You can’t wake a person who is pretending to be asleep**


Lots of what we take for granted found expression in the thoughts and writings of John Perry Barlow. He crafted “A Declaration of the Independence of Cyberspace” back in 1996. It held lots of truths that I found critical for all of us, regardless of where we find ourselves.

John passed away on 7 February 2018. I was privileged to have met him in Singapore on 28th March 1995 (update: thanks to Marv for the date) and what an honour it was. Singapore was in the midst of her “IT 2000 Master Plan” crafted by the National Computer Board (the earliest I can find of ncb.gov.sg is from 13 October 1997).

He had spoken at an event at the NCB and we then proceed to have lunch a chinese restaurant at Clementi Woods park. Among the many things we chatted about was about the future and what it means to be connected. Mind you, those were days when we had dial up modems, perhaps 56k baud, but what a thrill it was to hear about his visions.

I was fortunate to have been able to keep in contact with him in the early 2010s via twitter and email and I was very glad that he did remember that trip and that he found some of the things Singapore was doing then to be intriguing but challenging for the future and that digital rights would be something that we need to be fighting for because if the people don’t own it, governments and big corporations will occupy that space.

He was the founder of the Electronic Freedom Foundation and on 7th April 2018, the EFF held a “John Perry Barlow Symposium” hosted by the Internet Archive. Do watch the recording to how critical John was to lots of what we take for granted today.

Read his writings at the EFF which is hosting the John Perry Barlow Library.

Thank you John.

* John’s photo by Mohamed Nanabhay from Qatar,  CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=66227217

**https://www.quotes.net/quote/4718

Advertisements

Seeking a board seat at OpenSource.org


I’ve stepped up to be considered for a seat on the Board of the Open Source Initiative.

Why would I want to do this? Simple: most of my technology-based career has been made possible because of the existence of FOSS technologies. It goes all the back to graduate school (Oregon State University, 1988) where I was able to work on a technology called TCP/IP which I was able to build for the OS/2 operating system as part of my MSEE thesis. The existence of newsgroups such as comp.os.unix, comp.os.tcpip and many others on usenet gave me a chance to be able to learn, craft and make happen networking code that was globally useable. If I did not have access to the code that was available on the newsgroups I would have been hardpressed to complete my thesis work. The licensing of the code then was uncertain and arbitrary and, thinking back, not much evidence that one could actually repurpose the code for anything one wants to.

My subsequent involvement in many things back in Singapore – the formation of the Linux Users’ Group (Singapore) in 1993 and many others since then, was only doable because source code was available for anyone do as they pleased and to contribute back to.

Suffice to say, when Open Source Initiative was set up twenty years ago in 1998, it was a formed a watershed event as it meant that then Free Software movement now had a accompanying, marketing-grade branding. This branding has helped spread the value and benefits of Free/Libre/Open Source Software for one and all.

Twenty years of OSI has helped spread the virtue of what it means to license code in an manner that enables the recipient, participants and developers in a win-win-win manner. This idea of openly licensing software was the inspiration in the formation of the Creative Commons movement which serves to provide Free Software-like rights, obligations and responsibilities to non-software creations.

I feel that we are now at a very critical time to make sure that there is increased awareness of open source and we need to build and partner with people and groups within Asia and Africa around licensing issues of FOSS. The collective us need to ensure that the up and coming societies and economies stand to gain from the benefits of collaborative creation/adoption/use of FOSS technologies for the betterment of all.

As an individual living in Singapore (and Asia by extension) and being in the technology industry and given that extensive engagement I have with various entities:

I feel that contributing to OSI would be the next logical step for me. I want to push for a wider adoption and use of critical technology for all to benefit from regardless of their economic standing. We have much more compelling things to consider: open algorithms, artificial intelligence, machine learning etc. These are going to be crucial for societies around the world and open source has to be the foundation that helps build them from an ethical, open and non-discriminatory angle.

With that, I seek your vote for this important role.  Voting ends 16th March 2018.

I’ll be happy to take questions and considerations via twitter or here.

Of open source, security and collaboration


I had the privilege of being a panelist at the inaugural “India Digital Open Summit” held in Mumbai, India on 19th January 2018.

The event was organized by Reliance Jio and held at the Jio Talk Auditorium, Learning & Development Center, Reliance Corporate Park in Navi Mumbai. My first visit to that part of Mumbai so it was all good and exciting for me.

This Summit was organized jointly by Reliance Jio, The Linux Foundation and Cisco.

The event first of a four city Linux Foundation open source* series to be held in India this year. I am particularly interested in this specific event because of it being organized and run by a up and coming mobile telco, Reliance Jio.

It is really good, from my perspective, that open source is now the driver for all sectors of the global economy and now all corporate entities who expect to be still around over the next five years, are recognizing and acting on getting this into their organizations. We are long past the salad days of free and open source and we are now benefiting from the struggles of the last 20-30 years.

The panel I was on was chaired by Mr. Rajan Mathews, Director General of COAI.

The entire panel discussion can be viewed here.

I would like to perhaps highlight a two things that I was asked about and give added context.

The first was in terms of security of open source software. The typical comment that I’ve heard over the last two decades is that because the code is open, it therefore is prone to being turned into malicious code. The root of this myth is from statements that were made in the late 1990s and early 2000s by proprietary vendors trying to sow F.U.D amongst the technology buyers who were told that only closed proprietary software is secure because no one else can look at it. It is the classic “trust me <wink> <wink>” statement.

Open source is indeed more that good enough such that even the CIO of New York Stock Exchange Euronext endorses it for the NYSE. Billions are traded daily on the NYSE. If they can reap benefits from open source, so can any other entity.

Never mind that endorsement. Just look at what’s happened in the last few weeks around security – specifically in the CPU (i.e., the actual hardware) that runs almost 100% (or very close to it) of the world’s computing systems, mobile phones etc. The specific issue is about Spectre and Meltdown. Mitigation of this hardware issue is driven by the open source community and Red Hat has taken a lead position in it while working in tight collaboration with the rest of the industry, including proprietary OS vendors. If it weren’t for the open source developers, we won’t have been able to do the mitigation as quickly as we have been (and work still continues nonetheless).

So, I do hope that we have put behind us this uninformed statement that “open source software is not secure”.

The second comment is about a question that I was asked was about how open source code is being taken by corporates and turned into products and that the developers of these are not being compensated. This is an important question and will be asked over and over again.

This is where I am particularly proud to be a Red Hatter because what we do is to be trusted entity between the FOSS community of developers and projects and the enterprises who see tremendous value in the open source projects that become products that enterprises can use.

Red Hat can be likened as a gardener/farmer who tends the garden/farm that has many different crops, plants (projects). We harvest good projects from the farm and turn them into products. In that process, additional work is done in security, features, documentation, certification etc so that we can make the open source product ready for enterprises. These changes/enhancements are fed back into the open source projects. This two way process is what we do to ensure that the ecosystem of open source projects are indeed thriving and growing while we bring sanity and accountability to enterprises who use these project/products. Red Hat is a equal peer player/participant in the projects and that is how one gains trust in the community and also how we then are able to bring accountability to the enterprise.

Overall, I enjoyed my pane and I must thank Rajan for being an excellent moderator.

* open source is the marketing term of Free Software first coined by Christine Peterson back in 1998.

[this post first appeared here: https://www.linkedin.com/pulse/open-source-security-collaboration-harish-pillay/%5D

Wireless@SGx for Fedora and Linux users


Eight years ago, I wrote about the use of Wireless@SGx being less than optimal some years ago.

I must acknowledge that there has been efforts to improve the access (and speeds) to the extent that earlier this week, I was able to use a wireless@sgx hotspot to be on two conference calles using bluejeans.com and zoom.info. It worked very well that for the two hours I was on, there was hardly an issue.

I tweeted about this and kudos must be sent to those who have laboured to make this work well.

The one thing I would want the Wireless@SG people to do is to provide a full(er) set of instructions for access including Linux environments (Android is Linux after all).

I am including a part of my 2010 post here for the configuration aspects (on a Fedora desktop):

The information is trivial. This is all you need to do:

	- Network SSID: Wireless@SGx
	- Security: WPA Enterprise
	- EAP Type: PEAP
	- Sub Type: PEAPv0/MSCHAPv2

and then put in your Wireless@SG username@domain and password. I could not remember my iCell id (I have not used it for a long time) so I created a new one – sgatwireless@icellwireless.net. They needed me to provide my cellphone number to SMS the password. Why do they not provide a web site to retrieve the password?

Now from the info above, you can set this up on a Fedora machine (would be the same for Red Hat Enterprise Linux, Ubuntu, SuSE etc) as well as any other modern operating system.

I had to recreate a new ID (it appears that iCell is no longer a provider) and apart from that, everything else is the same.

Thank you for using our tax dollars well, IMDA.

My submission to the proposed changes to the Films Act


[The submission deadline is 5pm Singapore time Saturday December 30, 2017. Image above from http://www.newlovetimes.com/wp-content/uploads/2015/03/the-godfather.gif ]

I have sent the following to the IMDA as per their requests for comments for the proposed changes to the Films Act.

 

Public Consultation on Proposed Amendments to the Films Act (FA)

To: consultation@imda.gov.sg

Hi. I would like to thank IMDA for inviting comments to the proposed amendments to the Films Act and for extending the deadline to the submissions.

I refer to the following section extracted from section F of Part 1 and included here for completeness – except for the footnotes [0]:

“(F) Enhancements to IMDA’s Investigation and Enforcement Powers

2.30 Today, the Films Act provides IMDA and Police with powers
to enter premises without warrant to search for and seize
unlawful films. However, for other breaches of the Films
Act, such as the distribution or public exhibition of
unclassified films, such powers are vested with the Police
who assist IMDA with enforcement and investigations. Going
forward, the enforcement and investigation for breaches
under the Films Act will be taken on by IMDA, and the Police
will only be called on when necessary. Accordingly, the
Films Act will need to be amended to empower IMDA with the
necessary enforcement and investigation powers to take on
this role.

Proposed Amendments

2.31 MCI/IMDA propose to enhance IMDA’s investigation and
enforcement powers to:

(a) Request any documents and information from any person
to investigate a suspected breach of the Films Act or
licence conditions;
(b) Enter and inspect, without warrant, any premises and
examine any film or advertisement for a film found on
the premises;
(c) Dispose of films, equipment or materials that have
been seized during enforcement and is unclaimed,
forfeited or has to be disposed without returning to
the owner; and
(d) Provide for the composition of offences.”

In general, the various other proposals look useful and are, I think, reasonable.

What concerns me, however, is the change as noted in paragraph 2.30 above.

As it is, there is no need for a warrant to enter a premise as was already in the law [1] (Section 23A(1)(a)(i). I note that it is only in 23A(6) that warrants are sought when 23A(1)(a)(i) fails.)

How the Film Act [2] was written (and passed) that way is something that I’d like to know. I think that it does infringe of one’s rights and I feel is counter to the idea of due process and fair play.

So, given that, I am concerned with the proposed removal of the involvement of Police officers as noted in paragraph 2.30 above.

The consultation document does not provide detailed justifications or reasons for the proposed amendments. It would be very helpful if there were historical information as to what IMDA encountered (or was hindered as a result of) in undertaking the responsibilities as it is defined in the law that now warrants the need to remove Police officers in the list of authorized officers.

I am concerned that the impartial oversight that the Police offers is being diminished by this proposed change. It might very well be that there were indeed no Police officers involved in previous efforts to enforce the Film Act, but that is not evident in this
proposal and seems strange to write them out of it without additional information.

Thank you.

Harish Pillay

[0] https://www.imda.gov.sg/-/media/imda/files/inner/pcdg/consultations/consultation-paper/public-consultation-on-proposed-amendments-to-the-films-act/films-act-public-consultation-4-dec-2017.pdf?la=en
[1] https://www.imda.gov.sg/-/media/imda/files/inner/pcdg/consultations/consultation-paper/public-consultation-on-proposed-amendments-to-the-films-act/annex–draft-films-act-amendment-bill.pdf?la=en
[2] https://sso.agc.gov.sg/Act/FA1981#pr34-

This is very interesting! (it is proprietary though)


I just came across something called hashgraph that seems to be able to replace blockchains as the basis of distributed ledgers.

The hashgraph is wrtten up by Dr Leemon Baird in this paper: http://leemon.com/papers/2016b.pdf is by the main author Leemon Baird.

He is the founder of a company called Swirlds (www.swirlds.com). Swirlds has implemented the hashgraph algorithm and provides a development environment for people to write applications on top of. It seems that Swirlds has been in stealth mode for the last 5 years or so.

The swirlds technology is, unfortunately, closed source and their demo platform is at:

http://www.swirlds.com/download/

with demo apps (these demo apps are also in the download above):

https://github.com/lbaird/swirlds-demos

Both the SDK and demo codes are jar files. The source code of the demo is in public domain.

One of the key advantages of hashgraph is the number of transactions per seconds that goes into the tens of thousands while being able to maintain consensus with a certainty of 1 and also to be fair.

Hashgraph does not suffer wasteful computational cycles of blocks to arrive at consensus (and hence the power savings).

They don’t have a public block yet (they have a demo of it).

Swirlds has 3 patents (http://www.swirlds.com/ip/).

From their website, their business model is to license their base environment for production.

I feel they are on to something.

More backgroud:
a) https://squawker.org/technology/blockchain-just-became-obsolete-the-future-is-hashgraph/
b) https://www.youtube.com/watch?v=Sg-0Dgxc0io (The Future is Not Blockchain, it’s hashgraph)
c) https://youtu.be/ole2WuwNLL4 (The Future Of Consensus | A Panel Discussion With The Hashgraph Team At The Assemblage NYC

You can follow hashgraph on telegram https://t.me/hashgraph

Phenomenal!


It is just amazing to see how the validity of Einstein’s theories have been tested repeatedly and proven to be correct. Einstein did all of what he did in his mind, on the blackboard and on paper. No labs to test his ideas and no real means to verify his theory.

But, over a hundred years later, the scientific community has caught up and are now able to verify gravitational waves from collisions between blackholes and now collisions between neutron stars.

Neutron stars are very different from black holes. Neutron stars are produced from supernova, the explosion of massive stars, and are approximately 1 to 20 times the mass of our sun, but are made up of pure neutrons. The density of the neutron stars are very much greater than the density of atomic nuclei. This results in neutron stars being very compact. They are relatively small, about 25km in diameter (yes, smaller than Singapore).

Yesterday, 16th October 2017, the National Science Foundation held a press conference where they announced the detection of collisions between two neutron stars which is a few hundred million light years away from earth.

This collision generated gravitational waves, but more importantly, electromagnetic radiation in the visible range – i.e., light we can see. This light was detected by a scattering of observatories on earth and in space.

You can watch the entire announcement by following this video:

 

The light that was generated suggests that heavy metals like gold (Au) , silver (Ag) are present which essentially confirms that elements heavier than hydrogen and helium are only possible when there are massive super novae.

Just look around you. If you see a gold chain, a gold plated ornament, it means that that element was created in a star billions of years ago.

That and all of us on Earth are made of star stuff.

It takes time to apologise. I get it. But …


It has taken full NINE days for the CEO of the SMRT to come out and take ownership of the flooding incident of the North South Line that happened on October 7th.

In addition to the leadership of the SMRT, we have the transport minister also apologise for the inconvenience caused and blames people down the line – the Bishan maintenance team was at fault.  In that article, it also says that “that the bonuses of the team at fault would be affected”. How about all of those from those individuals and above right up to the CEO also have a similar bonus freeze (by percentage not quantum)?

Anyone who has done NS would know that if someone in your platoon messes up, everyone is punished. This forces everyone to encourage and nudge all to do well. And since the CEO was a former general, he should be au fait with that shared misery model. Why not do so here?

The CEO says that it is bad culture of the organisation to blame. I can appreciate that. I hope this happened because of the downplaying of engineering as the core competency of the business by the previous management.

So, it would appear that it was complacency and failure to follow procedures that is at fault.

Yes, there has to be thorough investigations and probably that is the reason for the 9 day delay for the leadership to be heard (I am trying to give them the benefit of the doubt).

quote-in-paper

Why was it so difficult for the management to come out and speak shortly after the incident? And update it over the following days?

Let me raise something that would be good to have an answer to (I can’t verify it):Why are there statements being made that the individual who was “disciplined” had actually retired late last year/early this year. I really hope this is not true and is pure speculation, but would be good for the SMRT to put it to rest.

 

Transparency is good. Really.


I got a call from Christopher Tan, the Senior Transport Correspondent of a local MSM earlier this afternoon. Kudos to him in tracking me down (not that it was difficult).

He was doing a follow up to his original report of the flooding of the MRT lines.  It was a good chat and we covered some areas of common interest on this topic.

He sort of agreed with my considerations in my previous post about the dangers of water in the tunnel. It is not a small matter when tunnels are flooded. It is not the same as a power being lost and the passengers having to de-train and walk out of the tunnels. With water in the tunnels, and if the water reaches anywhere near the bottom of the train, that would mean that there is probably a meter of water in the tunnel already. De-training and trying to get out is not something that can be done trivially. Even if you can get out, it is very likely that the entire tunnel is dark and having to find one’s way out will be a treacherous challenge.

We need the SMRT/LTA to come up with some mechanisms to manage this scenario. Be bold and willing to listen to the users of the systems and anyone with ideas on how to solve this. Do the trains need to have floats (like what planes have)? Do trains need to have beaconing systems that get activated when there is water (again, like the lifevests in planes)? Lots of easy solutions. Solutions you don’t want to use, but know that it is there when you need it.

During the chat with Christopher, he mentioned that there are “heads rolling” from the SMRT. And lo and behold, there is indeed at least one.  The individual who is being “replaced” was resposible for maintenance.  He apparently (according to the MSM report) was a witness to the 2011 MRT breakdown inquiry.

So, someone got “disciplined”. I have to assume that there was a transparent (to the extent that SMRT is transparent) process to have done this. I can only speculate. I would expect that this is not a last-man-holding-the-hot-potato situation.

If there is one thing that stands out in this SMRT episode is that I have yet to hear from the CEO himself (nor even the transport minister – not that there has to be a statement from a political office holder though). The silence from the top is quite deafening.

Perhaps I should also bring up another issue that I have posted about back in January 2012 – about the inability to close the blast doors of the tunnels at Newton MRT station. The underground MRT stations are designed to be bomb shelters, for those who don’t know. To be fair, I have no idea if it has been fixed. I wish to be updated on it.

So, imagine if we needed to use the bomb shelters and blast doors on the tracks cannot be closed and there is water in the tunnels. What would we be doing? I hope we get that bit fixed now.

For all of our sakes. For Singapore.

Image above is from HomeTeam News.

Is this a failure of leadership?


Saturday, October 7, saw heavy rainfall and as expected, rain water got into everything. That’s what water does. We know that. And we design for it.

We engineers have figured out how to manage this. We have pump systems, sump pumps and lots of other means to drain out water that flows into places that should not have water in them in the first place, especially those underground carparks, subway lines, basement floors of buildings and so on.

Visit the National Environmental Agency‘s website and you will see the Heavy Rain Warning page – pretty nify animation of the clouds. Unfortunately, it does not provide any historical data, so I can’t really figure out how much rains fell on Saturday.

So, it came as a surprise that the North South Line experienced flooding in the tunnels. (Note: some people refer to MRT lines by their colour and the North South Line to some people is the Red Line. However, I have never actually heard announcements in the train stations about “blah, blah, blah along the <colour> Line”.)

Water in tunnels are not a good thing and it is very dangerous. If you are stuck in a tunnel, you will not be able to move because the trains will have no power (it might have some battery backup), which means that the trains are stationary and the passengers will have to sit tight – most likely in the darkness – and wait for help to arrive.  It is also likely that the airconditioning in the carriages will stop at some point.

What if the water in the tunnel kept on rising? At some point, the trains will let in water and you can only imagine the terror and panic that will set in.

I wonder if this advertisement by smrtmedia.com.sg was foretelling something:

Screenshot from 2017-10-08 23-46-29.png

While I can appreciate that the subway system, especially both the North South and East West lines are the oldest we have (over 30 years old now), there has been, over the years, a lack of investment in maintenance, especially during the time when the CEO was someone from the retail industry. The CEO of the SMRT is seen to be a oh-anyone-can-run-this type of a post, including military generals (it might be unfair to say this, but the general sentiment of Singaporeans is that these organizations (SMRT, LTA, PUB, ST companies etc) are seen as “retirement” opportunities for SAF scholars/generals).

During the time of the retail CEO’s tenure, the SMRT focused on building up retail spaces in and around the train stations. SMRT was, after all, a publicly traded company and needed to show revenue. This focus on revenue generation via real estate business ventures, lead to the slow and steady decimation of the engineering ranks. These were the engineers who were there at the start of the SMRT and knew the system well. Speculation has it that they were not promoted, were sidelined, and seen as cost centres (please correct me if this speculation is indeed speculation).

The core business of the train operator is to operate the trains. To ensure that the systems work, people are ferried to and fro as designed and also to keep the service levels high which includes a cadence of safety, maintenance, repair, replacement and renewal.

While it cannot be said that the SMRT failed on all counts, if we are to look at each one in turn, the scores would vary significantly. The trains have been maintained well. I have never been in a train that was dirty, without airconditioning, broken lights, damaged seats etc. The train stations are also well maintained befitting a good system.

What, we as customers of the service don’t see is how the supporting system is being maintained. This came to a head in 2011 with significant breakdowns which eventually lead to the resignation/dismissal (pick one) of the retail CEO. SMRT has not recovered properly yet. it has been six years now and the latest fumble is flooding of the tunnels.

Here’s an iconic picture of the SMRT train with water in the tunnel along with a team from the Singapore Civil Defence Force setting up pumps and hoses to drain the tunnel:

(photos from http://www.straitstimes.com/singapore/transport/nsl-disruption-water-collecting-in-tunnels-was-due-to-malfunction-in-water)

The fact that the SCDF had to be mobilised to help, speaks to the severity of the situation. This scenario was something the SMRT team could not handle on their own (or even with contractors). Perhaps the SMRT scenario planning did include this contingency (giving them the benefit of the doubt).

I am proud that the SCDF successfully did what they could.

There will be lots of things that need to be done to make sure this does not repeat:

  1. Why did the pumps fail? Friends who are railway engineers/designers tell me that the subway system has multiple levels of back up systems for most everything – signalling, brakes, lights, etc. As of 1030 pm Sunday 8th October, I am told that even the backup pumps failed which then resulted in the flooding. When backup systems fail, that tells me that the maintenance rigour has been compromised. Could shortcuts have been taken?
  2. Looking at the photo above with the train and the water, there are many bigger issues that need to be looked at:
    1. Rusting of rails and supporting infrastructure
    2. Damage to train undercarriage
    3. Structural considerations of the tunnel given that water in large quantities have ingressed it
    4. Electrical power and all of signalling and communications systems.
  3. What is the rescue plan in the event that the floods in the tunnel is rising and there are people still in the carriages?
  4. We are building a “Smart Nation”. Put an “a” in the SMRT to make it SMaRT.

In February this year, a question was posed about the SMRT’s preparedness for flooding and it was carried by one of the local MSM publications. The question was about flash floods in the underground stations, and the answer offered was that the entrances to the underground stations are raised so rain water cannot flow in. It is a pity that the bigger question about water in the tunnels was not posed and hence not explored. I am sure that there will be, over the next few days and weeks, lots of ink spent on exactly that.

The issue of subways being flooded is not new. Here’s an article from ScienceX.com‘s phys.org site about the flooding of New York’s subways following the 2012 Hurricane Sandy flooding and also of Taipei’s and London’s subways. There are no easy ways to prevent flooding ever happening especially if the water coming in completely overwhelms the systems designed to mitigate them. It should not be because the systems failed when called upon to work. Could it be that this SMRT failure episode was a combination of power failure of the pumps and poor maintenance?

I do hope that whatever the outcome, the person down the pecking order is not the one to be the scapegoat.

I am reminded of this speech by a former president of India, Dr APJ Abdul Kalam about handling failure (do watch the video). He was the Project and Mission Director of the Satellite Launch Vehicle in 1979 and he was fully responsible for the launch of the spacecraft. His decision to go for launch even after the computer systems flagged for a no launch, and the subsequent failure of the spacecraft upon launch was his failure. But in spite of this burden, the Chairman of the Indian Space Research Organisation took the failure onto the Chairman’s shoulder and the Chairman was answerable for the multi million dollar loss. He gave air cover to Dr Kalam so that the engineers and builders of the ISRO can get back to the task at hand and try again. When they re-did the launch successfully a year later, the Chairman asked Dr Kalam to go and take the limelight. Failure was handled by the Chairman, success was given to the Director to assume. That’s leadership.

Is there an equivalent quality of leadership at the SMRT? For the sake of Singapore, I sincerely hope so.