Power, patronage, and gatekeeper politics in South Africa

This article examines the rise of gatekeeper politics within the ANC, drawing on an analysis of ANC discussion documents, key informant interviews with senior party officials, and interviews and observations from the ANC's centenary policy conference. On the basis of this material, I identify the symptoms and consequences of gatekeeper politics, including the growth of patronage networks, crony capitalism, and bitter factional struggles within the party. Rather than resembling some uniquely “African” form of political aberration and breakdown, gatekeeper politics should be viewed within a broader spectrum of patronage politics evident elsewhere in the world, because it is intrinsically bound up with the development of capitalism. Political leaders who occupy positions of authority in the party or public service act as gatekeepers by regulating access to the resources and opportunities that they control. A volatile politics of inclusion and exclusion emerges and provokes bitter factional struggles within the ANC as rival elites compete for power. The rise of gatekeeper politics undermines both the organizational integrity of the ANC and its capacity to deliver on its electoral mandate. It can also depoliticize social injustice in post-apartheid South Africa by co-opting popular struggles over access to resources that might otherwise challenge the political status quo

A Conflict-Free Replicated JSON Datatype

Many applications model their data in a general-purpose storage format such as JSON. This data structure is modified by the application as a result of user input. Such modifications are well understood if performed sequentially on a single copy of the data, but if the data is replicated and modified concurrently on multiple devices, it is unclear what the semantics should be. In this paper we present an algorithm and formal semantics for a JSON data structure that automatically resolves concurrent modifications such that no updates are lost, and such that all replicas converge towards the same state (a conflict-free replicated datatype or CRDT). It supports arbitrarily nested list and map types, which can be modified by insertion, deletion and assignment. The algorithm performs all merging client-side and does not depend on ordering guarantees from the network, making it suitable for deployment on mobile devices with poor network connectivity, in peer-to-peer networks, and in messaging systems with end-to-end encryption.This research was supported by a grant from The Boeing Company

Investigating Engagement with In-Video Quiz Questions in a Programming Course

In-video quizzes are common in many distance learning platforms, including those from Coursera and EdX. However the effectiveness of in-video quizzes has not previously been assessed. In this paper we describe the construction and instrumentation of an Interactive Video Lecture Platform to measure student engagement with in-video quizzes. We also investigate the use of in-video quizzes as an approach to mitigate the lack of feedback available to students and lecturers in videos and traditional lectures. Finally, we evaluate the effectiveness of augmenting video with the ability to answer and receive feedback to quiz questions embedded directly within the video. We observed that student engagement with in-video questions was consistently high (71-86%) across two cohorts (N1=81, N2=84) with a rate of 1 question per 8.7 minutes of video. We identified three broad levels of engagement with the quiz questions and four motivations, including challenge seeking and completionism, which explain some of the observed behaviour. The results from this investigation demonstrate that in-video quizzes were successful in creating an engaging and interactive mode of content delivery. We recommend that in-video quizzes be used to increase the interactivity of video content as well as supporting formative assessment within a flipped classroom environment.This is the author accepted manuscript. The final version is available from IEEE via http://dx.doi.org/10.1109/TLT.2015.244437

Factory Calibration Fingerprinting of Sensors

Device fingerprinting aims to generate a distinctive signature, or fingerprint, that uniquely identifies individual computing devices. Fingerprints may be a privacy concern since apps and websites can use them to track user activity online. To protect user privacy, both Android and iOS have included a variety of measures to prevent such tracking. In this paper we present a new type of fingerprinting, factory calibration fingerprinting, that bypasses existing tracking protection. Our attack recovers embedded per-device factory calibration data from the accelerometer, gyroscope, and magnetometer sensors that are pervasive in modern smartphones by careful analysis of the sensor output alone. We discuss the factory calibration behaviour of each sensor and show that the calibration fingerprint is fast to generate, does not change over time or after a factory reset, and can be used to track users across apps and websites without any special permission from the user. We find the calibration fingerprint is very likely to be globally unique for iOS devices, with an estimated 67 bits of entropy for the iPhone 6S. In addition, we have analysed 146 Android device models from 11 vendors and found the attack also works on recent Google Pixel devices. For Pixel 4/4 XL, we estimate the calibration fingerprint provides about 57 bits of entropy. Following our disclosures, Apple deployed a mitigation in iOS 12.2 and Google in Android 11. We analyse Apple's fix and show that the mitigation is imperfect although it is likely to be sufficient in most threat models.China Scholarship Counci

Equality: A tool for free-form equation editing

We describe a new tool, Equality, for equation entry using free-form layout of components drawn from a palette of symbols. Our approach is designed to enable learners to easily manipulate the structure of their equations, to be functional in both desktop and mobile environments, and to minimize the amount of learning required to use the tool.We present the results of a study comparing a prototype of our approach with Microsoft Equation Editor using a desktop machine. The initial results are promising with participants reporting that the mechanism is easy to learn and an easy way to manipulate their equations. We report the results of the study and the views of the participants and identify how these will inform the future development of Equality.We thank the Department for Education (United Kingdom) for their support in funding this work through the Isaac Physics project.This is the author accepted manuscript. The final version is available from IEEE via http://dx.doi.org/10.1109/ICALT.2015.3

Verifying Strong Eventual Consistency in Distributed Systems

Data replication is used in distributed systems to maintain up-to-date copies of shared data across multiple computers in a network. However, despite decades of research, algorithms for achieving consistency in replicated systems are still poorly understood. Indeed, many published algorithms have later been shown to be incorrect, even some that were accompanied by supposed mechanised proofs of correctness. In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework in the Isabelle/HOL interactive proof assistant for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter. We find that our framework is highly reusable, developing proofs of correctness for the latter two CRDTs in a few hours and with relatively little CRDT-specific code

Ghost trace on the wire? Using key evidence for informed decisions

Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform's public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision

A Highly-Available Move Operation for Replicated Trees

Replicated tree data structures are a fundamental building block of distributed filesystems, such as Google Drive and Dropbox, and collaborative applications with a JSON or XML data model. These systems need to support a move operation that allows a subtree to be moved to a new location within the tree. However, such a move operation is difficult to implement correctly if different replicas can concurrently perform arbitrary move operations, and we demonstrate bugs in Google Drive and Dropbox that arise with concurrent moves. In this paper we present a CRDT algorithm that handles arbitrary concurrent modifications on trees, while ensuring that the tree structure remains valid (in particular, no cycles are introduced), and guaranteeing that all replicas converge towards the same consistent state. Our algorithm requires no synchronous coordination between replicas, making it highly available in the face of network partitions. We formally prove the correctness of our algorithm using the Isabelle/HOL proof assistant, and evaluate the performance of our formally verified implementation in a geo-replicated setting.The Boeing Company; EPSRC “REMS: Rigorous Engineering for Mainstream Systems” programme grant (EP/K008528); Leverhulme Trust Early Career Fellowship, Isaac Newton Trust; Nokia Bell Labs

Interleaving anomalies in collaborative text editors

Collaborative text editors allow two or more users to concurrently edit a shared document without merge conflicts. Such systems require an algorithm to provide convergence, ensuring all clients that have seen the same set of document edits are in the same state. Unfortunately convergence alone does not guarantee that a collaborative text editor is usable. Several published algorithms for collaborative text editing exhibit an undesirable anomaly in which concurrently inserted portions of text with a well-defined order may be randomly interleaved on a character-by-character basis, resulting in an unreadable jumble of letters. Although this anomaly appears to be known informally by some researchers in the field, we are not aware of any published work that fully explains or addresses it. We show that several algorithms suffer from this problem, explain its cause, and also identify a lesser variant of the anomaly that occurs in another algorithm. Moreover, we propose a specification of collaborative text editing that rules out the anomaly, and show how to prevent the lesser anomaly from occurring in one particular algorithm.The Boeing Company and EPSRC “REMS: Rigorous Engineering for Mainstream Systems” programme grant (EP/K008528)

The Cost of Push Notifications for Smartphones using Tor Hidden Services

Push notification services provide reliable, energy efficient, store-and-forward messaging between servers and clients. This mode of communication is widely used, and sufficiently compelling for mobile devices that push notification services are integrated into operating systems. Unfortunately, push notification services today allow the service provider to practice censorship, surveillance, and location tracking. We explore whether running a Tor hidden service from a smartphone offers a viable, privacy-aware alternative. We conduct empirical measurements in the lab as well as modelling using data from 2 014 handsets in the Device Analyzer dataset. We estimate the monthly median cost of cellular data required to support a Tor hidden service from a smartphone at 198 MiB. We further estimate that the network activity would cost at least 9.6% of total battery on a Nexus One device with a daily charging cycle and connected to the Internet via 3G. We explore four strategies for reducing cellular data costs which, when combined, could potentially reduce the total monthly median cost to 61 MiB.Stephan Kollmann is supported by Microsoft Research through its PhD Scholarship Programme. Alastair R. Beresford is partly supported by The Boeing Company and EPSRC [grant number EP/M020320/1]