It’s summer, which – oddly enough – means that the Berkman Center is filled to bursting with students. Berkman is hosting the Summer Doctoral Program, an annual gathering for PhD students working on Internet-related topics, organized by the Oxford Internet Institute. The two-week session has been held three times in Oxford and once in Beijing. Rumor has it that my colleage Urs Gasser wanted to hold it at the University of St. Gallen this year, but had to cancel because his city was being re-carpeted.

For anyone interested in what current PhD students are researching in this field, and what work scholars in the field are sharing with them, Ismael Peña-Lopéz is creating an excellent resource on the ICTology blog, posting detailed session notes from each lecture and presentation. His notes on the session that Mike Best and I offered yesterday does a great job of hitting the key points of our respective talks, which orbited the theme of “incremental infrastructure“.

I’m trying to flesh out this idea, which I raised in a blog post a few weeks ago, that major infrastructure projects in developing nations can be built through small (under $10 million) investments from private entrepreneurs, and can come to market faster than well-financed, government-backed projects. It’s great fun to give a talk on a subject you’re just starting to think about. I got a good deal of pushback on the market focus of the idea, and questions about whether there are appropriate roles for the government in building infrastructure. The answer is, obviously, yes, but there are lots of terrible examples in an African context of governments failing to build infrastructure and blocking the private sector from building it in their stead.

Mike Best had an excellent response to that line of inquiry, suggesting that the appropriate role for government in infrastructure, especially technical infrastructure, is to regulate as independently as possible. (This means, to the extent possible, regulators need to be independent of both government influence and relationships with private companies. Joseph Wafula, presenting some of his research from the University of Nairobi later in the day, suggested that independence is incredibly difficult to achieve in developing nations given the limited technical population and the likelihood that knowledgeable regulators are going to be connected to relavent business entities…) Mike also had excellent questions about whether the “increments” I’m talking about aren’t huge ones in African terms. His recent research on connectivity for coffee cooperatives in Rwanda suggests that infrastructure costing more than a few thousand dollars is going to be out of the reach of almost all Rwandans, and pointing towards some much cheaper connectivity options using new 3G phones. Always good to get pushback from one of the smartest guys in your field, a man who believes in testing lofty creative ideas with real projects in the field.

I will admit, I still find something a bit disorienting about trying to advise PhD students. It’s become increasingly clear to me that I won’t be able to convince myself to return to school and complete a degree any more advanced than my BA. I find myself wondering, as I sit down to offer suggestions to soon-to-be-doctorate-holders whether I should preface my comments with, “You probably shouldn’t listen to a word that I’m saying, as I’ve never attempted to get research past an advisory committee, never structured a dissertation, and have almost no academic publications to my name.” I’m perpetually thankful that Berkman creates an academic environment where these issues almost never surface, but there’s nothing like a building filled with smart, young doctoral students to make one wonder about one’s own academic path not taken.

I’m speaking at Idea Festival in Louisville, Kentucky in mid-September. I was on a panel at Idea Festival last year and had a great time, enjoying a “big ideas” conference that’s designed to be open to as wide an audience as possible. As much as I love TED and Pop!Tech, those conferences have high pricetags which tend to shape their audiences. (Both conferences have taken steps to diversify their attendees, offering scholarships and other ways to participate virtually.) Idea Festival offers many of its events for free, expenses covered by sponsors, and makes others accessible on a ticket-per-event basis. There’s a great crop of speakers this year, including people I’ve wanted to meet for a long time and old friends who are very much worth listening to.

There’s an interesting opportunity for you to attend the festival, if you’d like. Geek Squad, one of the event’s main sponsors, is sponsoring an ideas contest. Offer your best ideas for conserving power, recycling e-waste and bridging digital divides, and Geek Squad will ship the best thinkers out to the festival. (Unfortunately, the contest is US only, which is disappointing to many of the folks reading this blog. Sorry about that.)

I wonder if there isn’t an interesting way to connect the current rise of metals theft in some corners of the US with an answer to the e-waste question. Global copper prices have gotten so high that there’s been a rash of thefts of copper drainspouts in wealthy Virginia neighborhoods. (When I used to make art from recycled materials back in my college days, my fellow junkyard hounds called these thieves “copper bugs”. They’d cut the cords off used, but fixable, discarded appliances, making them useless for the few cents worth of copper they’d pull out of the cord.)

Many e-Waste companies focus primarily on keeping toxic materials within computers and mobile phones from contaminating groundwater; smarter ones, like African Sky, a South African e-waste recycler founded by rock star Johnny Clegg, focus on pulling recoverable materials from the machines, especially metals, leaving a minimum of discarded waste. With platinum so valuable that thieves are stealing catalytic converters, maybe Clegg and crew are working on an idea that deserves to be implemented on a much larger scale.

• LA Weekly – Music – Femi Fatale – Matthew Fleischer – The Essential Online Resource for Los Angeles
  Femi Kuti, Fela’s son, criticizes Bono’s approach to Africa, encourages Americans to come visit Nigeria
  (tags: music africa nigeria aid aids)
• For Certain Tasks, the Cortex Still Beats the CPU
  A close look at the inventor of the CAPTCHA and at problems and games that can get humans to apply their judgements and perceptions online
  (tags: computer games innovation internet science seriousgames tagging technology humanfilter)

• Africa, Offline: Waiting for the Web – New York Times
  A tough, critical look at Greg Wyler’s Terracom and the challenges of bringing internet infrastructure to Rwanda, despite good intentions
  (tags: africa technology internet infrastructure rwanda SAT3)
• Economics focus | To do with the price of fish | Economist.com
  Relationships between mobile phones and economic growth in Rob Jensen’s work and Leonard Waverman’s work at LBS.
  (tags: india ag agriculture business development economics phone technology telecom infrastructure)

I got hax0red. Totally pwned.

I run BlogAfrica.com and EthanZuckerman.com off an hosted account through Rimu Hosting, an excellent New Zealand-based company who I highly recommend. Rimu takes a very hands-off approach to systems, which I appreciate, but means that you’re responsible for keeping your software up to date.

I would confess to being less than religious about patching all my systems. I don’t know how the old system got compromised – I believe it was a Webmin bug – but I found out about it because a good samaritian forwarded me an email. The email invited an unsuspecting web user to download a greeting card from blogafrica.com/greetings/filename.exe. Needless to say, there’s no greeting card system on BlogAfrica, and the .exe is a nasty trojan which will open countless backdoors in a windows system.

The smart guys at Rimu were able to detect the attack once we were warned, though the attackers had used an excellent rootkit, which covered most of their traces. But we couldn’t lock them out. Most of the binaries on the server had been replaced, and I would delete the virus-ridden files, only to watch them reappear a few minutes later.

What’s more frustrating than this was that tens of thousands of emails were being sent driving people to my site, which overloaded the server every time I brought it up Apache long enough to try to recall my WordPress and Reblog settings for a new install on another server. Eventually, I just shut off nameservice to the old address, pointed it to the new servers and worked with the Rimu guys to get the two sites up on a new box. We’re almost there – there’s a date bug we’re still working out on BlogAfrica, and right now it looks like every post is from the 1970s. But I think this blog is more or less ironed out… and please let me know if it’s not.

My colleague Jonathan Zittrain has been writing about the dark side of “generativity“, the power to run arbitrary code on your machine, and how this makes it possible both for new applications like Skype to propogate… and how it makes it possible for hackers to design nasty code to penetrate your systems. One of the topics in the geek community for years has been “Why haven’t we seen a truly brutal, system-wrecking, internet-destroying virus?” One answer has been that there’s been no profit motive for building one. But I think we’re there – the rise of malware sites detected by Google suggests that there’s a community that’s focused on:

- Using bugs in webmin or cPanel to gain access to hosted accounts. (My colleagues at StopBadware reported over 10,000 malware sites hosted by a single hosting provider, which suggests either a bug in an administrative package, or massive password compromise.)

- Injecting downloadable malware onto compromised sites

- Sending large quantities of spam to promote the malware, using social engineering (a downloadable greeing card is more likely to be opened than a random .exe on the web)

- Compromising the machines that download the malware, probably to use some as zombies to send more spam.

This isn’t quite as slick an attack as the one I found on my friend’s server, which added Javascript to her page to open an iframe and start a download in the background, but it’s very sinister, and was done competently enough that my only solution was to leave the old server for a newer, more fully-patched box. The process felt a little like gathering my worldly possessions, running across the street, and dumping my worldly goods in a new house, then torching the old one. Not an enjoyable experience.

A few days ago, I was reading the specification for Bitfrost, the security system designed to protect the One Laptop Per Child XO machine from widespread security compromise while enabling kids to customize, explore, program and hack the machine. I was struck by this passage in Ivan Krstic’s document:

The 1971 version of UNIX supported the following security permissions on user files:

* non-owner can change file (write)
* non-owner can read file
* owner can change file (write)
* owner can read file
* file can be executed
* file is set-uid

These permissions should look familiar, because they are very close to the same security permissions a user can set for her files today, in her operating system of choice. What’s deeply troubling — almost unbelievable — about these permissions is that they’ve remained virtually the _only_ real control mechanism that a user has over her personal documents today: a user can choose to protect her files from other people on the system, but has no control whatsoever over what her own programs are able to do with her files.

In 1971, this might have been acceptable: it was 20 years before the advent of the Web, and the threat model for most computer users was entirely different than the one that applies today. But how, then, is it a surprise that we can’t stop viruses and malware now, when our defenses have remained largely unchanged from thirty-five years ago?

Krstic goes on to argue that it might have made sense to give the same permission to change files to programs that we give to users in 1971 – all programs we used were ones we’d written, or were written by people we trusted. But that trust shouldn’t be a default today, and the Bitfrost model tries to envision a version of “trusted computing” that isn’t about DRM and not trusting the user, but is primarily about trusting the user to make certain decisions when she reaches certain levels of expertise. While there’s some disagreement on the OLPC wiki about whether it’s addressing the right threats, it’s an impressive step towards thinking about a version of trusted computing I’d find easier to live with. Because, you know, it’s getting dangerous out there…

• Full Text: Keen vs. Weinberger – WSJ.com
  The extended Mix – David and Andrew face off in multiple rounds. I’d give David the victory by victory in all but one round, but I’m hardly a fair observer
  (tags: journalism keen weinberger web web2.0 readwrite culture citizenmedia wikipedia)
• Made From Scratch Model Airplane — AfriGadget Archive
  Amazingly detailed airplane models by a Kenyan metal fabricator
  (tags: kenya art africa airplane tintoys creativity)
• newsobserver.com | Kids in Guinea study under airport lamps
  Striking story about the lengths kids in Guinea Conakry are going towards to pass their exams in a nation where infrastructure is crumpling rapidly
  (tags: guinea africa poverty electricity)

It’s rare to see Africa news getting widespread blogosphere attention, and rarer to see good news from Africa get major online attention. But the top headline from BBC currently amplified is an optimistic story about a discovery of water in Darfur and the possibility that this massive underground lake could lead towards a reduction of conflict in western Sudan.

I’ve been tracking what headlines the BBC and New York Times publish via RSS over the past two years and analysing the tendency of bloggers to amplify some stories and ignore others. In very general strokes, people are more likely to amplify:
- Stories about information technology and science (geek bias)
- Stories about health (information that may be personally applicable to the reader)
- Stories about US politics
- Stories about terrorism

(Talking with danah boyd this morning, I started wondering whether there was a bias towards stories about income and class – the explosive response to danah’s early research on Facebook, MySpace and class suggests that discussion of class is a hot topic. And a set of headlines at the top of amplified results from the New York Times echoes that observation, with a great deal of amplification of stories on great wealth, economic separation in US schools and taxation topping the current rankings.)

So why the enthusiasm for water in Darfur? Well, it’s a science story, and the Darfur conflict has gotten a tremendous amount of attention from activists around the world. But I wonder whether there’s an optimism to this story – a sense that scientific discovery can transform an otherwise intractable political conflict – that has a particular appeal for bloggers. It’s greatly appealing to conclude that there’s a deux ex machina solution to a conflict like Darfur – just add water (found through the miracle of science) and conflict disappears.

It’s not that scientific discovery can’t have dramatic, transformative impact on serious problems. To a certain extent, this is the organizing idea behind sites like Worldchanging, which look for environmental transformation through technological innovation. But historically, resource discovery can be damaging for nations under stress. While water is not oil, it’s still possible that conflict over this newly discovered resource might increase, not lessen, and that water might be subject to a resource curse. I wonder if there’s a form of technical utopianism we’re seeing in amplification of this story, a hope that science and technology – which we’re good at – can help address political problems – which we’re bad at. I hope this optimism is warranted, and I’m interested to see if it appears in the rest of my blog amplification data…

This is going to be a light blogging week for me, my friends – apologies in advance. I’m in NYC today and tomorrow, then in Boston for a meeting of a board I sit on… and I’m feeling like I’m scheduled roughly 20 hours a day for the next four days. I’m sure you’ll survive without regular updates from me.

I gave a talk at the International Human Rights Funder’s meeting today, a semi-annnual meeting of foundations interested in supporting human rights projects around the world. The panel I sat on was titled “Advocacy 2.0″ and asked what the rise of the read/write web means for advocacy organizations. Needless to say, this is a topic that interests me – I gave a talk at NetSquared on this topic about a year ago, and much of the talk I gave today drew on a talk I gave at the New School a few months ago.

I explained to the assembled funders that, while Web 1.0 was invented so that theoretical physicists could publish research online, Web 2.0 was created so that people could publish cute photos of their cats. But this same cat dissemination technology has proved extremely helpful for activists, who’ve turned these tools to their own purposes.

So while Flickr should be used for displaying pictures of cute cats, it’s also proved an effective tool for avoiding keyword filtering. Activists in China are using Flickr to disseminate images that contain words that get blocked by keyword filters - a simple tool built by Zhang Erning allows a photo of Einstein at a blackboard to be annotated with arbitrary text that won’t be blocked by the Chinese firewall. You can post videos of the Star Wars kid on YouTube… but you can also post videos of Zimbabwean labor activists being beated by government thugs. Twitter lets Robert Scoble tell me what he’s doing 200 freaking times a day… but it also lets me know whether Egyptian activists have been released from the police station when they go in for questioning.

It’s important that these tools are generally used for banal purposes. If internet entrepreneurs created “Protestr” as a web 2.0 tool for activists, no repressive goverment would leave it unblocked. But blocking a tool that is mostly used for amusement or communication between friends has consequences – the users looking for cute cat videos get annoyed that YouTube is blocked… and learn about their government’s willingness to constrain speech. This cost doesn’t mean that governments won’t choose to block these tools, but it makes the calculus more complicated.

(Yes, Protestr.com is taken, by a domain name squatter. Alas, my dream of an integrated Web2.0 tool for automated revolution may need to wait for another day…)

• Tor checker
  Check if your requests are coming from a valid Tor node.
  (tags: privacy tor anonymity blogging internet)
• In Zimbabwe, Fewer Affairs And Less HIV – washingtonpost.com
  As inflation and poverty makes it harder for Zimbabwean men to maintain “small houses” – mistresses whose rent and expenses they pay – new cases of HIV may be decreasing
  (tags: africa zimbabwe inflation poverty AIDS)
• RConversation: Hong Kong, obscenity laws, and Flickr’s regional censorship
  Fantastic post by Rebecca MacKinnon about Oiwan Lam’s protest of laws against obscene content in Hong Kong and analysis of Flickr’s role in her case.
  (tags: china hongkong censorship freespeech globalvoices flickr)
• bunnie’s blog ? Blog Archive ? Made in China: Getting Started
  Bunnie Huang has an excellent set of posts about Chinese factories, exploring his experiences of setting up a supply chain for his new company in China. Comments – many of them angry – are fascinating
  (tags: china blog video economics factory labor)

One of the more embarrasing fights in the technical community the past couple of years has been between Intel and the team behind One Laptop Per Child. AMD, Intel’s fierce rival, has been a partner in the OLPC effort from very early on, and the XO machine is based on AMD’s low-power CPUs. Intel announced an effort to compete with the OLPC effort, a fairly conventional laptop design called the “Classmate” which runs a lightweight version of Windows on a flash RAM hard drive. OLPC’s design is much more radical in hardware terms, using a novel type of display and some complex power management techniques, and runs on a version of Red Hat Linux with a novel windows manager, Sugar.

So far, so good. But the two camps have been sniping at each other for months now. Intel Chairman Craig Barrett dismissed the OLPC machine as “a gadget”, arguing that educators wanted a PC that ran conventional software. Nicholas Negroponte responded by questioning Barrett’s motives for building an educational machine and characterized Intel’s efforts to question the OLPC XO design as damaging OLPC’s efforts, suggesting that Intel “should be ashamed of itself.”

Ouch. One wonders what Barrett and Negroponte said to each other to make nice. Last night Intel announced that it was joining the board of the OLPC project and contributing funds to the organization.

This isn’t quite as wacky as it sounds. Negroponte has long said that he would support any strategy that put full-functioned machines into the hands of all the world’s schoolchildren. Intel backers have argued that there will likely need to be multiple designs to meet the needs of various school-age populations. So perhaps we’ll see continued work on both the Classmate and on the XO…

The Classmate looks and feels much more like a conventional PC than the OLPC machine… but it leaves some interesting questions about its suitability for developing world environments. (The use of a traditional flat-panel display suggests that its power requirements are going to be much closer to those of a traditional laptop than the OLPC device.) It has a faster processor and more memory, but it also seems to be missing pieces, like an integrated wifi system. It’s been somewhat slower out of the gate… and, frankly, it looks like the bastard child of a laptop and a handbag. I saw one for the first time at a World Economic Forum meeting in Cape Town a few weeks back and wasn’t impressed. Nor was I impressed that the Intel PR guy handling the machine didn’t have an answer to how long the battery life of the machine was (a critical detail, given the challenges of provisioning power in the developing world) and demanded to know who I was and who I was working for when I asked my second technical question…

(I don’t have a fair technical comparison between the two machines. I’ve spent much more time playing with the XO, and I’m biased based on my fondness for people actively working on the XO machine. And some other reviews have been basically positive.)

Anyway. The tech community is having fun talking about the recent detente. SJ Klein, who works on the content side of the OLPC project titled his blog post “Intel and OLPC trade in noogies for neckrubs“. Gizmodo observed “Hell Freezes Over“. I’m not sure I have a clever blogpost title to offer, but I will offer this thought: this is a huge vote of confidence in the work OLPC is doing. The project has huge hurdles to overcome, but having Intel assisting, rather than throwing obstacles in OLPC’s path is an excellent step forward.