Phuket Power Lines

Nerve ends in power lines as Nocturnal Projections, a post punk outfit from Dunedin, New Zealand, sing. I have always found distribution power lines (that is, low voltage assets that transmit power from HV / zone substations to people’s houses) and their different shapes, sizes, and standards fascinating. Their structure and condition reveal a lot about a country’s policy, engineering expertise, and approach to risk management. For instance, a social democratic/ labour policy tends to favour renewal of overhead distribution poles as it keeps people in jobs to inspect, augment / replace assets, and manage vegetation. Sophistication of electrical safety rules and asset performance strategies shines through in the way pole top structures are managed.

From underground cabling in Scandinavia through Sydney’s grids and radials to Thailand’s controlled chaos. Here, power lines hang 1.5-2 metres from the ground. You could reach and grab them in most cases. Some have isolation, but it would be very easy to accidentally snap it and disrupt a whole neighbourhood. Vegetation management, the practice of trimming trees and bush to keep a safe distance to electrical circuits, is also not that common it appears in the photo above. I will keep posting power lines in this category.

The Guardian on migrating from Mongo to Postgres

The Guardian’s Digital blog have posted an excellent write up on their recent migration from MongoDB to PostgreSQL. For the uninformed, the former is a so-called ‘NoSQL’ database that allows developed to treat persisted data and queries as pure JavaScript objects (JSON). The latter is a traditional SQL database, developed by a global community of open source hackers. The article is great as it gives concrete examples of why PostgreSQL would have been a better choice (scale, stability, maturity), the challenge of live migration in a very large environment, and how to deal with it.

Postgres has existed for more than 22 years. Their community claims it is the world’s most advanced open source database. Having worked extensively on Postgres for almost 10 years I can testify that is a true statement.

Mongo, on the other hand, emerged in the late 2000s as the pinnacle of the ‘NoSQL’ movement — developers who were thirsty for easier, more lightweight approaches to databases without the need to learn SQL. It worked, and today MongoDB is backed by a NASDAQ-listed company with $4.5b market cap and 1000+ employees. Mongo was touted as the future of databases for start-ups and full stack engineers that wish to move fast without the cruft and constraints of an orthodox SQL database like MSSQL or Oracle. Therefore when The Guardian decided to build their next generation CMS on top of this technology it was a big deal for the technology and its commercial potential.

I’m not saying Mongo is a poor choice – it was / is successful because it allows developers to move very fast from concept to production using a familiar technology stack (JavaScript). No need to learn SQL or complex relational algebra. It applied the necessary competitive pressure to prompt other vendors to add similar ease of use and speed to their own stacks (e.g. jsonb support in Postgres), creating much needed innovation in a market that had been dominated for too long by a duopoly (MS and Oracle) resting on its laurels.

A biased comparison of Free- and OpenBSD

I have been a longtime avid user of BSD Unix for almost 17 years. I started my career with a small BSD-focused consultancy hacking away on Perl and Postgres. One of my first tasks was building a distributed, scalable network monitoring tool that could monitor very large network with thousands of endpoints. I use FreeBSD and OpenBSD at home and enjoy their elegance and simplicity.

I stumbled upon an article that compares the two operating systems along key technical dimensions. It is written in an interview style/ conversational format with a developer from each team, so it’s an easy read. Find the article here.

Thoughts on the new Assistance & Access bill

A few people have asked me about my views on the recent Assistance & Access (A&A) bill passed by the the Australian parliament. A&A, an amendment to the Telecommunications Act of 1997, gives new powers to ASIO and other law enforcement and intelligence agencies to circumvent end-to-end encryption in technology (such as WhatsApp) and wiretap suspected criminals, e.g. terrorists.

In short, intelligence agencies can now compel companies such as Facebook, Apple, and Google to secretly install backdoors in their software in order to enable wiretapping. It is allegedly the first of its kind in any democratic country, providing powers greater than those of the UK Investigatory Powers Act, which was considered incompatible with EU civil liberties and privacy laws.

Whilst I wholeheartedly agree with the need to fight terrorism, giving government authorities the ability to install trojans and other backdoors in hardware and software is not the solution. There are 5 key reasons for this: 

  • It derails the trust in one of our greatest sources of future prosperity in Australia: our technology industry. Australian technology start-ups are booming, as evidenced through Xero, Atlassian, and Canva. Prospects of government-funded backdoors could severely hurt their reputation. In addition, we run the risk of large technology companies such as Google and Facebook, significant employers of Australian talent, pulling the pin on local presence in order to avoid the new legislation. 
  • It undermines our democratic rights to privacy. In an open, democratic society, people have the right to privacy and free speech without fear of government surveillance. If we keep chipping away on our democratic rights, we end up being no better than the totalitarian regimes we set out to fight in the first place.
  • It is insecure by design, opening the door for criminals to leverage the same backdoor. Security holes, backdoors, and mathematics in general do not discriminate who the user is, because they can’t. The backdoors imposed by government officials are secretive, until they are not. Yes, there are legal provisions that make it illegal for anyone to leak information about an introduced backdoor, but everytime a new update is pushed unexpectedly by a software vendor, we can expect malicious attackers to start scanning applications for security holes. 
  • It is ineffective, only addressing a subset of use cases. Yes, criminals can no longer use / trust WhatsApp and similar proprietary services with operations on Australian soil. However, the legislation doesn’t consider how copylefted and open source software such as Linux, OpenSSH, or critical infrastructure libraries such as OpenSSL will work? Theoretically, if a backdoor is introduced in open source, it will be visible to everyone immediately, rendering it useless. Will the Government fly officials to Canada to tell Theo de Raadt to install government backdoors in order to avoid criminals communicating secretly via an SSH tunnel?
  • It is a non-technical solution to an inherently technical problem – square peg, round hole. The debate and public commentary suggests that the majority of politicians did not understand the context and ramifications of what they are voting on. It’s great that they agree on the broad outcome required (we need better access to wiretaps), but it doesn’t make the underlying technical go away (the law of mathematics). Adding to this, the law as rushed through without due debate and broad consultation.

I will end this post with a quote from ProtonMail’s write-up on A&A

On Thursday, the Australian government and its Labor partners rammed a shockingly invasive anti-encryption law through Parliament, over the objections of experts, businesses, and civil rights groups.”