2009 September

We’ve all had our share of complaints about big international corporations, they abuses they perpetuate and the crimes they commit, but perhaps – here in South Africa we have an even worse and more immediate problem. Our massive parastatals, they are as bad as any corporation – but in some ways worse. These entities are structured like corporations, operate like corporations – but are owned by the state (which means a significant part of their funding is taxpayer’s money), were constructed using money invested from the treasure (again – our money) and are run by money from the public (electric bills, tv-licenses and phone bills) – and to make it all worse – their markets are protected by law which greatly restrict or often even entirely prevent competition.

Now parastatals are not unique to South Africa, but they do seem to be much worse here than elsewhere. The British BBC is a parastatal broadcasting corporation much like our SABC – but the BBC is prohibited by law from encrypting their signals, prohibited by law from showing advertisements (the system is funded by license-fees on free-to-air channels, therefore the public has already paid – and they paid for programs, not ads). So how come no such restriction is imposed on the SABC ? Perhaps because they (like apparently all the parastatals except maybe telkom) is pretty much borderline bankrupt all the time. How does a company with so much state protection suffer to stay affloat ? Bad management is part, extremely bad service is
a bigger part. We choose to pay more on top of the required license fees to watch DSTV instead… and even if we never use
their service, we still have to fund them. But maybe, we’d be less disinclined to watch SABC if it didn’t have quite so many ads (how is it that the licensed channels even have more ads than the purely ad-supported eTV ?), if they didn’t mess up the ordering of episodes – and if they weren’t in general six seasons behind the world in everything they showed.

Basically, their attempts to be cheap, has made them worthless, but they can rely on a legal requirement that we pay them.

Of course, there is a lot of things to be said back-and-forth on this – and others have said them better, I’m merely laying groundwork here… what irks me is this: when a parastatal owns something, that thing was paid for by taxpayers and license-payers. The public in other words. We pay to purchase or produce this asset, so why is it that we don’t own it ?

Take the SABC programs for example, now I understand that licensed programs from other countries aren’t theres to give away, but by what possible stretch of the imagination can programs created by a state-owned public broadcaster using license fees paid by the public – not be in the public domain? How can these things be copyrighted – and then actually sold to competing networks at times (go see how much content on kyknet are licensed shows the SABC made in the past).

Surely, if we paid for this art to be created – it should be ours to rip, mix and share however we want ? I complained when telkom went public and sold off shares, that derived their value primarily from investment made with taxpayer rands in their
original infrastructure. The value of those shares were dividends on what the public invested in the parastatal – so surely, those
shares should have been freely divided among the population ? Instead, it got sold on the JSE and ended up in the hands of
a few already rich people and big corporations… we paid for it, yet somehow – they own it, and telkom and state officials cashed in big selling our property.
If I sell my neighbours car, that’s called fraud, apparently if the government does it- it’s fair dealing, just so long as they do it to everybody in the country…

I say it outright, there is no legal, moral or other justification for parastatal property to be treated any differently from public property, if it’s to be sold, the value should be returned to the people who paid for it: you and me. In the case of copyrightable material like radio and tv content – the reality is that this media has no reason to be owned ever – it should simply be made and broadcast as public domain, because it was created with public funds.
I can see a reason why not every member of the public ought to be able to do anything he wants with the telkom routing box on the corner, but there is no practical reason why we shouldn’t all be able to do anything we want with last night’s news broadcast, including creating parody shows of it and other forms of useful civil engagement.

I long favored the idea of public free-to-air channels, where anybody, even a small startup could create a television show, this is less relevent now, that is exactly what the internet is great at – especially since it’s hard to censor, it will require a lot less difficulty in regulating against “signal-flooding-everyone-else-out” and it just works… oh right, another parastatal named telkom is keeping broadband so expensive that it’s not really practical, but we can solve that – we will solve that.

What, if anything though, can we do when the media we are already paying to create, is not ours to reuse ?

So, based on a lot of discussion with other photographers and advice taken and starting to get a feel

for what I want to focus on – I decided to invest in some of the basics for portraiture. To this end,

I bought myself a nice second hand Canon Speedlight EX430MK1 flash which can do ETTL2 and

off-camera flashing, as well as Canon’s famous EF50 F1.8 portrait lens. A lens which not one but two

people have told me “every canon photographer should have in his kit”. It’s a fixed focal length lens

(e.g. it cannot zoom – you move closer or further) but with it’s 1.8 F-stop it can shoot great pictures

even in low light conditions (often negating the need for a flash where most other lenses would

require it), it’s shallow depth-of-field is idealfor portaits and what is in focus is crystal-sharp.

Essentially, it’s ideal for most of the kind of pictures which I am currently taking a lot off as

well as the studio-ish style work I want to do more off. I will be looking into building myself

a lightbox for macro work – which this lens is also quite good for (though not the best you can

get for it – it’s still good).

This is a post based on personal experience that led to a fairly major outage for me recently, I won’t share any specific details therefore, but I will explain the issue so others can be warned. The automountd in question was running on an older version of hpux so I suppose it’s possible that newer Linux systems have some kind of protection in it, but sine the flaw is fundamentally part of how automount works – I doubt it.

Imagine you have an nfs share, that contains a lot of directories, various clients will only access some of them, now one popular setup here is to set the master share as an automount – hooked into the subdirectories. Lets say you set this up on /shared_files

Now when a user tries to enter /shared_files/documents for example – the automounter will send a mount request to the NFS server, mount the documents directory directly, and the user transparently gains access… sounds perfect right.

Here’s the flaw… what happens if the user tries to access a directory which doesn’t exist in the share ? Say /shared_files/garbage … well a mount request gets sent, the server rejects it – and the user gets a file-not-found.

That’s all well and good right?

But now… what if I do this:

while /bin/true ; do

ls /shared_docs/$RANDOM

done

See what happens now: instant denial of service attack on the NFS server. Normally, NFS is fairly safe from DoS’s as it’s usually not used online and generally one inside the company would need root access to issue a mount request- but this can be done by any user, and worse on any server he has access to (so it could be distributed) and just to add the cherry on top, similiar scenarios could just as easily spring from stupidity or a buggy program/script – there isn’t even any need for malice…

This problem isn’t limited to NFS, you’d have the exact same issue if you were using CODA or practically any other network file system. Essentially automount, when used on a “in the directory” level – is a disaster waiting to happen, it’s a daemon that executes a root privileged command when triggered by actions a non-privileged user can perform… inherently this is very dangerous.

It is for this reason that I am piece-by-piece ridding my network of automount based setups, and switching to rather just mounting the /shared_docs equivalents using fstab directly (besides which, one on-boot mount request is so much less overhead than hundreds of on-access requests)