Monday, June 22, 2009

Where the mind is with fear

Excerpts from two articles in hindustan times written by Manas Chakravarty and Indrajit Hazra.

We are a non-violent people. We hate it when people resort to violence. In Lalgarh, the tribals have all along been very peaceful. True, the primary health centres in their villages didn’t have any medicines and doctors from the towns rarely visited them. So what’s new? Many people saw their sick loved ones die as they made the long trek to the district hospital from their villages over the dirt tracks that pass for roads. But there was no violence.

Finding drinking water in the summer has always been a problem in the villages. Ponds have had to be used for both drinking water and for bathing. Children have often suffered from diseases as a result. But the tribals of Lalgarh are used to their children dying early. They never complained.

Most villagers in the region are caught in a vicious poverty trap. Malnutrition is rife. Doctors from Kolkata who recently visited the place said that what the people needed was not pills but food. Nobel Laureate Amartya Sen once said that hunger was “a quiet violence”. He meant that if a state can’t feed its people it’s guilty of violence towards them. But he was just twisting words to suit his theory.

Indians are malnourished not just in Lalgarh, but all over the country. A recent Unicef report said that 405 million people in South Asia suffered from chronic hunger. India’s rank in the Global Hunger Index of 88 countries is 66, below several African countries. So there’s nothing special about Lalgarh. Also, in spite of being hungry, the people were peaceful. Being peaceful is the most important thing.

Every election, the Lalgarh tribals voted the Left to power in the hope that these self-proclaimed friends of the poor would help them. But in spite of the promises, nothing happened. The money from the anti-poverty programmes never reached them, the police occupied the buildings that were supposed to be clinics and the irrigation canals dried up. They watched in silence as the local party bosses built mansions and businesses for themselves and their cronies.

For more than 60 years after independence, they patiently waited for better times. And it’s not that the country wasn’t doing well. Some of them went to the grand city of Kolkata and came back with wondrous tales of shining malls and air-conditioning and taps that never ran dry. They were right to wait. For as we all know, it’s just a matter of time. Once the Sensex goes up enough and CEOs start earning several crores a year and India becomes a world power, then money will trickle down and reach places like Lalgarh. True, generations may be destroyed before that happens. But that is not violence.

Some things do seem to suggest, at first glance, a hint of brutality. Take the routine manner in which the police pick up tribals for questioning and then torture them. But that’s required for the police to conduct their investigations. How else will they protect the people from the Maoists? True, tribals in Lalgarh lived in constant terror of the police and of the party thugs. But that is not terrorism.

Of late, though, the people of Lalgarh have been behaving very oddly. They drove the police and the party bigwigs out of the area and torched their houses. They have started digging wells, setting up schools and running health clinics, without any help from the state. They have formed a Committee against Police Atrocities which wants electricity in their villages and roads and bridges to be built. Worse, they even want the politicians to apologise! Very strangely, after all these decades, they seem to be running out of patience.

What on earth is going on? Outsiders must be inciting them to violence. We are a peace-loving people and must stop this violence at once. Don’t worry, our tribal brothers, our troops are on their way to save you.

--Manas Chakraborty

The conditions that have led people to fall for the seductive charms of violent revolt were being pressure-cooked for years. An administration had long forgotten to recognise, never mind keep, its part of the bargain with the very people who had given the CPI(M)-led front its generational power and the pelf that comes with it.

Take the case of Kuna Sabar, a resident of Darra village in West Midnapore’s Belpahari sub-district. On December 22, 2007 — when a million miles away in Calcutta, people were frantically speculating about the return of Sourav Ganguly in the Indian cricket squad — Sabar died of hunger. If his cause of death (confirmed by a doctor) wasn’t shameful enough for a government that took pride in prioritising the concerns of its rural masses, the subdivisional officer’s response to the death was horrific. He said that documents showed that Sabar had bought “8 kg rice, 2 kg wheat and 2.4 kg sugar” from the ration shop “between December 2 and December 16”. Effectively, he was telling Sabar’s widow that his death must have been her husband’s fault.
Sabar is just one statistic. During 2004-2005, a year before the Left Front won the 2006 assembly polls by a landslide, dozens of ‘hunger deaths’ across Bengal were recorded by the Asian Human Rights Commission. And these sordid deaths were overwhelmingly because of utter administrative failures. Till January 2008, only 34 people in West Midnapore, for instance, had received the minimum 100-day job and corresponding pay under the National Rural Employment Guarantee Scheme. The remaining earned wages for an average of 11.6 days.

In a universe where bureaucrats, academics,policemen, the cogs and wheels of administration and governance are deeply entrenched in ‘party affiliations’, accountability can only be a silly theological notion for bourgeois ‘management types’. It is this affliction of apathy — and of genuinely being stumped about why people might be enraged about pointless deaths, of living in life-defying poverty — that really makes for something rotten in the state of Bengal.

What applies to administrative ignorance (an evolutionary byproduct of administrative apathy) holds true for a police force that simply doesn’t know anything about crowd control or how to tackle a riotous mob. Either the police do nothing (as they did when the Maoist-goaded People’s Committee Against Police Atrocities in Lalgarh first marched to the CPI(M) zonal headquarters in Dharampur last week to destroy any signs of the CPI(M)/administration and attack party workers), or they shoot first and ask questions later (as they so memorably did in Nandigram on March 14, 2007).

Only in Left-ruled Bengal do you get armed partymen being regularly and openly sent to ‘capture and liberate’ towns and villages that have fallen in the ‘wrong hands’. The police arrive at the scene later, if the comrades and their local commissars have failed to do their job. As this is being written, the state government has finally let the police and security forces enter Lalgarh to ‘reclaim’ it from the Maoist ‘invaders’. It will remain unclear for a long while whether this reclamation is being conducted at the behest of the CPI(M) or the people of Lalgarh, considering that the concerns of the two are different and almost diametrically opposite.

--Indrajit Hazra

Wednesday, June 03, 2009

During Microsoft Teched at Hyderabad, there was a contest for the top architect which I contested.
The following images are of the slides I sent and the text is basically the audio I sent.

High Overview


Microsoft Solutions Architecture


The first slide is a high level overview just for illustration purposes, so I won't delve into that. Let me speak of the Use cases which is in the 2nd slide.Here as I state a user or rather an authenticated user can vote, Mark Self as Candidate, sponsor someone else as candidate, view candidate info and so on. Ialso have another actor Candidate who extends from user and can upload content. I also have a external system who gets data and functionality from the system. To do so it pays to the system which I have assumed is done via a Payment Partner. The system also takes money when a user marks self as candidate and sponsoring another person.This is another assumption i have made.
Now to the solution Architecture, I have proposed a N tier application(in code) with complete seapration of UI, business logic, and data access logic. I follow the business facade pattern and will have a generated Data access layer where every method corresponds to one stored proc. Now one thing people might not like is the site having both a web client and a rich internet client. I like rich internet clients a lot and I think its usage could be a great plus in this site. I have suggested a web client to go with a rich internet app as well as it can then run on mobile browsers and on those browsers which do not have rich internet client framework.The rich internet client as well as the external services can connect directly to service layer to get the data.
Now if we go to the microsoft technology based architecture slide you will see that I have replaced all the technologies spoken earlier with the Microsoft technologies, Rich Internet Client has become Silverlight, the web client app has become ASP.NET MVC ( to mobile enable it , you just need to add the mobile browser definition files).I'm a great believer in software factories and so I have used the web service software factory with WCF in the service and business layer, the ADO.NET entity framework takes up the job of data layer along with data access application block which is heavily being used along with other application blocks in enterprise library cross cutting all layers for exception management, validation, logging, security, etc. I have proposed SQLserver as the dbas we are using .net and Microsoft's SQL client provider is super optimized for SQL Server.MS is supposed to come out with a rich internet client technology for mobile but as it is still in the pipeline( not even a beta release), I would like to first build the ria and even after it is ready if ms does not have the ria client for mobile browsers, I would create the web client, and my experience tells me that it will not require a heavy resource as the business logic has already been created.Finally security in WCF, to connect to silverlight u need to use basic http binding , so the security will have to happen at transport-level, HTTPS, IIS-based auth for the entire application and authentication outside of silverlight, but for b2b scenarios I suggest consider using messagebased brokered authentication with X.509 certificates with certificates the certificate issued by a commercial certificate authority.
Now for the deployment diagram, a little costly but I believe this is the best.
First there is the hardware firewall which will handle DDOS attacks, TCP flood, Malformed Packets efficiently as there is a dedicated processor in Hardware Firewall that handles all the filtering. If i use just Windows firewall and too many malformed requests come in, my Web servers CPU will be too busy saving me from those attacks then doing the real job like running my .NET code.My fire wall connects to a router or switch which has load balancing capability that evenly distributes traffic to my web servers. I had thought of firewalls with load balancing capabilities built in and with enough NIC to connect all my web servers but finally decided on the present architecture as i feel every device should do its own wotk and also this is perfect if the site is a hit and requires scaling up. I have seen many networks and web sites which have gone down for hours even a day because they did not have a backup, so I suggest each device should have a backup. So if the firewall goes down or has to be patched up, my backup can do its work.Note, the physical architecture is two-tier,the decision to have two tier architecture is due to speed. Since we don't store super critical information, we don't need to worry about Security as much as we would do if we were building a financial application.The servers should always run 64 bit windows as otherwise you cannot fully utilize the 4 GB RAM or more than that.The 64bit version of .NET framework is stable enough to run heavy duty applications. Some people have had bad experience running 64bit Windows on their personal computers, but 64bit servers are pretty solid nowadays. Web server layer contains three web servers in load balanced mode. Each web server hosts the exact the same copy of the code and other artifacts of the application that we have.Also our main users are coming from RIA and external systems which are any way going to be connected to the service layer but even if we only had a web client application, I would still do the same as a separate application layer has been proven to be a bad practice for high performance websites particularly the ones developed using ms technologies.even if you say that the webserver has no idea of the sql server,in modern applications, almost all operations are exposed via services. There's very little ad-hoc SQL query. So, this means, if someone can compromise the web tier, all the service methods are exposed to hacker and calling those service methods are not more complicated than calling SQL Server. IIS generates humoungous sizes of logs, and also we have the application logs been genrated by logging application block, my suggestion is to keep a large amount of space in the drive where the app is located as might need to store several weeks worth of IIS logs incase our internal systems to move those logs to somewhere else for reporting gets broken.
Now the webservers are also connected to the internal router. the db servers sit behind it. I know that some people would say that a firewall is required to keep the webservers in dmz but my exp is that this firewall becomes a bottleneck for all traffic between web and database servers. What I do is use a router and open only port 1433 to pass anything through the router from a web server to any DB server.I have been told by many security experts that if you can hack and get the web.config,everything else whether dmz or anything else is of no use.I have suggested windows clustering witha active /passive cluster but if the site scales up, we can make it 2 active /passive cluster. I have also suggested SAN for the main db data as windows clustering needs it(very costly i know, but if the site is big just worth it) but only local raids for backups and reporting data. Finally I have suggested MDFs and LDfs kept in spearate disks with RAID10 for storing MDFs where the read data is normally kept and RAID1 for LDFs which contain the high write scenarios.