Thoughts… ravings… and more…

PHP on macOS Sierra can’t access SSL data

Recently I ran into an issue where I couldn’t use PHP to retrieve an SSL site on OSX Sierra. Interestingly, the following scenarios were true:

  • PHP using libCURL worked fine. HTTPS would access and decode without an issue
  • file_get_contents was unable to access the URL
  • SOAPClient was unable to decode SSL resources

The error produced by file_get_contents for the URL in question was:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

After a bit of digging, I found the following:

  • libCURL uses the Apple SecureTransport layer to map and manage their SSL certificates. This means that they do not rely on OpenSSL certificate data to be able to verify intermediate certificates
  • file_get_contents and SOAPClient still rely on libssl to be able to perform their SSL verification chain, which expects intermediate certificates to exist on the file system

Running the following command:

php -r 'print_r(openssl_get_cert_locations());'

returned a set of default files and locations that PHP’s openssl layer was expecting to find data:

 [default_cert_file] => /usr/local/libressl/etc/ssl/cert.pem
 [default_cert_file_env] => SSL_CERT_FILE
 [default_cert_dir] => /usr/local/libressl/etc/ssl/certs
 [default_cert_dir_env] => SSL_CERT_DIR
 [default_private_dir] => /usr/local/libressl/etc/ssl/private
 [default_default_cert_area] => /usr/local/libressl/etc/ssl
 [ini_cafile] => 
 [ini_capath] => 

but none of these paths existed. The solution/workaround I implemented was running the following in shell:

% sudo mkdir -p /usr/local/libressl/etc/ssl/certs
% sudo curl -o /usr/local/libressl/etc/ssl/cert.pem

This creates the default_cert_file directories and imports the latest certificate store from

Other options may include using tools such as brew to install additional resources on the system; but I prefer not to do that – or utilising tools such as Docker to contain your PHP application execution.


Losing my religion?

OK, so the headline is not really about the article. I don’t think I’m losing my religion.

But Religion is one of the big topics of the Census next week. On one hand we have organisations marketing for people to tick “No Religion” on the Census when it comes around. We have people suggesting that if we tick “No Religion” then Islaam will become the dominant religion. On the other hand, we have Christian Lobby groups advocating to have you tick “Yes” to a religion – even if it’s the religion you were brought up in and you aren’t sure if you hold it (i.e. if there is even the remotest, slightest possibility you might hold it) any more.

I’m finding this whole conversational dynamic bizarre.

The Christian Church has for decades been struggling to break past the dynamic of religious nominalism. The good news about Jesus’ death and resurrection, and the hope for eternity that it provides often falls on deaf ears because people think that they know what being a Christian is all about. They assume that they have heard it all before because they were raised in a Christian home, or went to Sunday School 30 years ago. As Christian’s we privately quip about those who believe they know exactly what the Gospel is, but don’t seem to get it.

I guess there is some argument that Christian Churches want representation to argue for protection of religious freedom. Or they want protection so that they can lobby for a certain volume of support from Government. I’m assuming the argument is that claiming to represent more people helps them argue more effectively. Our politician’s aren’t always the smartest, but I’m pretty sure they understand that of the portion of Australia that describe themselves as Christian a substantial majority don’t attend church or hold any particularly overt Christian conviction.

And then we turn around and tell them to choose Christian as their religion on the Census, even if they don’t hold that as their personal religion any more.

Performing batch upgrades on Polycom handsets

At Real World, we occasionally need to upgrade a large batch of Polycom Handsets en masse, and remotely.

Recently we needed to push out firmware updates for VVX series to address a bunch of minor, but significant bugs that have been around for quite some time.

There is a relatively well-known process for this:

  1. Make the updated firmware available on your provisioning server
  2. Send a “sip notify” packet to the phone requesting it check the configuration from the server
  3. Wait for the phone to reboot

People have written some scripts to make this less painful when you have SIP peers that are all very similar and sequential in name. We needed to do this for a few thousand phones, with all dissimilar usernames. Typing in ‘sip notify polycom-check-cfg EXTEN’ 2000 times at an Asterisk prompt not the way I planned to spend my evening!

I wrote this “quick and dirty” script to accomplish this task.

$phones = `asterisk -rx 'sip show peers'`;
$lines = explode("\n", $phones);
foreach ($lines as $line) {
 $segments = preg_split("/\s+/", $line);
 if (count($segments)>1) {
  if ($segments[1]!="(Unspecified)") {
   $parts = explode("/", $segments[0]);
   $peer = `asterisk -rx 'sip show peer $parts[0]'`;
   if (stristr($peer, 'vvx')) {
    print "$parts[0] is a vvx\n";
    print "sending sip notify polycom-check-cfg $parts[0]\n";
    print `asterisk -rx 'sip notify polycom-check-cfg $parts[0]'\n`;

Docker for Mac “Unknown runtime specified default”

As part of my life, I do a fair bit of development. For the last 18 months I’ve been using Docker, an awesome container/virtualisation platform as a daily part of my development routine. There are a number of tools to help you get up and running with Docker, and one of them is Docker for Mac. Docker for Mac provides a VM environment for running container software and makes your overall Docker experience seamless.

Only catch? It’s beta. That out of the way, I went to run up some containers this morning and hit this issue:

% docker-compose start pbxdb
Starting pbxdb ... error

ERROR: for pbxdb Unknown runtime specified default
ERROR: No containers to start

This error was new, and I knew that I previously had this container working. Turns out that it’s a product of the issue described here – namely that between 1.12.0-rc2 and 1.12.0-rc3. Fortunately the fix is simple – recreate your containers. This issue looks like it’s present across all Docker for “X” platforms.

% docker-compose rm
Going to remove myapp_pbxdb_1, myapp_app_run_1, myapp_db_1, myapp_redis_1
Are you sure? [yN] y
Removing myapp_pbxdb_1 ... done
Removing myapp_app_run_1 ... done
Removing myapp_db_1 ... done
Removing myapp_redis_1 ... done

and rebuild my containers.

Not the end of the world – but hopefully this save someone else 30 minutes of googling and reading comment!

UPDATE: Some people may find recreating their containers problematic if they have non-ephemeral data they don’t want to loose. As this is a dev environment I’ve built to allow me to not care, it doesn’t really affect me too much. But if you want to preserve your containers, you can use this strategy – use docker inspect to find the volume identifier for the container, and then make a new container with the docker command using the same image. This should allow you to dump the data out using whatever tools you need and then re-import it into your rebuilt containers you are using with docker-compose or your favourite tool.

Mergers, Acquisitions and Changes… oh my

This morning I work up to the exciting news that the team at are joining the Atlassian family.

Most of the world will be ignorant of – but this is exactly how it should be. is an online service status dashboard. It’s externally hosted, which means that it shouldn’t be affected if you have an outage that affects your infrastructure. This means that you can communicate and connect with your customers – even when something is going wrong.

We’ve been using StatusPage at Real World for about 2 years. It’s transformed the way we handle service information and has made it easy to communicate and disseminate information – even when something is going wrong.

I’m a massive advocate of StatusPage internally, and also to our customers. We work with a number of ISPs who buy services from us, and upstream providers who often still lack this relatively basic, but essential piece of communications infrastructure. I’m always raving about how StatusPage makes it easy

So what’s the big deal?

The challenge for every startup is how they engage with their target market. They need to acquire customers, get access to infrastructure and be able to integrate their technology with other systems and platforms to deliver a customer experience that works. has grown tremendously over the last few years; from a niche service tool to something that i now quite mainstream.

Merging with Atlassian gives them access to a wider customer base, infrastructure and scale teams and should help their platform grow. It mobilises sales and marketing teams to help them expand.

But what could go wrong?

About 3 years ago, another of my favourite tools, HipChat was acquired by Atlassian. They had a massive cult following as an amazing enterprise collaboration tool. We love it and it has transformed the way our business communicate. But Hipchat’s development has languished. They haven’t innovated at the same rate as their competition. They’ve also had a litany of infrastructure and performance issues.

So what happened? Well, from the outside it looks like HipChat grew exponentially. They started to try to do more. They grew and they lost their core focus – innovative enterprise collaboration and integration. Other tools like Slack have come into the market, and have begun to steal market share. Hipchat’s competitors have managed the conversation landscape.

Will the same happen with StatusPage? I hope not. Time will tell!


And the world keeps spinning

We’re home. We now know that there is nothing critical wrong. Is that even the right set of words? There was something critical wrong. Our baby stopped breathing. But it’s nothing major. Is that even right? Her face was blue. There is no significant medical reason why this might have happened, and she is developmentally a well baby.

We are happy. How could we not be happy? A simple diagnosis, and a likelihood that it won’t be an issue again.

And the world keeps spinning.

Oh – you’re baby has been in hospital? Is everything ok? Oh, it’s just reflux? We’ve been there. Probably nothing really. But it was a big deal. SHE STOPPED BREATHING. HER FACE WAS BLUE. But she is OK now, and we know what to do. We’ve had CPR training. 5 rescue breaths, 30 compressions, 2 breaths, 30 compressions, 2 breaths. Repeat. Repeat. Repeat.

And the world keeps spinning.

At least you’re self employed. At least you can take time off work. You’ve got staff; they’ll look after things while you are gone. But how long will the emails wait? How many decisions will be made or not made? Which contracts will be won, lost or passed over?

And the world keeps spinning.

So many people have gone through worse. Families have lost children both within and outside of the womb. Good friends have had their children in special care for weeks on end. Their loss and grief must be so much greater. Families have struggled with pain over ongoing sickness and health. Our 3 days is nothing in comparison. Or so I tell myself.

And the world keeps spinning.

My wife and I joke about the fact that we’ll take turns in staying up to watch her. We laugh about how we’re not sure we’re going to sleep for the next few weeks. But we aren’t laughing on the inside. The fear of it happening again, however unlikely, however not life threatening, continues to loom over us.

And the world keeps spinning.

We are lovingly told that it will be hard. We are told that we must be racked with worry. Or filled with relief. The discharge nurse said we must be happy. But the feelings are so much more than that. So much more deeply complicated and full.

And the world keeps spinning.

But my world isn’t spinning.

It’s stopped today.

Right now I’ve got grief, sorrow and pain. And relief and joy. But sadness and pain. I know that this too shall pass. I know that sorrow and grief are temporary. I know that my hope is not found in this life, but in the next. But right now it just hurts.

Is the Turnbull NBN A National Disaster?

There are so many things to care about in the upcoming election. Issues of significant moral conscience, national stability, and economic futures. Issues that are set to shape the future of Australia and that need to be seriously considered and managed.

But one issue that keeps popping back up for discussion is the National Broadband Network. In particular, many people (me included) are criticising the current federal governments MTM (Multi-Technology Mix) approach. This is an area which I think I actually can speak with some authority. In a professional context I am a customer of an NBN aggregator, and also run a Carrier business that competes in the NBN rollout space. I’ve worked in the telecommunications industry for 16 years, and telecommunications is a significant part of what Real World does.

But to do this I need to lay out some information that is important to understand in the context of the discussion.

The NBN was already broken

(because it’s too expensive to get access to and deliver services over)

The NBN was designed to create infrastructure that would benefit the whole of Australia, to foster growth, economic stability and a technological future. It relied on cost modelling that subsidises regional Australia with comparatively high connectivity costs by building lower cost services in metropolitan areas. The project was always going to be difficult to be cost neutral – but it was infrastructure which was to have a 20 – 30 year life, and so many argued that the investment was worth it for the future.

Like any product that is sold, it needs to have a cost model and fee structure. When you work out the price of an NBN retail service (i.e. what you buy) there are three principal components to the cost.

  1. The NBN Access Charge. This is the cost for an NBN “port” in your house, and the path between your house and the NBN Point of Interconnect.
  2. The NBN CVC (Connectivity Virtual Circuit) charge. This is the cost for your ISP to buy access to a “port” in a Point of Interconnect and is purchased in “Megabits per second.”
  3. The “Backhaul” charge. This is the cost of your ISP taking the service from the Point of Interconnect back to their network.

So how much does that actually cost, and what’s the issue?

  1. NBN Access Charges vary, but a 25/5Mbps costs $27.50 per month.
  2. NBN CVC Costs $17.50 per Megabit per second. So, for a provider to provide 25 Megabits per Second of speed, they need to buy $437.50 worth of access. This access can be shared between multiple customers, but this creates “contention” – just like when you have two people having a shower at home using the same hot water system. Most networks contend their access at 50:1 – so for every 1 Mbps they buy, they have 50 customers trying to use the same space.
  3. Backhaul charges vary depending on the location of the POI, but range from 30c per Megabit per second up to $8 per Megabit per second.

Now these numbers don’t look like they are “too” big a problem until you start to work it out. Telco’s used to buy ADSL access from Telstra per State or Territory around Australia at $35 per Megabit per second (the price is cheaper now). There is now 121 places that ISPs can buy NBN services from. ADSL services on average run at about 1.3Megabits per second.* Because NBN services are faster, the average usage jumps on them from 1.3Megabits per second to 6 Megabits per second. This means that the average cost is 3 times that of an ADSL service – but the retail price has stayed the same. In addition, there is extra costs associated with delivering the services as there is more places to interconnect, with significantly more variation in backhaul costs.

Fundamentally, this makes the NBN “unaffordable” to sell, without offsetting your internet service revenue against higher cost “business” services or subsidising NBN with other technologies such as Voice over IP, Video on Demand or Mobile.

Take home message: The CVC cost and number of POIs are too high and too many to make the network affordable to use.

Copper isn’t a big deal today

Memes like this annoy me a bit.

Copper NBN is not “slow”. It’s not as “fast” as Fibre, but it is still fast. The technology (Fibre to the Node) is good science and has a definite place in telecommunications. But that’s not the problem with it. Most individuals and businesses don’t need the speed that Fibre offers today. In most cases, 25Megabits per second (a reasonable average VDSL speed) is perfectly reasonable. There are obviously some exceptions to this rule. The problem is not that VDSL is bad today – the problem is that VDSL is not a long term solution.

Why? Because the copper network is not that great. Copper is a metal, and it corrodes and degrades. It has a limited shelf-life (20 – 30 years from what I’m told). Physics shows us a lot about how electrical pulses can be sent over copper, how they interfere with each other and at what rate the degrade. And in many parts of our country we are already seeing the effects of the age of the network and degradation. In addition, copper services can’t be shared – so one “pair” of copper cables equals one service.

In comparison, fibre is glass or plastic. It has a shelf-life of 60 – 80 years. Light travels along it just below the speed of light. The major issues with fibre are that it gets cut or dirt gets into the connectors, which can be cleaned with an air gun. Fibre services can be shared as multiple colours of light can be sent down the same strand of fibre allowing you to run multiple seperate services on one piece of glass. The downside is that you have to run new fibre cable to each premises you want to service.

Is copper cheaper? Well, yes it is. Because we already have a lot of it in the ground, and so we can install a “node” and connect the copper that is already there to the node. But at some point, the cost of installing, running and maintaining nodes, upgrading or repairing the copper outweighs the cost of installing fibre. And we are still needing to run fibre to each node; so there is still a lot of cost involved in getting the fibre there.

Take home message: FTTN (or the Copper NBN) is not a “slow” solution today. But it is going to cost a lot to keep running and won’t scale into the future.

The cost justification is wrong

The Senate Estimates Committee has made it very clear that infrastructure spending for the NBN is a 4 year election-based decision. Unfortunately, any telecommunications network is a 10 year investment at minimum. When you make decisions about spending on an election 4 year cycle, it makes sense to choose the option that will best benefit your bottom line over a 4 year period. But the down side is that you push the cost of running and maintaining that network 4 years down the track – and ultimately onto our children, or children’s children.

For something that is of such national importance, it makes sense to consider the long-term economic costings, which are heavily geared towards Fibre being cheaper in the long term because the density and maintenance costs are lower.

Most of the numbers being released by politicians suggest that the MTM NBN may save us much as $30 billion, although this number changes regularly because no one really knows how much either network will actually cost to build. The industry estimates seem to suggest the numbers are closer to $10 – 15 billion – which is about 20% of  the overall cost of the project. [Note: this paragraph previously stated grossly inaccurate cost savings.]

Comparatively, Telstra’s agreement to maintain the copper network  it sold to NBN is worth about $80 million per year; on top of it’s Fibre maintenance costs. (This cost also includes new connections, so arguably the maintenance costs are only a portion of this final figure).

My concern is not about the incidental cost now – my concern is how much are we going to have to pay to keep the network running 5, 10 or 15 years from now. Are our Children going to be having this conversation all over again, being forced to spend the same money all over again to keep the telecommunications infrastructure up and running in this country to deliver the services they need.

It just doesn’t make sense to save a few dollars now for the sake of a much larger cost later.

Take home message: We are wasting money by spending so much on a Copper NBN when we are going to have to maintain and replace it in the future. We should just do it right once, knowing the decision we’ve made will last another 60 – 80 years.

Will the NBN influence my vote on Saturday?

Probably not. I’d like it to, but there are so many other things that are big issues for our nation such as:

  • the treatment of Asylum Seekers
  • the need for greater Domestic Violence Prevention
  • the state, health and protection of our Environment
  • the role of Gender Identity in our education system
  • the definition of marriage
  • the funding of Tertiary education
  • the state of our Nation’s economy
  • the impact of Brexit on Australia
  • the need to protect free speech across our country
  • the global impact of terrorism
  • the need to foster innovation and development to grow our economy
  • the need to foster and grow small business
  • the continued provision of quality health care

… and so many more big issues that weigh on my mind. But let’s at least go into this with our eyes open, understanding the issues and be prepared to meaningfully discuss what is going on.

The NBN may in fact be the burning issue that gets your vote – but just remember that it is one of many big things that are impacting our nation at the moment.

* This isn’t your peak speed, but when you plan your network, you can guess that your customers will use about that much bandwidth and build your network from there.

For some further reading around the cost model this article is helpful on cost modelling. This presentation from AusNOG last year also has some good analysis of the speeds required for NBN services and the impact on CVC.

Thanks to Karl Auer for helpful criticism and comment which has resulted in a few modifications and clarifications to this post. Karl has also pointed out that a number of the elections issues I’ve identified are helped by an excellent, fast, national broadband network, that is ideally delivered over Fibre. I think there is a lot of truth to this statement. Thanks!



Just over a week ago, we welcomed our third adorable child into the world. She is gorgeous, and I’m overcome with love for her.

Birth isn’t just about her. There is so much truth to this beautiful comic. I thought I needed to share it. I’ve been sitting on it for a few weeks, because I’ve seen my amazing wife in action before, and knew it would be true. It was. She is amazing.



We’re so thankful for the many friends and family who have supported us over the last few days. You’ve loved, cared, cleaned, cooked, and simply shared our joy. And we are so grateful for your generosity and genuine love for us.

Last night we took our baby up to the hospital again. She is still well (and in fact, was by the time we arrived at hospital).

I’m so thankful that the numbers on this medical device are what they are. I’m also thankful for the wonderful healthcare system we have in this country. We are so blessed to live in Australia.


I’m reminded of how fragile life is.

I don’t think I’ve let myself adequately process the grief associated with this event yet. We’re not unfamiliar with hospital trips for very young children, but the anxiety, powerlessness and distress are gut wrenching.

Many parents have gone through worse.

We’ve gone through worse.

But that doesn’t make it hurt any less now.

But I trust in you, O Lord;
I say, “You are my God.”
My times are in your hands;
deliver me from my enemies
and from those who pursue me.
Let your face shine on your servant;
save me in your unfailing love.

Psalm 31:14 – 16 (NIV)

I should be writing right now…

I should be writing right now. It’s ironic really.


I’ve worked out over the last few weeks that one of the largest parts of my job is actually being an author. I don’t write brilliant stories for consumption, or polemics espousing the merits of coffee over diet soft drinks, but I do write a lot. And what I write matters, and how I write it matters. I change people’s minds and opinions based on what I write. And my livelihood, and others actually depends on it.

This isn’t remarkable, but just something new and nice to understand.

</end sidebar>

Now that that’s out of the way – this morning GMail experienced a “service interruption”. I use GMail for my email. But I couldn’t send email. I could occasionally receive email. I couldn’t search email. And I realised how much of my life depends on my email. I have information I need in there. I have ways to communicate with other people.

Not having my email was isolating. There were moments of panic and stress as I wanted to check or know something that I could not know. It was frightening. I resorted to other mediums for communication – our internal office chat system, iMessage, Facebook – but none were quite the same.

But it is back now. #firstworldproblems


Last week I came face to face with a dark side of the Internet. Some websites my company hosts were hacked through a software flaw. This kind of thing happens all the time in the online world, but I generally don’t have to deal with it.

The home pages of the websites were replaced by a page from an anti IS “ethical hacking” group. To be honest, I avoided the content. The imagery was horrific and disgusting.

My passive mind wonders if their message is true. If the hideous imagery is real, or just some artistic fakery? I ponder whether their message has any value given the method they chose to disseminate it.

And I worry. My mind, although content to idly contemplate such existential questions is detached. This is a mere mental exercise for me. My heart is unmoved.

When did I become like this? When did the cry for human life fall on deaf ears? When did my soul become untouched by the horror of humanity? When did my passion for those made in the divine image fade?

I have people I love. I have people I care for. What if it was them? What if it was my family?

And if my heart breaks, only to find that it was for political or personal gain, what then? Is my sorrow less valid? Is my hurt on behalf of those who are not hurt any more any less real?

Lord, break my heart for your creation. Help me understand. Change me.