Archive for November, 2007
Arctic Monkey Jag
Friday, November 30th, 2007
I’ve been on a bit of an Arctic Monkeys jag these last two weeks. It all started innocently enough, with Radio Paradise playing Scummy. Nestled between their colloquial, witty lyrics and candy-punk instrumentation, I found myself in a pleasant place. The songs, their content and the band’s populism-without-compromise make me wonder if the lead singer isn’t the bastard love child of Elvis Costello and Chrissie Hynde.
Most of all, I find immense comfort in the idea that kids these days still like my music.
An Immodest Proposal
Thursday, November 29th, 2007
When I stop to think about it, the prospect of improving communications here in Vanuatu seems an almost insurmountable problem. At the best of times, it feels like a labour of love. At other times it’s more reminiscent of wading chest deep through a vat of Jell-o.
Everything moves at an infuriatingly slow pace, a pace made worse by a general inclination to stay on the well-trodden path. Now, this desire to stick to so-called safe ground is born of bitter experience. In all aspects of our development, available resources are as tiny as the logistical problem is large. The cost of failure is disproportionately high, too. Mistakes made by headstrong or naive advisors sometimes take us years to recover from.
And yet…. And yet there are times when this risk-averse behaviour comes at a cost higher than failure. One sometimes wishes that our leaders would be just a little bolder, that they would accept that nothing in this world is certain, and that gambling on good odds is sometimes the best alternative. It’s difficult, to say the least, to find a balance between folly and commitment, especially when the political landscape can change at the drop of a hat.
It’s only with the greatest regret, therefore, that we are forced to accept that improvements in communications and access to information in Vanuatu will happen in increments. Often enough, the best we can do is work to mitigate the worst effects of incursions from the outside world.
Viewed in this light, the changes appearing on the horizon today are truly epochal. Within a very short time, we will see mobile service begin to reach far out into the islands. There’s a strong possibility that we might see nominal levels of Internet service there as well.
While it may seem piddling in the context of the revolutionary growth in communications technology in the outside world, we really do have reason to be grateful to those individuals who are behind this historic process. There is a quantum difference between no communications and any at all. Even the most basic improvement from a baseline that started at nothing is truly a vast leap.
Perhaps the most heartening aspect of this process is the knowledge that access to communications – no matter how basic – allows us to trade on the one resource we have in abundance. A knowledge economy is driven by brains. It’s driven by the wisdom, intelligence and enthusiasm that exist in every one of us.
So let’s apply a little bit of that now, and imagine what we could achieve with even these limited gains. Within the next twelve months, we’re going to see mobile service begin to roll out in areas that had little or nothing before. We’ll see pricing structures that should make it possible for those with even the most limited income to buy a mobile – or at least use one on a regular basis. And with a little creativity, we can achieve a lot with this capability.
Elsewhere in the developing world, people are using mobile phones in ways that no one could have foreseen. In Kenya, for example, a simple combination of circumstances has created an entirely new economy. The major mobile service providers there allow people to top up their credit through the mobile service itself. One calls a certain number, provides bank card and PIN numbers to an automated service, and selects the amount of credit to purchase.
If we were to do this in Vanuatu, life would become immensely easier, at least where communications are concerned. There would be no more long walks to the nearest store to purchase credit, no more saving for weeks to buy another phone card. No more living at the mercy of predatory businesses charging well over the market rate because they have the only phone in the village.
But these are just the immediate effects of a simple service change. Combined with others, a great deal more is possible. Another aspect of mobile service in Kenya is that phone credit is transferable between mobile subscribers. High crime rates make carrying cash extremely dangerous for Kenyans, so they’ve taken to using their mobile phone credit as an impromptu currency. People pay small debts, even make purchases, simply by transferring credit from one account to another.
In a small cash economy like Vanuatu’s, this could be revolutionary. Just imagine how useful it could be. Small purchases, gifts and payments that took hours or even days before could be replaced by a few moments spent tapping at the keys.
And what about the value of the credit itself? Would it be discounted or debased in any way? Experience in Kenya tells us that it probably won’t. Phone credit retains its value, so modest sums could be translated into cash with the same ease: A friend passes you a few hundred vatu, and you transfer equal credit to their account. The only additional cost is the price of a single SMS.
TVL have indicated informally that they are very interested in the possibilities that this scenario presents. Recent improvements in their service offerings give every indication that they’re not just paying lip service to the idea. In fact, some people have indicated that, with a little cooperation from the banking sector, people could transfer real cash using their mobiles using something known as SMS banking.
Taking this next step would require some effort from our national banks, because right now, virtually no one in the islands has a bank card. Few even have accounts. Indeed, stories have appeared in the newspapers concerning certain individuals who have literally millions of vatu rolled up in wads of old, rotting bills hidden about the house. While the amount of currency transacted per individual would likely remain small, even modest transaction fees would likely have a noticeable effect on the banks bottom lines.
But even if the banks decided to forego profiting directly from this new economic activity, they would still benefit immensely from the secondary economic effects. An increase in the number of cash transactions between the tens of thousands of people who are, as of now, completely missing from Vanuatu’s cash economy can only be beneficial.
And lest we forget our history, consider how smoothly this would tie into kastom economy. Existing kastom banks in Pentecost and elsewhere would have the capability to translate mats, pigs, shells and other valuables into cash, and vice versa.
The beauty of this scenario is that it works in the smallest increments. In a country where it’s not unusual for a family to have a monthly income of less than five thousand vatu, being able to transfer wealth in increments as small as twenty, fifty or a hundred vatu would be nothing less than a godsend.
There are drawbacks in this idea, to be sure. There’s always the potential that certain unscrupulous operators might choose to game the system, or that some will abuse their advantage – in this case, owning a mobile or having a bank card – by profiting from those who remain without.
It’s also possible that the cost of implementing such a system would be too high. The individual transactions must remain small in order for enough people to participate, and we might find that we just can’t slice things thin enough to operate at a scale sufficient to sustain it.
Implementation costs would certainly be small; these services already exist elsewhere, so it’s not like we’d have to build them from scratch. Nonetheless, there will be costs involved, and it’s possible that the already heavy burden of offering any service at all might prove to onerous to allow this extra weight.
But the biggest liability is fear. Fear of the unknown, the unwillingness to take on a little risk for a huge gain.
The ideas expressed in this column may not be perfect. Some may even scoff at such a preposterous proposal. But Vanuatu’s situation is unique in this world. We simply cannot operate exactly as others do. And if we don’t apply a little ingenuity to improving our lot in life, the dream of a prosperous, unified Vanuatu will be forever deferred.
P.S. For those of you who outside Vanuatu: 1 vatu is roughly equal to 1 US cent. So the 5000 vatu mentioned in the article is about USD $50 – a not-unusual monthly household income in the islands.
Leaving
Thursday, November 29th, 2007
Well, we’ve left the Banks. We’re now in Port Vila. Where we go next… dunno.
Liz’s project came to a not-entirely-unexpected end. The Bislama word “bagarap” seems to sum its final stages quite well. I won’t say much about it just yet.
We’ve gone back to Vanua Lava for two weeks before finding out this was over. We spent a manic week with the edges of a cyclone hitting us from over in the Solomon Islands, the cat giving birth to five pikininis, and the waves coming all the way up to the house (incidentally spoiling my mint, oregano and ginger), and left yesterday – all the trucks were broken so we ended up going to the airport by boat, which seemed appropriate! and we had perfect weather on the way to Santo, so the pilot took us around the Gaua volcano.
We’re pretty tired. Not sure what we’ll be doing. Nice to have a hot shower and food that doesn’t come from tins. Please don’t send any more mail (sorry Hagai!). All the books and stuff were much, much appreciated.
In writing news I did finish the novella and a Martian Sands draft. I sold a story to Aeon (who doubled their pay rate, incidentally, which is nice). I’m working on a new short story and moving on with a new novel. There’s other bits and bobs but, right now, I think I’ll go to bed…
Halo Talofa Bonjour
Tuesday, November 27th, 2007
Halo, ariké, bozu, talofa, malo te mauli, tena koutou, salut tout le monde,
Ce blog ramasse écritures, récits et articles sur la communauté francophone actuelle du Vanouatou-Vanuatu indépendant (et la présence française aux anciennes Nouvelles Hébrides-New Hebrides), ainsi que mes expériences de métis océanien en Australie, aux Samoa, et dans d’autres îles du Grand Océan.
This blog [...]
SPAM
Thursday, November 22nd, 2007
[NOTE: Because the subject matter of most SPAM is not fit for polite company, the author has provided more polite substitutions in the interests of furthering an open and thoughtful discussion of the subject.]
VITUS attended a meeting yesterday concerning SPAM. Sponsored by AusAID, a consultation process is under way throughout the Pacific region to address the issue of unwelcome email and other forms of electronic garbage.
We all know what SPAM is – the definition is simple. It’s stuff you don’t want in your inbox. It’s unwelcome, often unpleasant and sometimes outright useless. To you, that is. But to some, unfortunately, it has an irresistible allure. It offers them things they want, but might be too ashamed to obtain by other means.
Men often worry, for example, that they have small IQs, or that their brain cell count is too low, or that they can’t think as long and hard about something as they might like to.
It’s difficult to talk about intellectual matters, especially in public. So men who really should know better sometimes respond to the promise of assistance that they feel they so urgently require. Or perhaps they feel perfectly adequate, and simply want to find websites featuring men and women engaging in philosophical debates. The screaming subject lines in these junk messages provide constant temptation, and ultimately prove to be irresistible.
The problem of junk messages in our networks and computer systems is a great deal bigger than you might imagine. Industry experts estimate that SPAM currently accounts for between 50 and 75% of all the email on the Internet today. That is a huge number. Every day, not less than two billion email messages pass through the Internet. That means that, every day, people are using various nefarious means to send at least a billion new messages, exhorting us to buy stocks or medicines, to increase our IQ size or to visit intellectually gratifying websites.
Why does this practice persist? Because it only takes one small-minded man in 10,000 to click on the link in these advertisements, to send money in order to increase his IQ size. If there are 1 billion new spam messages every day, and one person in 10,000 actually clicks on them, that’s still 100,000 people sending money to increase their thought capacity every day. SPAM is big business.
But isn’t SPAM terribly inefficient? I mean, half of the population doesn’t even have an IQ, so why send email to them at all? The short answer is that the spammers don’t pay for our email, so they don’t care. They’re playing the numbers. It takes more time to build a proper list of potential chess club members than it does to simply toss out a few million email messages and rely on the laws of probability to guarantee the return. By their standard, it only takes one person in Vanuatu to click on a SPAM link in order to justify every single person in the nation receiving a copy of the message.
For legitimate companies, the Internet can be a difficult place to do business. There are real problems of trust, some of them created because no one – besides the odd intellectually inadequate fool – actually believes what they read in their email any more. It makes sense therefore to try to find a way to define acceptable behaviour on the Internet. It makes sense as well to provide the means to stop all those who abuse our patience, our values and our Internet accounts with their electronic garbage.
What Australia is proposing is that we create new anti-SPAM legislation in nations throughout the Pacific, and that we harmonise our efforts around existing Australian law. Australia defines SPAM as unwelcome commercial communications through electronic media, so it would cover blog SPAM, SMS SPAM, fax SPAM and numerous other less popular but equally troubling means of transmission.
There are differences between what is considered unwelcome in Vanuatu and Australia. Any law dealing with SPAM would doubtless have to contain a definition that does not make it illegal do things like circulate a fund-raising notice, or ask for donations to support the numerous community-level undertakings whose only support is at the family and village level.
The proposal VITUS heard yesterday included measures to try to stop the people who help spammers, too. In Australian law, if you use or sell software that harvests email addresses that are then used for SPAM, you can face stiff penalties as well.
While it makes sense in this case to penalise the team rather than just the player, it’s not clear that this measure serves its purpose. The biggest problem is that it’s almost impossible to tell the difference between a normal web crawler (like Google) and a web crawler that’s being used to harvest email addresses. In fact, if I were a spammer, I could easily disguise my address harvester to look exactly like Google’s web crawler to any but the most determined investigator.
What’s more, there are a ton of really good uses for software that gathers information from the Internet. There’s a whole movement afoot right now to share Internet-based information more often and more widely, to make use of community-based approaches that we discussed a month ago in a column entitled ‘The Wisdom of Crowds’. Vanuatu could particularly benefit from this approach to Internet use because it aligns so well with 3000 years of kastom. Anything we do to call such behaviour into question might prove inconvenient at best, and possibly quite undesirable.
Will there ever be a day when we can open our inboxes and find only email we asked for? Possibly, but it would take a fair amount of work.
Let’s assume we decide to act. We would need to write legislation that outlaws SPAM, giving our regulatory bodies the tools they need to ensure that spammers never thrive in this country, or indeed anywhere in the Pacific. We would need to require our Internet Service Providers to create and enforce Acceptable Use Policies. Most importantly of all, we would need to engage with the community, and take the time to educate all computer users about SPAM, how to identify it and how to block it.
All of these measures are useful, but let’s be realistic. While a small amount of SPAM is generated locally (though unwittingly) by PCs that have been taken over by malicious software, the problem is an international one. We have SPAM because people abuse the way the entire system was designed.
Email works in a trusting environment. It’s as if you rock up to someone’s house and, as long as you know their name (even if you just guess it right), you can toddle through the gate and leave whatever package you like inside. If someone asks you who the parcel is from, you can make up any name you like. That process might work fine in Vanuatu, where everybody knows each other, but it quickly falls apart in an Internet with millions of people.
It really is a security disaster. But the only thing worse than our current email system is the alternative. A closed, locked down and verified system with checks and balances would be good for some purposes, but it would cease to be part of the Internet. It would be cumbersome, slow, inefficient, expensive and ripe for abuse by people in positions of authority.
Indeed, most legal and technical solutions to SPAM are worse than the problem itself. Legislation and regulation are useful tools for placing limits on human behaviour, and police or other authorities are sometimes needed to enforce those rules. But ultimately, what a society considers to be tabu or okay is dictated at the community level. No amount of legislation will ever change that.
If Vanuatu wants to get serious about reducing SPAM, the path is clear: We put our heads together and start hashing out what’s acceptable and what’s not, then we work together to make sure that we support and encourage everyone to act respectfully and as good community members. Same as we’ve been doing with every other problem that’s cropped up these last 3000 years.
P.S. I’m about to go and discuss this over a light meal at the Australian High Commissioner’s Residence. Yes, we are having a SPAM luncheon.
Dear Lazyweb
Tuesday, November 20th, 2007
I’m pondering whether or not I should buy a used Mac iBook laptop that’s on offer. It’s a 1GHz G4 with 512MB RAM and (I believe) a 40GB HD, very well-priced (for Vanuatu). The use case is a little word processing, multimedia at home with an external monitor, and the odd Sunday morning spent diddling around on our wireless network as I sip my coffee.
I’m not concerned too much with performance, as long as it’s not dog-slow, but I would like to hear from those of you who’ve lived with iBooks or MacBooks in the past about what to expect. Software availability is also a concern, given that it’s not Intel. Likewise, any advice on the transition from Linux to Mac would be appreciated.
Support, of course, is non-existent. Or, to be precise, it’s me.
So: Should I buy it?
Ghost in the Machine
Monday, November 19th, 2007
In the most recent RISKS mailing list digest, Peter Neuman includes a brief article by Adi Shamir describing a method of exploiting minor faults in math logic to break encryption keys in a particular class of processor.
Titled Microprocessor Bugs Can Be Security Disasters, the article makes an interesting argument. In fairly concise terms, Shamir outlines an approach that quickly circumvents much of the hard work in breaking private keys, no matter how heavily encrypted. He uses the RSA key encryption method in his example, probably out of humility. With even my limited knowledge of mathematics, I was able to follow the broad strokes of the approach.
Put most simply, if you know there is a math flaw in a particular kind of processor, then you can exploit that by injecting ‘poisoned’ values into the key decryption process. By watching what happens to that known value, you can infer enough about the key itself that you can, with a little more math, quickly break the private key.
And of course, once you’ve got someone’s private key, you can see anything that it’s been used to encrypt.
This is in some ways a new twist on a very old kind of attack. Code breakers have always exploited mechanical weaknesses in encryption and communications technology. During the Second World War, code breakers in the UK learned to identify morse code transmissions through the radio operator’s ‘hand’ – the particular rhythm and cadence that he used. This sometimes gave them more information than the contents of the communications themselves. Flaws in the Enigma coding machines allowed the Allies to break the device some time before Alan Turing and his early computers got their ‘Bombe’ computer working efficiently:
One mode of attack on the Enigma relied on the fact that the reflector (a patented feature of the Enigma machines) guaranteed that no letter could be enciphered as itself, so an A could not be sent as an A. Another technique counted on common German phrases, such as “Heil Hitler” or “please respond,” which were likely to occur in a given plaintext; a successful guess as to a plaintext was known at Bletchley as a crib. With a probable plaintext fragment and the knowledge that no letter could be enciphered as itself, a corresponding ciphertext fragment could often be identified. This provided a clue to message keys.
These days, computing processors and encryption are used in almost every aspect of our lives. The risks presented by this new class of attack are outlined in fairly plain English by Shamir:
How easy is it to verify that such a single multiplication bug does not
exist in a modern microprocessor, when its exact design is kept as a trade
secret? There are 2^128 pairs of inputs in a 64×64 bit multiplier, so we
cannot try them all in an exhaustive search. Even if we assume that Intel
had learned its lesson and meticulously verified the correctness of its
multipliers, there are many smaller manufacturers of microprocessors who may
be less careful with their design. In addition, the problem is not limited
to microprocessors: Many cellular telephones are running RSA or elliptic
curve computations on signal processors made by TI and others, FPGA or ASIC
devices can embed in their design flawed multipliers from popular libraries
of standard cell designs, and many security programs use optimized “bignum
packages” written by others without being able to fully verify their
correctness. As we have demonstrated in this note, even a single (innocent
or intentional) bug in any one of these multipliers can lead to a huge
security disaster, which can be secretly exploited in an essentially
undetectable way by a sophisticated intelligence organization.
I’m surprised that I haven’t seen much concern voiced about this class of attacks. Maybe I just hang out with an insufficiently paranoid crowd….
My Hero
Monday, November 19th, 2007
“If God, as they say, is homophobic, I wouldn’t worship that God.” – Archibishop Desmond Tutu
