I claim Wednesday

I’ve been taking every Wednesday in November off work. I wanted to mix up the working week and this is doing it.

I now finish the week twice. There’s the last push on a Tuesday because I drop off the face of the working planet on Wednesday. Then there’s the last, last push on Friday before going into the weekend.

Is it as relaxing as a three day weekend? No. It’s more like hitting the pause button on the week and wandering off to do anything else. According to my day planner, Wednesday’s excitement will be exercise; checking out the low pressure alert on one of my car tires; doing some writing; and reading a book.

No calls, video or otherwise. No Slack messages. No blizzard of email.

I claim Wednesday.

Fabiola-penalba--kl_XvEOqMU-unsplash1Photo by Fabiola Peñalba on Unsplash


Covid vaccine? Sign me up.

It looks like Pfizer’s BNT162b2 and Moderna’s mRNA-1273 vaccines will receive approval for widescale deployment across the European Union and the United States before the end of this year. Both are built on cutting-edge RNA technology which has never been licensed for use in the treatment of an infectious disease.

AstraZeneca’s ChAdOx1 nCoV-19 and Johnson & Johnson’s Ad26.COV2-S are designed to use existing adenovector vaccination technology and therefore should be easier to manufacture, store, and distribute when they are available. Their time to availability is the question right now. The British had hoped that AstraZeneca’s Oxford vaccine would be the first to market but that has not been the case. Either could still make it across the line before the year closes out.

Russia and China have put their resources behind Sputnik V and CoronaVac respectively but neither the European Union nor the United States has ordered any doses. Hungary has taken it upon itself to secure supplies of Sputnik V so the EU will have a test bed right on its doorstep. I would be surprised if either vendor received orders from the EU and the US regardless of how effective those vaccines are. 

There are unknown risks with any new vaccine but, quite frankly, I will take any Covid vaccine that is widely available. I am convinced there are unknown risks over the long from contracting Covid. I do not believe this virus passes through your system and does not leave some form of long-term scarring that'll make itself felt years or decades later. I could be entirely wrong, but it will take study to reach a conclusion. We need that study to start now.

Any working vaccine is a milestone, but it means we have only reached the halfway point of the situation we find ourselves in. Even if vaccinated there is no guarantee you will not spread the virus to other people. After vaccination expect mask wearing and social distancing in public for a while to come yet as the world moves to the post Covid normal.

Vincent-ghilione-cVaTkeN_xqI-unsplash1Photo by Vincent Ghilione on Unsplash


Share files securely with Amazon S3 Pre-Signed URLs

In classical literature we are told the Titan, Prometheus, held one of the most important secrets in ancient mythology. He knew who would overthrow Zeus and bring an end the reign of the Olympian gods. 

Christian-paul-stobbe-FcCIRZHMg1w-unsplash1In the Greek tragedy, Prometheus Bound, Zeus has Prometheus chained to a rock due to Prometheus’s patronage of humanity. Though having information Prometheus could use to barter for his freedom he refuses to reveal what he knows to the cast of characters who visit to offer him sympathy or scorn. Prometheus’s secret was so important he chose torment rather than reveal it to others and risk that knowledge changing the future. 

The story of Prometheus is myth and while none of your secrets might have cosmic implications keeping those secrets secure is important. A secret might not be something you would use to barter for your freedom, but it could be the intellectual property underpinning your business or the personally identifiable information of your customers.

In this blog, I discuss securely sharing files using Amazon S3 pre-signed URLs. I discuss the presign command and will go through the process of generating a pre-signed URL. Having shown how you generate a link for distribution I finish on how you might automate the creation of pre-signed URLs after you upload objects to an S3 bucket.

Overview

Accidental disclosure of intellectual property or customer personally identifiable information could damage the market position of your organisation or be financially ruinous if legal penalties are involved. Nonetheless there may be times where you are required to share information securely. When sharing information stored on Amazon S3 with someone outside of your organisation it is inefficient to generate unique AWS credentials for that person. What you can do, provided you have permissions yourself to access an S3 object, is you can generate a pre-signed URL that provides short term access to that object.

In this case a user with permissions to access the object would use their programmatic access to login to their AWS account and use the S3 presign command to generate a time limited URL. This URL could then be shared with those outside of the organisation who have a need to access that data. At no point is the S3 bucket open to the public and when the expiry time set on the URL lapses the URL is rendered unusable.

The S3 presign command

To examine the pre-signed URL feature of S3, in the following example Prometheus’s secret has been uploaded to an S3 bucket as an inbox punishing 19MB PowerPoint presentation. If I were sharing this with one person, or a hundred people, each could be provided with the same URL to download the presentation.

Here I will use the AWS CLI to login to my AWS account, list what buckets are accessible, list their contents, and then generate a pre-signed URL to enable external parties to download an object of my choosing.

aws configure

AWS Access Key ID [None]: <keyid>

AWS Secret Access Key [None]: <secretaccesskey>

Default region name [None]: us-east-2

Default output format [None]:

Listing the buckets available we see the S3 bucket where the presentation is located and can then list the bucket contents.

aws s3 ls

2020-07-30 14:18:29 bucketofbigsecrets

aws s3 ls s3://bucketofbigsecrets

2020-07-30 14:18:58   20622958 Prometheus.pptx

Having identified the bucket and the name of the presentation to be shared I can then generate a pre-signed URL. By default, all pre-signed URLs expire in one hour (3600 seconds) unless specified otherwise.

aws s3 presign s3://bucketofbigsecrets/Prometheus.pptx

https://bucketofbigsecrets.s3.us-east-2.amazonaws.com/Prometheus.pptx?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA44VY4PBGN427ZUG7%2F20200730%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20200730T132253Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEGYaCXVzLWVhc3QtMSJGMEQCICcRKN0s%2BJwdEBRCgKfdWvEtECVFavMosaqDa30zNa4%2FAiAHPRB5o26vJkQPdAFBE2eQtiUaLxLK%2F2u%2Bu9u4mN%2BHASqeAgguEAEaDDg4NjIyNDc0NjU3MiIMo0jv1qSaG0%2BJHWiEKvsBiIs468kc56%2F8Jop71abvDQku34%2BVkAGQnHoYokowXEjVhfWlPEP80HdK9y78eUfYJBoX8CGATvajBbhmvrquNgxeUDImWDKsBYUu7VnhibK03vr9npDo44AOfqOUbL1Ulf%2BThnzMfpQzWIiL29XknuvInD7Qvi8C2fjyZ2sLSY3pSI8hyAJXP5RCDQlXYWrG5SD6vsNxpyJd2ErkK8575ONBWZXqCoNlSOsYEMvdWr%2FtURC2CiG6Bh0FLnx98vrI1aSBm2bXCjyFOHenbEjxgY2uAjuFPKPHVGnbNf9edoNiCwBnp4h3ZGgYa9w044%2BSZXTklTxap3cxGDwwz4%2BL%2BQU6ngGY6jOxtjwJSwQS5JmQ8%2BY%2BLKCixFXv3P37KbyswnAjRMcRbFEGllz4HXyEomLBWZKjJuAlO1r44YL5HV4ItcPfvYEU778s6BVuoHNSwGFJyQXNfrDnhdf1bQqKt2KGQhpExdBhFr4RHJSsPAxmkQvNA3wKZ5%2F%2F2dHxnW76o5vTQb9XY52sUeIZyX9iZwMstREkV9xxNfwQFDo7Jhrsrw%3D%3D&X-Amz-Signature=5f11113908741d8a2a81a639e593f4ea28b9d7a9354faf1790f2ab93d6b3a5ab

Using a web browser to access this link I can now download the file.

Prom1

The default expiry time can be modified by appending the option --expires-in to the command. For example, if I wanted the pre-signed URL to expire after two hours, I would state that as 7200 seconds.

aws s3 presign s3://bucketofbigsecrets/Prometheus.pptx --expires-in 7200

When the pre-signed URL expires any attempt to access the object will be denied with a “Request has expired” string returned as part of the error message. I can check that from a web browser.

Prom2

In this way using pre-signed URLs you can distribute information to other people without providing public access to the S3 bucket or having to grant end-user credentials to people who should not have them. As the access token tied to the pre-signed URL has an expiry time you do not have to worry about revoking access later.

Pre-signed URL uploads with Lambda automation

Were someone to share data with us and would like to place an object in our S3 bucket the process is more involved and requires writing code using a supported AWS SDK. As the receiver it would involve us creating a user with programmatic access in IAM. Attaching the correct IAM policies to that user, ensuring that GET object and PUT object permissions have been selected.

Having provided the credentials to the party uploading the data they would then use one of the AWS SDKs to generate a URL for the item to be uploaded and put that object into our S3 bucket. While beyond the scope of this blog post Lambda could be used to generate pre-signed upload URLs for distribution to those looking to upload data to a specific S3 bucket. You can find further information about uploading objects using pre-signed URLs here.

Conclusion

By default when you create a bucket all public access is blocked unless you choose to disable that. AWS identity and access management (IAM) policies can be used to enforce who has read/write access to an S3 bucket, allowing you to control who can access your data. S3 access control lists (ACLs) are attached to every bucket and object, they specify which AWS accounts groups are granted access and what type of access they have.

Combined these constitute the multi-layered security model for S3, and pre-signed URLs allow that model to be kept intact while facilitating data sharing with people outside of your organisation.

As I discussed earlier, in antiquity a secret was a privilege of power and a sign of access to that power. Today, our secrets can be how we run our businesses and serve our customers. In this post, I looked at using S3 pre-signed URLs as a facilitator for information sharing in a secure manner between people. I then used the Amazon S3 pre-signed to show how you can generate a temporary credential which you can distribute as an expiring URL.

With pre-signed URLs there is no need to open buckets to the public. You can share data with whomever you choose without compromising the multi-layered S3 security model.

To learn more about sharing S3 objects, visit the Amazon S3 documentation here.

Photo by Christian Paul Stobbe on Unsplash


For Every Tomorrow

I believe there should be a political party that only represents future generations. While every mainstream party will claim they have the interest of future generations at heart, they cannot. The reality is that governments today provide services and have customers in the form of citizens. It is present oriented, transactional, and is about getting to the next election.

While it is true all of us have no time but now, I would like to see a political party with a manifesto that spells out in detail what type of world we could leave for our successor generations to be born into. The manifesto should contain the difficult decisions and sacrifices to be made today, to make that world a reality later. No gloss, spin, or ideological taint. Just decisions to be made, the sacrifice involved, and the compounding positive effect over time.

People should be able to vote for this manifesto in elections where the governance of a nation is decided. It should be an ever-present voting option and an ongoing competitor to established political parties. If other political parties want to take a position on the decisions to be made in order to win any future generations voters they should go ahead. You should however always be able to vote just for the interests of future generations.

This of course has a knock-on effect where you will need a political party and a detailed manifesto that represents the people of the past. Historians in the future would interpret the meaning behind the tough decisions we took now and explain what we intended. This option should also be present in elections where the governance of a nation is decided. A continuous reminder that sacrifices were made to deliver a world for people who were not born yet. So keep going and try not to screw things up.

Balkouras-nicos-s7SvkAyjEXo-unsplash1

Photo by Balkouras Nicos on Unsplash


Together Apart

I had planned to write a short blog post on friendship, but I went down a rabbit hole reading about social capital. The title for this post is together apart but when you read of the decline of social capital something more apt would be together alone.

But first, friendship. If you are fortunate to have one or two friends, perhaps more, that have been with you across the decades then you are fortunate indeed. Right now we are together but apart from friends though some you stand a good chance of seeing them again soon. Others we may not see again. Not through death but through drift. People come and go in our lives and sometimes we miss them. Perhaps other people also miss us, but there comes a point in a life where people do not have the time and must prioritize other things over you. Life will not be the same when the pandemic passes so be prepared for the natural end of some friendships. 

We have all had friends who have moved, or married, or had children and your relationship with them changes. It may get stronger if you now have a shared interest, but chances are your friendship with them will weaken. They, or you, are required to reallocate limited time and energy to new priorities. Post-pandemic expect new priorities and do not be surprised if you do not factor in them. Remember fondly the time you spent together and then journey forth alone with confidence. Better to have good memories than bad.

While friendship is one-to-one my reading this morning on social capital deals with one to many. Social capital involves group membership and focuses on the links of cooperation and friendship between group members. It involves reciprocal obligations between groups of people, their civility, humor, conversation, and the responsibilities incurred by being part of a community.

Bowling Alone by Robert Putnam covers the decline of social capital. The book is dated but its theory holds up. We now live in a world with a high degree of individual self-sufficiency, where the marketplace will tend to your needs at the click of an app. You probably do not need as many favors done today as your great-grandparents may have in their time. This may cause you to drift from your local community.

With the number of in person day-to-day social interactions reduced social capital and the sense of community belonging it brings to people has declined. We are also less interesting to one another as the Internet has made the world smaller and connected more of us together. To be different, to be interesting, requires hard work. When you can see the multitude of people out there you recognize that people are not the same but they are also not that interesting.

The next time you look at a religious or political movement gathering, protesting, (or rioting) you are looking at the vacuum of social capital in modern life being filled by something. If the local community fails due to apathy of the people living there collective action moves up a level but loses nuance.

This post is already twice as long as I planned so now I am going back to reading.

Lauren-richmond-FvsYPrbKXuQ-unsplash1

Photo by Lauren Richmond on Unsplash


The Great Influenza

The Great Influenza by John M. Barry proved to be a difficult read for me under the circumstances in which we find ourselves. Normally I would have ground through it at a reasonable clip. Current events had me pressing forward on willpower alone. It is a good book but you cannot help but draw parallels between today and what happened during the 1918 pandemic. This makes it a depressing read.

Any ineptitude, greed, or cretinism that you see in the response of people to the pandemic today can be seen occurring more than a century ago as you read this book. Thankfully, the nightmare the people back then found themselves embroiled in, World War I, has no modern counterpart. In 1918 the press did not cover the public health disaster on their doorstep as it was thought to be bad for public morale during wartime. Today, if anything, the press will not shut up about every minor development as the pandemic continues. So much so that regular news consumption today must be psychologically corrosive.

What this book highlights is how much worse things could be. The progress the influenza outbreak of 1918 made is horrific when structured on the page. Families wiped out because every member was too weak to tend to anyone else. Hospitals collapsing under the strain of patients to whom no treatment could be given. Accounts of clinicians and nursing staff who refused to give up in the face of a tsunami of illness checking on who survived the night only to find beds filled with cadavers. Mass graves were required to deal with the volume of corpses to be disposed of. These corpses came from hospitals, private homes, and tenement buildings. They came from ice huts in Alaska. They came from everywhere.

This is not just a book about mass death it is also a book about heroic failure. We are introduced to several of the best and the brightest who redefined medical treatment in the United States. Then, financed by the limitless fortunes of industrial titans and robber barons, we watch them fail. The best and the brightest open a door to medicine as a science and not an act of barbarism where bloodletting was a curative treatment. They make great advances and crack difficult secrets but then nature slams the door shut on them.

Repeated throughout the book is the phrase “influenza, only influenza.” This is indicative of the confusion the scientific investigators had as they tried to figure out what was killing tens of millions of people around the world. Nature took an annoyance and weaponised it in a way that conservative estimates of the death toll from the 1918 pandemic are as low as 50 million and perhaps closer to 100 million dead. Not covered in the numbers are long-term disabilities the virus inflicted on the survivors.

In Paris while negotiating the World War I peace settlement president Woodrow Wilson was struck with influenza so quickly and its symptoms were so violent that the Secret Service were convinced it was an assassination attempt and he had been poisoned. Herbert Hoover is quoted as saying Wilson had a mind which was “incisive, quick to grasp essentials, unhesitating in conclusions, and most willing to take advice from men he trusted.” Hoover then went on to say that after the influenza he believed Wilson’s mind had lost “resiliency.” This lack of resiliency may have paved the way for the Second World War.

The result of the peace talks that took place while Wilson was stricken were that the United States yielded on everything of significance to the French with the result of putting Germany on the hook for economically crippling reparations and stripping it of land in Europe and overseas. The long-term effects of these pandemic viruses have not been noted and because you survive does not mean you are whole. Wilson’s health declined considerably soon after. How many millions of Influenza survivors declined in the same fashion? We do not know.

This is a book I would recommend to anyone. Though maybe a recommendation with more vigour after the world has put Covid in its rear-view mirror.

Great-influenza


Life during lockdown

The thing about lockdown is that I think it ages you. Not physically (I could do with more exercise though) but socially and mentally. With everything shut down I suspect this is what it's like to be an old age pensioner.

The opportunities the world provides are closed off to me. The way they are for most of us. Where previously you might have been “too busy” to do something now you don’t have the opportunity. It could be a hell of a lot worse. I’m reading The Great Influenza, review when I finish, and that pandemic was horrific.

Show symptoms at 10:00AM, dead by 10:00PM. Entire households wiped out. Thankfully we’re not living through that. Life at the moment has levels of difficulty depending on your situation. It’s an annoyance for some and a nightmare for others. At any other time in human history we’d also be subject to tyranny or more virulent pestilence. Life might not be great but if you have tomorrow you have another shot at it.

The TV content drought hasn’t hit me yet. That’s probably because I’m now subscribed to more streaming services than ever before. Previously I’d have argued that consolidation was going to occur in that sector soon. Too many services hoping for customers to double and triple dip on their entertainment budget. I’ve come to see that the services serving genre fans will do just fine.

The giants will scoop the broad viewing market but they're not interested in going deep. The market size for genre content is limited but if you control your costs and have people curate the content it can be a lucrative ongoing stream of revenue from a customer base that isn’t served well by the major streamers.

It’s a Bank Holiday here and I’m looking forward to getting out for a walk between rain showers. Take the walks when the opportunity presents. They’re good for you.

Unrelated: New RPG book to read, the Spanish behemoth Aquelarre. A Medievil demonic roleplaying game with some gruesome, dark ages style, artwork. Chances of me getting to play it are slim but I’ve enjoyed reading it and it looks great on a bookshelf. With such a good looking product I would have liked if it came with ribbon bookmarks. The more biblical looking the better.

Aqulerre
  


My Best Friend's Exorcism

I suspected this was going to be light when I read the blurb on the back cover and looks were not deceiving. One chapter in, with the sunk cost fallacy at work, I charged forward into My Best Friend’s Exorcism hoping it might eventually throw some morbid humor into the mix of teen girls being nasty to one another. It never did. Which is a weakness as snide comments and horror alone cannot round out this flimsy story.

As a YA book it works and there are some paragraphs that will put a shiver down the spine of a younger reader. But it's not pitched as a YA book and there is not much going on here if you have seen more than one horror movie in your life. It is packaged as 80s nostalgia, the oppressive Reganism only working if you remember the Reagan years, with that type of relationship women only have with one another in literature and movies. Beyond that it’s a straight down the line demonic possession story.

With self-awareness the author drops references to The Exorcist into the dialogue, but it is The Exorcist with a pinch of 976-Evil and lot of Mean Girls. Just like the title says it this is a story of demonic possession and the exorcism of the Demon from a girl’s best friend. There is a geeky friendship in youth, a more sophisticated friendship as teens, and an exhausted friendship in the latter part of life.

I am not giving away anything by revealing they managed to yank the demonic presence out. What the Demon gets up to before the exorcism is evil, but this is a Netflix pitch between two covers so its evil with an eye on a small production budget.

Bestfriend1


Eccentric Orbits: The Iridium Story

This is a brilliant story well told. In Eccentric Orbits a retiree goes to bankruptcy court and writes a personal check as a deposit on the Iridium satellite constellation. Cost of Iridium development to Motorola and its partners? $6 Billion+

The check was for $1.5 Million.

This happens in the latter half of the book but when I read it was a highpoint. It takes fortitude to put your own money in when no investor will. The retiree, Dan Colussy, was the former CEO of Pan Am. Colussy saw the potential of Iridium at the same time its creator, Motorola, was doing its utmost to decommission the constellation and burn the satellites up in the atmosphere. Iridium was Bob Galvin’s dream, Motorola would no longer sell technology to tele-communication operators, it would become the first global operator.

While Iridium was the father’s dream it was not his son’s. Upon his father’s retirement Chris Galvin ascended to the role of CEO to find Motorola’s cash cow mobile handset business under siege by Nokia. He reacted by attempting to refocus the company on the consumer market. Business units were shuttered or sold off and you know how that strategy turned out. Motorola as a US consumer electronics giant no longer exists.

While what remains of Moto is a shadow of what it once was, Iridium went from a launch day where no one made any satellite calls to having parts of its network in the sky hammered with calls as service people around the world call home for Mother’s Day.

The original Iridium constellation was a technological marvel designed by three of Motorola’s smartest weirdos, Bary Bertiger, Ray Leopold and Ken Peterson. It was put into orbit by a brilliant shitkicker, Dannie Stamp. How it was created and why it was a marvel is discussed in detail but the bulk of the book covers the battle to save the constellation from being burned up.

Colussy starts out alone and with no financial backing but finds allies in the Pentagon, the White House and in the intelligence community. Raising money is an ongoing problem but navigating obstacles becomes easier as he picks up compatriots.

A CIA spook shows up to his first Pentagon meeting and starts negotiating with the assembled uniforms on Colussy’s behalf. Then the spook starts showing up at other meetings with other people having not been told by Colussy about those meetings. Being smart enough not to gaze behind the curtain Colussy takes the hint and the spook is invited to officially join his team. Someone in an agency building somewhere decided Dan Colussy was the best option to keep Iridium flying. They sent him someone else to help make that happen.

There are many obstacles to Colussy's team gaining control of Iridium and a number of them come back again and again. Among the collection of existing satellite providers and bellicose telecommunication billionaires it is Motorola which emerges as the primary antagonist. Letting Iridium burn becomes the default corporate position, the company threatening to initiate the deorbit sequence regularly. Motorola becomes so unruly to deal with that the US government refuses to sign any contracts with the new Iridium if Motorola has any involvement with the new company.

Colussy and his patchwork team of investors do win the battle for Iridium and he saves the constellation from destruction. The reborn company goes through numerous CEOs until they find one that sticks. Eventually it becomes the going concern with a profitable future that Dan Colussy could see when he was retired and playing with a first generation handset at his house.

It was a hell of a journey to get there.

Iridium11


Oathbringer. Book 3 of the Stormlight Archive

Brandon Sanderson writes 400 pages of story across a 1233 page book. I pulled this off the unread pile last week knowing that has been the case with the first two books in his Stormlight series and it continues in the third, Oathbringer.

This is planned to be a ten novel series and I’ll admit that in the middle of each one I start considering the opportunity cost of finishing the latest book and the series as a whole. That said the books do end strongly, he wants you to pick up the next one. When he is on Sanderson writes compelling action sequences but the intervals between those drag.

It’s a rich fantasy universe but you’re reading it as he’s fleshing it out and there’s much I don’t need to know. I don’t find the protagonists relatable, there is an anti-villain I do find relatable so anytime he’s lucid I know things are going to pick up.

As Sanderson is so prolific the next doorstopper instalment of this series is due in November. Will I read it? Yes. Will I ask myself why I’m still reading it before I hit the halfway point? Also yes.

Oathbringer1