Of China and tyranny of numbers

Mutahi Ngunyi has become a sort of political wizard. A sentence with the phrase tyranny of numbers is not deemed complete without the mention of his name. In his argument prior to Kenya’s march 4^th 2013 elections; he predicted the Jubilee would win the election due the greatest number of registered voters. Now the same concept used in the technology world is something people need to fear and a lot for that matter.

We are talking about the ability of online applications to handle massive traffic. Specifically we are talking about what could happen if a website receives so much traffic that its designed to handle and how we need to fear china. It’s an agreeable fact that Chinese hacker have some form rock star following. It is no wonder that the greatest number of cyber-attacks in 2013 have originated there.

Knowing the Chinese population, Assume that for some reason a website angers Chinese teenagers. All these teenagers gang up to not hack the website but simply visit it to confirm for themselves the contents of the webpages. This presents a very tricky situation as most websites I know have been built without following the due procedure. A visit by say one hundred thousand users would render a website 404(not found).

The due procedure I am talking about here is the performance of load and stress testing at the end of a development cycle. Performing these tests brings out the inevitable issues that might come up when the site is finally in production and tell the maximum number of users that can be supported concurrently. It is a procedure that should be given a priority since there is nothing more embarrassing than having a website down just because it has a lot of traffic when high traffic is all website owners’ desire.

Read more about performing load testing here in my previous post.

Think about the future with your online accounts

After my first full year in the “real world” I have managed to learn quite a number of things about users and their peculiar ways. Specifically the users here in Kenya are even more interesting bearing in mind that there is the internet penetration issue.  Forget about Facebook and twitter which these days allow people to create accounts using their phones. Or going further twitter allows one to tweet simply by sending a text message.

In the modern workplace there is a huge affinity for collaboration. People need to keep in touch in the work place and even if in one office it does make much sense to keep on moving from one side of it to another just to get some trivial information. The alternative is shouting which isn’t a very good idea. One of the tools that have come out as a silver bullet to that is Skype. The customer care team in my company use to share all sort of stuff through a group where they all are members.

Now the interesting thing is, leave for a few who have owned a Skype account prior to joining the company, most had to put the technical support team onto the task of installing the application for them. Then they go ahead and create a Skype account using the Company email. That’s where I have an issue. Maybe it’s none of my business but consider this. Is the use of Skype going to be limited to just that? Sharing information at work? Of course not. Skype is a social tool with a professional touch.  It is important to think about life after the company because the online revolution has happened and these tools will be required even after one leaves a company. Need I say that the company mail will be deactivated?

It would not be surprising if somebody opens their Facebook account using their job e-mail!

DDoS in Kenya: what you need to know

Over the last few years, Many a Kenyan government websites have been subjected to a number of attacks which have mainly been about defacing them. This can be said to be the work of an armature using published methods to proclaim their prowess in accessing private information. However such acts lead to one simple conclusion; the government is not ready to deal with a serious cyber-attack in the event that its subjected to one. Specifically I want to zero in on the specific attack called Distributed Denial of service (DDoS) attack.

When we talk about DDoS attack we are talking about a simple scenario. Assume ten people speaking to one person all the same time. This means the recipient of the information won’t be able to provide any meaningful feedback hence breaking down the communication cycle. 

In the case of the many websites that we provide vital information, I will look at the KRA tax returns. As we draw to the deadline (End of June I think) more and more people are accessing the website to file their tax returns. There are obvious flaws which mean you have to use a specific web browser despite the system being claimed to be built on the java platform which is cross platform! However let’s consider what would happen if an attacker launched a DDoS attack on the site at the URL given below.

https://mapato1.kra.go.ke/itms/.

Mind you there are more than enough motivations to be unhappy with not just KRA but many other government bodies but I wont delve into that either. This would mean people queuing at the times tower offices to submit their returns files , loss of revenue since most are business men and possibly fining in the event the deadline is surpassed as a result of the same, bearing in mind Kenyans have an insatiable appetite for deadlines.

I am not trying to undermine the efforts made by various institutions to digitize their content and putting it online. All that I am doing is ensuring that we are able to ask ourselves what’s the worst that could happen. If we can answer that questions then it’s the beginning of fear, the fear of the worst and with Kenyans getting more and more disillusioned it won’t take long before someone unleashes a mega attack. 

Therefore in order to ensure that it doesn’t happen (hopefully). In the next few weeks I will be publishing a series of articles detailing DDoS attacks; what they are, how they happen and possible ways of mitigating them. Keep an eye on the blog. 

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

Government laptops to school joining kids

Are you kidding me? Well maybe not but then again I am very skeptical of this pre-election promise made by the president and his team. Though such a noble Idea I fail to see how it will come to be and if recent promises by the political class are anything to go by.

Let’s consider some metrics which play a huge role into whether this promise will come to pass or will simply be relegated into the abyss of oblivion just like its predecessors.

In order to see where my arguments stem, we can start by looking at the recent attempt by the government to go techy. This was during the registration of voters and the eventual voting process. A lot of hype went to the procurement process with talk of transparency issues in terms of how the procurement process was handled. The registration went on fine or so we were meant to believe and that was pretty much it.  During the Election Day the kits failed like they had a common brain and IEBC had to revert to the manual voter register; so much for technology. That failure meant that a 6 billion investment was thrown down the drain and we don’t know if the kits will be viable for another voting exercise.

I have never claimed to be a numbers junkie but a few numbers are clear here. The government spend 6 billion shillings to purchase 30,000 BVR kits (which technically were never used). Whatever that averages to, I don’t wanna go there. So moving on with that math, we need to ask ourselves. How many kids join school every year in Kenya or maybe we need to ask, how many don’t, because:- the area is under attack from God knows who, they don’t have food…..basically they lack the basic  supporting amenities that warrant a smooth learning experience.

So we now are halfway the first 100 days in office and I have a number of questions for you Mr. President. Will you give laptops to starving kids?  Will you give laptops to kids when their teachers are computer illiterate? Who will teach them? (Doing a 2 week course on computer packages doesn’t guarantee computer literacy!). How do you figure the security of the kids, their teachers and the laptops will be guaranteed? This and many other questions linger in my mind and possibly many a Kenya people minds. Whether this will be implemented or not remains yet to be known but one thing is for sure whichever way you look at it. It’s not practical, not in this term or the next!

Collaboration among competitors in the tech world is inevitable

Tech wars have become somehow the norm in recent times from lands far away and even back here in the motherland. Recall how Apple sued Samsung for something I am not interested in talking about now and then Samsung sued back, or is it countersuing? eventually they both ended up paying each other which makes me wonder why didn’t they have to agree, and pay the difference in damages.  Maybe it was a grand scheme of money transfer that no one got wind of and somebody was laughing at our stupidity for following the multimillion lawsuit.

Anyway today we look at the inevitable collaboration that might need to exist among the tech giants in order for all of us to enjoy the technology products that we so love to talk about. Consider what will happen if Google decided to sue Microsoft for some reason and then they part ways in terms of doing business. Then that would mean Google chrome is provided with limited resources on windows(Just a thought). This could impact performance of chrome negatively giving it a bad image to end users. While we at it, if anyone has noticed chrome has update its right click box to reflect a more flat look(read windows 8). It’s been a fortnight since I noticed that and I wonder what’s next.

Nokia is one of the phone making giants and oracle owns Java. Nokia phones are known to support the applications build in that platform. So however much both could say that they are not working together, they actually are business partners in this sense.

My friends in the business world might beg to differ because essentially these companies provide different products . However the catch is that even if the products and services provided are different, the end point is more or less the same. The clients that they target are greatly overlapped. The significance of this is that even though the customer will use the products differently, at the end of the day they budget against a fixed amount so the question is always about what will be forgone in order to acquire the other.

Having agreed about that lets take a close look at the motherland. Different tech companies are coming in providing for products and services which have a promise to fuel the transformation of the economy into a middle income one by 2030 in line with the vision.  Safaricom for instance running its hugely successful mobile money transfer or M-KOPA providing low energy solutions to rural Kenyans.  The government is talking about e-governance; this is something it cannot achieve on its own and not by a long shot. Collaboration means ensuring that it builds its data centers in way third party providers can hook onto the data and provide it to whoever needs in a way that they need it.   

Back to the Safaricom M-kopa partnership. First a customer in rural Kenya needs to decide, “am I going to spent the night in the dark because I talked too much on the phone?” Its questions of this kind that will lead to more collaborations between tech companies in order to position themselves  strategically in the face of a changing Kenya.

Therefore in the coming days, I believe we will see more partnerships among especially the tech giants or like in the case of Google and YouTube, massive takeover’s if that means these kind of partnerships are of mutual benefit to the involved parties. Additionally I hope that the government formats its data in a way that will make it more accessible not just for scrutiny by observers but also for interested parties to disseminate it in more channels which are easy to use such as the mobile platform.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

What next for government offices using windows XP?

In a recent post here, I explored the fate of two systems whose future is certainly doomed. In a continuation of the same today I explore the extend of the effect of Microsoft’s stop of support for windows XP on government offices. Recall that the support for the operating system will stop in April 2014; this is Just a year from now.

During my campus days, I attended an attachment at a government office which is supposed to be using the latest technologies and especially when it comes to the operating system used. However at the time most of the offices’ desktop machines were still using windows XP. Also note that the machines were a mere Pentium IV. Well Maybe the Pentium thing can be understood but the use of windows XP when Vista came and went with windows 7 as the main thing is quite unacceptable.

The ramifications of using windows XP after its support has been stopped are diverse and not just to the government offices but to any other person. I have talked about this in this post but one important thing to note is that there will be new malware which will be targeting the operating system and with no patches then one would never know what they expose themselves to.

Owing to the government’s bureaucratic processes and the “it’s not my responsibility” attitude it will take such a long time to have all the systems updated. In addition if the recent events at IEBC are anything to go by then a lot is left to be desired. This will probably be another opportunity for somebody’s turn to eat and we all can simply wait and see what will happen when the Inevitable happens come April 2014. 

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

Beware of who you give access to your data

In my previous post here, I talked about how data about people stored in form of user profiles can be used against them. Using data against somebody doesn’t necessarily mean using the data to prosecute them or blackmail, or at least not in the strictest sense. The phrase is used in this context to mean whatever way that data can be used that the owner doesn’t approve of.

In expounding how users’ data can and will be used against them, I will give a small anecdote of what happened a few days ago. I own a yahoo account which I created five years ago before I joined campus. Somewhere mid campus I discarded it for obvious reason that Gmail offered a more superior service. However I didn’t burn the bridge and usually I go back to clear spam or something like that. So last week after I logged, instead of being redirected either to my mailbox or the highlights page, I was presented with a page that said I needed to authorize yahoo to duplicate my data to a server in a different country. The prompt claimed that this move was to enable for more efficient services.  Whether or not I allowed yahoo to duplicate the data they have about me is not relevant for now.

Yahoo, I would say were kind enough to state their intentions. There are a number of applications whose makers don’t care whether the users allow it or not. What they do is state somewhere in fine print that the provided data will be used in various ways. But we as users are very careless and the inclusion of Privacy policy to which one has to agree to is seen as a nuisance.

These applications mostly apply in Gmail and facebook. Consider an application that allows you to chat from anywhere. A user has to provide their username and password. Or probably when one is visiting a website and they need to comment on the page in Facebook, they have to provide their login details. In the real sense what happens is that the provision of those details is like telling the application to login on the user’s behalf.

What users miss out from such a feature is that somewhere in very small fonts, there is a variant of this statement, “we will use your data as we please”.

I have nothing against Skillpages, but while we are at it , I think that’s the lack of innovation. We have LinkedIn etc, why should anyone be registered to Skillpages? Anyway, late last year I got an email from somebody I didn’t expect to send me an email. It turned out they were inviting me to join skillpages. But we weren’t in good terms so I had to ask why they cared which sites I registered. I embarrassed myself because they said they had not done such a thing.

The blame goes entirely to skills pages. When a user registers from a link inside Gmail then all their contacts are imported and an email is sent to each one inviting them to skillPages. Not everyone in the contacts list fancies social sites.

As I pen off I just wanna remind everyone out there. Under any site where users have to create an account, there is always a section called privacy settings. From there, applications access to personal data can be controlled or even denied all together.

Let’s not enjoy the fruits of the information society while putting our reputation at risk. It is precarious that I haven’t talked about data being used to steal money from your bank account because that has been talked about before. I emphasize on handling ones data in a way that it keeps one reputation at check. This is because in the coming days reputation will be have more worth than money!!!

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.