26 July 2018 – It was a quick trip back to the Matukituki valley, Pearl Flat & Liverpool hut
Security & Networking for cloud integration – SDP
It is increasingly necessary to integrate applications across multiple datacentres and cloud environments. To further complicate matters BYOD and home access need to be provided as well. This problem transcends integration, and a solution for integration can be extended to secure web apps and mobile device management.
PaaS, SaaS and IaaS provide different secure networking solutions. They all work well in the simple case where you have one *aaS solution connected to your secure network. But these days people need to have multiple solutions connected with any number of interconnections.
An example I have to work with has integration provided in an AWS VPC which has a VPN connection into 2 datacentres, peering with another AWS VPC, a VPN to another SaaS provider and a VPN to another VPC in Azure. The IP addressing ran out in the VPC and it had to be moved to another (larger) IP range. This meant duplicating all those VPNs. Each VPN required engaging with a different network provider in turn and it took several months to finish the whole project.
Adding DR doubles the number of connections required for each Datacentre duplicated. So in the above situation a full DR solution could require 25 VPNs.
Each connection into a component in a datacentre requires a firewall rule to open up the port, and routing can get complicated. It can be improved by adding a gateway component in the datacentre. The gateway component handles all the traffic internal to the datacentre and can do simple protocol conversion. This simplifies routing and keeps all the connection rules in one place. The gateway component can be just as secure as a firewall and is a lot more flexible. The gateway component can refuse non-SSL traffic and then it removes the need for VPNs.
This gives a pointer to what a more comprehensive solution might look like.
There are a number of rules that apply to cloud networking
- TCP/IP is flexible and scales well but provides poor security.
- Any *aaS provided networking security option reduces flexibility to integrate with other providers.
- VPNs do NOT scale.
- Firewalls are very good at blocking agile delivery processes.
- Any security solution needs to provide/utilise Identity and Access Management.
- One layer of (state of the art) encryption is sufficient for most purposes (no need for SSL across VPNs).
- A solution that combines IAM with encryption and firewalls across the internet gives the security of VPNs & firewalls without many of the downsides.
The answer is provided by some sort of Software Defined Perimeter solution. This is an emerging standard with some players providing good tools. Access is managed by user or device, with all configuration in one place (e.g. LDAP). There is no need to manage devices separately from applications.
SDP uses identity to control network access. A controller provides a grant token to a specific user. The network denies access to clients without a valid and applicable token. An existing network can be brought into SDP with an SDP-aware gateway device. Cloud providers (e.g. Azure) can offer SDP built into platform.
One advantage of SDP is you can have overlapping security zones and use standard internet protocols to provide infinite flexibility and scale. An individual component can incorporate its own SDP controller or an SDP controller can control access to all nodes within a secure network segment. An SDP controller can be part of several perimeters simultaneously.
Single Sign On (SSO) can be baked into the solution for no extra cost. The access token identifies the user and the same claims that provide network access can also authorise individual services. On the other hand legacy services with their own identity solutions will still work in an SDP without using SSO.
It may be some time before enough *aaS providers provide compatible solutions. An SDP can be built from existing components, but an integrated solution is easier to manage.
I haven’t managed to implement this for any of my clients yet. It is not just a question of putting in the infrastructure, but it is also a change of mindset. The network providers have to let go of the idea that they can control security with firewalls and IP-based whitelists. Identity management becomes central to security as it should be.
Some links about SDP
A provider of SDP solutions for reference
My humorous speech this year. Good enough to win the club contest, but not placed at area contest. (At least I won the area Table Topics contest as consolation)
I am a time-traveller. To prove it I will go forward in time and see who will have won the upcoming election. The process will take about 2 days.
One thing I cannot do is come back afterwards to this present and tell you the result. You will have to travel through time along with me and learn it at the same time as everyone else. In other words, you will have to wait.
Contest chair, Fellow toastmasters and especially the esteemed judges.
Time travel, also known as chronomotion, is real. We all travel in time and all only in one direction. Sometimes we may seem to be travelling faster than others and sometimes we have a temporal head wind and the transport from one time to another seems very slow. We go through time faster as we get older.
We are sometimes happy about the passage through time. We say “time heals all wounds” or ”in the goodness of time”. Mostly we seem to resent it. We talk about “saving time”, “the race against time” or even “the ravages of time”. Some of us dream of being able to “turn back the clock”.
To really turn back the clock would require a time machine like that envisaged by HG Wells, or the Tardis of Doctor Who, or Harry Potter’s time-turner. If you do go back in time you have to be careful of changing your own history. In “Back to the future”, Marty McFly almost prevents his parents’ marriage which would have had existential implications for him.
One possible complication of time travel is a man could travel back in time and father a child who grows up to be him. In that case he is his own father and grandfather and great-grandfather,… and so on. Robert Heinlein wrote a story where the hero was father AND mother to himself. Work that one out!
Fictional time travel tends to get complicated but in fiction, the paradoxes all seem to be resolved by the time traveller not changing the past, but actually enabling the present. They act as they need to act to make the past line up with their experience. Harry Potter went back in the past and summoned the patronus that he had seen before at the same time. Nothing actually changed. This is because fiction has to make sense. We all know that reality is not so constrained.
So! what if we really could control time? We could read next week’s newspaper to see the election result. Or would we look at the stock prices, or lotto numbers to make wise investments. We could travel back in time to significant moments in history to meet the heroes or villains. Or we could rescue extinct animals from the past. Imagine having Moa in the Zealandia sanctuary.
Many of us would like to go back to fix some mistakes we have made. Think of all the embarrassing moments that could just disappear.
At least it would be nice to be able to skip the boring bits. Imagine going to an airport 2 hours before your flight, checking in and then immediately getting onto the plane as it is about to take off. No wandering aimlessly among the shops, staring out the window at other people’s planes taking off, or drinking endless cups of coffee. It would of course, not be welcomed by the duty free shop owners, which rely on a captive audience to attract our money.
But! Is it possible to change the flow of time? Physics says the answer is a definite maybe. There is nothing in the laws of physics that says time has to travel only in one direction. It is possible that somewhere in the universe time runs backwards and all we have to do is travel there.
Wormholes are tunnels that connect two parts of the universe together, Like the Mt Victoria tunnel, the two ends might be in different places, but they could also be in different times. We could travel through the tunnel and instead of finding an airport, we could see a swamp with Moa running around. Wormholes seem to be possible, but they would require enormous energy which could only be provided by harnessing the gravity of black holes. Unfortunately there are no black holes in New Zealand, apart from perhaps the airports’ duty free shops.
The possibility of time travel does interesting things to the language. How do we talk about an event that occurred in a past time, but later in our personal time line? Did it happen, or will it happen, or will it have happened, or has it will have happened?
After coming back from a trip to the future do you tell people about the things you have seen will happen?
Can we we say we saw something next week, or promise we will do it yesterday?
If you meet yourself in another time what form of address do you use? Is it appropriate to address yourself as “you”? Or is it “Hey me”?
I can’t rule out the possibility of time travel, but I can confidently say that humans will never master the ability to travel backwards in time. I know that humans will never control time because I know that humans cannot be relied on to control ourselves. If we ever will have developed the ability to travel backwards in time then someone has will have misused it and travelled backwards and sold the technology to the future past. That means that if time-machines ever exist then they will always have existed. You couldn’t hush that sort of thing up!
So now my time is up and I should teleport back to my seat one step at a time. We have all travelled 7 minutes during the course of my speech. Isn’t the future a wonderful place? I hope that I have used my time wisely and that you will not think that I have wasted yours.
Toastmasters speech on voting
“Democracy is the worst form of government,… except for all those other forms that have been tried from time to time”
Fellow toastmasters and welcome guests
This quote from Winston Churchill evinces our love/hate relationship with voting and government. There are many forms of governance with various levels of participation from Anarchy to Dictatorship. Our form of representative democracy gives us very little control over decision making but it has one big advantage. The possibility, probability and perhaps even certainty of regular and orderly changes of government. Because there is nothing that keeps a government in check more than knowing that sooner or later they will become the opposition.
Over the next 7 weeks we will have the chance to decide who we want to govern us for the next 3 years. This is our only chance to have our say, because after the voting is finished we go back to being passive recipients of government decision making – good or bad, competent or incompetent, benevolent or malevolent. So how can we decide? Are we hard-headed rational actors, or do we decide based on feelings? Do we like a party’s policies or do we even trust them to follow through? Do we know who is on a party’s list, or do we just vote for the leader?
Restructuring has hit parliament and the MPs are having to re-apply for their jobs. The roles are open to anyone. Now the parties and MPs are presenting their CVs and turning up for job interviews. It is a 3 year contract with likely extension if they show competence. The unsuccessful candidates will have to wait another 3 years to apply. Anyone who has served on an interview panel will know what to look for in a candidate, and what can go wrong if you choose the wrong person.
Democracy is hard! It is up to us to put some effort into the choice. If we go into the ballot box with no idea how we will vote then we are failing in our duty. We have not prepared enough and are likely to make an ill-considered choice. If we don’t bother to vote because we can’t put any attention to considering the options then we deserve any negative consequences. We have seen overseas with Brexit, Duterte, and Trump that elections can make a big difference. We have also seen elections where there is no real difference as the ruling party doesn’t allow it. Luckily in New Zealand none of the choices are likely to lead to disasters, but the parties vary enough that voting does make a difference. So it is worth our while putting some effort into the choice.
As toastmasters we should be listening to politicians’ speeches and evaluating them. We want to know how they are trying to manipulate us. What rhetorical devices are they using? Any awkward alliterations? Advertorial style metaphors? Hyperbole, puffery and exaggeration? Do they repeat themselves again and again and again and again? Is understatement likely? I think not!
Are they appealing to our minds, our hearts, our souls or our stomachs? Or do they appeal to baser emotions: fear, envy, greed or hatred? Are they concealing something? Are they trying to fire us up? Or put us to sleep? We should also be thinking about our listening skills. Are we hearing what they are saying, what they are implying, or what they are keeping silent about?
Do we remember what the government promised 3 years ago? Have they delivered? What are they promising for the next 3 years. What are the other parties promising? Do we trust them to deliver? What happens if circumstances change? (a war, a recession, an earthquake perhaps), who do we trust to be capable, flexible and honest?
I urge you to go out and listen to the candidates, read their manifestos, read the commentaries in the newspapers and talk to people you trust. You should have the opportunity to meet your local candidates. Go out and engage them in conversation. Most of them will be quite different in person to what you see on TV. Ask them the hard questions. Listen carefully and respectfully. No matter whether you like their policies, pretty much all MPs go into parliament wanting to make things better.
You might choose to stay away from political blogs. They will typically be biased in favour of or against some parties. The comments could make you want to give up the thought of voting. The newspapers, radio and TV DO have some bias. Try to recognise bias, and think around it, but also remember that it might be you that is out of step! There are good objective and well researched commentary sites, but really you should go to the sources (the candidates and the parties) and make up your own mind.
If you find someone or some party that you really want to be elected then think how you might help them. Consider joining the party or donating. Volunteer to help them with mailing or door knocking. Put up a sign on your front lawn and be prepared to talk to your neighbours about your choice. As a member of a party you get to do some work, but you also get to have some say in what gets done. Use your toastmasters’ leadership skills and join the local committee. Or better still use the speechmaking skills and become a candidate.
Most of us will not display that level of commitment to any one party or candidate. But still we can carefully weigh up the differences. Is it tax cuts or welfare? Business or environment? Regulation or deregulation? The differences are not always clear, but we should be clear about what we are looking for to be able to choose the best representative for us.
How do the promises of the various parties match our own morals and philosophies? What have they done in the past that has gone well or badly? All of us will have our own core concerns. Do we value honesty or are we prepared to accept being lied to for the sake of getting things done? Do we value openness in government or do we accept that the government knows best and doesn’t need to share the details.
Some people will say that it doesn’t matter who we vote for, because they are all liars, and they all put themselves first. “Don’t vote it only encourages them” some might say. But I think this is cynicism and just encourages the worst practices. While none are perfect, there are differences and you can choose to vote for the ones that best match your values. Competence and ability are required, as also are passion and respect.
In New Zealand we get two boxes to tick. One vote for the local candidate should go to the best candidate, regardless of what party they come from. Feel free to split your vote if you want! The second tick is for the party. Remember that the party vote determines who is the government, so be careful who you give that to.
You may decide that no party or candidate is worthy of your vote. Think carefully about this. We don’t expect politicians to be perfect. They are human after all. If you object to them all then perhaps you may choose not to vote. I would recommend going into the voting booth and writing “no confidence” on the paper. It will be recorded as an “informal” vote. It doesn’t count. It will go into the same box as those who intend to vote, but make some mistake. However it is recorded, and is not the same as just not bothering.
In other countries, in other times people have had to fight for democracy. In other countries, in other times ballots are accompanied by bullets and voting is dangerous, yet still people risk turning out to vote. In other countries, in other times people have carelessly given up the right to vote and then suffered the consequences. We are lucky. We can vote for the candidate of our choice without any risk to our safety or employment. Not voting would be disrespectful to our predecessors who fought for our rights and to those in other countries who would love to have our power.
The election is not really for the candidates. It is about us and our chance to influence the next few years in New Zealand. This is our chance to make a difference. The candidates are working hard to be noticed by us. The promises, the candidate meetings, the debates, the hoardings, the pamphlets, the kilometers of travel, the door knocking is all for us. They may ignore us for the rest of the 3 years, but now is our time.
Remember! We each have one vote, so use it and use it wisely.
Stewart Island – North West circuit
New year’s trip to start 2017
So yes we cheated by getting a boat to Christmas Village and getting picked up at Freshwater. This cut about 4 nights off. It still was a very hard but very enjoyable 7 days walking. Lots of mud and some steep slippery banks
Stewart Island – The Rakiura walk
End of 2016 trip to Stewart Island
Flight to Invercargill and ferry to Oban gave us a few hours to have a quick walk into Invercargill.
Logical thought and beliefs
People have lots of arguments (at least I do) about politics and human affairs. In most cases we have no chance of persuading anyone, as we don’t form beliefs based on logical thought.
“Beliefs” are for religion. In logical thought we call them axioms. However, in most arguments we don’t question our axioms and believe the conclusions, however shaky the line of reasoning. It would be nice to see decisions made on the basis of evidence, but too often the decision is made based on prejudice and the reasoning tailored to the conclusion. No group is immune (although some may be more prone to it than others).
I find it helpful to ask myself “what evidence would cause me to change my mind about a subject?”. If I know what to look for then I can question my conclusions independently of the “reasoning” that created them.
Take Global Warming – as an example.
We have all sorts of reasons for concluding that greenhouse gases cause heat retention in the atmosphere, and that if there were no greenhouse gases the earth would be many degrees cooler. There are a few hidden axioms there, but it can be taken as near to a “fact” as science gives.
The global climate record is showing warming based on temperature gauges and proxy measurements. It is therefore logical to conclude that greenhouse gases are causing the current warming. Alternatively we have to show both:
- why greenhouse gases are not warming the planet?
- what is causing the warming instead?
All that remains is to measure the coefficient of warming. From that we can predict how much warming to expect in the future given that we keep treating the atmosphere like a sewer.
Not so fast!
The scientific method goes: evidence, theory, prediction, measurement (rinse and repeat). So far we have shown the first 3, how have predictions made in the previous decades matched reality? The answer is well enough (within the uncertainties that come with climate models) but not conclusive enough to be considered “scientific fact”.
So if not “scientific fact” then what? We make all sorts of public policy on evidence that is much weaker than the evidence for global warming. (just look at economics, which is little better than guesswork). We might think of the difference between criminal vs civil law. In criminal law we are looking for “beyond reasonable doubt” (yet we use evidence which is much weaker than the evidence for global warming). In civil law we have to allow a decision on balance of probabilities. In public policy we have to balance the costs and risks of BAU vs the costs of action. Physics doesn’t say anything about the costs (that is economics) but please use the best available physics to make your estimates.
So what would make me doubt global warming?
- I could question the axioms: Do greenhouse gases really cause warming of the atmosphere?
- I could question the measured temperature record
- I could question the proxy temperature record
- I could question the predictions of the climate models
- I could find real evidence of another mechanism causing heating the atmosphere
It turns out in this case the first bullet point is crucial, so long as at least one of the others stands. So if you want to convince me that global warming is bogus, show me real evidence that the physics is wrong!
If you are convinced that human activity is not warming the planet, then I challenge you to consider what evidence would make you change your mind.
Buan was an interesting place for a go tournament. There was a children’s go tournament there just before our tournament.
The hotel was 40 minutes drive from the playing venue and can be seen in this photo through the trumpet.
My result was 3 from 6 and 29th out of 54. This was about what I expected, but the way it happened not so much.
Day 1. Two wins and one a good win against a strong European 3 dan (overall happy)
Day 2. Two losses in games in which I had my chances against strong opponents. The first game was recorded and will be shown on TV along with a strange interview. (overall not too dissatisfied, but ruing the missed chances)
Day3. A loss to someone I should give stones to and almost lost to a 2 Kyu. (a disastrous day really)
Club speech contests
So 3 club contests entered for 2 firsts and a second. It sounds better than it really is. I was very unprepared for the Midcity humorous contest. I think the basis of the speech was good, but it needed more preparation and I needed to work the laughs better.
Still, winning both Avon’s and Midcity’s table topics is not bad. Will I be able to get to the area contests? I think the Area contests should be winnable, but the divisions will be hard. Would I want to go to Invercargill? I suspect I will miss out because of the timing anyway.
It was fun being contest chair at Avon (25/08/2016) and my speech would have needed a lot of work to be competitive there. Some things to work on. Always a lot to learn at toastmasters.
Australian tournament finished
3 from 6 and an embarrassing end.
Boy! am I not ready for Korea!