Skip to content


  • Profile photo for Paul Brabban Paul Brabban, Lead Consultant at Equal Experts

    With experience in software development, data engineering and machine learning, I specialise in data-intensive problems and decentralised data engineering at scale. My experience extends to leading teams, technical architecture and product development. Find out more about my experience and publications in my portfolio.

    Contact me to see how I can help at

Change Data Capture with AWS DMS

hero image

Setting up Change Data Capture from Aurora Serverless PostgreSQL to S3 via the AWS DMS service. I'll walk through the demo setup, using the venerable Northwind dataset, calling out the problems and solutions on the way. The next post in this series will show the challenges we hit trying to work with this kind of CDC data and how we dealt with them.

  • Thanks to Equal Experts logo for supporting this content.

Handling CVE-2018-20225

GitHub Actions update and safety run logs ignore and succeeds

CVE-2018-20225 in all versions of pip tripped my vulnerability alerting this morning. If you're scanning for vulnerabilities using Safety, you've probably seen the same alarm. This post captures my reasoning and decision-making process to understand the risk and impact of this vulnerability and then deal with it.

  • Thanks to Equal Experts logo for supporting this content.

dbt 1.8 breaks on update

Error traceback ending with No module named dbt.adapters.factory

On updating dbt-bigquery to latest 1.8.0: No module named 'dbt.adapters.factory'. TL;DR - pip install --force-reinstall dbt-adapters following the broken upgrade should resolve the problem. Delete the venv and reinstall from scratch if not. See my comment in dbt core issue 10135 for an explanation of the cause and why this solution works.

  • Thanks to Equal Experts logo for supporting this content.

How I Do Python Data Supply Chain Security

A photo taken whilst SCUBA diving of Thresher shark circling off a seamount in the Phillipines. Credit: me

We data practitioners - data scientists, data engineers, analytics engineers, et al. - have a hard time when it comes to security. We're exposed to tools that demand we write code and deal with the messy world of programming languages and packages. We often have little choice but to drag insights out of real and sensitive data, exposing us to risks other developers can avoid, because insights don't hide in test data. Training, career paths and dev-experience efforts typically overlook data folks, depriving them of knowledge about the risks they're exposed to and how to mitigate them. Read on and I'll share what I do (and why) to protect myself, Equal Experts and my clients from the security risks lurking behind every piece of software.

  • Thanks to Equal Experts logo for supporting this content.

Why Try Codespaces?

A photo of a crab on a night dive in the red sea. Credit: me

Why I've been trialling GitHub Codespaces as a more secure alternative to local development. I never expected to be pushing changes from my phone!

  • Thanks to Equal Experts logo for supporting this content.

Fine-Grained GitHub Access Tokens with mkdocs-material-insiders

Aiming an arrow at a target as a hero image

mkdocs-material-insiders is the version of mkdocs-material with extra sponsor-only features. I wanted to use some of those features, but I didn't like the risk of GitHub classic personal access tokens. I'll describe how fine-grained access tokens, currently in beta, mitigate the risk and how I set up to use them for local development and in CI. The solution works, because that's how I wrote and published this post!

Now on mkdocs-material

A photo from a hotel in Manchester, of a new tower construction nearby in the foreground with skyline in the background

I started with a custom Gatsby site, then switched to Hugo (which I didn't write about). Last weekend, I switched again to mkdocs. Am I addicted to fiddling and changing stuff? Well, maybe... but each of those changes happened because of problems or concerns I had. I hope that mkdocs and mkdocs-material will be my home for a while. Pull up a seat and let's take a look at how and why I ended up here.

Irresponsible Expertise - Python Packages

Are we experts teaching safe computing? Or are we empowering the less-experienced without informing about the risks and responsibilities? I suspected the latter but had no evidence to back it up. I've tried to run a quick experiment as impartially as I can to see what the evidence suggests.

Part of an exploration of supply chain security.