learned here about human nature, and learning that lesson benefits the attacker far more than the defender:

Probe the most trusted processes first, because if you find vulnerabilities, they will yield the greatest results for the least effort.

P.S. Offhand, there’s one circumstance that I think could undermine the credibility of this speculation, and that’s if there’s any link between this report of an attack that compromised not less than 10,000 servers and the recent discovery of the Debian OpenSSL vulnerability.

Steaming Piles

I give up. I can’t support OpenOffice Write any more, and it’s nobody’s fault but their own. For anything more than simple tasks, the application is terrible. Their only saving grace is that Microsoft Office has its own brand of polished turd, named Word. Collectively, they are racing to the bottom of a decade-long decline in useability.

No, that’s too generous. The thing is, they’re at the bottom. They are useless for any but the most trivial tasks, and the most trivial tasks are better accomplished elsewhere, anyway.

Yes, I’m ranting. Let’s put this into a proper context:

I hate word processors. For any but the simplest tasks, their interfaces are utterly ridiculous. I haven’t liked a word processing interface since WordPerfect circa version 5, and if I had my own way, I’d author all my documents in either emacs or vi, depending on the circumstances.

Why do word processors suck so badly? Mostly, it’s because of the WYSIWYG approach. What You See Is What You Get, besides being one of the most ghastly marketing acronyms to see the light of day in the digital era, is ultimately a lie. It was a lie back in the early 1990s when it first hit the mainstream, and it remains a lie today. The fact of the matter is that trying to do structuring, page layout and content creation all at the same time is a mug’s game. Even on a medium as well understood as paper, it’s just too hard to control all the variables and still have a comprehensible interface.

But the real sin that word processors are guilty of is not that they’re trying to do WYSIWYG – okay it is that they’re trying to do WYSIWYG, but the way they go about it makes it even worse. Rather than insisting that the user enter data, structure it and then lay it out, they cram everything into the same step, short-circuiting each of those tasks, and in some cases rendering them next to impossible to achieve.

Learning how to write, then structure, then format a document (or even just doing each through its own interface) is easier to accomplish than the all-in approach we use today. For whatever reason, though, we users are deemed incapable of creating a document without knowing what it’s going to look like right now, and for our sins, that’s what we’ve become. And so we are stuck with word processors that are terrible at structuring and page layout as well as being second-rate text authoring interfaces. They do nothing well, and many things poorly, in no small part because of the inherent complexity of trying to do three things at once.

It doesn’t help that their technical implementation is poor. The Word document format is little better than a binary dump of memory at a particular moment in time. For our sins, OpenOffice is forced to work with that as well, in spite of having the much more parse-worthy ODF at its disposal these days.

There’s no changing any of this, of course. The horse is miles away, and anyway the barn burned down in the previous millennium. The document format proxy war currently underway at the ISO is all the evidence I need to know that I’ll be dealing with stupid stupid stupid formatting issues for years to come. I will continue to be unable to properly structure a document past about the 80th percentile, which is worse than not at all. I will continue to deal with visual formatting as my only means to infer context and structure, leaving me with very little capacity to do anything useful with the bloody things except to print them out and leave them on someone’s desk.

Maybe I’ll just stop using them at all. Maybe I’ll just start doing everything on the web and never print again.

I’m half serious about this, actually. At least on the Web, the idea that content and presentation are separate things isn’t heresy. At least on the Web, I can archive, search, contextualise, comment, plan, structure and collaborate without having to wade through steaming piles of cruft all the time.

At least on the Web, I can choose which steaming piles I step into.

I’m going to start recommending people stop using Word as an authoring medium. There are far better, simpler tools for every task, and the word processor has been appropriate for exactly none of them for too long now. Sometimes you have to destroy the document in order to save it.

Stop Bad Errors

I recently upgraded to Ubuntu 8.04, which comes with the most recent beta of Firefox 3.0. The new version of Firefox has a number of interesting features, not the least of which is a set of measures to reduce drive-by infection of PCs.

If they wander from the beaten path, people now see a big red sign warning them about so-called ‘Attack Sites’ – websites that are reported to have used various means to infect visiting systems with malicious software:

The graphic is fairly well done, but interestingly, there’s no obvious way to over-ride the warning and go to the site anyway. Not that one would want to, but it does raise the bar for circumventing this anti-rube device while raising questions about who gets to decide what’s bad and what’s good.

The ‘Get Me Out Of Here!’ button smacks of Flickr-style smarminess, sending (in my humble opinion) the wrong kind of message. Either be the police constable or be my buddy, but don’t try to be both. That’s just patronising.

I followed the second button to see how the situation would be explained to the curious. I was brought to a page providing a less-than-illuminating statement that the site in question had been reported to be infected by so-called ‘badware’.

The StopBadWare.org service tracks websites whose content has been compromised, deliberately or not, and provides data about these sites to the public in order to protect Internet users from drive-by infection. With sponsorship from Google, Lenovo, Sun, PayPal, VeriSign and others, the service is obviously viewed in the corporate community as a necessary and responsible answer to the issue of malware infection.

At the time of this writing, the Stop Badware databases listed over a quarter of a million websites as infected.

The report page itself was less than a stellar example of information presentation, especially about a security-related topic. In the top left corner is a colour-coded circle with three states:

Safe StopBadware testing has found badware behavior on this site.
Caution One or more StopBadware partners are reporting badware behavior on this site.
Badware No StopBadware partners are reporting badware behavior on this site.

So the difference between red and yellow here is not one of degree, it’s based on who reported it. Not only is this useless as a threat measurement, it sends the wrong message to people using the service, implying that there’s a distinction to be made between what Stop Badware finds out for themselves and what their partners find. By treating the sources differently, they’re inadvertently creating a distinction between gospel and rumour, implying that some sources are less reliable than others.

The report page for the domain in question is populated using the GET method, meaning that you can plug any domain name right into the address bar (if you know the URL components) and get a report on it. Unfortunately, it never occurred to the good people at Stop Badware that some might want to use this capability to check the status of an arbitrary domain. (Amusingly, this method also circumvents the captcha on the ‘official’ report page.)

When I checked the status of my own domain, I was informed that, in effect, I’d recently stopped beating my wife:

Google has removed the warning from this site.

It’s interesting when you’re faced with a sentence in which nearly every word is wrong. Google has removed the site? Where am I? Isn’t this Stop Badware? Removed the warning for this site? There never was one. And even if there was a warning at one point in time, people don’t need to be told that. This message is a bit like saying, ‘So-and-so is a great guy! He doesn’t drink at all any more.

I applaud the Stop Badware service and the concept, and I look forward to the day when someone actually does a bit of usability research for them.

P.S. Could we please do something about the term ‘badware’? It’s almost sickeningly patronising. Some might argue that terms like ‘virus’, ‘trojan’ and ‘malware’ are too arcane, but I say we should just pick one and stick with it, regardless of how accurate it actually is.

People know and (ab)use the term ‘virus’, so why don’t we get the geek-stick out of our lexical butt and just use it? It’s a virus. You’ve got a virus. Who cares what it is or how you got it. You got a virus and now your computer needs to be treated before you can use it safely again. Now, how hard was that?