Archive for April, 2011

ring ring! who’s there?

On the same day that NATO sort-of apologised for a fratricide incident in which a group of tanks the Libyan rebels had put into service were mistaken for Libyan government tanks, it turned out that the MOD was going to send the rebels 500 satellite phones. Well, you can see the point, but the first thing that came to mind was – what? now? why didn’t this happen weeks ago? Is this whole campaign being managed by clowns? And then, of course, I remembered Dave from PR and Sarko and Liam He’s a doctor, you know and Pocket Bismarck. Right.

But then, there’s the Big Society. This is a deeply cool story – Libyan GSM engineers work out how to take over the network in rebel territory and get it going again. The WSJ overstates some elements – it’s not so much that Gadhafi’s government designed the network to be centralised in Tripoli, GSM networks are very centralised by design – but overall it’s a pretty good account. They set up their own switch, home and visitor location registers, and international gateway with satellite connectivity, piped all the base station controllers in their territory into their own set-up, and obtained a copy of the original Libyana HLR with all the phone numbers. Fortunately they decided to let everyone make free calls (viva la revolucion!), or they’d have still been waiting for the billing system to be integrated six months later, whether in the minister’s office or the Libyan Lubyanka.

Ironically, they got quite a bit of help from, of all telcos, Etisalat, the UAE’s national operator. They lent them a lot of equipment and provided the satellite hookup and international access. This is amusing as Etisalat is famous for censoring more Web sites than the Chinese Great Firewall. For their part, the monster Chinese manufacturer Huawei refused to have anything to do with the rebels (or should that be “splittists”?)

This is good as far as it goes, but nobody in NATO CAOC-9 in Naples or the former AIRSOUTH now in Izmir or anywhere else with a NATO TLA is going to let random cell phones talk to the airpower infrastructure. Why didn’t anyone send those satellite phones earlier? Ah, yes, clowns.

Of course, there’s a possibility that they may have been worrying about releasing them into the wild. Here’s Secret Défense confirming assorted loose MANPADs wandering about. But they’re more trackable than arms, less directly dangerous, and far easier to buy anyway.

In other news, there’s a really excellent piece on the Toyota Land Cruiser as an engine of war in the FAZ, for German-speakers only.


Well, if you’re the prime minister, you’re not allowed to fight back against your enemies in case you win because Gus O’Donnell says so, as long as the enemies aren’t the right kind of enemies like Coronation Street editors and UNISON hospital porters. All clear so far? When are the Tory apologies to O’Donnell going to show up – they thought he was biased against them….

Further, interesting subplot – Brown told Peter Mandelson his phone might have been compromised. Mandelson asked the Information Commissioner, who had nothing to say. Of course he didn’t – as far as I know he had nothing to do with the case. If Mandelson had wanted to know, he needed to ask the police. Was Mandelson trying not to find out, so as not to burn his bridges with the Murdochs? Or was he just ill-informed?

Also, did the central government have any communications security at all? Did CESG or MI5 not have anything at all to say about this? Didn’t any of them just change their damn password, or even change their damn number?

Daniel Davies is notorious for making more than full use of a joke once he gets hold of it. I think this is the original source (perhaps even the Urquell) of his line that Black Swan author Nassim Nicholas Taleb must be furious at what Hollywood did to his book in development.

Well, I watched the movie on a plane the other day. It was that or The Social Network – I was planning on a week in Silicon Valley surrounded by tightly wound super-ambitious geeks, so I get enough of that at work. As it happens, there are a couple of good lessons about risk in Black Swan. Perhaps Taleb shouldn’t be so touchy about it after all.

1. Tail-risk is real

Just as Nassim Taleb said in the book, no matter how good your planning, you can’t hedge everything and you will tend to underestimate the weirder and wilder ends of the distribution. One day, something not just bad but incalculably weird, something you never expected you didn’t expect, will come rapid-roping into your back garden and piss in the pool. Of course, it’s likely to happen on stage on the first night at the worst possible moment. You’ll have to be ready, but you can only be ready in a general sense. Get your trigger movements right – far better to be calling an ambulance and plunging into the fray than locked in the bunker with a PR agent and a large amount of toilet paper. Act right in the crisis and much will be forgiven.

Inevitably, if you want a clue, look at the things you try to repress and deny and don’t believe could ever happen. That’s why you deny them.

2. That said, you’ve got to put up with it

All precautions must be seen in the light of the scale of the threat. Too much security is as dangerous as too little (this may be more Schneier than Taleb). Without a certain amount of optimism bias and risk tolerance, you’ll never get anything done. In fact, you’ll end being terrified of your shadow. (And why did you choose the word shadow, with its, ah, many meanings, Mr. Garrovell?) Your colleagues may well wish they had your job, but that’s no reason to kill yourself. In fact, after a certain level of neurosis is passed, self-protection shades over into self-sabotage – delivering just what you imagine your enemies want, whether they be real or imagined.

3. Don’t draw conclusions based on regional accents

Black Swan is the only movie I can think of in which New Yorkers see an outsider – a Californian – as being unimaginably evil, sophisticated, cool, and cunning. In fact, this was the plot detail that kept coming back to me. Wall Street and City investors in dozens of regional mortgage lenders that turned into financial neutron bombs imagined they were smarter than the offcomed’uns.

So, a free, jetlagged afternoon by the pool in Palo Alto, after this experience. What to do? Obviously, hack on some code. I dragged out the lobby analyzer project and got it to actually spit out ministers, lobbyists, and MPs, with their weighted degrees in the network, onto the command line. The conclusions are dreadful and confirm all my preliminary work. We are being ruled by Francis Maude and David Willetts. They both have significantly higher scores than the Prime Minister, with Willetts topping the poll. Of course, this is using the idea the wrong way up, but presumably the lobbyists’ choice of who to lobby contains information about their perception of ministerial importance and influence.

Absolutely, certainly, without a doubt the most important bit in the News of the World case:

Last Friday, a high court judge ordered NoW to make available Mulcaire’s notes to the growing list of people suing the paper. Justice Geoffrey Vos, who is in charge of the hacking cases, ordered “rolling disclosure” to all claimants.

Hundreds of thousands of emails will now be handed over to alleged victims.

E-mails. Thousands of them. Hundreds of thousands of them. Just once, to have such means at my disposal! To have as many planes as this!… I don’t know how the claimants’ briefs intend to handle this epic dump, but I can’t think of any more interesting political document going. Does anyone know if any of this stuff will end up in the public domain?

It’s no surprise, in the light of that, that they’re serving the people, with the people’s currency, although if I read this right, it doesn’t necessarily stop the disclosure. And, of course, there may well be more claims now a precedent has been set. There is of course also the police operation, but I don’t hold out too much hope there.

And then there’s this. Yet another story showing the police in a very bad light, in the week I had to thank’em. It doesn’t show the industry in a great one either, as four out of five carriers seem to have treated the message from the police as a legalistic excuse to do nothing. Actually, three out of four – there’s no mention of 3UK at all. I wonder why? O2 gets the prize, having apparently decided unilaterally to inform all its subscribers who were affected. The Guardian gets it right here, making the point that:

It also means many of the victims were deprived of the chance to check the call data, which is kept by the phone companies for only 12 months, and that they had no opportunity to change their pin codes or to assess the damage done by the interception of their messages.

This. RIPA III requires telecommunications data retention for 12 months, no more and no less. It looks horribly like there was an effort to ensure the Screws’ comedy STELLAR WIND wasn’t disclosed until the logs were purged at the end of the canonical 12 months.

Of course, this won’t help them any with the people who were spied upon last year. It looks even more as if the police accepted promises from News International that they would behave in future. Will they get their act together and sue, already?

I’ve realised that I don’t know where I stand on electoral reform. (With that, even my readership vanishes into the distance like Libyan rebels encountering Gadhafi’s one loyal artillery observer.) So I’ve decided to abuse both sides in the hope that they react interestingly.

For AV: What, you want to give Nick Clegg what he wants? Crush! Like! Rat! Are you chicken? Anyway, it’s not proper proportional voting – it’s just a weak compromise that happens to give Cleggy Boy a life pension without even the embarrassment of going to the Lords. Alan Beattie is right. The Left, the Greens, the ‘kippers and fascists and God knows what, they’ll all be shut out just as much as ever. And, y’know, AV is cheating, like stealth aircraft and quantum computing and gas barbecues. Caroline Lucas didn’t need AV to get elected – she had to do it the hard way. And if the Lib Dems get AV, do you really think they’ll be in a hurry to concede STV? They get all the benefit of AV, and then they’ll pocket it and just sit there. No is good. Look at the polls, anyway – the solution is to force a general election as soon as possible. Power, baby!

Against AV: Well, nice mates you’ve got there. Have you seen the fuckos and liars and thugs and gargoyles on your side? There’s “Tom” “Newton”-“Dunn” of the “Sun”, talking about “Baroness Warsi warns that the DANGEROUS alternative vote system will let FASCISTS into the House of Commons…” Rather than the papers, where they belong. It’s the M factor – whatever Murdoch wants is evidently wrong. There’s the charming No campaign, which is so rich it refused to take its public funding so it didn’t have to admit to who’s funding it. And just imagine Eric Pickles’ face! And Redwood! The horror of it! We have a moral responsibility to vote against the Tory in all its forms.

Does that cover everything? I’m teetering between the principle of spanking Clegg and the principle of doing anything the Murdoch papers are lying about. On the merits, as far as I can see, AV is a little better than the current system, but not really enough to be worth having and certainly not enough to let the Lib Dems off the hook. And I’m in the mood for approval voting, the system where you cross off all the candidates you absolutely reject and the least hated wins. But please try to convince me.

Remember this post from 2006, and especially this one from a year later on the next big miscarriage of justice? Well, look what just happened. It’s far worse than even I thought – the police were well aware that there were serious problems with the Landslide case as early as February, 2003. Specifically, the old National Crime Squad seems to have been extremely gung-ho about the whole project while the regional police forces were much more sceptical. Later the whole thing was slung to the Child Exploitation and Online Protection Centre, one of the weird sort-of police agencies that proliferated in the late Blair years. Meanwhile, a suspect has succeeded in claiming damages. Both cases show various police forces in a very bad light indeed – the US postal inspector in the first suddenly retired to look after his “sick wife” when his evidence was challenged, while as for Hertfordshire Police:

Despite this, the officer, Detective Constable Brian Hopkins, pressed three charges of possession of indecent images of children. Mr Justice Mackay said he cut a “rather pathetic figure” in the witness box, having initially claimed he could not give evidence because of a psychiatric condition….The judge found that Mr Hopkins, who has since left policing, not only had “no honest belief in the possession charges when he caused them to be brought against [Mr Clifford]”, but did so “to protect his own position”.

Feel the fremdscham, baby!

Meanwhile, my bank card has been compromised. So I was in San Francisco of a Sunday, walking around the Tenderloin looking for a cash point that wasn’t looking back at me with mischief in its eye. Preferably one attached to a bank. I eventually walked up as far as Van Ness and found a Wells Fargo branch. It wouldn’t give me any money, nor would the Bank of America. So I ended up phoning the bank at extortionate roaming rates, standing on the forecourt with a small encampment of the homeless. Thinking that I had less US currency to my name than they did, I struggled through the IVR thickets, confirmed my salary hadn’t somehow vanished, and got into a queue to report that the fraud-detection robots had zapped me. I stayed on the line until AT&T dropped the call after 12 minutes. The phone started whining; it’s like a little jet fighter. You can do a lot of cool things with it, but it’s best not to go too far from the refuelling tanker or you’re screwed. Back to the hotel. I tried to call them on Skype, but AT&T’s WLAN was too bad to hear the IVRs. I plugged in the phone, called again, explained that I didn’t want to report the card stolen but rather the opposite, and sat in 23 minutes of queues. Curses…curses…24 hour fraud algorithms…not 24 hour staffing, though…why not call me?…banks…banks…banks…!

And then I got through. And the fraud investigators told me that the police had found my card in a list of cloned cards offered for sale on the black market. In the circumstances, they hadn’t called me or given out any information for fear of giving away the secret, as the investigation was still going on. Oh…right. They listed some transactions, agreed to let me withdraw up to £100 a day in cash and honour direct debits, and left the Visa facility frozen. They refused to say anything about where or when the security breach might have occurred, although I think the detail about the Visa card might be significant. Call us when you get back to the UK – and by the way, here’s the direct number.

The whole incident had just been annoying up to that point, but this changed the game. I was left with a whole load of surplus indignation on my hands past its use-by date. It cluttered up my room at the Phoenix like a chunk of un-Californian, clanking machinery. I suppose I could spend it on the thieves, but who were they? Rather than just harassing me and profiteering, my bank had actually done something I could only agree with. And the police had actually protected me from an actual crime, without my even noticing, with the occult efficiency Norman Lewis said had attached itself to the word “intelligence”.

As far as I know, no money is missing, but I haven’t audited as many as 14 months’ worth of transactions through my current account yet. That’s since this card was issued – they couldn’t give me any other bounds on it. After all, as they said, it was impossible to say how far the list of cards had been sold on by whoever had originally collected them.

Anyway, I didn’t even need to draw any more cash after the first $100. My expenses in Silicon Valley were unusually frugal – the nearest I came to spending significant amounts of money was trying to catch up with two colleagues who’d gone out looking for amusement. (I spent 20 minutes looking for a cab in Palo Alto at 10 o’clock at night and eventually gave up, having noticed that there seemed to be less traffic on the roads at that time of night than I would have expected in a Yorkshire Dales village.) I read the two Operation Ore articles and logged them for future use. As briefed, I called HSBC on my arrival back in Britain and they initiated a new card.

And it was only as I wrote this that I remembered I ought to be scared. After all, it is impossible to say how far the list of cards…

It is now reasonably certain that I’ll be in Palo Alto from Saturday evening to Thursday evening. I’m going to be carless but close to a CalTrain station, if that helps anyone. The explanation is of course here.

Update: I will be here from 6pm tonight with some bloggers.

Amusingly for a comment on scalability, I couldn’t post this on D^2’s thread because Blogger was in a state. Anyway, it’s well into the category of “comments that really ought to be posts” so here goes. So various people are wondering how the New York Times managed to spend $50m on setting up their paywall. D^2 reckons that they’re overstating, for basically cynical reasons. I think it’s more fundamental than that.

The complexity of the rules makes it sound like a telco billing system more than anything else – all about rating and charging lots and lots of events in close to real-time based on a hugely complicated rate-card. You’d be amazed how many software companies are sustained by this issue. It’s expensive. The NYT is counting pages served to members (easy) and nonmembers (hard), differentiating between referral sources, and counting different pages differently. Further, it’s got to do it quickly. Latency from the US West Coast (their worst case scenario) to is currently about 80 milliseconds. User-interface research suggests that people perceive a response as instant at 100ms – web surfing is a fairly latency tolerant application, but when you think that the server itself takes some time to fetch the page and the data rate in the last mile will restrict how quickly it can be served, there’s a very limited budget of time for the paywall to do its stuff without annoying the hell out of everyone.

Although the numbers of transactions won’t be as savage, doing real-time rating for the whole NYT website is going to be a significant scalability challenge. Alexa reckons 1.45% of global Web users hit, for example. As comparison, is 0.4% and that’s already a huge engineering challenge (because it’s much more complicated behind the scenes). There are apparently 1.6bn “Internet users” – I don’t know how that’s defined – so that implies that the system must scale to 268 transactions/second (or about 86,400 times the daily reach of my blog!)

A lot of those will be search engines, Internet wildlife, etc, but you still have to tell them to fuck off and therefore it’s part of your scale & scope calculations. That’s about a tenth of HSBC’s online payments processing in 2007, IIRC, or a twentieth of a typical GSM Home Location Register. (The usual rule of thumb for those is 5 kilotransactions/second.) But – and it’s the original big but – you need to provision for the peak. Peak usage, not average usage, determines scale and cost. Even if your traffic distribution was weirdly well-behaved and followed a normal distribution, you’d encounter a over 95th percentile event one day in every 20. And network traffic doesn’t, it’s usually more, ahem, leptokurtotic. So we’ve got to multiply that by their peak/mean ratio.

And it’s a single point of failure, so it has to be robust (or at least fail to a default-open state but not too often). I for one can’t wait for the High Scalability article on it.

So it’s basically similar in scalability, complexity, and availability to a decent sized MVNO’s billing infrastructure, and you’d be delighted to get away with change from £20m for that.