The UK Is Eating Our Lunch

The United Kingdom has a history of building reasonably decent empires.

The recent news that Australian tech company Atlassian is moving their base of operations to the UK is depressing, but completely unsurprising. Sure, Australia’s an expensive place to do business – but the UK are going out of their way to make themselves ludicrously sexy for technology companies.

I first found out about the UK tax incentives when some friendly people from the UK consulate approached me after I’d participated in a panel at the NICTA TechFest 2013 (along side Matt Barrie from Freelancer.com and Professor Stuart Feldman from Google – the guy that created ‘make’, no big deal), discussing ways to address the ICT skills shortage in Australia. At Parliament House. In Canberra. Right before Prime Minister Julia Gillard took the stage to talk about innovation in Australia.

Seriously, at an event to try to help draw attention to technology in Australia these guys came right up to me and basically started talking about all the reasons why I should be trying to move our company to the United Kingdom. I was impressed by their audacity – but I was even more impressed by what they were offering.

The people from the consulate made a good pitch. There’s a 225% tax credit for research and development, they have a thing called the Patent Box offering significant tax breaks on profits made from patents, they’ve got a tech-friendly ‘entrepreneur visa’ to make it easy to get there, decreases in corporations tax, and – oh, what else is there? Oh yeh, it’s right next to EUROPE which has like a jillion people, so a giant market.

London is great.

Shortly after that, they got in touch and asked if we’d be interested in talking to some of their people in Brisbane (I imagine they try to have tendrils everywhere, so they have well-dressed Englishmen scattered strategically around the country, ready to be dispatched to technology companies at a moments notice). A couple of nice chaps turned up and we had a chat where they went into some more detail about what is involved in moving to the UK.

They also offered to do a bit of an analysis for us to figure out what the market was like in our specific area. This is basically a free service they provide – looking up a bunch of stuff and doing some (fairly basic, but helpful) market analysis for you. Shortly afterwards they sent through a nice report with heaps of detail about telcos and data centres and that sort of thing, with a bit of a reminder about all the other perks.

A few months after that I got an invite to a breakfast put on by London and Partners, the official promotional organisation for the city of London. I went along just to check it out, but it was mostly a repeat of what I already knew – just with a bit more focus on London.

Still, I was again impressed not only by the pitch (PDF), but the simple fact that the United Kingdom is currently focused like a laser on making their country attractive to technology companies. They know the future is about technology and are displaying adaptability accordingly.

It’ll be sad to see Atlassian go. It’ll be sad to watch others follow. It’ll be sad if Australia doesn’t treat this as a wake-up call.

Didn’t they know that the only unhackable computer is one that’s running a secure operating system, welded inside a steel safe, buried under a ton of concrete at the bottom of a coal mine guarded by the SAS and a couple of armoured divisions, and switched off?

— On Secure Computers – From the Atrocity Archives

Do Not Let Your Nexus Device Fill Up the Disk

A few weeks ago my Nexus 7 tablet (the original release) started slowing down a bit. I had no idea why, but it was still mostly useful – until I stuffed heaps of video onto it for a trip overseas. After that it slowed to a crawl – almost completely unusable.

Some Googling indicated the problem was probably related to the storage being filled, and then finally I stumbled across this article which confirms many people have been suffering from this same issue.

The short version is that the original Nexus devices/Android operating systems don’t properly TRIM the SSD. This is the sort of techno-speak I would have reveled in learning all about when I was younger, but now all I care about it how to make this thing work again. Basically, it manifests itself in super-slow disk performance – you can see really high IOWAIT if you use something like ‘top’, or if you run a benchmark you’ll see really bad performance like this:

2013-12-02 19.05.10 - Copy

As of some recent Android release, it is supposed to automatically do this TRIM stuff once every 24 hours – but if it’s doing it on my device, it’s not making any difference.

It seems there are only two real options:

1) Factory reset.

2) Root the device and run the TRIM manually using something like LagFix.

Both of these options are pains in the ass to various levels, but the device is basically unusable in this state. I ended up doing the factory reset, thinking it would be less of a hassle.This seemed to fix it up and now I’m looking at the following speeds – note the increase in sequential write:

2013-12-03 18.16.02 - CopyHowever, if you can avoid it, it seems safest to not let your devices drop below ~3.5GB free (at least on a 16GB device).

I Want to Pay for Dropbox – But It Might Make Me Hate Myself

Dropbox is one of the very few applications I’ve installed that has completely changed the way I use computer systems.

Under most circumstances, I no longer have to think about having to deal with the irritating sending and receiving of files, or stuffing them onto some other system to be retrieved later. I can just save everything onto my local disk – exactly as I’d like to – and know that it will magically pop up at some later point on every other PC that I own. I take photos on my phone knowing they’ll be stuffed onto Dropbox for later retrieval on my PC – indeed, I no longer even think about “copying photos off my phone”, because it just happens.

There are, of course, a few limitations. For example, it’s hard to do this with large volumes of data, simply because the upstream on most broadband plans is woeful. In those cases typically reaching for the USB disk or stuffing bytes onto my phone is a better alternative.

Of course, the other limitation is the few paltry gigabytes of storage you get on the free plan. If you’re dedicated though, it’s pretty trivial to boost this by quite a bit – referring friends, linking devices, all that sort of stuff. At the time of writing I have 4.2GB available on my Dropbox, without spending a cent.

And now, perhaps inevitably, I find myself in the situation of wondering why the hell all my files aren’t on Dropbox. It’s almost like they had some sort of insidious plan to get me hooked on their awesome system by giving me a taste for free.

Unfortunately I don’t really want to use Dropbox. Not really because I don’t want to pay for it, but because I have never really liked their security model. I want my files to be encrypted/decrypted client side.

I suspect the main reason they don’t want to offer this is because it would remove a lot of the basic functionality that the vast majority of users take advantage of regularly – the ability to access and share files quickly and easily via the web interface in particular. Not to mention the support nightmare that would certainly ensue when those users lose their encryption keys and wonder why all their files are now a bunch of unrecoverable gibberish.

In the post-Snowden world this is possibly an even bigger deal. I don’t really have concerns that faceless government agents are going to be poring through my files – but it’s even clearer that you ultimately need to be responsible for the security of putting your data online.

I’ve tried a few of the European alternatives to Dropbox – Wuala and SpiderOak most recently. Their security policies look good, they (appear to) use client side encryption, and they’re located in Europe, so I can rest somewhat comfortably knowing they’re not subject to secret NSA orders or whatever.

With the possible exception of Google Drive (which of course is subject to the same woes as Dropbox), the other services I’ve tried I found almost completely unusable compared to the elegance, simplicity, and sheer Just Workiness of Dropbox. I tried – I really did. I wanted to like them. I’m not sure if it’s all that security stuff just getting in the way of making it a good experience, but they just feel clunky and awkward to use, painful to set up, and I was generally just thinking “why am I doing this?” the whole time.

I’m a big believer in voting with your wallet. It’s not like there aren’t other options. But Dropbox is just so damn convenient in so many different ways that I can feel myself slowly caving and abandoning any lofty principles just so I can go back to Getting Shit Done.

There are two things that Dropbox could do to get me off the fence immediately.

1) Introduce client side encryption/decryption into the Dropbox client. While it remains closed source I can imagine many would still (rightfully) be hesitant to trust it (how would you know they’re not capturing your encryption keys?), but a nod in that direction would be enough for me.

2) Introduce an option to limit storage of my files on Amazon clouds in different regions. I am not intricately familiar with how Amazon’s cloudy stuff works, but it seems that this would not be a complicated feature. Allow me to opt to have my files stored on S3 within particular geographic regions. I can imagine this would be a big deal for many government services who might want to use Dropbox but might be subject to limitations on where their data can be physically stored, and for the security nerds, getting out of the reach of the NSA (yes, yes, subject to their ability to compromise any site anyway), it would be a neat service.

What I suspect I’ll end up doing is signing up for a plan and then encrypting all my stuff locally with gnupg and treating it more like a backup archival system rather than a live working filesystem.

On the NSA, Security and Privacy on the Internet

A lot of terrifyingly smart people have written extensively about the impact Snowden revelations about the NSA spying on what appears to be basically everyone in the world, including the citizens on the United States.

My thoughts on the subject are fairly predictable, but once again I’m struck by the prescience demonstrated in Neal Stephenson’s amazing Cryptonomicon. I first read it shortly after it was published in 1999, and while I loved the techno-thriller aspects of the story, I didn’t really understand the scope of some of the more political issues.

Having just re-read the book, I thought the following paragraph was particularly relevant when considering what is happening now:

Many Net partisans are convinced that the Net is robust because its lines of communication are spread evenly across the planet. In fact, as you can see from this graphic, nearly all intercontinental Web traffic passes through a small number of choke-points. Typically these choke-points are controlled and monitored by local governments. Clearly, then, any Internet application that wants to stand free of governmental interference is undermined, from the very beginning, by a fundamental structure problem.

Image Data Only Hashing of JPEG Files

As part of a small project to verify backups, I came across a case where I had two photos that looked identical but with different EXIF data.

The backup verification system (correctly) flagged these as two different files – as the SHA1 file hashes were different. However, the actual photo was – as far as I could tell – absolutely identical, so I started looking to see if there was a way to verify JPEG files based on the image data alone (instead of the entire file, which would include meta stuff like the EXIF data).

A quick look around revealed that ImageMagick has a “signature hash” function as part of ‘identify‘, which sounded perfect. You can test it like so:

identify.exe -verbose -format “%#” test.jpg

At first glance this solved the problem, but testing on a few systems showed that I was getting different hashes for the same file – it looked like different versions of ImageMagick return a different hash. I’ve asked about this on their forum and was told that the signature algorithm has changed a few times – which makes it sort of useless if compatibility across platforms is required.

After looking around a bit more for alternative I found the (possibly Australian made?) PHP JPEG Metadata Toolkit, which (amongst many other things) includes a get_jpeg_image_data() function which (so far) seems to work reliably across systems. Pulling the data out and running it through SHA1 gives a simple usable way to hash the image-only data in a JPEG file.

Terrible Thunderbird v15.x IMAP Performance with AVG

My PC has recently been chugging a lot more than usual – massive disk activity and high CPU utilisation. Looking into it I quickly realised that it was happening whenever Thunderbird received a large bolus of new email – more than 15-20 emails within a minute or two. When I clicked on the folder with the new email, I could see in the status bar at the bottom that Thunderbird was very slowly downloading these new emails, while my disk and CPU went crazy.

Looking further I noticed that in Filemon, AVG was doing a lot of the work. Disabling AVG’s “Resident Shield” during one of these operations almost immediately fixes the symptoms – the email comes down much faster and the disk activity and CPU returns to normal.

This seemed to happen around the same time as Thunderbird v15.x was released, but I don’t want to declare that the culprit, especially as it is probably the same thing that I noticed with Microsoft Security Essentials that started happening around v11.x. I’m curious if something fundamental changed back then – either internally in Thunderbird, or perhaps within AVG – but it’s certainly possible that I’m just getting a little bit more email now and it’s just tripped my PC over the edge. I assume it has something to do with the way AVG hooks into the disk reading/writing operations – possibly Thunderbird changed something low-level there and it is simply reacting badly with how AVG does its real-time checking.

In any case, if you are experiencing massive slowdowns and system chunkiness using Thunderbird in conjunction with AVG, you can simply temporarily disable the real-time checking when getting a large number of emails. Obviously you probably don’t want to leave it off altogether.

MongoDB Fails Updating on Debian

Every so often there’s a MongoDB update on my Debian VPS that fails. The output of ‘aptitude full-upgrade’ is:

# aptitude full-upgrade
The following partially installed packages will be configured:
mongodb-10gen
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
Setting up mongodb-10gen (2.0.5) …
Starting database: mongodb failed!
invoke-rc.d: initscript mongodb, action “start” failed.
dpkg: error processing mongodb-10gen (–configure):
subprocess installed post-installation script returned error exit status 1
configured to not write apport reports
Errors were encountered while processing:
mongodb-10gen
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
Setting up mongodb-10gen (2.0.5) …
Starting database: mongodb failed!
invoke-rc.d: initscript mongodb, action “start” failed.
dpkg: error processing mongodb-10gen (–configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
mongodb-10gen

The update works fine, but mongo just fails to start properly.

The problem in my case is simply that there’s a /var/lib/mongodb/mongod.lock file lying around from some previous process. Deleting that file and re-running the aptitude command will start it properly. (Reminder post because I keep forgetting what the problem is.)

AVG on Linux False Positives for NSIS

As of today, we’re seeing what I’m very confident are false positives in AVG running on Linux on our file servers. This has started happening after this morning’s virus database update. The database release we’re using is:

Virus database version: 271.1.1/4927
Virus database release date: Wed, 11 Apr 2012 05:55:00 +10:00

The output of avgscan is:

utils.exe |%name%=Win32/Validace_partial.nsis3|%idn%=0bcfdae664a2c000|=Win32/Validace_partial.nsis3

Files scanned : 1(1)
Infections found : 1(1)
PUPs found : 0
Files healed : 0
Warnings reported : 0
Errors reported : 0

The ‘nsis’ in the output there is presumably referring to the excellent Nullsoft Scriptable Install System (NSIS). The files I’m testing are largely game installers; when cross-checked with a file I built using NSIS it also triggers the false positive.

We are contacting AVG to report this as a probable false positive signature.

Update 3rd May 2012: AVG recommended we update to the 2012 version to fix this issue, which we did – and it fixed the problem.

1 2 3 4 5 26  Scroll to top