Of China and tyranny of numbers

Mutahi Ngunyi has become a sort of political wizard. A sentence with the phrase tyranny of numbers is not deemed complete without the mention of his name. In his argument prior to Kenya’s march 4^th 2013 elections; he predicted the Jubilee would win the election due the greatest number of registered voters. Now the same concept used in the technology world is something people need to fear and a lot for that matter.

We are talking about the ability of online applications to handle massive traffic. Specifically we are talking about what could happen if a website receives so much traffic that its designed to handle and how we need to fear china. It’s an agreeable fact that Chinese hacker have some form rock star following. It is no wonder that the greatest number of cyber-attacks in 2013 have originated there.

Knowing the Chinese population, Assume that for some reason a website angers Chinese teenagers. All these teenagers gang up to not hack the website but simply visit it to confirm for themselves the contents of the webpages. This presents a very tricky situation as most websites I know have been built without following the due procedure. A visit by say one hundred thousand users would render a website 404(not found).

The due procedure I am talking about here is the performance of load and stress testing at the end of a development cycle. Performing these tests brings out the inevitable issues that might come up when the site is finally in production and tell the maximum number of users that can be supported concurrently. It is a procedure that should be given a priority since there is nothing more embarrassing than having a website down just because it has a lot of traffic when high traffic is all website owners’ desire.

Read more about performing load testing here in my previous post.

Think about the future with your online accounts

After my first full year in the “real world” I have managed to learn quite a number of things about users and their peculiar ways. Specifically the users here in Kenya are even more interesting bearing in mind that there is the internet penetration issue.  Forget about Facebook and twitter which these days allow people to create accounts using their phones. Or going further twitter allows one to tweet simply by sending a text message.

In the modern workplace there is a huge affinity for collaboration. People need to keep in touch in the work place and even if in one office it does make much sense to keep on moving from one side of it to another just to get some trivial information. The alternative is shouting which isn’t a very good idea. One of the tools that have come out as a silver bullet to that is Skype. The customer care team in my company use to share all sort of stuff through a group where they all are members.

Now the interesting thing is, leave for a few who have owned a Skype account prior to joining the company, most had to put the technical support team onto the task of installing the application for them. Then they go ahead and create a Skype account using the Company email. That’s where I have an issue. Maybe it’s none of my business but consider this. Is the use of Skype going to be limited to just that? Sharing information at work? Of course not. Skype is a social tool with a professional touch.  It is important to think about life after the company because the online revolution has happened and these tools will be required even after one leaves a company. Need I say that the company mail will be deactivated?

It would not be surprising if somebody opens their Facebook account using their job e-mail!

DDoS in Kenya: what you need to know

Over the last few years, Many a Kenyan government websites have been subjected to a number of attacks which have mainly been about defacing them. This can be said to be the work of an armature using published methods to proclaim their prowess in accessing private information. However such acts lead to one simple conclusion; the government is not ready to deal with a serious cyber-attack in the event that its subjected to one. Specifically I want to zero in on the specific attack called Distributed Denial of service (DDoS) attack.

When we talk about DDoS attack we are talking about a simple scenario. Assume ten people speaking to one person all the same time. This means the recipient of the information won’t be able to provide any meaningful feedback hence breaking down the communication cycle. 

In the case of the many websites that we provide vital information, I will look at the KRA tax returns. As we draw to the deadline (End of June I think) more and more people are accessing the website to file their tax returns. There are obvious flaws which mean you have to use a specific web browser despite the system being claimed to be built on the java platform which is cross platform! However let’s consider what would happen if an attacker launched a DDoS attack on the site at the URL given below.

https://mapato1.kra.go.ke/itms/.

Mind you there are more than enough motivations to be unhappy with not just KRA but many other government bodies but I wont delve into that either. This would mean people queuing at the times tower offices to submit their returns files , loss of revenue since most are business men and possibly fining in the event the deadline is surpassed as a result of the same, bearing in mind Kenyans have an insatiable appetite for deadlines.

I am not trying to undermine the efforts made by various institutions to digitize their content and putting it online. All that I am doing is ensuring that we are able to ask ourselves what’s the worst that could happen. If we can answer that questions then it’s the beginning of fear, the fear of the worst and with Kenyans getting more and more disillusioned it won’t take long before someone unleashes a mega attack. 

Therefore in order to ensure that it doesn’t happen (hopefully). In the next few weeks I will be publishing a series of articles detailing DDoS attacks; what they are, how they happen and possible ways of mitigating them. Keep an eye on the blog. 

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

Government laptops to school joining kids

Are you kidding me? Well maybe not but then again I am very skeptical of this pre-election promise made by the president and his team. Though such a noble Idea I fail to see how it will come to be and if recent promises by the political class are anything to go by.

Let’s consider some metrics which play a huge role into whether this promise will come to pass or will simply be relegated into the abyss of oblivion just like its predecessors.

In order to see where my arguments stem, we can start by looking at the recent attempt by the government to go techy. This was during the registration of voters and the eventual voting process. A lot of hype went to the procurement process with talk of transparency issues in terms of how the procurement process was handled. The registration went on fine or so we were meant to believe and that was pretty much it.  During the Election Day the kits failed like they had a common brain and IEBC had to revert to the manual voter register; so much for technology. That failure meant that a 6 billion investment was thrown down the drain and we don’t know if the kits will be viable for another voting exercise.

I have never claimed to be a numbers junkie but a few numbers are clear here. The government spend 6 billion shillings to purchase 30,000 BVR kits (which technically were never used). Whatever that averages to, I don’t wanna go there. So moving on with that math, we need to ask ourselves. How many kids join school every year in Kenya or maybe we need to ask, how many don’t, because:- the area is under attack from God knows who, they don’t have food…..basically they lack the basic  supporting amenities that warrant a smooth learning experience.

So we now are halfway the first 100 days in office and I have a number of questions for you Mr. President. Will you give laptops to starving kids?  Will you give laptops to kids when their teachers are computer illiterate? Who will teach them? (Doing a 2 week course on computer packages doesn’t guarantee computer literacy!). How do you figure the security of the kids, their teachers and the laptops will be guaranteed? This and many other questions linger in my mind and possibly many a Kenya people minds. Whether this will be implemented or not remains yet to be known but one thing is for sure whichever way you look at it. It’s not practical, not in this term or the next!

Collaboration among competitors in the tech world is inevitable

Tech wars have become somehow the norm in recent times from lands far away and even back here in the motherland. Recall how Apple sued Samsung for something I am not interested in talking about now and then Samsung sued back, or is it countersuing? eventually they both ended up paying each other which makes me wonder why didn’t they have to agree, and pay the difference in damages.  Maybe it was a grand scheme of money transfer that no one got wind of and somebody was laughing at our stupidity for following the multimillion lawsuit.

Anyway today we look at the inevitable collaboration that might need to exist among the tech giants in order for all of us to enjoy the technology products that we so love to talk about. Consider what will happen if Google decided to sue Microsoft for some reason and then they part ways in terms of doing business. Then that would mean Google chrome is provided with limited resources on windows(Just a thought). This could impact performance of chrome negatively giving it a bad image to end users. While we at it, if anyone has noticed chrome has update its right click box to reflect a more flat look(read windows 8). It’s been a fortnight since I noticed that and I wonder what’s next.

Nokia is one of the phone making giants and oracle owns Java. Nokia phones are known to support the applications build in that platform. So however much both could say that they are not working together, they actually are business partners in this sense.

My friends in the business world might beg to differ because essentially these companies provide different products . However the catch is that even if the products and services provided are different, the end point is more or less the same. The clients that they target are greatly overlapped. The significance of this is that even though the customer will use the products differently, at the end of the day they budget against a fixed amount so the question is always about what will be forgone in order to acquire the other.

Having agreed about that lets take a close look at the motherland. Different tech companies are coming in providing for products and services which have a promise to fuel the transformation of the economy into a middle income one by 2030 in line with the vision.  Safaricom for instance running its hugely successful mobile money transfer or M-KOPA providing low energy solutions to rural Kenyans.  The government is talking about e-governance; this is something it cannot achieve on its own and not by a long shot. Collaboration means ensuring that it builds its data centers in way third party providers can hook onto the data and provide it to whoever needs in a way that they need it.   

Back to the Safaricom M-kopa partnership. First a customer in rural Kenya needs to decide, “am I going to spent the night in the dark because I talked too much on the phone?” Its questions of this kind that will lead to more collaborations between tech companies in order to position themselves  strategically in the face of a changing Kenya.

Therefore in the coming days, I believe we will see more partnerships among especially the tech giants or like in the case of Google and YouTube, massive takeover’s if that means these kind of partnerships are of mutual benefit to the involved parties. Additionally I hope that the government formats its data in a way that will make it more accessible not just for scrutiny by observers but also for interested parties to disseminate it in more channels which are easy to use such as the mobile platform.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

What next for government offices using windows XP?

In a recent post here, I explored the fate of two systems whose future is certainly doomed. In a continuation of the same today I explore the extend of the effect of Microsoft’s stop of support for windows XP on government offices. Recall that the support for the operating system will stop in April 2014; this is Just a year from now.

During my campus days, I attended an attachment at a government office which is supposed to be using the latest technologies and especially when it comes to the operating system used. However at the time most of the offices’ desktop machines were still using windows XP. Also note that the machines were a mere Pentium IV. Well Maybe the Pentium thing can be understood but the use of windows XP when Vista came and went with windows 7 as the main thing is quite unacceptable.

The ramifications of using windows XP after its support has been stopped are diverse and not just to the government offices but to any other person. I have talked about this in this post but one important thing to note is that there will be new malware which will be targeting the operating system and with no patches then one would never know what they expose themselves to.

Owing to the government’s bureaucratic processes and the “it’s not my responsibility” attitude it will take such a long time to have all the systems updated. In addition if the recent events at IEBC are anything to go by then a lot is left to be desired. This will probably be another opportunity for somebody’s turn to eat and we all can simply wait and see what will happen when the Inevitable happens come April 2014. 

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

Beware of who you give access to your data

In my previous post here, I talked about how data about people stored in form of user profiles can be used against them. Using data against somebody doesn’t necessarily mean using the data to prosecute them or blackmail, or at least not in the strictest sense. The phrase is used in this context to mean whatever way that data can be used that the owner doesn’t approve of.

In expounding how users’ data can and will be used against them, I will give a small anecdote of what happened a few days ago. I own a yahoo account which I created five years ago before I joined campus. Somewhere mid campus I discarded it for obvious reason that Gmail offered a more superior service. However I didn’t burn the bridge and usually I go back to clear spam or something like that. So last week after I logged, instead of being redirected either to my mailbox or the highlights page, I was presented with a page that said I needed to authorize yahoo to duplicate my data to a server in a different country. The prompt claimed that this move was to enable for more efficient services.  Whether or not I allowed yahoo to duplicate the data they have about me is not relevant for now.

Yahoo, I would say were kind enough to state their intentions. There are a number of applications whose makers don’t care whether the users allow it or not. What they do is state somewhere in fine print that the provided data will be used in various ways. But we as users are very careless and the inclusion of Privacy policy to which one has to agree to is seen as a nuisance.

These applications mostly apply in Gmail and facebook. Consider an application that allows you to chat from anywhere. A user has to provide their username and password. Or probably when one is visiting a website and they need to comment on the page in Facebook, they have to provide their login details. In the real sense what happens is that the provision of those details is like telling the application to login on the user’s behalf.

What users miss out from such a feature is that somewhere in very small fonts, there is a variant of this statement, “we will use your data as we please”.

I have nothing against Skillpages, but while we are at it , I think that’s the lack of innovation. We have LinkedIn etc, why should anyone be registered to Skillpages? Anyway, late last year I got an email from somebody I didn’t expect to send me an email. It turned out they were inviting me to join skillpages. But we weren’t in good terms so I had to ask why they cared which sites I registered. I embarrassed myself because they said they had not done such a thing.

The blame goes entirely to skills pages. When a user registers from a link inside Gmail then all their contacts are imported and an email is sent to each one inviting them to skillPages. Not everyone in the contacts list fancies social sites.

As I pen off I just wanna remind everyone out there. Under any site where users have to create an account, there is always a section called privacy settings. From there, applications access to personal data can be controlled or even denied all together.

Let’s not enjoy the fruits of the information society while putting our reputation at risk. It is precarious that I haven’t talked about data being used to steal money from your bank account because that has been talked about before. I emphasize on handling ones data in a way that it keeps one reputation at check. This is because in the coming days reputation will be have more worth than money!!!

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

Your data is never really deleted, for real!

In my continuation of the personal buzz with the “cloud” I need to write about how the data we store on various portals is never actually deleted. What data am I talking about? This is the personal information such as names, home town, addresses etc that we supply when opening accounts say on facebook, twitter or creating an email address on yahoo or Gmail.

Many a times I have come across people who said they have closed their facebook accounts. Even the websites purport to help close accounts if one needs to do so even though they make finding that option very difficult since users are their customers and the first mission of any enterprise is to retain existing customers.  There is also an online tool at www.accountkiller.com which is a self proclaimed solution to all problems such as a comment someone posted on facebook, some emails someone sent or stuff like that.

Well it’s important to note that at a technical level deleting any form of data is  near impossible. Let me start with the simple introduction to computer concepts. In any computer system, data is usually stored in a hard drive. If data is deleted on a hard drive it’s not deleted in the actual sense, the space it occupies is only marked as “free”. This space remains in that state until more data is posted there and overwrites the original one.

However no entity would dare delete data they have about anything. That’s the rule of the thumb. Even the DELETE commands learned in basic programming are just for demonstration purposes; they are never used, trust me on this. Whenever a user decides to close their account the script that runs at that point will only  tell the data manager at the back end to mark the account as closed. This is as simple as changing the status field from 1 to 0 or active to inactive/closed.

Moving on to another approach. Assuming that the data is actually deleted, does it mean that now all the information about a person is lost? No? This is because as long as a company collects information, then information is its source of competitive advantage. It has to take proactive steps to ensure that even the brink of Armageddon won’t make them lose the information they have. The very first step in achieving this is through laying out a water tight Disaster recovery programme.   When dealing with data what comes to mind first is continuous back-up of the live site with the backup copies encrypted and stored offsite. So even if someone tries to disappear the old fashioned way by bombing the data center where data about them is stored then still copies of the same will be available elsewhere for restoration.

That, just like some six people somewhere, is my verdit on why anyone’s data is never really deleted and can possibly be used against them. But the use against them is a post for another day.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

Should Load Testing Continue Once My Site is Live?

The big day arrived, after months of hard work in designing, coding, testing and publishing; your website is alive and kicking. While building your website you didn’t stop testing it, time after time checked how it will respond to every action the user does. This is the cornerstone of unit testing. Knowing how specific functions will perform in isolation. If you are using the MVC framework, you probably have a test method for the every action method.  You have performed all this in an attempt to try and predict how the website will perform with a large number of concurrent users. Now the site is online and the big dilemma is upon you; do you carry on with performing the tests and mostly load testing or do you give it the benefit of the doubt and let it fend for itself(not literary).

First of all we will need to distinguish between load testing and stress testing. These two terms have often been erroneously used interchangeably. Load testing in essence works by populating the enterprise databases with data and attempting to retrieve it while observing the performance metrics. On the other hand stress testing is what actually deals with the number of concurrent users. I will not delve much into the justification of which is which more because at the end of the day I don’t see how we should have one without the other.

Let’s look at various possibilities and situations that might inform your decision to want to Load test or not.

1. Website update frequency/magnitude

Depending on the nature of your website, the frequency at which you update your website might differ from others. For those who do it much often continuous integration is at the top of your list but this is a story for another day. Late last year I read an article in which facebook declared that they will be pushing updates twice a day. Such changes are usually in good faith mostly feature upgrades or patching up bugs. Before these upgrades the QA members of any tech team go through constant cycles of continuous testing to ensure that the right product is shipped.  On top of the normal UAT performed and possibly golden path test it would be worthy to consider performing a Load test depending on the modules that change and their impact to the business and the website availability.

2. Underlying technology change

Your website’s infrastructure will be a defining factor on whether you will need to perform load testing. Let’s consider some examples. You have a site that is purely powered by word press. This means that to some extend you are controlled by changes made by word press and the underlying theme. If there is an upgrade then how does that update affect your websites availability? Say you use MSMQ for your distributed applications and Microsoft have made a change. Do you think that the change will affect how your sub-applications communicate with one another? Suppose you are a document database proponent and hence are already using RavenDB. If there is an upgrade you need to be able to know that your entire site doesn’t have a drop in performance.

Those are changes on the software side. You might also decide that in order to enhance performance separate your App server from your database server. They may not have a dedicated channel to each other or maybe they do. You could also change your hosting company.  As long as there is a change then it is clear what will need to be done. Integration tests as a priority but also /load test make sure potential bottleneck are identified.

3. Strategic management

Top level managers usually will share the company’s vision with the tech team. They may outline the projected sales or customer registration. With the primary point of contact being the website you need the website to be able to support the projections when they happen. At this point the Load testing is a requirement to determine how the site will behave when such numbers are hit.

The outcome of such a test ensures that  the right decisions are made with regard to whether to start patching up loose strings in the current system,  start developing a new one or  look for a developer if you outsource your software products.

4. Cost/Revenue justification

This factor is usually affected by the last 3 points. The question is, is it worth doing the Load testing procedure? In order to answer this question what one needs to think about is what the cost of not doing it will be. Website outages usually cost thousands of dollars worth of revenue loss. It’s not rocket science when you look at the formula here below.

(Revenue per month) X (minutes of downtime)

Such an outage can be caused by a surge in the number of customers for instance accessing your website because of a marketing program.

When you consider the kind of loss that can be experienced then that is a starting point as to whether it’s worthy to do load testing on your live site.

5. Perceived availability

With reference to the point above consider how negatively downtime will affect your company’s image.  It’s even worse in face of customers vending their anger out in the social media platforms. Imagine that your website accepts Instant payment notification from third party payment providers. If it’s unavailable then the question of how many retries there has to be comes to play. It’s not a very good picture if the company needs business partners.  Such outage could be caused by payments coming in hundreds. Therefore here a decision needs to be made based on performing a load test beforehand to know the maximum number of notifications that can be received.

From the points above we can deduce that once a site is live that will not be the end of it. It will be subjected to changes(or at least the underlying infrastructure) and it’s these changes that will mostly determine whether or not  to load test your website. The cost aspect is always very thorny when justifying to the managers on why it needs to be done. Such a debate can be easily won by showing what stands to be lost if the site is unavailable as a result a load test that wasn’t done. I also want to acknowledge that a site could face an outage due to factors different from high numbers but while we can do something about numbers then we should hope that those other factors are taken care of their own way.

IS KENYA READY FOR THE CLOUD?

Even though I have posed the question as the title, I will give an answer immediately and then you will wonder why I need to write a lot. Ok, the answer is no and the rest of this post will be about why I think that Kenya is not ready for the cloud.

Adoption of cloud technologies in Kenya is like getting the mason ready when you haven’t even a plan for the house. All I am saying is that its true Kenyans and especially businesses are ready for cloud technologies but the infrastructure is not there. Well maybe it might be there but then there is something about consumers getting a raw deal. It’s been more than three years since the fiber optic cable landed in the Kenyan coast. This was characterized by a euphoric feeling that the internet speeds would go up and with the prices going the other way.

I know a company whose ISP is one of the leading Telco in the country and alleged are provided with 3MBPS internet speeds. The company, as a part of its disaster recovery strategies is looking to migrate all their data into the cloud. So why does this story seem to not have a happy ever after ending?

This is why

They have never received in full the bandwidth they pay so dearly for. Whenever they call the customer support line they get all sorts of excuses. My favorite is that they are browsing so much on the secure http protocol (https). Are you kidding me? Even a novice in communication protocols knows that that statement is wrong.

If you still are wondering what being on the cloud means then think of this. You have received an e-mail with a word document attachment in Gmail. Instead of downloading the document you decide to simply open it online. Note that Google will offer you a chance to edit that document online. That means you can make changes to your document without having to download and upload it back up again. Google has just offered you a document hosting cloud service.

Now tell me how many times you open that document and are stuck at the “loading document” point with the progress bar not progressing at all.

This takes us back to the company that I was talking about. In Kenya, in order to get super fast internet (if you consider 3MBPS super fast) you will have to pay dearly for it. If you can’t then you will be stuck with the old slow internet monster. That right there is the reason why Kenya is not ready for the cloud. Not unless the government compels the main ISPs to providers a better service at cheaper cost most companies will not be able to manage a true cloud environment. So we wait to see what will happen  now that Kenyans have voted in the so called digital team to lead them, but until then I am not convinced that Kenya as a country is ready for the cloud.

Cracking a GSM modem to accept SIM cards from other providers.

If you are here then its obvious what you are here for. You have a GSM modem that is locked to accepts SIM cards from only one provider. I am talking about a case in point in Kenya where for instance Safaricom has their modems only meant to accept Safaricom SIM cards. This means that you cannot use any other provider’s SIM on that modem.

Enough with the little talk, let’s get you cracking a modem, I guess you have work pending.

1.    Download and run this tool found here.

2.    You will see this interface.

3.    This shows that the modem has been detected. Click on the RESET MODEM on service radio button group.

4.    Now go on and unlock the modem. Check Auto-Calc Code and Auto-Unlock then click on the big red button UNLOCK.

5.    The modem is now unlocked. Read some of the information it provides for more information.

NOTE:

This technique will work for HUAWEI MODEMS.

If the unlocking fails the first time, ensure that the modem software is not running and also retry.

The tool provided is free to use and full credit goes to the developers who have to connection to this blog.