Category Archives: Locking down the cloud

For a while I did a stint in a company helping to filter all the “nasties” from the internet.
While this was a challenge to get students to understand this was mainly because of all the FUD that students would do bad stuff. In fact there were times when I really wanted the staff to be placed under the microscope.

What is my reponderance from this?

Teach kids to be responsible with their freedom. This is not about denying freedom but teaching people to cherish it.

Clouding the Market

As more and more applications are provided as a “software as a service” and Web 2.0 starts to yield its riches one must wonder whether there is a possibility of overshoot. Is there a chance that increasing the cloud may simply leave us fogbound.


ISP - Caching of inbound traffic

As I sit here tapping away on a web based word processing application portaled into a Blog site I cannot in earnest say that applications in the Cloud is a bad idea. It’s just one that must have the light of scrutiny applied. The world is full of competing paradigms. The question is not whether one is good or bad but simply better for a given situation. This blog is about how the cloud is constructed and starts with a seperation of the client, the ISP, and then the rest… the internet.

Virtualisation is a solution for the consolidation of hardware to provide many applications. Grid computing is the distribution of hardware to provide support for a single application. One is not better than the other, they are simply used to solve different problems

As I come to terms with the mental gymnastics of Virtual computer systems and its abstractions, or its antithesis Grid computing and its abstractions I’m often astounded how the internet itself is becoming abstracted as an application. Is the whole shooting match moving to Layer 7?


A browser is a typical desktop application, a web proxy is a typical Cloud application. Do you need a Cloud application for it all to work? No! Why have it? to save money speed or introduce controls. OK, so far it’s a good idea. So we have the diagram as shown with our new web proxy in place.

The agenda for the ISP is to maximise the benefit of their newly acquired cache to as many people as possible. This will maximise the cache hits and therefore optimise their connection to the net so that they pay less and can pass on the savings to their customers making their service cheaper and more appealing.

Cloud 2
Cache to many people

So having engaged more customers their net starts to resemble  the next diagram. The problem now becomes one of load. The capacity for one system to accommodate this load becomes unsustainable and the performance of the network degrades and the unhappy customers depart.

The cache engine of the internet (Squid) then provides for cache farm capabilities. Each of the systems communicate with each other to help retrieve previously fetched objects and the “peer” nature of these systems makes it all look like one big system. This then looks like the next diagram with the cache peered proxy farm.


Cloud 3
Cache peer structures to accommodate load

The next requirement is to add function. The cache peered system works fine if all users have the same requirements. If the same filtering policy applies for instance there is no problem. Many sites however like a policy that is unique to them, having a “farm” of systems identify a unique customer source is doable but will depend upon a source IP range or (better still) some form of authentication, which then requires a degree of knowledge about the users that exist at a site and propagation of user state across systems.

This user awareness (the identity) may be through LDAP synchronisation or manually crafted files that populate the database. This may requires a trusted connection from the ISP back into the site, or the traversal of specially encrypted or (eek) cleartext username/password files. But there is something else missing here… reporting to the customer. Extraction of information from many systems is best done through log consolidation. This is not as trivial as it sounds but, if it is a requirement, it can be met.

Tiers of management

Some Agency, education for instance, may require this of the environment. It is possible for the agency to maintain the logging repository and issue canned reports back into the clients. This topology is represented in the “Cache peer and reporting” diagram. All this is created to avoid end users themselves needing to maintain such systems for themselves. The complexity of the central solution is high in order to keep the complexity to the end users low.

Cloud 3b
Cache peer and reporting

There is another thought. Moore’s Law  states that computing power doubles every two years. Given a static sized fleet and a static capacity broadband and no increase in the filtering requirements it means that the filtering engine can track the requirements of the fleet. More realistically though… If the Broadband capacity doubles (or quadruples usually), the number in the fleet doubles (1:1 ratio policies and taxpayers $ at work), the filtering requirement increases to demand a higher load on the filtering system (assumed double). This all translates to a demand that is cubic, not linear. If you had 10 systems in the cloud you will need 1000 in two years. Now given that there are factors that will mitigate the demand (code efficiency, better standards etc).

OK So where is all this heading? It seems logical to me that a distributed computing model is more appropriate to the problem of internet “management”  for two reasons:

  • It disseminates the control processes to different regions/demographics
  • It spreads the computing load.

So this model advocates the deployment of control systems at the client network. What happens at the centralised process where accountability is the key. And this is where a hybrid cloud model appears. Placing devices at the client with their own logging and reporting capability and yet further logging and reporting back in the cloud for monitoring the behaviour of the whole.

I really like a simple analogy:

When we discovered the internet neighbourhood wasn’t safe we put big gates at the end of the street and gave everyone a key. This was a complete pain in the arse, people left the gate open, the gap was sometimes too narrow, and sometimes it was simpler to simply leave it open. Better for everyone to have their own garage door

Cloud 4
Redistribution of the enforcement and application to the site
Cloud 5
enforcement at the site with some reporting to a parent

Cloud Dreaming

Area showing rough location of the bush schools
Area showing rough location of the bush schools

The first trip – Yakanarra


It is no accident that the mudmaps drawn to design networks invariably represent the “internet” as a cloud. “I’ve looked at clouds from both sides now” … and both meteorological and information highway types often seem just as incomprehensible. When I tell people that I am flying across Australia to the remotest regions of the Kimberley to set up some internet and network control systems for aboriginal community schools the question is always asked: “Why?”

After the preliminaries, the dialog, the logistics, the sheer magnitude of the task, the researching and “google earthing”, the system imaging, and the last minute crises, I awoke very early on a Saturday morning (exhausted from all manner of things) and hauled stuff onto the plane. I’d tried to read up on what to expect at the communities and blending this with what I understood of the aboriginal culture from various sites, media, and movies I set out on my own walkabout with “Songlines” (a book by Chetwyn) and an open mind. Reading about dreamtime stories and the motivation behind aboriginal paintings drew an immediate parallel behind the stories told by the paintings and those told by the cave paintings on whiteboards in Classroom 5 Block C.

Ours, the ones we print out on thermal paper from the base of the whiteboard, are a throwaway representation of something that is used as a reference, a guide, not to a honey ant colony and food, but to communications, pathways and learning… and communities.

In my drowsy state of mind peering out of the porthole I can’t help but think that I also have my dreamtime stories, perhaps far more abstract, perhaps not so oriented to survival on a harsh earth, perhaps not so tactile and instantaneous. Perhaps the songline for the journey I am undertaking was written before any airline ticket was bought. What I am doing here in this aircraft is now simply playing out the “song” I have already written for myself over the past few months.

But I’m getting ahead of myself. Maybe I have some strange misconception of what it is all really about and perhaps that is why I must venture out and validate this concept. Maybe there are two journeys: discovery of the reason; and then enacting the quest. This walkabout then starts with:

“I am meeting someone of my cloud dreaming tribe in the far north, of a far western state. Why? To see if our minds meet.”

Maybe it will all go pear shaped and I will flounder and die of thirst in a desert, real or imagined.

Termite mound and Boab Tree
Termite mound and Boab Tree


Clouds have random characteristics, not only in shape but in their formation. To a Hang-glider pilot they indicate lift, and the food of flight. They come in many species and temperaments and finding the right kind is a skill that is as difficult to acquire as knowing where the best bush tucker is. They often come in “streets”. There are “elders” in the Hang-gliding community that know and understand the ways of clouds in ways that are truly intuitive. It is not unusual to witness an elder such as Rohan Holtcamp “sing” a novice pilot into a thermal from the ground. They are often happy to talk their stories of clouds in the way that a fisherman might explain where the barramundi might be found. Their love for the sport runs against all grains of its digestibility to the man on the street, and this passion is a virus that infests all pilots. It is a binding element for pilots that come from all walks of life. It is just as part a totemic relationship as the second paternal line of the aboriginals. I’m certain my mother must have inadvertently encountered one of the spirit children of Cloud Dreaming. Not surprising since many an uncle has been involved in aviation … none as pilots.

The internet also has lines, all interconnecting in ways that are synergetic. The web first created the lines within CERN to be able to path out research and knowledge. As knowledge was shared the lines were connected between CERN and other collaborative systems creating a corroboration (corroboree?) of dances. This created more and more interconnections, and now with the web we have scientific songlines, religious songlines, education songlines (amongst others), and yes there are less savoury songlines. There are some paths that will take you to the bad dreaming areas of the internet and in the educational process it needs to be understood that pretending they don’t exist does not mean that people won’t wonder and wander. In the early years it is simply important to put barriers in the way and as time progresses explain the presence of the barriers. The danger of traversing these boundaries can then be a part of the learning process.


The Jabiru
The Jabiru

With the Bike shop closed I did a walk to Cable Beach. It was very “touristy” but still nice. Hitched a lift back to town with someone who works intently with the communities and discussed too briefly the hot topic at the time which was the native aboriginal tongue spoken as primary (while English is relegated as a second language). I saw little sign of the indigenous people and couldn’t think of how I could contrive contact. It would have to happen naturally.


The Jabiru that Don owns and flies around the region is a recreation registered craft that yields a whole new outlook on this territory. It is versatile enough to cover substantial distances in minimalist comfort with some room for essentials. It is used by the “God Botherers” of the region to carry “the word” and Don has taken it pretty much around Australia. We flew over mudflats and arid territory with just a peppering trees, as dune like spines of geological crust stretched to the horizon like the scales of a fish. The earth became progressively redder, and we passed Geegully creek, long perfectly straight lines – roads, and nameless gullies. The Boundary Hills heralded a change in landscape to the Fitzroy river plain. Making a slight detour we passed over Noonkanbah then Mount Tuckfield and Kadjina and finally over the St George ranges to Yakanarra. A fly by and we were down and met by Helen the principal. Just before I went to work we had a quick look at the nearby “soak” where the Brolgas squawked with the sound often simulated by the didgeridoo. With the patience of a saint Don waited as I configured the system with Kitty and little urchins patiently did tasks and retrieved cookies for their trouble. All too soon it came to time to go before sunset and we got our lift back to the airfield to fly back to Derby. With the sun setting in our eyes it was difficult to discern features and we made a beeline to the airport. Finally landing as the sun faded.

Yakanara Airport
Yakanara Airport


Here I meet with friends. A couple that moved to Derby from the sleepy suburbs of Melbourne to build and help battle disease. I mentioned that I’d looked at clouds from up and down. Ness and Adam are people I’ve flown hang-gliders with. When the whole trip started to crystallise I thought there might be a great opportunity to catch up. It’s through Ness and Adam I got in contact with Don. Derby is one of the best kept secrets of the Kimberley, it is the gateway to the archipelago to the north and places like the Horizontal falls “The Horries”. The extensive mudflats that surround Derby make for a great towing paddock or land yacht area, and it has the remnants of many a bonfire. With the huge tides experienced here it also presents extraordinary scenes like yachts beached nestled and sheltered  in trees that make an improvised dry dock 200 metres from the water. There does seem to be some resentment and hopelessness about the aboriginal predicament amongst some of the white community, particularly (it seems) from those that have been there for a long while.


Broome Dreaming
Broome Dreaming

In Broome I met and did a handover to the Purnululu support staff as they were visiting Broome with a whole tribe. The locals are very welcoming and a walk to anywhere is often punctuated with g’days and various greetings. I befriended John who performed some black magic on me and sucked the pain in my neck out through my wrist. We talked, bought a few beers and sat down by the port area while he told me some of his dreaming stories. He is a displaced Northern Territory fella that wears a straw cowboy hat and had made a living as a jackaroo and with Rodeos. He told jokes and anecdotes like the story of his mate that accidentally drank his own glass eye, and old bible stories, probably from when he was on a mission somewhere. He told me things about my family relationships and seemed keen to tune in to my aura.

John has many small superstitions like not sticking sticks up in the sand. This latter I suspect because you might stand on it barefoot. It gets me thinking there is much more common sense with John than it seems at first. He even taught me some of the local lingo. I have the words written down somewhere and I include them here:

East: Gagada
South: Yulbari
West: Yabora
North: Gaylee
Beer: Garee
Ground: Barna
Kite(bird): Japurba

I have some contact details somewhere, and may try to send a letter to let him know of this article

Second Trip: Kadjina

Abandoned Station near Kadjina
Abandoned Station near Kadjina

There are some cries of distress that warrant investigation. So it was that I went out to Kadjina to finish the integration of the system that had been interrupted previously with power outages. Knowing there was a tax on the time involved I made it a 4 day journey.

Thursday afternoon there was a flight to Broome and then a 6am flight with the irrigation guys on the twin engine plane. We arrived at 7:30ish and “buzzed the airfield” to let people know we had arrived. The principal Maggie picked us up and on the 3k trip to the community advised us that the power was out (de ja vu?). After unsuccessfully trying to restart it everyone settled in the shade to avoid the heat. Intermittently the power would come on and die away again as Maggie’s savvy aboriginal assistants tried to restart the Cummins diesel generator set. We would frantically close doors to let the Aircon do what it could, only to open the doors again.

There are three intrepid women teaching staff at the community, one is a English Backpacker (Claire) whom I can’t help but think must have felt teleported to Mars. At about 11am the sparkies from somewhere near Fitzroy crossing rolled up in their truck, as the temperature crawled up through 42 Celsius. Aboriginal children skidded on a makeshift waterslide with plastic soap and water (constructed by Chrissie). About midday Maggie and Chrissie, as well as some of the aboriginal elders decided to jump in a troop carrier and head to Noonkanbah for an Icy pole and to sit in the Aircon for a while… a three hour round trip. I stayed behind in case the power came good (it didn’t). Claire and I sat in the shade and talked until the drone of an aircraft crept into the conversation. We looked at each other as if we hoped the other knew what to do. Maggies “other” troop carrier refused to start. We went looking for a parent with a car… “No miss all of ‘em went to town with Miss Maggie”. This left the electricians truck…

“Sure, Jump in” said the sparky as I heard the plane taking off in the distance

As we were driving away I noted that the front of the cab was for passengers and the back was completely full of tools. I imagined the tradesman trailer was also full of tools. “What if there’s more than one person?” I quizzed. I also noticed a lot of smoke coming our way from the East. Surely not a bushfire.

Maggie and her art
Maggie and her art

“It’s probably just a mail plane”, he replied. This made sense to me and I could simply hold the satchel of mail on my lap.

When we finally got there we saw a mother, a father, four children and various bags and bits, the bounty of what may have been a shopping trip. We jammed the mum and three young girls in the cabin, the father and his son on the trailer and I sat onto the roof of the 4WD and held onto the ladder… You can have your desk job!!

That night the power came back on and the work started.Throughout the discussions with Maggie I got a sense of a vision for the outback that may really hold some hope. Everyone knows of the challenges. The scarcity and then deluge of water could quite easily entrap me into Garee for satiation or cure for cabin fever. These communities are both “dry”, there is no alcohol permitted and alternative community attractions are contrived. Education may be an attraction but I tend to think it would be the path followed after community engagement. I get the sense that Food stores, consistent water, the internet and the retrieval of Songs from the tenuous line between the dish and satellite form the real attraction. I hope these little islands of technology survive the wet. I’d like to think I can provide help to ensure it.

Early the next day I was woken by the yelping and howling of the dogs chasing away the prowlers that could smell the bitch on heat underneath Maggies house. Not wanting to waste a good morning I grabbed some water and went for a walk. I can understand how the aboriginals prefer the open air. Even I could take tentative steps in “reading” the land. The “slate” is so clean that any disturbance writes a story in the sand. The tracks making lines to the next article revealed. Not yet sure of any treasure it may yield.