1. Cricital thinking about South African politics and media

    South Africans are smart critical thinkers who aren’t influenced by our personal bias, right?

    Will you agree with something you normally wouldn’t just as long as it’s phrased in a way that’s critical towards the ANC? Desmond Tutu held a press conference yesterday after receiving numerous requests to speak about 20 years of democracy. He was quite critical of the ANC and said he wouldn’t vote for them. So far so good.

    I’ve seen no outcry in the press over his comments. Everyone is quite happy to publish critical stuff of the ANC without attacking Tutu. Comments on the IOL article say things like:

    "You can always trust the arch to speak his mind. How many in the ANC condemn JZ but is too afraid to voice their own convictions?"

    "The Arch has become such an amazing man over the years. He has risen above the ANC years ago, I really respect him and care for him. Go Tutu !! champion !!"

    "My sentiments too. If you want a society where people matter, don”t vote anc."

    But what he actually said was this:

    '[Tutu] says the ANC government “horrendously sabotaged” the Truth and Reconciliation Commission (TRC) by not implementing recommendations like the wealth tax to benefit people who suffered under apartheid. “The wealth tax would have made our economic situation different today and the rich agreed to paying it.”'

    So does this mean that suddenly people think a wealth tax (as proposed by Tutu and the Truth and Reconciliation Commission) is a good idea? I still do, but the last time Tutu brought this up (in 2011), there was a big outcry in the press.

    Reaction from the comments, also from an article on IOL:

    When does it end? BEE, AA, nationalisation. Please impose your racist wealth tax. I have no interest in you, or South Africa. You can have ‘your’ lands back.

    Thats strange, because my barber, who is equally as qualified in socio-economics, disagrees.

    With a statement like this perhaps too much communion wine hey Arch?

    Desmond, I have worked and paid my taxes for 40 years, and managed to scrimp and save so that I wouldn’t be a burden on the state now that I’m reaching retirement age - now you want me to pay wealth tax? … Nobody is going to take away from me what I have worked 40 years for! Go and get stuffed! Unfortunately that is typical of blacks all over the world, this air of entitlement - they do bugger all and expect the white man to share their hard earned wealth with some useless lazy person who breeds indiscriminately and wants a job but doesn’t want to work!

    I hope he dies soon.

    Of course, this is a reminder to avoid comments but there was very little positive reaction from the press (or white South Africans) on this idea. Yet now, when the wealth tax is couched in language critical to the ANC, Tutu gets a positive hearing.

    This is a reminder that confirmation bias affects our critical thinking (and a reminder that perhaps a wealth tax is a good idea after all!). It also shows how smart Tutu is - he’s not simply criticising the ANC (and simultaneously celebrating how much progress SA has made and the good our democratic government has done); he’s doing it in such a way to show the bias of the media and invite us to think more deeply about our own biases.

  2. A web security rant about www.paycity.co.za

    I’m annoyed. Maybe it’s because I just had to pay a R500 fine for not having renewed my license in time, but when after using the (very useful) facility at http://www.paycity.co.za to pay said fine, I was asked for some feedback (“What do you hate about PayCity?”) I gave them what follows. Summary: web security is serious, so stop mucking around. Here goes.

    I heard that my PayFines account was automatically merged into PayCity, and when I went to www.payfine.co.za it redirected me to www.paycity.co.za so I again assumed that my account was now active on paycity.co.za.

    But when I tried to log in nothing happened. Literally nothing. No error messages, no feedback, nothing.

    This is because you’re using a javascript submit in the background which does an ajax call to the server, and your developers forgot to add some useful error handling. There is NO feedback when clicking the login button. AND javascript needs to be enabled to use the site. To log in! There’s no need for that. Html submit buttons were created for a reason - use them.

    I had to create a new account. That worked fine, at least.

    The background of the username and password input textfields is a base64 encoded gif. To give a uniform orange background. Are you serious?!?! Take it out - it serves absolutely no purpose, and makes me wonder what your web team was thinking.

    And the entire submit form is…wait for it…a TABLE! Yes, a TABLE! In 2013! That’s amazing. Give your web designers a pat on the back. And tell them 1995 called and wants its table back.

    Whoever designed your payment forms needs a strong dose of usability. Hint: when there are two values in a dropdown select list, and the user could choose either of them, don’t automatically set a default value. How many Visa users have had to resubmit their transaction because “Mastercard” was automatically selected? And you get charged for each time a user submits a transaction! Fix this bug. Look, I just saved you R100,000 this year.

    Example number two: if you’re going to ask me, in a feedback form, if I follow you on Twitter or Facebook, and then suggest I should, maybe it would be useful to, I don’t know, place a link to both accounts underneath those questions?! Hey, I just met you, and this is crazy, but I’m going to make it easy for you to find my social media accounts, so follow me, maybe.

    Why should I care about this nonsensical display of web design skills? Because, and this is important, I am entrusting your site with my credit card details! If the quality of your web security is the same as the quality of your web design, I am very, very worried.

    On that note, your Terms & Conditions say that my credit card details are “secured by a variety of security measures that are reasonable”. Nowhere in your Ts&Cs do you actually say that I can store my credit card details on your server (which I will NOT do), but even worse, you do not say exactly how they are stored, where they are stored, who has access to them, and how they are decrypted (because of course they’re stored encrypted, right?). If they are encrypted with the user’s password, do you enforce strong passwords? Do you salt the encrypted passwords with a secret key?

    Have you heard of the Sony Playstation hack? Do you realize that your site is a magnificent target for hackers?

    The most public website to launch recently was mega.co.nz. They have published details of how they do “secure, private storage” - which is a good way to know how secure the service is. Hint: merely saying “we use a variety of security measures” is NOT an adequate security policy. This allows people who know about security to know how secure the offering really is (because people are smart like that). And allows articles like this - http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/ - which show that, in Mega’s case, simply “using encryption” does not automatically make the service “secure” (and let’s not pretend there is such as thing as “secure”, there are only degrees of security - and if the world’s leading security expert, Bruce Schneier, says that, don’t claim that your offering is “secure”. That only tells me that when it comes to security, you don’t know what you’re doing).

    The article I just linked to says that at one point: “It’s annoyingly unclear [from Mega’s documentation]…” and goes on to talk about such technical details like not knowing how the RSA private key is encrypted, or not knowing where it is stored. The same applies to the single line you devote in your Ts&Cs to ensuring me, your loyal user, that my credit card details are “secured by a variety of security measures that are reasonable”. I would like to know WHAT those “security measures” are, so that I can decide if they are reasonable.

    It keeps getting worse. The email you sent me when I created an account on your site proudly proclaimed, “Paycity.co.za is now 3D Secure.” That’s fantastic! Except it isn’t (using 3D Secure, that is). How do I know? Because my credit card is 3D Secure enabled, and did 3D Secure come up during the process of paying my fine? No, it did not. So why tell me you’re using 3D Secure when you’re not? Just messing around? See the theme here?

    And why tell me in an email that you use 3D Secure but there’s no mention of that in your Ts&Cs? Do your email content people not talk to your web content people?

    I would like to know how my credit card details are stored, please. For all I know the details are stored unencrypted in a database table on the same server that the website is, in a table called “credit_cards”, and your website hasn’t been pentested for sql injection. You may as well hang a sign on the door saying, “Help yourselves, hackers!”

    Deep breath

    I would really like a response, please, which I will also gladly add to my post at http://rogersaner.tumblr.com - which is simply my above feedback, for public consumption and awareness.

    Kind regards,
    PS - if you want useful and meaningful feedback, then try not restrict the number of allowed characters in your textarea to 512 characters. It’s silly.

  3. Harley close-up.

    Harley close-up.

  4. Cape flowers.

    Cape flowers.

  5. Cacti and some succulent plant, taken in Calitzdorp. Hot!

    Cacti and some succulent plant, taken in Calitzdorp. Hot!

  6. The argument for Affirmative Action

    A forgetting of history in recent years allowed some persons to argue, and argue persuasively, that affirmative action is reverse racism. The very phrase “reverse racism” contains the argument that,while it was once the case in this country that whites set themselves apart from blacks and claimed privileges for themselves while denying them to others, now, on the basis of race, blacks are claiming special status and reserving for themselves privileges they deny to others, and isn’t one as bad as the other?

    The answer is ‘no”, and one can see why by imagining that it is not (2012) but 1980 and that we are in a town in South Africa. No doubt that town would contain two more or less distinct communities, one white and one black, and no doubt in each community there would be a ready store of expressions of plain hatred, all directed at the other community, and all based in racial hostility. Yet it would be bizarre to regard their respective ‘racisms’—if that is the word—as equivalent, for the hostility of one group stems not from any wrong done to it but from the wrongs it is able to inflict by virtue of its power to deprive citizens of their voting rights, to limit access to an educational institution, to prevent entry into the economy except at the lowest and most menial levels, and to force members of the stigmatized group to ride in the back of the bus; the hostility of the other group is the result of these actions, and while hostility and racial anger are unhappy facts wherever they are found, there is certainly a distinction to be made between the ideological hostility of the oppressor and the experience-based hostility of those who have been oppressed.

    Not to make that distinction is to twist history and forget the terrible plight of blacks, not simply during apartheid, but in the more than two hundred years of this country’s existence. Moreover, it is further to twist history to equate the efforts to remedy that plight with the actions that produced it. Those efforts, designed to redress the imbalances caused by long-standing discrimination, are called affirmative action, and it is a travesty of reasoning to argue that affirmative action, which gives preferential treatment to disadvantaged groups as part of a plan to achieve social equality, is no different from the policies that created the disadvantages in the first place. Reverse racism is a cogent description of affirmative action only if one considers the virus of racism to be morally and medically indistinguishable from the therapy we apply to it. A virus is an invasion of the body’s equilibrium, and so is an antibiotic, but we do not equate the two and decline to fight the disease because the medicine we employ is disruptive of normal functioning. Strong illness, strong remedy—the formula is appropriate to the health of the body-politic as it is to the body proper.

    At this point someone will always say, “But two wrongs don’t make a right; if it was wrong to treat blacks unfairly, it is wrong to give blacks preference and thereby treat whites unfairly”. But this objection is just another version of the forgetting and rewriting of history. The work is done by the adverb “unfairly”, which suggests two more or less equal parties, one of whom has been unjustly penalized by an incompetent umpire or official scorer. But the initial condition of equality in relation to which the prep-school virtue of fairness might be an appropriate yardstick has never existed. Blacks have not simply been treated unfairly; they have been subjected first to decades of slavery, then to decades of second-class citizenship, massive legalized discrimination, economic persecution, educational deprivation, and cultural stigmatization; they have been killed, beaten, raped, bought, sold, excluded, exploited, shamed and scorned for a very long time. The word “unfair” is hardly an adequate description of their experience, and the belated gift of “fairness” in the form of a resolution no longer to discriminate against them legally is hardly an adequate remedy for the deep disadvantages that a prior and massive discrimination has produced. When the deck is stacked against you in more ways that you can even count, it is small consolation to hear that you are now free to enter the game and take your chances.

    The same insincerity and hollowness of promise infect another formula that is popular with the anti-affirmative action crowd, the formula of the ‘level-playing field’. Here, the argument usually takes the form of saying, “It is undemocratic to give one class of citizens advantages at the expense of other citizens; the truly democratic way is to have a level playing field to which everyone has access and where everyone has a fair and equal chance to succeed on the basis of his or her merit”. Fine words, but they conceal the true facts of the situation as it has been given to us by history: the playing field is already tilted in favour of those by whom and for whom it was constructed in the first place; if the requirements for entry are tailored to the cultural experiences of the white minority, if the skills that make for success are nurtured by institutions and cultural practices from which the disadvantaged majority has been systematically excluded, if the language and ways of comporting oneself that identify a player as “one of us” are alien to the lives black people are forced to live, then words like “fair” and “equal” are cruel jokes, for what they promote and celebrate is an institutionalized unfairness and a perpetuated inequality. The playing field is already rigged, and the resistance to altering it by the mechanisms of affirmative action is in fact a determination to make sure that the present imbalances are continued for as long as possible.

    Stanley Fish - "Reverse Racism, or how the pot got to call the kettle black"

  7. Whistler on a sunny summer’s day

    Whistler on a sunny summer’s day

  8. Grouse Mountain

    Grouse Mountain

  9. Pacific Central station

    Pacific Central station

  10. View from Grouse grind

    View from Grouse grind