Downtown Soweto and other places!

Posted by on . No comments.

I visited South Africa  last December and was glad I did. A beautiful city with a rich history of struggle and of hope and eventually, of reconciliation. I didn’t understand the depth of South Africa’s diversity until then. South Africa is where you’d see a white-german-indo-african man. Now that’s rich. After visiting the Apartheid Museum I came to relate with why Mandela had to choose the negotiating table rather than gun against those that stole 27 years of his life. It’s a complex mix.

One thing that still baffles me though is why there is still so much Xenophobia in South Africa. I would think for a country with such a history, they’d be the world’s model for tolerance, especially to people of their own skin color. Above all though, SA is a country to visit. It has so much to teach the rest of the world.

My trip wouldn’t have been complete if I hadn’t visited So-we-to!

Mandela House

Mandela House

Mandela House

Mandela House

 Mandela House

Mandela House Archive

From the Mandela House Archives

Apartheid Museum

Apartheid Museum

Apartheid Classification

Apartheid Classification

Reconciliation & Democracy

Reconciliation & Democracy

 And San City! (Sun City)

Sun City South Africa

Sun City South Africa.

Towering Madiba

And the Towering Madiba @ Sandton

 

Lagos Theatre Festival 2013

Posted by on . No comments.

The Lagos theatre Festival 2013 held at the Eko Hotel Lagos. It was a beautiful and refreshing break from the Lagos hustle and bustle.  Having acted in stage plays while at the university (of Ife), the plays gave me a nostalgic vibe and I hope someday to get back on stage!  In my next life, I’d pick the stage rather than Engineering Mathematics :-) .

Enjoy some of the shots I took. Couldn’t remember the names of the cast, but will update this post if I get them. The pictures are Copyleft 2013. Meaning you can freely use and distribute. Acknowledgement would be nice, but not required.

Ola Rotimi’s Grip Am 

Grip Am

 Shattered!

shat2

 

 Inua Ellams’s 14th Tale

Ok. I was too intrigued by this play I couldn’t take pictures. Inua has a way of engaging you. I enjoyed every second of the narrative.

Beautiful Stage

Inua Ellam’s 14th Tale stage

 

Inua Ellam's on stage

Inua Ellam’s on stage

 

Inua Ellams book signing

Inua Ellams book signing

 

@ojomaochai @InuaEllams

Inua Ellams & Ojoma || @InuaEllams @ojomaochai

 

Congrats to the Lagos theatre Festival team @toluogunlesi
Congrats to the Lagos theatre Festival team || @toluogunlesi

 

Thanks for coming, you can follow me on twitter. @edwardpopoola

Twitter Spoofing

Posted by on . No comments.

I have a feeling this has been around for a while.

I got this direct message email (supposedly) from a real account I follow on Twitter. It goes like “someone is spreading terrible rumors about you”.  As I do not consider myself a Hollywood celebrity I didn’t take the message seriously. However I sought to find out where the url led to. 

I signed out of my twitter account on the browser to make sure I do not have an active twitter session in my browser and I followed the URL. Just like I expected, it was asking me to login to my twitter account. I glanced at the URL and I noticed the anomaly.

                         http{}//twivvter.com/g/verify/?&account_secure_login 

I tried to navigate to the base url for the site (http://twivvter.com) but it went nowhere. This is a classic case of spoofing to fetch people’s valid twitter usernames and passwords. 

You can read more about Spoofed URLs here…

Typically, a spoofed URL asks for your credentials, then redirects you to the correct url once you have provided your credentials while trying to login to the spoofed url. In this case. I tested with some random characters.

As I also expected, it redirected me to a page saying I couldn’t login as a result of some bogus error, then immediately after a few seconds re-directs to the real twitter website

 So folks, exercise caution while clicking through online….

Calling every clone innovative

Posted by on . No comments.

Often times, in a bid to celebrate African/Nigeria tech success, we miss the point. Not having Facebook or Path or the next big thing created by an African, we look around the web desperately for any tech success story to engage the growing African internet users. In the drive to create sensational news for “top ten” and “top twenty” new things , we lower our innovation bar by celebrating clones and startup-wannabes who don’t solve any meaningful problem.

The Mona Lisa is a great painting, would you call it innovation if I created a clone of it that looks so much like it? Where do we draw the line?

Don’t get me wrong. It is important to sing our own song and blow our own trumpet (when we actually make something that is worth the noise). It is crucial to motivate the upcoming youngsters and make them see that tech success is within their reach. In passing the message however, we do not want to make the mistake of telling them it is super-cool to create another Facebook wannabe or a twitter wannabe. Or worst still, to clone the few actual innovative tech products that has made the African or Nigerian “top ten” in the past.

Competition is good

Competition is good. It helps to broaden the ecosystem, it reduces the possibility of having a business monopolize the market and ensures customers always have a choice. However, is it worth the fight to be a cloned-competition with no answer to the USP question? What makes your product different from the competition?

An example is the Linux market. I use the Linux OS everyday and there are hundreds of clones already (distributions or flavor, choose your own). Do I need to hype another clone of the OS as being the African in thing? hell no! The existing clones are already what you are trying to be. Free, Open, customizable….the list is endless. How exactly do you plan to make your own clone better for me? Because I am an African, I do not want an African OS. I want a fully functional OS. If you can answer the question, I’ll then probably be able to use your own clone too. That is the question cloned products in the African tech space are not answering.

Go Crazy!

The big question is “what problem are you trying to solve”?

It is cheaper today to get your project running than it was 10 – 15 years ago when it was costly to setup a solid development environment. The story is different today, tools abound, bandwidth is relatively cheaper, thousands of open source projects to use to learn programming, free development environments and lots more. The time is thus ripe to let go of celebrating clones and to push our techies to solves real problems we can call innovative.

A little thought, and you have a killer product!

More Storage Please!!!

Posted by on . No comments.

(Part 1)The business Development arm of the company just won a huge contract. The CEO announced it last week and there was a small-chops party to celebrate the win. It is going to be a good year after all. This week the Applications Development and Integration teams are hovering around your department, they need new servers with heavy specifications. This is not a problem, what bothers you however is the large amounts of disk space they have required, totaling into terabytes. And no, you cannot use your magic wand to reduce their specifications like you have done in the past.

The last inventory you did showed just a few gigabytes of space left all over your data center. Trouble is brewing.

This is an all too familiar scenario for Infrastructure teams of IT departments. There is this constant need for more storage. Terabytes used to be very very large a couple of years ago, but today, they never seem to be enough anymore, for anyone. This is not one of those realizations you shove off as being peculiar to only large organizations, enter the data center of any medium company today and you see the rate at which storage is being consumed. Even personally, I have 1.5 terabyte worth of external storage at home and it does not seem to be enough anymore. Phew!

What is to be done? The most logical solution is to get more storage, or better still, a data management solution. However, before you call your supplier to bring in another batch of SAN storage you should carefully plan for expansion since data will continue to grow. IT departments need to have a carefully planned strategy for data management. The last thing you want to do is to be reactive. Below are some of the things to consider before buying a data management solution.

Scalability

Scalability is the ability of a system, network, or process be enlarged to accommodate growth. With respect to storage systems, there is a need to acquire storage solutions that can scale over time. A storage that is not scalable will require users to copy out old data into a new bigger storage before they use it. On the other hand, a scalable system is expandable in a plug-and-play manner such that, old data will expand into the new storage, transparently, without hassles. A scalable system enables users to acquire storage as needed, rather than buying a mass of it and leaving it redundant till there is a need for it. A simple example. Your 1GB flash drive is not scalable. If you need to copy 1.1GB of data, you will need another flash drive bigger than 1GB. On the other hand, a scalable flash drive (if one exists) will provide an interface to extend the 1GB flash drive with any additional space to be able to accommodate your 1.1GB file.

tbc…

Starting a startup? The essence of building a complete team

Posted by on . No comments.

I was late in getting the details of Google’s sales stunt in Kenya where they essentially were feeding fat on another company’s data.

Though Google have since apologized for the behavior and have had some heads roll, it occured to me that there is a lesson for Nigerian Startups or any Internet startup for that matter, especially those dealing in potentially useful data.

Reading Mocality’s CEO’s description of how they got wind of Google’s activities on their data, I began to imagine how long this would have gone unnoticed (if ever noticed) had the team at Mocality not have as much technical knowledge of their business.

It is one thing to have a great idea for an Internet business, it is another to have the required technical skills to manage the nitty gritty of it. It is important for startups to build teams that can look after the nitty-gritty of the business. I imagined if the team at Mocality were just a bunch of Web designers with little knowledge of any form of data analytics, they would have lost out on potential sources of revenues.

This is from the Mocality’s blog post

“Our database IS our business, and we protect and tend it very carefully. We spot and block automated attacks, amongst other measures. We regularly contact our business owners, to help them keep their records up-to-date, and they are welcome to contact our call centre team for help whenever they need it”

It is not enough for a start up to want to solve a problem. It is also very important for startups to know what their valuable assets are and to have knowledge teams to protect such. This oversight is one of the many reasons why some startups die after failing to realize potential source of wealth leakages .

Beyond IT policy, why we need a Government CTO

Posted by on . No comments.

A new draft IT policy has just been released by the Nigerian Ministry of Communication Technology. Brilliant document if followed up by the appropiate will. The document has done a good job at harmonising the different IT policies that exist in different sectors of the Industry, what needs to follow now is a holistic approach to ensure that these policies translates to an increase in initiatives, connectivity and adoption.

I believe an action plan should follow this document stating what will be achieved, how it will be achieved and when, at least before the end of the Minister’s tenure in office. Such document will detail the different initiatives of the Ministry of Communications in line with achieving the objectives of the policy. Collaboration with the private sector will breed the ideas of what needs to be done for Industry growth. Within Government however, I believe time is now for the Nigerian government to have a Chief Technology Officer (CTO) or Chief Information Officer (CIO).

The role of the CTO will be to drive technology adoption initiatives within Nigerian Government agencies, its Ministries and its parastetals. These agencies already have IT heads or like technical directors who work in silos and adopt technology as they see fit for their agencies. This should change. To push the country towards a common goal of e-Governance, there is a need to have a CTO that will define the the country’s IT direction.

The CTO will work with these ministries IT heads to oversee technology, control and ensure due process in technology adoption across government. The individual will ensure that government IT follows a well planned path in a way to enable the e-Government initiatives of the Federal Government. This will ensure there is a common goal for buying and using technology in these agencies at any point in time.

For instance, one of the shortcomings identifed in the NNPC KPMG Audit report was that the NNPC does not have a working document management system and that key documents are scattered all over staff laptop and desktops. This probably is the scenario across other Government ministries too. A Government CTO will ensure this does not happen by making sure IT heads of these agencies are aware of what IT process to have in place.

A CTO with wide industry experience and deep private sector background is preferable for this role. Someone who is experienced enough to handle such scale of new and emerging technology across government, disciplined enough to ensure due process and young enough to push for change. I would think someone of the caliber of the CTO’s managing technology in Nigeria’s top banks or in telecommunications. The CTO will probably report to the Minister of Communications Technology.

While the minister will focus more on administration, policy and regulation, the CTO will handle the more technical issues like using locally developed software in government agencies, adopting Open standard technologies (so Government data is not vendor-locked in) and ensuring government data is kept secure.

Caught the Cloud computing bug yet?

Posted by on . No comments.

Hopefully not, at least until you have taken time out to understand what it means.

Every few years, the IT industry comes out with a big buzz word. More often than not, it is the re-invention or re-packaging of an existing technology. Remember when Ajax was making the headlines? Off course at that time, Javascript pros came out to tell us it is nothing more than Asynchronous JavaScript  they  have been using. Then came Service Oriented Architecture (SOA), Enterprise Architects explained how it was never really new. Then came the Cloud, hyped to be the solution to a lot of IT infrastructure headaches. Cloud is not much different from your traditional web hosting on the internet, with additional steriods though.

Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a metered service over a network cloud (typically the Internet). – Wikipedia

The main keywords in this wikipedia defination are ‘service’ ‘shared’ ‘metered’.

Traditionally, for an IT department to implement a new business application, they would need to acquire compontents such as hardware, operating system, web/application server and database software. This is the product view of computing. The idea of cloud is to free organisations from the need to make all these purchases and rather purchase an Infrastructure service.

As such, the cloud is a massive computing facility (remotely, on the internet or on site), that already has all the Hardware & software components needed to deploy enterprise applications.

A typcial cloud facility is made up of very huge computing resources,thousands of servers, network and storage systems, different types of application servers, web servers and database servers. All that needs to be done is for users to upload their business software into the cloud, and click away the deployment. Selecting their preferred operating system, disk resources, RAM, application server, web server etc. That way, the time to deploy an application is drastically reduced.

The beauty of the cloud however is the fact that you only pay for the computing resources you use and you can pay as you grow. A traditional on site deployment requires you to buy massive hardware upfront in anticipation for future growth, this ties up a lot of IT cash. To move an application into the cloud, all an organisation needs to do is to purchase a cloud service, where they can buy slices of hardware and software resources as needed.

For example, to deploy a heavy financial system software. A business will traditionally buy servers, SAN storage, Application server, (JBOSS, Websphere…), database software & license (Oracle, Mysql), Operating system licence(RHEL, Windows, Unix). Add that to the cost of network devices, monitoring servers etc.

To deploy this same application in the cloud, all they need do is to find a cloud provider (Red Hat, Amazon, Azure) and create an account , through a private WAN or the Internet.  They upload their  software, then through a GUI, they select all the components  they would have bought normally as products.  They select their required disk space, desired application and database servers..and then click ‘deploy’…and life is good! Maybe I’ve made it overly simplistic, but that is the cloud.

One of the distinguishing factors of a robust cloud is self-service. With self-service, you logon to the cloud and click away what you need, all by yourself. You don’t need to depend on an Infrastructure expert to add additional resources to your computing infrastructure or to enable additional capabilities. Most clouds today are very elastic, they expand and contrast as the need for computing resources changes. Remember those anonymous attacks on the companies that denied Wikilieaks access? It was said that Anonymous could not take down Amazon cloud with their DDOS attacks because it was elastic.

Cloud has simply commoditized computing. Adding more RAM or Storage to cloud applications is a matter of  ”click here to increase your RAM or disk space by 10GB”, and then its done on the fly. That way, users deploy their application with as minimal resources as possible, then increase the resources seamlessly demand increase.

This saves a lot of money as cloud use is metered and users pay only for what they use. Businesses can invest cash wisely and grow their cloud infrastructure proportionately with their business growth instead of having to invest heavily in hardware only for the business to under utilize it. And because cloud resources are from a large pool of computing resources, it is way cheaper for cloud providers to maintain, hence making cloud services to be relatively affordable.

In future posts, I hope to talk about what you should consider before moving your application into the cloud.

 

Bitter SELinux

Posted by on . No comments.

Security Enhanced Linux is a Mandatory Access Control (MAC) built to complement the traditional Discretionary Access control(DAC) in *nix based systems( Think of read, write, execute rwx). SELinux is fast gaining ground as the hack-proof security to mitigate the impact of system compromise by a rougue process or a rogue user. NSA recently launched SELinux prove Android and the demand for SELinux experts might grow.

Lately I have begun to play with the Red Hat implementation of the SELinux in Red Hat Enteprise Linux 5 & 6. I would begin an how-to on SELinux and will try to present it here in as simple way as possible. While SELinux is difficult compared to a lot of other technologies on Linux, I will try to present it in a less bitter way.

Domains & file types

The simple idea of SELinux is to isolate processes into separate domains. i.e running system processes in a confined space such that even if those processes are compromised, the damage done will be limited to the confines the process and files its has permission on. This same theory is why administrators are adviced to run their applications as non-root user, so that should their application be taken over by a rougue hacker, the hacker does not own the system as root. The same idea is applicable to ‘chroot jail’ of web, dns and ftp servers amoung others.

Reasoning for SELinux is that in the lifetime of certain processes, there is a known number of files they modify. However, with the DAC in linux, it is often easy for administrators to give more than necessary permission to these processes. This is where MAC like SELinux comes in. So that despite an administrator’s lax DAC(rwx) permission, a process will never be able to modify other files.

For instance, a default apache process (httpd) does not have a business modifying any other file apart from those in the web server /var/www/html directory. So even if the system owner allows rwx permision (DAC) for the apache user on the /etc directory (using discretion), SELinux knows this is a strange behaviour (through an SELinux policy) and prevents the apache user from modifying files in the etc directory (mandatory).

The restiction placed on the apache process mentioned above is gotten from domains. In SELinux, only entities in certain domains are allowed to modify certain files/object type.

Imagine for a minute that only people in America are allowed to touch the statue of liberty. If anyone wants to touch that statue what do they need to do? They need to first move or be moved to America. Here, America is the domain, people are the processes and the statue of liberty are the files to edit. SELinux is built around domains & file types.

Now, in relation to SELinux, the /etc/shadow file is the file that stores enrypted user password for users on the system. The following is an SELinux security context for the /etc/shadow file:

[acl@rhel6 ~]$ ls -lZ /etc/shadow----------. root root system_u:object_r:shadow_t:s0 /etc/shadow

I will explain the breakdown of this a little later. But the format for the above is. user:role:type/domain:level. (Files have types, while processes have domains).

In the above, the /etc/shadow file is of type shadow_t. To edit this file, a process must be in the password domain called passwd_t (according to an SELinux policy)

Hence, when a user (acl) runs the password application to change his password:

[acl@rhel6 ~]$ /usr/bin/passwdChanging password for user acl.Changing password for acl.(current) UNIX password:

The passwd application will transition into the passwd_t domain to be able to edit the /etc/shadow file. This can be seen in the output below:

Context of the /usr/bin/passwd executable[acl@rhel6 ~]$ ls -lZ /usr/bin/passwd-rwsr-xr-x. root root system_u:object_r:passwd_exec_t:s0 /usr/bin/passwd

Context of the /usr/bin/passwd process[acl@rhel6 ~]$ ps -efZ | grep passwdunconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 root 8155 8068 0 13:24 pts/6 00:00:00 /usr/bin/passwd

The implication of this is that, even if a process goes rogue, the process must first explicitly transition into the passwd domain. Any process outside of the passwd_t domain cannot modify the password file.

Also an apache (httpd) process within its httpd_t domain cannot modify files that only processes in the shadow_t domain are allowed to modify.

So essentially, processes are confined into domains so they do not do things they are not supposed to do.

Google takes out Nigeria from its 2 factor Authentication?

Posted by on . One comment.

At around the launch of Google+, a friend, Tim Akinbo had written a blog post on why every gmail account owner should be using Google’s 2 factor authentication to further reduce the chances of someone’s email being hacked. As a Gmail user, I went on to activate 2 factor authentication on my account without any hassles.

I have been impressed with the service after using it for a couple of months, and I felt the need to refer a friend to do same. To my surprise however, my friend could not find Nigeria on the list of countries, preventing him from proceeding with enabling the security feature. Before crying foul, I logged into my account to verify what country is attached to my profile; it was back to the default, Afghanistan (starting letter A).

The 2 factor works by asking you to provide a phone number (and a corresponding country) with which to recieve a ‘code’ to login to your email account, in addition to your password. The country you select determines what phone number pattern you should have. However, with Nigeria removed from the list of countries, Google has effectively denied new Nigerians users from using the service. My 2 factor authentication service still works though.

Google 2 factor Image with Nigeria Missing

As I write this post, I’m appalled and at the same time worried on why Google would remove Nigeria from the list of countries that could use two factor Authentication. Was it a system mistake, an engineer’s oversight, a deliberate attempt to alienate? Could this have been as a result of the conclusion in the “Mugged in Madrid” hacking story, where the author mentions that his gmail account hacker could have been from Lagos, Nigeria?

Google had better not be evil on this one! Google Nigeria note this!

Noting all other Google’s strange behaviors

Update: Could Google just be human after all? They were definitely evil on this one. Update: Focus on the User

Update: For those just seeing this post, in year > 2012, Jay from Google dropped a comment as at the time this post was made. Unfortunately, I lost some comments in the middle of migrating old blog posts. Jay’s comment as at then, is as follows:

Hi Edward,

Thanks for your enthusiasm about 2-step verification! We temporarily removed support for Nigeria in order to make some adjustments, but we’ll be re-adding it soon.

Jay Nancarrow
Google Communications
Date: 2012-02-02 07:11:43