Scanlyze

The Online Journal of Insight, Satire, Desire, Wit and Observation

Nasty UNdispatch blog attack on One Laptop per Child — a response

Nasty UNdispatch blog attack on One Laptop per Child — a response

Children Using the OLPC XO image copyright (C) Henry Edward Hardy 2008, 2009
image copyright (C) Henry Edward Hardy 2008, 2009

Undispatch, which says it receives part of its funding from the United Nations Foundation, has published an attack on the One Laptop per Child project on its website titled “One Laptop per Child – The Dream is Over” at http://www.undispatch.com/node/8859.

The blog, which says it is by Alanna Shaikh, makes several criticisms of the OLPC project.

I served as systems administrator for OLPC from February 2008 until January 2009 and continue to volunteer for the project because I think it is one of the most wonderful and laudable development projects ever attempted, despite the many setbacks and disappointments it has endured in trying to fundamentally change world-wide education, development, and the laptop market.

I wrote a response to UNDispatch two days ago on their blog site. My response did not appear. I wrote to UNDispatch to ask for them to approve my post, and provided them with a copy. It still did not appear.

A response from OLPC Chairman and founder Nicholas Negroponte was published on the UNDispatch site today.

Here is my initial response which I submitted to Alanna Sheikh’s blog post on UNdispatch (with slight editing for typos and to add live links):

This blog post makes several questionable and false statements. And it has a generally nasty and condescending tone which makes me rather sad.

OLPC did not “abandon” human power sources, however conventional wired electricity, generators or in some cases, solar power are much more efficient. Making children do hard physical labor to power their computer is not such a great idea. The hand crank was fragile and did not provide enough power. However, foot-treadle devices such as can be used to power a truck battery work reasonably well.

OLPC has not “abandoned the special child-friendly OS”. It has shipped approximately 700,000+ units with Sugar and perhaps 7,000 with Windows (my unofficial estimates). OLPC has provided funding and support for SugarLabs to continue this free software development work, and Sugar is available as a desktop on any Fedora or Red Hat desktop post Fedora 10. The number of XO laptops sold for poor countries is about ten times the total number sold though the several “Give One Get One” promotions in North America and Europe.

The idea that the laptops were developed without end user input is patently false. There is an active and vocal community of OLPC users thoughout the world who participate — see http://wiki.laptop.org/go/Participate through the OLPC wiki at http://wiki.laptop.org and many locally-based organizations. Among these are Plan Ceibal in Uruguay, Open Learning Exchange Nepal, and OLPC Rwanda. A partial list of regional groups can be found at http://wiki.laptop.org/go/Regional_groups . There are many local grassroots small deployments in dozens of countries. Last night at the Berkman Center for Internet and Society Open House we heard about a local grassroots deployment in Haiti spearheaded by Kevin Wallen(sp?) and Helene Dietrich(sp?) and the tremendous empowerment and social transformation and pride it has brought in that community.

The phrase “to call a spade a spade” has rather unfortunate racist connotations and seems singularly inappropriate on this UN blog.

OLPC pioneered the netbook market. It has set an unequaled standard in simplicity of maintenance, low power consumption, ruggedness and durability, high quality screen, long-range dual wireless capability, use of free and open source software, and openness to community collaboration. Designing and developing the hardware, software, applications, distributing the computers, and coordinating the hundreds of local initiatives was done by no more than 23 employees (at one time) including me.

Hundreds of volunteers work on the OLPC project through developing applications, answering end-user tickets via the support gang, helping administer the back-end infrastructure through the Volunteer Infrastructure Group and many other initiatives.

The XO has brought joy, pride and a window on the world for hundreds of thousands of children in poor and working class communities throughout the world. Although I left OLPC in January, I am very proud of the work we have done and consider the year that I spent there as systems administrator to have been the high point of my life intellectually, educationally, and morally.

sincerely,

Henry Edward Hardy
speaking only for myself

My letter to the editor of UNDispatch:

To whom it may concern,

I am the former senior systems administrator for One Laptop per Child. I am writing to draw your attention to a very problematic post appearing on your site, “One Laptop per Child – The Dream is Over”. I posted a response and correction two days ago, but your moderators have not yet approved it.

While a OLPC employee, I had the privilege of working with UNICEF at the UN in New York on the “our stories” project on March 29-30 2008 and the UN staff could not have been more supportive, cordial, or helpful. See http://wiki.laptop.org/go/Story_Jam_New_York/Results#Report_by_Henry_Edward_Hardy

So it is very disappointing to see such a vindictive, hostile, and inaccurate report appearing on a blog financed at least in part by the United Nations Foundation.

I look forward to my response as submitted two days ago being approved and appearing on the site today.

Sincerely,

Henry Edward Hardy
senior systems administrator, One Laptop per Child 2008-2009
speaking only for myself

As of this posting, I have yet to receive a response from UNDispatch or to see my response posted on their site.

See:
In Defense of OLPC and the XO Laptop
Negroponte’s Response to UN Dispatch: Dream is Alive
Computer Error?
Could One Laptop Per Child be a bad thing?
Debate About Computer Program for Impoverished Students
OLPC: criticisms and a defense

Copyright © 2009 Henry Edward Hardy

Submit to del.icio.usSubmit to BluedotSubmit to ConnoteaDigg it!Submit to FurlSubmit to newsvineSubmit to RedditSubmit to FurlSubmit to TechnoratiSocial Networking Icons Help

11 September, 2009 Posted by | Alanna Shaikh, criticism, development, education, One Laptop Per Child, scanlyze, United Nations | , , , , , , , , , | 5 Comments

Guardian inaccurate article: Alleged credit card scam raises new web security fears

Guardian inaccurate article: Alleged credit card scam raises new web security fears

To the Guardian Tech Editor:

Dear Editor,

The article,

Alleged credit card scam raises new web security fears

published Tuesday 18 August 2009 20.43 BST

incorrectly describes the computer vulnerability, or “exploit” allegedly used by one Albert Gonzalez and unnamed others to allegedly steal and sell credit card information from several companies. The article also mis-characterizes the legal procedure used to bring the charges.

The article says,

“The charge sheet says that Gonzalez, along with two others who “resided in or near Russia”, in December 2007 injected “structured query language”, a computer programming language designed to retrieve and manage data, into the computers of companies such as Heartland, one of the world’s biggest credit and debit card payment processing companies.”

Structured Query Language is not a computer language such as C or FORTRAN. It cannot be “injected” anywhere. It is a format or language for querying or posting information to a computer database.

It sounds like your reporters read “SQL injection”, didn’t understand what that meant, and made up a likely sounding (but wrong) explanation.

A more correct description would be that the alleged fraudsters illegally accessed corporate databases, and inserted fraudulent information into them in order to gain access to those or other systems.

SQL injection is a well-known and preventable vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1804

Your writers apparently could not even be troubled to look up the defendant on wikipedia, see http://en.wikipedia.org/wiki/Albert_Gonzalez

The article refers to a “charge sheet”, the correct term in this case is “indictment”, see http://www.usdoj.gov/usao/ma/Press%20Office%20-%20Press%20Release%20Files/IDTheft/Gonzalez,%20Albert%20-%20Indictment%20080508.pdf

A “charge sheet” in US usage refers to the daily written record of events in a police station, it has little or nothing to do with Grand Jury proceedings. In the Commonwealth, it may refer to a final police report. It is not the same as an indictment brought by a Grand Jury. Confusing charges brought by police and charges brought by a Grand Jury is a fundamental error.

The most newsworthy item overlooked in this rather poor excuse for an article is the question of liability. Both the “wardriving” and “SQL Injection” attacks are well-documented and generally preventable. Thus there is the question of the liability of the companies allegedly victimized as they may have failed to take even the most basic computer security precautions with this sensitive data. Further, how was the defendant able to carry out the alleged attacks while at the same time allegedly acting as a consultant or informant to the US Secret Service? To what degree is the Secret Service liable for failing to prevent, or even possibly enabling, these attacks?

The article’s confusion of the acting US attorney for New Jersey, Ralph Marra, with the “acting US Attorney General” further detracts from the accuracy and reliability of your reportage. The Attorney General of the United States is Eric Holder. There is no “acting US Attorney General.” Your reporters should certainly have known this if they were even moderately well-informed. Basic fact-checking by your editors should have caught and prevented this error from being published.

In the future, please don’t have articles written by people who A) have no idea what they are writing about in either the legal or technical sphere and B) don’t do even a basic job of research and fact-checking. Editors must fact-check and verify all references to technical descriptions, legal proceedings, and offices held by public officials.

Best regards,

Henry Edward Hardy
scanlyze.wordpress.com

The subtitle refers to “‘Biggest ever’ case involves 130m cards”

Who says it is the “biggest ever” case? This unattributed quote appears nowhere in the article, which does not state anything of the kind. Was it simply made up by a copy editor?

I would also note that the title of the Guardian article claims that the incident “raises new web security fears.” This is bullocks. Wardriving and SQL injection are neither new issues nor are they web-dependent; how to defend against them is well-understood and documented; and fear-mongering about them isn’t warranted or appropriate.

Copyright © 2009 Henry Edward Hardy

Submit to del.icio.usSubmit to BluedotSubmit to ConnoteaDigg it!Submit to FurlSubmit to newsvineSubmit to RedditSubmit to FurlSubmit to TechnoratiSocial Networking Icons Help

2 September, 2009 Posted by | Bobbie Johnson, credit, credit card, criticism, Ewen MacAskill, fraud, Guardian, indictment, law, news, reporting, scanlyze, Secret Service, war driving | , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment