Month: January 2008

Joel is old

I almost feel bad about this, but it seems like this sacred cow is more like Shambo.

sometimes the elders are right, and the youngsters really are too young to know the history of the idea they think that they’ve just invented.

Unfortunately for Joel, QR codes have been around for over a decade and work very, very well (they’re most well-known in Japan where they appear on virtually every item you can buy, but when British tabloid newspapers like The Sun are starting to run them, you know they’re making inroads in the UK too).The QR code for this blog

Given that he’s talking about mobile phones, and that he says typing URLs is not hard, I can only imagine that he’s never actually done it. Typing URLs on a mobile phone keyboard is an awful, awful experience. If it’s anything other than a simple www.something.com you may as well not even bother, because you’ll probably make a typo anyway. Why do you think there are so many “text us this word on this number and we’ll send you the URL” services?

Unluckily for the consumers who are expected to install new software on their phones line, he also doesn’t seem to realise that some phones do now come with QR code readers built in. Oh dear.

From my point of view, where I’ve been watching QR codes for about seven years, they’ve always seemed like a good idea, but the mobile technology in the West has just been too poor to be able to use them. Now that every man and his dog has a phone which incorporates a 2MP camera and a fully-featured web browser (none of this WAP rubbish) it’s easy to see them becoming more and more popular.

This blogger thinks that Joel should stick to commenting on software, and leave the mobile tech world well alone.

You can generate your own QR codes on kaywa.com.

Vista sidebar is annoying

The Windows Vista sidebar has two display methods:

Vista sidebar screenshot

  1. Always there – in the mode it blocks up a couple of inches at the right-hand edge of the screen and all your applications behave as though the sidebar is the edge of the screen.
  2. sometimes there – when you bring it to the foreground it merges seamlessly with the background, with a good default opacity, highlighting gadgets as you roll over them and allowing the data in them to be visible at all times without being instrusive. However, when you click on an application, it will disappear.

Now guess which, with an amendment, I’d prefer.

The fact that there is no option for “always on top in opaque mode” is frustrating as hell.

Not only that but the default, laughable, “sticky notes” application is non-resizable so even if your sidebar is completely empty, it can still only be an inch or so high.

I can see masses of potential in the sidebar, but it’s just like they want me to hate it.

The point of distraction

It turns out that I hate having the mouse cursor visible in my working window. I didn’t really know about this until I used a colleague’s dual-monitor machine. He has set the window focus to follow the pointer and I consistently selected the window I wanted to type in and one whoosh of the mouse later was happily typing code into Firefox.

It turns out that this doesn’t really work 🙂

After I went back to my machine I tried to pay attention to what I was doing with the mouse after I’ve selected a window, and I do indeed almost always give it a quick flick left or right and take the pointer to the edge of the screen where it’s out of my way.

So it means I’m glad to find out about unclutter (via Erik), a small Linux application for hiding the mouse pointer after a customised period of delay. Much nicer!

Struts2 + Hibernate + Spring

At work we’re playing with creating a personal-homepage application in the style of iGoogle and others. We’re a Java shop, using pretty basic JSP+servlets+Hibernate as our standard application development structure. Since when we formed we were quite a varied team in skillset this has meant that everyone is now more or less equally versed in core Java web app development.

We’ve used this opportunity of writing a new application to try out a number of ways of reaching that goal – specifically we broke in to three teams of two, wrote up a very basic requirements spec (“drag and drop panels and remember the positions”, “show an RSS feed”, “use single-sign on”), gave ourselves three days for implementation and chose three methodologies. In fact, we chose three different languages!

One team looked at using Symfony, another team looked at Ruby on Rails and a colleague and I looked at using “a Java framework”. I didn’t want to choose anything too complicated or with too-steep a learning curve (we had to be able to actually achieve our requirements!) and went very quickly through about six or so before settling on Struts2 as looking like a clean, well-separated development framework. This turned out to be the right choice for the job.

The quickstart application we downloaded from the wiki came with everything we needed to get going. It uses Hibernate as an EJB3 persistence layer (using POJO annotations) and uses Spring to inject the session management whenever it’s required. It also came set up as an Eclipse Tomcat project which deployed instantly.

We only really scratched the surface of what’s possible, but overall I was very impressed with this combination of tools and additions like the REST plugin. In particular, using annotations to power the persistence was a revelation, as previously I’ve maintained the hibernate.cfg.xml and mapping files, which are terrible. This does mean that we no longer get support from Hibernate tools like hbm2ddl, but it’s a small price to pay.

Safeguarding our data

Danger! Mental dumping ground ahead!

Like loads of other IT people in the UK, I’ve been pretty worried about the forthcoming compulsory centralised ID database in the UK. I’ve previously written to my MP, joined ORG and tried to spread the word.

In recent months there have been at least five large-scale (10,000 people or more) data security breaches where carelessness has put unencrypted data into what is effectively the public domain.

The press have been really picking up on this and running an awful lot of related stories. The BBC at the moment are running a “Have Your Say” on the subject of “How can we safeguard our data?” (yes, I know about its general quality, thanks), and there are a worrying number of comments like this one:

The nation should have a referendum now on whether this Government is fit to remain in power.

peter gallagher, london

Recommended by 82 people

In every one of the security problems to date, its not been the direct fault of the Government, but the Civil Service. That is to say, it’s not as if Gordon Brown’s been handing out people’s details on memory sticks; regardless of who we vote for, we’ll always get the Government. Even then, you can expect things like this to happen from time to time – they’re just people after all. It’s just that there are so many things that they could have been doing for years to make life easier for themselves such as routine encryption, file transfer by internal network (such as the Government Secure Intranet), strict laptop carry-out procedures and so on (also see the Cabinet Office’s page about risk management in the public sector). I’m sure they must live with a mountain of similar procedures already for their paper assets, the same needs to apply for their electronic ones as well.

Stuart Langridge recently asked a question along the lines of “Is it my fault if I make some piece of information public, and it is used against me?” – my worry with data security isn’t that I make something public, but that someone else, like a governmental body, does it for me. What rights do I have to make sure that my data is always encrypted? What rights do I have to withdraw data from their databases? What rights do I have to be informed if my data is leaked? (OK, this last one is currently up for debate)

If the government is at the stage where it thinks it can successfully roll out large single-centre data centres (which AFAIK it hasn’t managed to previously), all these details have presumably been dealt with already. Documents like the

Data Sharing Review Consultation suggest not.

A rough transcript of Richard Clayton’s BBC interview

Dr. Richard Clayton from the University of Cambridge (who writes for the very good Light Blue Touchpaper site) was interviewed for the Pods and Blogs podcast on the 18th December 2007 in the wake of the massive data loss at the end of last year. He had some harsh words to say (this is the same Dr. Richard Clayton who signed a joint letter to Parliament’s Joint Committee on Human Rights).

This is only a very rough transcript, and is only word-for-word when the text is surrounded by speech marks. I’m afraid I’m not sure which of the hosts was the interviewer. I do have audio file for anyone who wants to listen to the original (the BBC removes the mp3 after seven days for reasons of rights, apparently, despite this sucking horrendously).

Starting at 1 minute 25:

What lessons could be learnt from this latest security breach?

“.. it’s not possible to build computer systems which are accessed by large numbers of people which are secure.”

2:42

“.. what’s the key problem with these big data concentrations?”

“You can’t make systems like that secure – you don’t just lose the information for one GP surgery you lose information for the whole population all at the same time”

What’s the alternative?

“The alternative is small databases and good communication between them – most of the time that doesn’t happen”

Can anyone make these databases work?

“The commercial sector is a little better at building them … the national health database will be accessed by a million people … if you look at the data collected by a supermarket it’s only accessible by a few dozen people in the marketing department, the risks are completely different.”

“The real problem is we do not know how to build very large databases, have them accessed by hundreds of thousands of people and keep them secure. The government believes this is possible, and I’m sorry but it just isn’t.”

Is there any way to build a big secure database? you seem to be saying no.

“I’m saying no. it’s as simple as that. you can’t build these, the government should stop trying.

Ends at 6:53

(Incidentally, when you start dragging the progress indicator in Windows Media Player, it blanks the time panel, so you can’t tell when you’re moving to until you drop it again and the file starts playing. Very frustrating. Media Player Classic doesn’t suffer from this.)