Last updated: June 26, 2017 06:22 AM (All times are UTC.)

June 23, 2017

The National Cyber Security Centre recommend organisations use backups as a way to help mitigate against a wide range of potentially catastrophic problems, such as fire, theft, flooding, and - naturally - ransomware.

Reading List by Bruce Lawson (@brucel)

This reading list is sponsored by Wix Engineering, who give me money to research stuff, and when I find interesting things, I put them here.

June 22, 2017

The operation behind the UK government's Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today.

Websites aren’t evergreen. While your company’s site might have looked and performed perfectly back when it was first built, there’s a chance it’s not up to today’s standards. A website redesign could be the solution – from simple functional modifications to a complete overhaul of branding and design elements, there’s a solution for you. Not […]

The post 5 signs you need to redesign your website appeared first on stickee - technology that sticks.

June 21, 2017

The CSS animation-delay property is obviously used to delay the commencement of a CSS animation for a specified amount of time. But, like many CSS properties, there’s more than meets the eye… Using animation-delay you can create a variety of complex and beautiful pure CSS animations with ease, by applying it to a set of otherwise identical elements at varying time values.

All of the following examples follow the same basic setup: a number of looping animated elements are created, all of which are identical save for a unique numeric class which allows each element to be selected individually via CSS. Using this, a different animation-delay time can applied to each element, causing each animation to run asynchronously with the others to create various effects. I’ll go into more detail in the examples, below.

Basic Example: Loading Dots

See the Pen CSS animation-delay Basic Example: Loading Dots by Sebastian Lenton (@sebastianlenton) on CodePen.

This example demonstrates how to use this technique to make a simple CSS loading animation. The steps to create this are as follows:

  • Create a number of  elements all of the same class, in this case “loadingDot”. Position them however you like.
  • Create a CSS keyframe animation, and assign it to the .loadingDot class. Animate this however you like- in this instance I’m animating transform: scale.
  • Add a unique class to each element: in this case, I’ve assigned .loadingDot‑‑1, .loadingDot‑‑2 etc. (Remember that a class name cannot start with a number).
  • Finally, add the animation-delay property to each unique class, with a different delay time for each one. Ensure that the delay times are incrementing with a set interval for a cleaner looking animation (eg .10s, .20s, .30s etc), although you can choose whichever interval you like.

We can use the same technique to make more complex animations- find more examples below. Note, going forwards I will be using Sass and Haml to automate creating some of the HTML & CSS. Don’t worry if you’re unfamiliar with either of these- you can view the compiled HTML & CSS in all the following examples, which shows how it would look had it been written by hand.

Negative animation-delays: Falling Rain

See the Pen Negative animation-delay Example: Falling Rain by Sebastian Lenton (@sebastianlenton) on CodePen.

This next example uses negative animation-delay values, which has a subtly different effect to using a positive value. Using a negative animation-delay value makes an animation commence at that point during its keyframe sequence. This is essential for something like the falling rain effect above, which wouldn’t work if we had to wait for some of the elements to start animating.

The steps to create this are as follows:

  • Set html and body to 100% height.
  • Create a number of  elements all of the same class, in this case “raindrop”. The .raindrop class should use position: absolute, with top and left set to 0. Aside from that they can be styled however you like, although don’t make them too big.
  • Add a unique class to each element: in this case, .raindrop‑‑1, .raindrop‑‑2, etc). In this example I’ve used HAML to automate the above two steps, to avoid writing out large amounts of HTML manually.
  • Create a CSS keyframe animation, animating transform: translate to make an element fall from the top of the screen to the bottom.
  • Assign the keyframe animation to the .raindrop class. Ensure that a linear timing function is being used, and that the animation is set to loop infinitely.
  • Create the unique CSS class selectors (.raindrop‑‑1, etc) and add a random negative animation-delay to each one. The value doesn’t matter so much, so long as the random values are evenly spread and are lower than or equal to the animation’s duration.
  • Add a random position: left value to each unique raindrop class, in order to space the raindrops along the X-axis. Each value should be between 0% and 100%. Note, I’ve used Sass to automate the above two steps, to avoid writing out large amounts of CSS manually.

You should now be seeing a shower of raindrops falling down on your screen. This effect perhaps looks a little boring in its raw state, but with a few changes you can make more interesting effects such as a starfield or falling snow.

If you’re still confused about how negative animation-delay affects things, try flipping the animation-delay values from negative to positive and notice how the animation changes.

Fixed animation-delay Intervals: 8Bit 3D Road

See the Pen Fixed animation-delay Intervals: 8Bit 3D Road by Sebastian Lenton (@sebastianlenton) on CodePen.

This final example increments animation-delay values on a fixed interval in order to create a perfectly looping animation. The interval is calculated via (number of elements / animation duration), then each animation-delay value is set to ( interval * element number ).

Don’t worry if this sounds confusing. The following steps outline the process of constructing this animation, although we’ll be moving more quickly than before:

  • Set the body to be a 3D projection, so we can transform child elements on the Z-axis (to simulate 3D movement into the screen).
  • As previously, create a number of elements of the same class, each with an additional unique class (in this case, “roadStrip” and “roadStrip‑‑1”, etc). The roadStrip class should be positioned at the bottom of the viewport, but otherwise style it however you like.
  • Create a keyframe animation which animates a transform along the Z-axis. In this example I’m also animating opacity, to fade the roadStrips in and out at the beginning and end of the animation, although this isn’t essential. Assign this to the roadStrip class.
  • Work out your interval value by calculating animation duration / total quantity of roadStrips.
  • Apply animation-delay to each unique roadStrip class. Each animation-delay value should be calculated as interval * roadStrip ID number.

By now you should have a 3D road, moving into or out of the screen. Again, if you think the effect’s a little plain then it can be made much more exciting with just a few tweaks.

In Conclusion…

I hope you’ve enjoyed this tutorial, and learned that it’s pretty easy to create a huge amount of different animations using this technique. Drop me a line if you have any questions, and have a look through my Codepen for some more examples.

See the Pen Time Tunnel by Sebastian Lenton (@sebastianlenton) on CodePen.

The post Creating CSS Animations With animation-delay appeared first on Sebastian Lenton.

June 20, 2017

June 19, 2017

Low conversion rates and under performing pages should reveal more than just technical glitches on your website. Analysis of the customer journey and user behaviour should tell you what your online users like and dislike about their online experience. Though there is no one size fits all, trends in online behaviour reveal certain web practices […]

The post 5 things customers hate about your website appeared first on stickee - technology that sticks.

June 17, 2017

June 16, 2017

June 15, 2017

Reading List by Bruce Lawson (@brucel)

June 14, 2017

June 13, 2017

June 11, 2017

The Fleb 100K Special by Stuart Langridge (@sil)

Fleb reviews mechanical puzzles on YouTube. I subscribe to his puzzle review channel and it’s jolly interesting. Today, in celebration of his hitting 100,000 subscribers1, he published a video reviewing the Mini Puzzle Box (sold out, as I write this) and, more intriguingly, a link to a “100k special”, a puzzle produced by Fleb for viewers to look at. It’s at www.flebpuzzles.com/100kspecial2 and it presents the first in a series of four puzzles, for channel viewers.

These are “Puzzle Hunt”-style puzzles; that is, the answer to the puzzle is a word or phrase. Here, I’ll show you how I solved each. Be warned: if you’re looking to solve these yourself, stop reading now. Really.

The Opening

Puzzle 1, at www.flebpuzzles.com/100kspecial, is entitled “The Opening” and consists of a number of clues about puzzles. Each of these clues indicates a puzzle which has been reviewed on Fleb’s channel, but with a single letter alteration. The bracketed letters indicate the length of the puzzle name. So, to make a start on solving this, list all the puzzles reviewed on the channel with the length of the puzzle names, and that’ll help. For example, “This puzzle was about the pigs owned by one of the United States’ greatest presidents. I think it was called the (7 4) puzzle!” suggests The Lincoln Logs Puzzle because its name is of length 7 and 4 (“Lincoln Logs”).

But the clue mentions pigs, and there are no pigs involved? What gives? Well, this is the next step; each puzzle name has a letter changed in it to better match the clue. So LINCOLN LOGS becomes LINCOLN HOGS, and now it’s about the pigs owned by an American President… and the changed letter is “H”. That’s important. The clues in order have these answers:

…the last moment of a punch (4 3)CAST BOX WIT’S ENDCASH BOX3 HIT’S END4
…a small chirping insect which is located directly to the right of the solver (4 7)CAST CRICKETEAST CRICKET
…the strange hybrid of a young man and a buzzing insect (3 3)BEE BOXBEE BOY
…a four sided geometric shape embedded in something found on a piece of clothing or a mattress (6 2 3 3)SQUARE IN THE BAGSQUARE IN THE TAG
…the pigs owned by one of the United States’ greatest presidents (7 4)LINCOLN LOGSLINCOLN HOGS
…a rectangular tile and something that connects two points (5 & 4)PANEL & LINGPANEL & LINE
…a score of payments for monthly living accommodations (2 4 9)20 CENT PUZZLEBOX20 RENT PUZZLEBOX
…a spiral (4)GYROGYRE
…a brave machine that tells you how long you have until you have to move your car. It was near the sea (4 5 7 5)GOLD COAST PARKING METERBOLD COAST PARKING METER
…the final, cute, regular three dimensional figure with all edges the same side (4 4)CAST CUBYLAST CUBY
…a light source that was run on a black rock (4 2 4)LUMP OF COALLAMP OF COAL
…a man who checks gas gauges (9) METERMASS??5 (N)
…small breads designed for small cats (6 8)BITTEN BISCUITSKITTEN BISCUITS

Take all the changed letters in order and you get HEY THERE BLANK6. And the puzzle’s named “The Opening”, and how does Fleb open every video? With “Hey there, puzzlers!”. So BLANK is PUZZLERS, and our link to the second puzzle of the 100K special must therefore be www.flebpuzzles.com/PUZZLERS.

The Spoiler Break

This second puzzle has a bunch of pictures where each picture has an associated phrase, and then separately a list of clues for “spoilers” from film and TV history. Our job is to match up the phrases with the spoilers, and that will give us the pictures in order.

Each picture is a 7×2 grid in which one or more coloured squares is placed: one example (the first example) looks roughly like this:

So first, the list of spoiler clues and their answers7:

  • He killed Dumbledore: SNAPE (from the Harry Potter series)
  • He was dead the whole time: BRUCE (Willis from The Sixth Sense)
  • He never existed and was a figment of the imagination: TYLER (Durden from Fight Club)
  • It was his sled’s name: ROSEBUD (from Citizen Kane)
  • It was this planet the whole time: EARTH (from Planet of the Apes)
  • He was Keyser Soze: VERBAL8 (from the Usual Suspects)
  • She shot JR: KRISTEN9 (from Dallas)
  • He is the one: NEO (from The Matrix)

Now we pair those answers with the picture clues:

  • BGREED BAUSE BN BIGHTING: BRUCE (the phrase “Agreed pause in fighting → Truce” with initial letters all replaced by B)
  • FLOWERBUD WITBID THORNBUD: ROSEBUD (the phrase “Flowers with thorns → Roses” with final S replaced by BUD in each word)
  • DOUGHNTIN SHTIN ______ KRETIN: KRISTIN (the phrase “Doughnut shop Krispy Kreme” with the final two letters of each word replaced by TIN)
  • LETTEREO AFTEREO MEO: NEO (letter+eo after+eo m+eo → letter after m + eo → n+eo → neo)
  • NOMPKOP REBPUN YTNPWT EERPT: (don’t know)reverse to give POKEMON NUMBER TWENTY THREE with letters replaced by P; Pokemon 23 is EKANS, so reverse and replace one letter by P to give SNAPE
  • LOOR ROUND IREPLACE: EARTH (the phrase “floor around fireplace: hearth” with initial letters all removed)
  • LYLGE SYLIPED CYL: (don’t know)LARGE STRIPED CAT with pairs replaced by YL; replace “ig” with “yl” in TIGER to give TYLER
  • VYPE VF VEA: VERBAL (the phrase “type of tea: herbal” with initial letters all replaced by V)

This gives us an ordering of (SNAPE/TYLER) BRUCE (SNAPE/TYLER) ROSEBUD EARTH VERBAL KRISTIN NEO. It’s not clear to me which clues the SNAPE and TYLER answers match with and why.10 We’ll go with SNAPE first and TYLER third, because that makes the below answer work.11 So we can take the pictures in that order:

and if we plot the lines drawn by the different colours then we get the following four coloured tracks:

or, slightly fancifully:

the word LOOT, leading us to puzzle 3 at flebpuzzles.com/LOOT.

The Solution

OK, it’s becoming apparent that these puzzles are named after the stages of a Fleb puzzle review: the first puzzle was named the opening, the second the spoiler break, and now the solution. This third puzzle has a series of letter grids, each of which apparently matches with a clue. The letter grids are:

GNMEATY
PLATGRO
SAEBOION
GEAYUSIN
NEOSTES
GOLHNTELT
ROSENR
COORDT
CORIVEN
JAASOGE
LAARITIY
DRIGNDD
MVEION
ORNASLD
CAACHOER
SCINILL
BAEKNER
TSCEG
HOXECS
BOONBAY

and the clues (of which more later) make it fairly obvious that we’re supposed to extract multiple words from each grid and then use that to work out which clue applies to each grid. Well, I stared at this for a long, long time, trying to find words in the grids, see what the deal was, and so on. The implication from the clues is that we should be extracting at least five words from each grid (one clue refers to “the fourth word”, and then “the final word”, so “final” is more than four) and it’s hard to see how one could consistently remove six or more words from a 5×5 grid, so I figured I was looking for five words. I got nowhere with this for quite some time until it occurred to me that I could brute-force it and see if that gave me an answer. Slightly off the pure puzzler mindset, but, hey, computers are handy. So I wrote a little program that tried every combination of letters from the grids, in this way: we assume that each word takes its first letter(s) from column 1, its second letter(s) from column 2, and so on. So in the fourth grid, above, a word might be S-C-I-NI-LL or S-E-K-N-ER or S-X-N-N-Y or something else… and was it possible to decompose a grid this way into five separate words which used up all the letters?

Well, yes it is. My little script printed out this:

  • For grid 2: CARTER, COOLIDGE, GRANT, JOHNSON, ROOSEVELT
  • For grid 3: CARNATION, DAISY, LAVENDER, MARIGOLD, ORCHID
  • For grid 4: BASEBALL, BOXING, HOCKEY, SOCCER, TENNIS

Nothing for grid 1, but that’s probably down to its dictionary. So this helps a lot! I was honestly surprised at how successful that was. The clues look like this:

  • LOTUS: Take the 1st letter of the 4th answer and the second to last letter of the final answer.
  • CAST CRICKET: Take the 3rd letter of the 2nd answer and the 1st letter of the final answer.
  • XBOX: Take the 4th and 5th letters of the last answer.
  • LINCOLN LOGS: Take the 5th letter of the 1st answer and the 4th letter of the last answer.

and they pretty clearly match up:

  • LOTUS matches grid 3 (flowers, like a lotus), so Marigold + orchId
  • CAST CRICKET matches grid 4 (sports), so boXing + Tennis
  • XBOX… we’ll come back to
  • and LINCOLN LOGS matches grid 2 (US president names), so cartEr + rooSevelt

But what of grid 1, matching XBOX? Well, knowing now that it’s about the XBox it’s pretty quick to decompose the square by hand into GAMEBOY, GENESIS12, NEOGEO, PLAYSTATION, SATURN13 and so its letters are satURn. And so our whole word for this puzzle is MI+XT+UR+ES, leading us to puzzle 4 at flebpuzzles.com/MIXTURES.

The Comment Section

So, for this fourth puzzle, we’re confronted with a set of eight images. Since I’m now pretty familiar with Fleb’s selection of puzzle reviews, these images look like they’re each portraying a word I recognise; they are DEVIL, some knots which I think clues FIGURE EIGHT, COAL, LOTUS, HORSESHOE, GYRO, SQUARE, and BEE, each of which is relevant to a reviewed puzzle. Fleb also says at the top of this puzzle: “Don’t forget to respond to comments on old videos! It’ll help to pin the best ones!”, hinting that the comments section for these puzzles may have some extra hints. And indeed it does; Fleb has pinned a comment on each of these videos, reading as follows:

  • DEVIL: “-[opposite of good]”
  • FIGURE EIGHT: “-[black ball number] -[small carpet] -[chemical symbol for iron]”
  • COAL: “-[centilitre, for short] -[universal donor blood type]”
  • LOTUS: “-[remove from power]”
  • HORSESHOE: “-[Kentucky Derby racer] -[female pronoun]”
  • GYRO: “-[cowboy Rogers]”
  • SQUARE: “-[they might be burning] -[17th letter]”
  • BEE: “-[exist]”

And, obviously, each comment is a clue to remove some letters from each of the puzzle clues. So DEVIL - EVIL (the opposite of good) gives D. The others:

  • FIGURE EIGHT - EIGHT - RUG - FEI
  • COAL - CL - O → A
  • LOTUS - OUSTL
  • HORSESHOE - HORSE - SHEO
  • GYRO - ROYG
  • SQUARE - EARS - Q → U
  • BEE - BEE

and so our final puzzle word and the link to the solution is DIALOGUE.

If you’ve got thoughts or responses to all this, or answers to the couple of clues I didn’t understand, or want to chat more, best to reply to my YouTube comment linking to these solutions on Fleb’s announcement video, here!

Thank you to Fleb for this fun set of puzzles, and congrats on the milestone. What’s next?

  1. nice one Fleb; a hundred thousand! sweet!
  2. since the website was down when I started writing this, I pinged Fleb and said: install WP Super Cache and talk to your hosting provider, and I added a mirror of puzzle 1’s text in a youtube comment
  3. the letter is definitely H, but I’m pretty dubious about my solution; “a punch” is obviously BOX, but is “the last moment” CASH? Should it be HAST? CHST? CASH is the best I can come up with, but I’m not really sure why it’s the answer
  4. Thank you to JDiMase8 for the correction!
  5. from context, this is obviously an N, but how does it match the clue? METERMANS? But that’d be more than one man. A “gas gauge” is presumably a METER, so is a man who checks them a METERNASS? Maybe a METERMASN? Another one I don’t fully understand.
  6. well, you get _EY THERE BLA_K, and then you ping Fleb for help because you don’t get it
  7. warning! spoilers
  8. Láttam a Keyser Söze-t! Te nem értesz?! Keyser Söze!!
  9. not Sue Ellen, which is who I thought it was until I looked it up
  10. One of the nice things about Puzzle-Hunt-style puzzles is that you don’t necessarily have to have worked out every step in order to get the answer; you’ll see that in both this puzzle and the first one I deduced some parts of the answer from context without actually having a proper solution for the clue which gives that part of the answer
  11. Suggestions as to why LYLGE SYLIPED CYL clues TYLER (lots of Ys in there), or NOMPKOP REBPUN YTNPWT EERPT clues SNAPE, are invitedSuggestions and hints were received from Angus Mills, Robertlavigne1, and PANICFAN1227, for which many thanks!
  12. Americans, eh? Tch. It’s called a Sega Megadrive, yes it is
  13. and now you see why my script didn’t get it; not many dictionaries have “neogeo” as a word

June 09, 2017

Culture Smell by Graham Lee

A phrase I used in a discussion today. Developers are familiar with “code smells”, aspects of a codebase that aren’t necessarily wrong but do make you take a deeper look. By analogy, a culture smell surprising, but not necessarily wrong, behaviour on a team that should make you wonder what motivations lead to that behaviour, and what to change to remove or redirect those motivations.

It’s easy to get the wrong idea about culture though. Familiar with the developer concept of pure functions, some organisations seem to operate on the belief that by defining some principles and printing motivational posters, they can ensure conformant behaviour. Or that “the culture” is a concrete device that employees buy into.

Culture is the more slowly-varying norms established by the interactions between group members. You can guide, and lead, and of course admonish or eject, but you can’t control. As a result, more culture signals are “smells” than problems: what you see may not look right, but you have to explore more.

Reading List by Bruce Lawson (@brucel)

How good is your memory? If I asked you to think back 20 years to 1997, what comes to mind? Perhaps you remember Tiger Woods becoming the youngest winner of the Masters? How about Harry Potter first being published or watching Titanic at the movies? Or maybe you recall me starting University as a fresh-faced […]

The post Changing search behaviour is shrinking the internet appeared first on stickee - technology that sticks.

June 07, 2017

Odds are if you are serious about the cloud, you're already using at least one of Microsoft Azure, AWS, HPE Helion, Google Cloud, Oracle Cloud or somebodies cloud. There are benefits to each of the many cloud providers, however, it's not only just good practice to have more than one, it's also probably a necessity as each has its own unique features. Quite simply, not one vendor has the perfect answer to absolutely everything. If that were the case, there would be no competition!

June 05, 2017

We can’t emphasise enough how important it is to have a company website that loads and serves up its pages quickly. From poor conversion rates to lower Google rankings, slow loading speeds will hold your website back, regardless of the time and money you’ve invested in design, SEO and content. With the likes of Amazon […]

The post Slow and steady doesn’t win online customers appeared first on stickee - technology that sticks.

June 02, 2017

They were so other by Stuart Langridge (@sil)

Post content here

June 01, 2017

Generally, Google and other search engines find new pages to add to their indices by following links from one web page to another. Some search engines, including Bing and Google, also allow webmasters to submit URLs directly, meaning that your site may get indexed even if there are no links pointing to it from the […]

The post Can Google find pages with no inbound links? appeared first on stickee - technology that sticks.

Businesses operating online today know how important it is to rank well in search engines results. Having a great URL structure is a vital part of SEO that ought not to be overlooked: carefully crafted URLs allow search engines to find you more easily and understand what’s on your page. Here are my top tips for URL […]

The post 7 expert tips for great URL structure appeared first on stickee - technology that sticks.

May 31, 2017

When I was front-end lead bootstrapping the new Solicitors Regulation Authority website, the world of Web Development was a different place. Although most of our visitors were using IE6, we only had IE5 on the internal systems, so I had to work from home if I needed to do debugging with Firebug (thank you, thank you, Joe Hewitt). We were given a domain name and an open-source Java-based MVC templating language called Freemarker to generate dynamic pages (I had to print the manual because our censorware wouldn’t allow me to read it online). Non-dynamic pages were coded by hand, using semantic XHTML that degraded gracefully (I’m still proud of the accessibility policy we wrote, and our Constitution document that established our priority of constituencies to competing internal stakeholders).

But the thing that scared me the most was making changes to the CSS. I used to minify the stylesheet, not so much for performance reasons but to strip out all the comments like “Don’t delete this. I don’t know what it does”. I remember developing some elaborate system of classes etc so that I could “namespace” rules to try to stop them clashing and (if I recall correctly) making Freemarker hash a page’s URL into an id on the <body> element so I could have page-specific rules. Basically, I was trying to override the Cascade.

I’d minify the CSS using a webpage into which I’d paste the raw stylesheet (styles.full) into a textarea and press a button to receive the output, which I’d paste into styles.css. Unfortunately it barfed on universal selectors (or was it that it couldn’t distinguish between .class1 .class2 {color:red} and .class1, .class2 {color:red}? PTSD has blanked my memory) which made for some panicky reversions.

So I have a lot of sympathy with the developer love for CSS-in-JS, allowing you to scope styles to individual components. If you haven’t done so already, read and re-read the excellent blogpost A Unified Styling Language that calls for more understanding between the React and the CSS communities; like the post’s author, I find myself in a foot in both camps.

I’m currently consulting with Wix Engineering, the people who make the website-building tech that enables 100 million users to create sites with drag-and-drop editors. As you’d expect, the tech stack is pretty damn complex, and a lot is based on React.

When I first encountered React, I was sceptical; it didn’t smell like the web development I knew. But it did feel like the systems programming and architecture I’d done in the early 90s: making reusable components, maintaining state and passing props around, with a compilation stage and a subsequent linking stage to hook the compiled modules together and to the underlying Operating System (in my case, VAX/VMS).

There are performance penalties for sending down loads of JavaScript across the network and asking potentially low-specced devices to parse and execute it in order to build a DOM, although React’s ability to render as HTML on a server can certainly help with (perceived) performance. Whether an app can work in a not-much JavaScript environment like Opera Mini is unclear to me at present; I suspect that if the developer chooses to make it all work with Progressive Enhancement, it’s possible (but I’m just getting started learning the nuts and bolts).

I note, too, that Opera Mini finally got an ‘automatic’ data savings mode that will use heuristics to decide whether to use the Presto-based server-side ‘extreme mode’ rendering, or to use the webview-powered ‘high’ mode that compresses all assets but is fully JavaScript-enabled. I know from my time at Opera that fewer and fewer sites work without JavaScript, and I think that (for better or for worse) the line between native and web is blurring (users expect ‘apps’), and that JavaScript will be the way forward. (Chris Coyier has an excellent article called What is the Future of Front End Web Development?, which I heartily agree with.)

Whether or not this is the “right” way for the web to be heading, I don’t know. But that doesn’t matter; it seems clear that it’s the direction the web is heading. (I’m a pragmatist; I disliked developers only using -webkit- vendor prefixes, and then we at Opera supported them — as does everyone else now. Opera lost so much time competing against WebKit/ Blink that we had no time for cool UI stuff and features, so we dropped Presto and used WebKit/ Blink, which gave us time to implement Progressive Web Apps, AdBlocker, Power Saving Mode, in-browser VPN, Video pop-out etc.)

Therefore, I want to learn the tools (React, Typescript etc etc) so I can help this incarnation of the web be better. Wix have asked me to help them make their products better, more performant, easier to use, and be more inclusive. How can we help non-programmers build Apps that are accessible? (And, to be clear, JavaScript isn’t a barrier to accessibility; it can often be beneficial).

On my return from WebConf Asia next week, I’ll be immersing myself in frameworks,Typescript, Webpack, node, even the horrible Git. There’s a lot for me to learn.

May 30, 2017

Reading List by Bruce Lawson (@brucel)

May 29, 2017

Cloud Connect uses the latest in fibre hardware technology to create a physical link between your network, and the cloud. While most data will travel across the public Internet, Cloud Connect is a dedicated connection between your network and your cloud services. Learn what it is, how it works, why you need it.

May 28, 2017

or, 24 hours with Alexa.

So I got myself an Amazon Echo Dot. Because I got an Amazon voucher1 and then asked The High Council On Interesting Electronic Stuff what I should get with it and they said: get an Echo Dot, come on in, the water’s lovely.

I have had reservations about this sort of thing in the past, I must admit.2 But I’m semi-convinced by the idea that nothing gets sent out without the wake word being heard. I’m interested in chat interfaces; that’s why I wrote No UI is Some UI, and why I’ve delivered The UX of Text talk at a couple of conferences.3 And I’m sick of waiting for my Mycroft and also not very convinced that it’ll actually be good; maybe it will, fingers crossed, &c.

So, the little box that could arrived. Went through setup, which was terribly confusing. It shouldn’t have been: you plug in the Dot and it glows for a bit and then says, in a calm and unhurried voice, “now use the Amazon Alexa app to set up your Dot”. And you open the Alexa app and… the Dot is already in there. I think this is Amazon trying to be terribly clever and inserting the Dot I bought into my account before it actually arrives in the post. Sadly for them this turns out to be a spectacularly confusing idea, because… what do I do now? Do I say “set up a new device”? Or do I go into the existing device that’s listed in the app and then… what? There’s no obvious setup button in the app for this Dot that I already own. (There is “set up wifi”… is that what I’m meant to do?) I think the Alexa app was originally written so you’d use it to “set up a new device”, and then some Amazon bright spark said “haha with our ultimate control over shipping and stuff we can record which Echo a punter has bought and put it in the app!” without stopping to consider that this completely breaks the first user experience. Well done, Amazon bright spark (golf clap).

Anyway, once I’d worked that out, I couldn’t get it to set up. Tch, eh? The way setup seems to happen is, the Dot broadcasts its own wifi access point named Amazon-1AB or something; the app disconnects you from your normal wifi and then connects you to that network, and does whatever handoff is required to teach the Dot about your house wifi. Except that this wasn’t working; my phone would connect to the Amazon-9YZ network and then… spinner, forever. After a good twenty minutes of faffing around with this, I installed the Alexa app on my iPhone instead and used that and it worked first time. No love, Amazon. Especially since most people don’t have two phones.4

OK. Now it’s set up. Alexa, what's the weather correctly says “Currently in Birmingham it’s 24 degrees and sunny”5, so things work. So I try the next thing: Alexa, play the latest Madness album6, and Alexa, in her calm, unhurried voice, offers to play me samples of the songs and then shills “Amazon Music Unlimited” at me. Haven’t I already got Prime? Oh, I have, but Prime Music it turns out doesn’t actually have much music in it. You gotta pay extra for that. Bah humbug, etc. Fine, let’s do something generic. Alexa, play some jazz. Nope: “I can’t find any tracks matching ‘jazz’”, she says, calmly and unhurriedly. What? None? The little pamphlet even suggests that I say this! Grrrr!

Off to music.amazon.co.uk, which redirects me to music.amazon.com and then pops up a big whiny banner saying “your music account thinks you’re in the US! But your Amazon account thinks you’re in the UK! That can’t be right! Click on this big button to fix it!” and then clicking on the button prints an error. So, y’know, cheers for that. I suspect that maybe this cross-cultural confusion — perhaps I’m somewhere midway between the two? In the Azores maybe? — is why I can’t search for music (there is not much jazz in the Azores) and is also why the Alexa app just throws up its hands in a sort of fit when I look at the music menu. God, do I have to ring them up? Like mediaeval times?

Amazon helpline. (By the way, the way you get help from Amazon (and thank you to popey for this) is that you go to the Amazon contact-us page and then choose the thing you want help with, and then scroll down and choose “Chat” if it’s there or “Phone” if it isn’t, and then you get to talk to an actual person, and the actual people are pretty much always helpful.) I explain the problem and the bloke says, yeah, that’s because your Amazon Music account thinks you’re in the US. I (calmly and unhurriedly) say: I know this, that’s why I’m on the phone, I want you to fix it. He talks me through navigating to a completely different screen7 where I get asked the same question again but this time, remarkably, clicking the button works. Now Amazon Music works. The Alexa app works. Alexa works. Nice one, Amazon bloke.

Still gotta pay for Unlimited, though, which I’m not doing. New wheeze: rack my brains for bands I like who aren’t all that new (so their music isn’t under terrible money embargo) but only had one album (so if I say Alexa, play Band X it’s only got that one album to shuffle, hahaha). This works excellently, and now I’ve also refreshed my memory on Maxinquaye by Tricky, so that’s OK.

A bit of diving around in the settings leads me to turning on 8 Request Sounds > Start of Request, which means that now I can say Alexa and I get a little bleep meaning “I am listening”, just like Picard saying “Computer” and getting the little sound squiggle meaning the same thing.9 This is as it should be.

Cor, there are games on this thing? The Wayne Investigation is a voice-driven game by DC where you gotta find who killed Bruce Wayne’s parents. Well, I think it is. I can’t tell. Because it’s not available in the UK. Alexa seems to have this rather quixotic relationship with territories: a whole bunch of stuff is only in the US and then travels out across the Atlantic (and apparently even further out to Germany) in dribs and drabs over time. This isn’t just the stuff you’d expect, such as services (there’s no Pandora integration in the UK, but there’s no Pandora in the UK to integrate with unless you buy a lot of charm bracelets, so I’m not worried about that) but also some fairly core infrastructure bits. If you write “skills”, Amazon’s name for third-party plugins/apps on Alexa, then how they work is different in subtle ways between UK and US. This is weird and surprising and I can’t see how it will do anything other than trip people up and they should jolly well stop it.

More hilarious adventures with Wunderlist, which is where Niamh and I keep our shared grocery shopping.10 Wunderlist haven’t done Alexa integration11, but IFTTT have support for both Alexa and Wunderlist, and there’s even an IFTTT “applet”12 named Add Amazon Echo shopping list items to Wunderlist, so that’s good. Of course, my IFTTT gmail setup was broken so I had to delete it and recreate it, and Wunderlist wasn’t set up to receive emails from me and add them to my list, and then you have to set it up to receive emails from you@gmail.com, not whatever actual real email address you have mapped to gmail from your real domain, and then Wunderlist’s “send emails to this particular list” screen is broken and has been since last year13, but after all that nightmare of fiddling around and divining of underlying technology which would have defeated almost everyone, I can now say Alexa, add squash to my shopping list and it shows up in my actual shopping list that I care about. And it only took an hour of faffing around and it wouldn’t at all have been quicker to just walk to the damn shop, shut up, I don’t know what you’re talking about and your face is stupid.

So. Personal home assistants, eh? Are they the future?

Yeah. They are. Music was playing and I needed to concentrate, so I just snapped Alexa, shut up without thinking and it worked. This is how to make your electronic devices come alive, folks. Assimilated into my life in the space of a few hours without thinking about it; I just reacted to it like I would to a real person. This extends to the point where I felt a tiny bit guilty about saying that; the mark of a gentleman is how he behaves to his valet, after all. I shall try to be less peremptory.

Fine, the current process is rocky. Some of that is that it’s not matured yet (Alexa, when did Vincent Price die? No, not “play vincent price die”, not “christ die”, not “do you speak some price dead”, you stupid pile of undocumented microchips!) Some of it is that basically every large company underestimates how much people’s accounts are set up incorrectly or incompletely; after all, employees have everything set up right, because they know what they’re doing, and so this never comes up in testing. Some of it is because I’m joining dots on three or four very different puzzles: I’m sure if I were to get a Google Home and use Google Mail to send my shopping list to Google Keep and then buy things from Google Shopping, or if I were to get some theoretical Home Siri device and play music from my Apple account and put things in my Apple iCloud account… then all this would be a lot more seamless. But you should beware people who proclaim that technology would be easy if all us heathens were just to renounce our diverse needs and join their true faith. Mastery goes to the designer who can cope with us real people, in all our glittering and varied patterns and colours and desires. Not just the ones who take the easy way out and block you if you haven’t already bought all the rest of your stuff from them too.

Alexa, welcome to Castle Langridge.

  1. from Crunch, my accountants, after I referred someone who signed up; that someone got an Amazon voucher too! So if you are looking for an accountant, do so by following this shameless referral link and I can buy more stuff!)
  2. People who listen to Bad Voltage will know what I’m talking about here.
  3. if you’d like me to deliver this talk at your conference, let me know
  4. technically I haven’t got two phones either, I’ve got ten phones, but that’s not the point.
  5. yes! really! nobody is as surprised as I am
  6. which is great. I particularly like Mr Apples and Blackbird, and it’s on YouTube
  7. Amazon > Your Account > Digital content and devices > Music settings > Your country settings > View music library country settings
  8. Settings > “your device name” > sounds
  9. I can even make the wake word be “Computer”, but that’s a crap idea
  10. because it has background sync, an Android client, an iOS client, a web client, and allows multiple people to share a list. Yes, we’ve tried others as well. This is harder to find than you’d think, especially since I need to copy and paste the content of the list to actually buy it from Tesco, and Google Keep inexplicably doesn’t allow copy and paste
  11. although they’ve been begged to do so by loads of their users it seems)
  12. applet? what are they, java? what was wrong with “recipe” exactly? grr
  13. which I got around by manually editing the HTML in the devtools and writing custom <option value="mylistid">mylist1</option><option value="mylistid">mylist2</option> entries into the empty <select>; I freely admit that this is not an option (ha!) that is open to most people

May 25, 2017

If you're using Multi-Factor Authentication for your organisation, and want to use Apps that connect to your Office 365 account, you will need to create an Office 365 App Password. Thankfully, it's really easy to do, if a little hard to find.

May 24, 2017

Slight change in direction by Daniel Hollands (Maker) (@limeblast)

Slight change in direction

When I first started this blog it was designed as a repository of thoughts as I read though, and complete the projects within, The Maker's Guide to the Zombie Apocalypse.

I purchased the book because I was excited to use it as my route into the maker scene, something which I was totally unaware of just before this time, and have been excited to learn more and more about ever since.

As it stands right now I've completed four (and a half) the twenty projects contained within the book, but have ground to a bit of a halt.

It's not that I'm not enjoying the book, or the projects within it, it's just that as I follow them, I find they're working towards a slightly different destination to the one I want to reach.

I'm also finding that a lot of the projects require resources that I simply don't have access to - at least for now.

Additionally, since starting this whole adventure, I've found a lot of other really cool resources for learning maker skills, and I've found myself drawn to them more than the book.

The ones which have excited me the most are the classes over at Instructables. More than just teaching dry concepts and theory, these use practical projects as a method of learning, and at the end of it get to walk away with something cool to show your friends.

There are classes for topics as diverse as electronics, robotics, 3D printing, cooking, sewing, superhero costumes, et al, and I've joined far more of them than I have anywhere near enough time to complete, but I'm going to do my best.

With this in mind, and remembering the original goal of the blog, I've decided that I'm going to deemphasise the focus on the zombie book, and start making more posts about the other projects I'm working on as part of the Instructables classes - and anything else vaguely related to the maker scene.

My particular focus right now is their Electronics Class, for which I've been tasked to create a mad scientists light. It's taken me a while to acquire all the parts for this, but I have them now.

Watch this space.

May 23, 2017

May 21, 2017

This post comes in the form of an OpenDocumentFormat document containing a program that can extract programs from ODF documents, including the program contained in this document.

May 19, 2017

Remove specific prevalent malware with Windows Malicious Software Removal Tool.
Azure Multi-Factor Authentication HowTo: In Part One and Part Two we covered step-by-step of how to enable Multi-Factor Authentication in the Admin Panel and enrol users. In Part Three I will cover the additional steps the user is required to take in order to install and verify Multi-Factor Authentication with the Azure Multi-Factor Authenticator App.

The team at stickee are thrilled to announce that our talented Development Director, James Nestoruk, was awarded with the title of ‘Birmingham’s Young Professional of The Year Technology Award’ last night. Held at the ICC, the event gathered talented individuals from across Birmingham to recognise their hard work and achievements. After applying and completing the […]

The post James Nestoruk Wins 2017 BYPY Technology Award appeared first on stickee - technology that sticks.

May 17, 2017

Ever wondered how long on average a viewer will spend on a webpage? According to research, it is less than a minute – 59 seconds to be exact. This may sound like an alarmingly short amount of time, but it could explain high bounce rates and low conversion for your website. Though the internet is […]

The post You have under 60 seconds to impress potential customers online appeared first on stickee - technology that sticks.

May 16, 2017

stickee’s web design team often gives this one piece of advice to clients: a website should always be functional, first and foremost, but while also having an appealing and well thought-out design. No matter how beautiful and artistic you want your website to look like, you should never sacrifice functionality to design. Users visit a […]

The post Beautiful, functional, or both? appeared first on stickee - technology that sticks.

May 15, 2017

Organisations are not limited to only a single cloud network providers solution option. Furthermore, they're not merely able to access valuable cloud resources via the Internet. We advocate a combination of solutions to form a resilient, high-speed, high-availability, hybrid cloud network.

May 12, 2017

Some people think that the notion of classes is intrinsic to object-oriented programming. Bertrand Meyer even wrote a textbook about OOP called A Touch of Class. But back in the 1980s, Alan Borning and others were trying to teach object-oriented programming using the Smalltalk system, ostensibly designed to make simulation in computer programmers accessible to children. What they found was that classes are hard.

You’re not allowed to think about how your thing works before you’ve gone a level of abstraction up and told the computer all about the essence of thing-ness, what it is that’s common to all things and sets them apart from other ideas. And while you’re at it, you could well need to think about the metaclass, the essence of essence-of-thing-ness.

So Borning asked the reasonable question: why not just get rid of classes?. Rather than say what all things are like, let me describe the thing I want to think about.

But what happens when I need a different thing? Two options present themselves: both represent the idea that this thing is like that thing, except for some specific properties. One option is that I just create a clone of the first object. I now have two identical things, I make the changes that distinguish the second from the first, and now I can use my two, distinct things.

The disadvantage of that is that there’s no link between those two objects, so I have nowhere to put any shared behaviour. Imagine that I’m writing the HR software for a Silicon Valley startup. Initially there’s just one employee, the founder, and rather than think about the concept of Employee-ness and create the class of all employees, I just represent the founder as an object and get on with writing the application. Now the company hires a second employee, and being a Silicon Valley startup they hire someone who’s almost identical to the founder with just a couple of differences. Rather than duplicating the founder and changing the relevant properties, I create a new object that just contains the specific attributes that make this employee different, and link it to the founder object by saying that the founder is the prototype of the other employee.

Any message received by employee #2, if not understood, is delegated to the original employee, the founder. Later, I add a new feature to the Silicon Valley HR application: an employee can issue a statement apologising if anybody got offended. By putting this feature on the first employee, the other employee(s) also get that behaviour.

This simplified approach to beahvioural inheritance in object-oriented programming has been implemented a few times. It’s worth exploring, if you haven’t already.

A number of hospitals have been hit by a large scale cyber attack, NHS England has confirmed. We're aware of at least eleven Trusts that have been affected.

May 10, 2017

The year is 2017 and people are still recommending processing out assertions from release builds.

  1. many assertions are short tests (whether or not that’s a good thing): this variable now has a value, this number is now greater than zero), which won’t cost a lot in production. Or at least, let me phrase this another way: many assertions are too cheap to affect performance metrics in many apps. Or, let me phrase that another way: most production software probably doesn’t have good enough performance monitoring to see a result, or constrained enough performance goals to care about the result.

  2. The program counter has absolutely no business executing the instruction that follows a failed assertion, because the programmer wrote the subsequent instructions with the assumption that this would never happen. Yes, your program will terminate, leading to a 500 error/unfortunate stop dialog/guru meditation screen/other thing, but the alternative is to run…something that apparently shouldn’t ever occur. Far better to stop at the point of problem detection, than to try to re-detect it based on a surprising and unsupportive problem report later.

  3. assertions are things that programmers believe to always hold, and it’s sensible to take issue with the words always and believe. There’s an argument that goes:

    1. I have never seen this situation happen in development or staging.
    2. I got this job by reversing a linked list on a whiteboard.
    3. Therefore, this situation cannot happen in production.

    but unfortunately, there’s a flaw between the axioms and the conclusion. For example, I have seen the argument “items are added to this list as they are received, therefore these items are in chronological order” multiple times, and have seen items in another order just as often. Assertions that never fire on programmer input give false assurance.

Public wall murals by Stuart Langridge (@sil)

Across from the window of my flat there is this big wall.

It is not very pretty. It would be nice if it were pretty. Say, by having some kind of excellent massive mural painted on it. I haven’t looked into this whatsoever, and presumably the people who own the building that this wall is part of are entitled to some sort of opinion on this, but… what’s involved in getting a big mural there? Are there, like, rules about this sort of thing? Or can you just paint what you like on outside walls? Also, who out there can pay for this? I’d like it to be me, but unless my six lottery numbers come up that isn’t happening, so… are there grants or something? I feel like there ought to be grants for public art and that sort of thing. And how much money would be needed? I have no idea what sort of community arts projects there are around or how they get paid or whether this sort of thing costs ten quid or ten thousand. Your thoughts invited.

May 08, 2017

Office 365 Multi-Factor Authentication HowTo: In Part One we covered step-by-step of how to enable Multi-Factor Authentication in the Admin Panel. In Part Two I will cover the additional steps the user is required to take in order to enrol in Multi-Factor Authentication. The user will create two forms of verification and update their account recovery details.

Working for Wix by Bruce Lawson (@brucel)

Shalom from Tel Aviv, where I’m working for three weeks meeting billions of new people at Wix. As a few people have asked me what I’m doing after leaving Opera, I thought I’d write a little blog post.

Firstly I should point out (because it’s a contractual requirement) that I’m not a Wix employee; I’m an independent contractor, providing six months of consultancy. I’m helping them develop a product, market it as well as advise on open-sourcing some of their tech stack and advise them on relevant web standards (and, if necessary, liaise with standards editors). Of course, as a noted fashion guru, I’ll be offering sartorial assistance to the team so they too can look fabulous too. (In fact, part of their tech stack is named ‘Stylorama’ in my honour.)

More in the coming weeks and months! In the meantime, I have no connection or influence over their YouTube pre-roll ads, which I know you all love.

May 07, 2017

Seen on the twitters:

1) Bad reasons why tech startups have incredibly large mobile teams even though from an engineering perspective they don’t need it.
This is the No True Scotsman fallacy, as no true software department needs more than, say, 20 people.

I’m not going to get into the details of what you do with hundreds of mobile engineers. Suffice it to say that the larger-team apps I’ve worked on have been very feature rich, for better or worse. And that’s not just in terms of things you can do, but in terms of how well you can do them. When you in-source the small details that are important to your experience, they become as much work to solve as the overall picture.

Make a list of the companies that you think have “too big” a mobile software development team. Now review that list: all of those companies are pretty big and successful, aren’t they? Maybe big enough to hire a few hundred developers to work on how their customers access their products or services? No true software department needs to be that successful.

And that’s what I think of as the underlying problem with the “your team’s too big, you’re doing it wrong” fallacy: it’s part of the ongoing narrative to devalue all software. It says that your application can’t possibly be worth enough to spend all that developer time on. After all, mine isn’t, and I’m a true software developer.

May 05, 2017

I’ve said it before, build systems are a huge annoyance. If your build is anything other than seemingly instantaneous, it’s costing you severe money.

Your developers are probably off reading HN, or writing blog posts about how slow builds cost them, while the build is going. When they finish doing that, which may be some time after the build completes, they’ll have forgotten some of what they were doing and need to spend some time getting back up to speed.

Your developers are probably suspicious of any build failure, thinking that “the build is flaky” rather than “I made a mistake”. They’ll press the button again and go back to HN. When the same error occurs twice, they might look into it.

Your developers probably know that the build is slow, but not which bit of the build is slow. And they don’t have time to investigate that, where it takes so long to get any work done anyway. So everyone will agree that “there is a problem”, but nothing will get done. Or maybe cargo-cult things will get done, things that speed up “builds” but are not the problem with your build.

The Joel test asks whether you can make a build in one test. Insufficient. If you notice when you’re making a build, you’re slowing your developers down.

…which is not always the worst thing, of course. Sometimes a lengthy translation step from some source language to some optimised form of a machine language program yields better results for your customers, because they get to use a faster program and don’t need to care about the time taken to prepare that program. But let’s be clear: that’s part of the release, and your developers don’t always need to be working from the released product (in fact, they’re usually not). Releases should be asynchronous, and the latency between having something ready to be released and having released it can be fairly high, compared with the latency between having created some source and being able to investigate its utility.

Nonetheless, that should all go off in the background. So really, builds and releases should both be non-events to the developers.

May 04, 2017

I have an Eee PC 1000 ‘netbook’ that has been with me for a while. It’s not very fast but then I type quite slowly. It’s become a personal challenge to see how long I can keep using it. It’s always run Linux but the latest version of Ubuntu won’t fit into its (ample, in my opinion) 1GB of memory. I can’t upgrade it in place either because it has 2 SSDs, currently configured as / on the 8GB and /user on the 32GB. A couple of days ago my desktop environment went AWOL.

Trying to deal with the space imitations, I’d tried booting it from a Lubuntu Live memory stick. It seemed quicker with LXDE but Lubuntu also has leaner apps than the ones I’m used to, so I decided not to install it permanently. I may find another way to keep my current apps but replace Unity by LXDE. Afterwards, I think I rebooted it to check it was OK but I may have shut down from the login screen. The following morning I logged in and got an empty, frozen desktop display. I couldn’t even open a terminal window but I found I could log in to the Guest account. Odd. I opened a console window from my normal account and rolled up my sleeves. I had a /user (a different one, I later discovered.)

To cut a long story short, the answer was:

$ sudo mount -a /dev/sdb1 /home

My home directory wasn’t there but because it wasn’t it had fallen back to the original /user folder on the system disk. The Guest account logs in on /tmp on the system disk, so didn’t have a problem. Now, I just need to work out why whatever was auto-magically mounting it for me and why it decided to stop.

[ Update: The permanent fix was to find out the ID of my device with
$ sudo blkid

then add the following line to /etc/fstab

UUID=4b18fe5c-2d2a-4d12-938b-a38046a3cf84 /home ext4  errors=remount-ro 0  0

I still haven’t found the hole in the sky where the hook came detached. ]


May 03, 2017

It's not at all a surprise that Google Mail users have today been hit by a massive Phishing attack. Given the rise of exploits being sourced using Google platform services, such as the GOOGLE RECAPTCHA BYPASS and the malware CARBANAK USING GOOGLE SERVICES it was inevitable.

May 02, 2017

Cloud providers understand that you’ve made significant investment in your on-premise and data centre operations. They know that you’re probably not all that ready to rip everything out and move everything to the cloud. This is why there have been some major initiatives regarding optimising the way businesses connect privately into the public cloud.

Living a Virtual Life by Andy Wootton (@WooTube)

There is a Taoists story about it being impossible to know at the time whether an event is lucky or unlucky. At my age, you start to reflect how things have gone, from a safe distance.

I planned to go to Birmingham University to study mathematics with a side-order of computer science. My ‘A’ Level results were, to put it mildly, ‘below expectation’ so I scraped into Aston through the Clearing process, to study mathematics, computer science and physics. The teaching language was Algol 68 and the visionary assumption throughout the course was that within a few years all computers would be virtual memory systems. We would never have to worry about physical restrictions on memory allocation. We had a linear address space to play with, that could be as big as the available disk space and there would be a garbage collector to tidy up after me. A few years later, PCs were to make those assumptions invalid.

I actually graduating into a recession caused by a war to the death between Margaret Thatcher and the unions. Many large companies cancelled their graduate recruitment programmes. I was unemployed until just before Christmas, when I took the first job I was offered, as a programmer in a College of Higher Education in Cambridge. I’d never heard of the computer they used. It was one of the first batch of half a dozen DEC VAXes delivered to the UK: a 32-bit super-mini running the new Virtual Memory System OS, VAX/VMS. I specialised in VMS/OpenVMS for the next 25 years, gradually becoming a system manager and specialist in high-availability clusters and development environments. I had side-stepped Bill Gates’ “No-one needs more than 640K” pronouncement and all the mess that went with it.

I lost direct touch with software development until a few years ago when I joined an agile team as analyst and decided I wanted to get back into writing code. Initially I picked Python, until I saw a demonstration of Clojure. I knew I had to have it. Clojure designer Rich Hickey says that we can treat disk space as effectively infinite. That has a huge impact on our ability to design software as temporal flow rather than last known state. Servers have become virtual too. Software is doing everything it can to escape the physical realm entirely. I’m holding on for a free ride, hoping to stay lucky, a link to a virtual copy of ‘The Wizard Book’ on my Cloud-drive. Nothing is Real. I’m not even sure about Time.


The difference between logging and auditing is a subtle yet important distinction.

Logging

  • Technical in nature. Deals with technical concerns, stacktraces or errors.
  • Additional levels such as DEBUG, INFO, WARN, ERROR, FATAL for classification.
  • Logging can be simple such as traditional stdout statements, or more complex with semantic/structured logging.
  • Should not cause a runtime failure if logging is defective, fail silently.
  • System should work with or without logging enabled from both a technical and system view.
  • No need for automated testing, simply ensure this works afterwards. No need for interfaces or abstractions, use the logging library directly.

The primary users of logging should be the development team when developing and testing. Additional the team should use logging for daily monitoring and support. Effective log monitoring can produce trends or highlight problem areas well before users report them as issues. The use of a good monitoring system can also remove and reduce the need for complex and unstable system tests, this will be the subject of a future post.

Auditing

  • Domain specific. Deals with domain concerns for audit trails.
  • Always one level, though context is important. Different audit roles for different actions, for example, user makes a payment. User logs in. User performs action. All three of these examples are unique and should be treated as such.
  • Auditing is important, it must occur. Should cause a runtime failure if auditing is defective. Never fail silently.
  • System cannot operate at 100% if auditing is not operating.
  • Testable and should be considered a first class feature. Abstractions useful to provide different implementations and to aid testing.

Auditing is a feature in itself. There is no point introducing this additional complexity unless the system requires this. Other concerns auditing introduces include where to store the data? For how long? And what potentially sensitive data can be stored?

The key lesson here is that logging and auditing are two very distinct concepts and should be treated as such.

May 01, 2017

Exchange Online Multi-Factor Authentication HowTo: We’ve covered the notion of two-factor authentication (2FA) and multi-factor authentication (MFA), especially how you MUST enable it for sensitive accounts. I include all IT users, plus any senior management user within the organisation, such as the MD/CEO as their email is sensitive enough to justify Exchange Online Multi-Factor Authentication.
Back to Top