ChordMaster 2000 - the sexy way learn guitar chords

So this weekend I've dressed up jTab as a little web application to help you learn chord fingerings for guitar...

Introducing the ChordMaster 2000 ;-)




OK, so maybe I sexed up the design and UI a little too much for such a simple task, but it was fun to see how far I could go with javascript and SVG (and no flash or silverlight).

It was also a proof point for jTab - the javascript library I released last week that renders arbitrary guitar chord and tab using SVG. Happily, it worked fine without a tweak - just some extension methods that are specific to the ChordMaster application (like getting an array of all chords that are defined as "intermediate" level).

PS: big thanks to @jasonong who's jumped in and already made some great contributions to the jTab project on github -- It's amazing to see github rock as a "social coding" platform - create a public project one day, have changes to merge back the next. Trivial to do with git, and the great visualisation of the project revision/branch history makes merging so easy to understand.

jTab - Guitar Chord and Tab Notation for the Web

Guitar tab (notation) is all over the internet, but it is usually in either a fixed/non-interactive form, or painstaking ASCII format.

I've always wanted a better way, and two things I've looked at recently inspired me to think it might be possible: Dmitry Baranovskiy's fantastic work on the Raphaël SVG library, and Alex Gorbatchev's syntaxhighlighter.

So now I can introduce the result of my latest weekend project:

jTab - newly minted and ready to rock and roll!

See the project home page at http://jtab.tardate.com for more examples and information about how you can use it too. jTab is open source, with the master source code repository on github .

What does it do?

jTab is a javascript-based library that allows you to easily render arbitrary guitar chord and tabulature (tab) notation on the web. It handles implicit and automatic rendering of any page elements given the special class name 'jtab'. It can also be scripted for more sophisticated or interactive effects.

Bottom line: jTab turns this..

<div class="jtab">Bm $3 4 4h5p3h4 5 $2 3 5 7 7h8p7 5/7 | A $4 7 9 $3 7 6 $5 9 $4 7h9 7 $5 9\7 5/7 | </div>

..into this:


Grab it, use it, help me improve it, or just let me what you think...

Using Twitter OAuth with Rails + sample

I've been using rails with the Twitter REST API of late, using the oauth gem as the base. It works well, but keeping up with the API changes can be a challenge!

In the recent update to OAuth 1.0a, there were two critical changes required:

Web-apps should specify the oauth_callback

Through trial-and-error, I found that if you don't explicitly specify the oauth_callback when going through the authorization process, twitter will halt at the PIN page (behaving as if you are using a client application). That's easily fixed..

request_token = consumer.get_request_token( :oauth_callback => TWOAUTH_CALLBACK )
session[:request_token] = request_token.token
session[:request_token_secret] = request_token.secret
# Send to twitter.com to authorize
redirect_to request_token.authorize_url

NB: the root cause is that oauth 0.3.5 sets "oob" as the oauth_callback if you don't explicitly set it. This triggers the twitter desktop PIN flow.

Include the oauth_verifier when exchanging the request token for an access token

Next, the major change in 1.0a was to add an oauth_verifier parameter. Twitter sends this back to you after the user has authorized access, and you need to include this parameter when exchanging the request token for an access token.

request_token = OAuth::RequestToken.new(consumer, session[:request_token], session[:request_token_secret])
access_token = request_token.get_access_token( :oauth_verifier => params[:oauth_verifier] )

An example application

I've created a minimalist application that demonstrates the twitter API with OAuth 1.0a in rails. I've set this up to run at heroku.

The source is at github for all to share: http://github.com/tardate/rails-twitter-oauth-sample/tree/master

And there's a running demo site at http://rails-twitter-oauth-sample.heroku.com.

Running Heroku on Windows

What! Do rails development on Windows?

I've raved about heroku before, and it still roasts my bacon.

In recent months, there's been a bit of a switcheroo - first the migration to herokugarden, which retains all the original online editing and hosting. The perfect solution for hobby projects or prototypes. Now I'm migrating back to heroku itself, which has become their solid production hosting facility for rails applications.

As Sarah Mei reported, the heroku gem (used to create and manage your heroku application instances) had problems running under Windows, due to gem dependencies that do some decidely un-Windows things.

There is now an updated heroku gem (1.0) that I just tested out, and am happy to say it is now working fine under Windows. There are some dependent gems and it can be required to make sure you get the version that specifically supports windows. That used to include json, but at the moment the main version-pegged gem I'm using is sqlite3-ruby (at 1.2.3 instead of the head at 1.2.4)

$ gem install sqlite3-ruby -v 1.2.3
$ gem install heroku
  Successfully installed heroku-1.0
  1 gem installed
  Installing ri documentation for heroku-1.0...
  Installing RDoc documentation for heroku-1.0...

Perfect! Testing it out..

$ rails myapp
$ cd myapp
$ git init
$ git add .
$ git commit -m "init"
$ heroku create myapp
  Created http://myapp.heroku.com/ | git@heroku.com:myapp.git
  Git remote heroku added
$ git push heroku master
  Enter passphrase for key '/d/MyDocs/My Dropbox/Config/Security/ssh/id_rsa':
  Counting objects: 65, done.
  Compressing objects: 100% (58/58), done.
  Writing objects: 100% (65/65), 80.48 KiB, done.
  Total 65 (delta 14), reused 0 (delta 0)

  -----> Heroku receiving push
  -----> Rails app detected
         Compiled slug size is 80K

  -----> Launching...... done
         App deployed to Heroku

  To git@heroku.com:myapp.git
   * [new branch]      master -> master

Sarah gave the hint as to how to fix the older heroku gem (0.9.1), and has a forked version on github. A few people collaborated to fix up the code there so no longer any script editing required (basically to remove any dependency on taps for the gem build). Installing Sarah's version involved cloning the repository, building the gem and performing the local gem installation:

$ git clone git://github.com/sarahmei/heroku.git
$ cd heroku
$ gem build Rakefile
$ gem install heroku

Java Puzzlers. Be Afraid of the Dark.

Apparently, Joshua Block and Neal Gafter started the "Java Puzzlers" idea at Oracle Open World 2001. I wish I was there. Subsequently, they've turned it into a book , and a website. If you program in Java, you must read this book. It covers the kind of traps in your code you wouldn't even imagine could be there. I can guarantee you have written at least one of these issues into your code. And QA never caught it. And it is out in the wild RIGHT NOW. Arrgh!! These days, I think (and hope) that most professional developers are relatively atuned to coding security issues and the rise of opinionated testing methodologies (Unit testing, TDD, BDD etc).

But this book is a real eye-opener to the range of issues that you wouldn't even think worthy of a unit test case.

public static boolean isOdd(int i) {
  return i % 2 == 1;
}

Seems like a reasonable test for odd numbers? Except it is wrong a quarter of the time.

And that is just puzzle #1.

The book takes you through issues with strings, loops, classes, libraries, all the way to puzzle #95, where you learn why you shouldn't program like your brother.

Get a flavour from this presentation on Scribd from JavaOne 2007...

Publish at Scribd or explore others: School Work java puzzlers

Lessons in Re-branding: My Aquarium and SpeedDate's Agressive Acquisition Strategy

The My Aquarium Facebook application will soon become .. a dating app??? WTF!


At first I thought it must be a joke, or someone hacked the developer's facebook account.

But amazingly, it seems for real. SpeedDate have apparently been acquiring quite a number of Facebook applications, and My Aquarium is just one of the latest.

I don't know what on earth they are thinking though. Do they seriously expect to just buy users like this? Isn't there a fundamental demographic and motivational mismatch between users of a cute aquarium app and the dating crowd (except by pure coincidence)?

Rather than endearing people to SpeedDate, I'd expect the reaction is more like this:

Get the hell of my Facebook page. First you buy up and kill off one of my apps, then you expect my to try and like your totally unrelated app? Get real!

Kind of like if Microsoft came along and bought up Adobe then sent an email to all Photoshop users saying they must all upgrade to Excel. Can you imagine the consumer revolt that would cause?

I don't know anything about SpeedDate, but this behaviour just makes me want to see them fail big time. Not a good PR position to be in...

Hyperwords - fact-checking the web at a glance

Two things I find myself doing oh so frequently when on the net:

1. Getting referred to wikipedia after googling


2. Checking word spellings and definitions with one of the online dictionaries

With the Firefox add-on Hyperwords, both these activities just got incredibly easier. Just select text in your browser and you have instant access to the related wikipedia entry, check the dictionary and more (stock quote lookups etc).

Even better, the results pop-up in the browser so you are not left with a cascade of windows or tabs to get lost in.

It joins firebug as one of the top two "must-have" add-ons for my Firefox install!



Hat tip to blankanvas for putting me onto this..

TDD and BDD is old school. Make the jump to HDD (Humour Driven Development)

SlashWeb just posted their list of the 25 Best Programmer Comics. I wonder ... seems like it could have been inspired by the stackoverflow question What’s your favorite "programmer" cartoon?.

xkcd's Proper User Policy apparently means Simon Says (sudo make me a sandwich) comes #1 in the SlashWeb list, versus the stackoverflow community voting xkcd's Little Bobby Tables to #1.

Conclusion? Either way, xkcd rocks.

But how's this for cool: xkcd's "antigravity with python" actually made it in as a patch to the python source code!

The Software Architect's Professsion. Or Delusion?

That was a happy age, before the days of architects, before the days of builders. -- Seneca c.4BC-65AD I hesitated as I reached for The Software Architect's Profession: An Introduction (Software Architecture Series) on the library shelf. Did I really want to read another treatise on the role of the software architect? Hasn't the term architect been so abused as to now be worthless, even downright counter-productive? In this, I think I am one with Jeff Atwood and Joel Spolsky who discussed the questionable value of the title "Software Architect" on StackOverflow podcast #44. Nevertheless, my hand followed through. I think I was persuaded by the unimposing nature of this concise little 100-page book.

I was pleasantly surprised; this is a great little book for stimulating some thinking around the role of an architect for the advanced reader. But I worry that it attempts to position itself as "An Introduction". A novice, unprepared to read the text critically, may easily be mislead by the book's definitive statements about what a software architect is and what they do.

Personally, I believe the book is fundamentally flawed in three important aspects:

1. Are we really in Crisis because we lack a Software Architecture Profession?

Firstly, the premise that today's Crisis in Software -

[the] parade of failures and half-failures that has grown over the years as a result of a world without an established profession of software architecture

- is wholly unsupported by any direct evidence. The authors' central argument is flawed by asserting an apparent causal relationship when in fact only coincidence had been established beyond doubt. A number of well-known software runaways and failures are mentioned, but I don't know of any where the original case studies attributed the failure primarily to the lack of "an established profession of software architecture". The authors get around this problem by redefining the conclusions and suggesting that all faults may eventually be explained by architecture. It seems to me self-serving and circular.

2. A Flawed Analogy with Building Construction

Second, the authors attempt to reinforce their argument with the proposition that the analogy with building architecture is self-evident. Buildings need architects. Software is like building. Therefore software needs architects. Hmmm. I am reminded of Bernard Rudofsky's book "The Prodigious Builders" which celebrates the history of vernacular architecture. That is, architecture without Architects (unfortunately a stunningly boring book for what ought to be a highly inspirational subject).

I particularly disagree with the authors' contention that software is not developed: it is built (with a sense of finality). The Google-inspired trend towards the perpetual beta is the most visible evidence to the contrary. The authors object to the notion that to develop implies to unfold, uncover, and make known. On the contrary, I find this a most apt description of what we do within the software profession: the youth and continuing innovation within the field does mean that software development and the architecture it requires is more akin to exploration, invention and discovery than to a formalised application of the tried and true.

Strike two.

3. Premature Specialisation

I began to renew my hope for the book as it explored the historical foundations of architecture. Michelangelo can truly lay claim to the title of Architect ("master builder"); his work on St Peter's Basilica epitomizes the unltimate balance between function, beauty, and structure,

Vitruvius is famous for asserting in his book De architectura circa 50BC that a structure must exhibit the three qualities of firmitas, utilitas, venustas — that is, it must be strong or durable, useful, and beautiful. A sense of proportion and harmony is represented in Leonardo Da Vinci's famous illustration of Vitruvian Man.

Such ideas begin to shape the conventional definition of an architect. A master who not only understands structure, utility, and beauty in order to successfully render a design into plans, but has the practical experience to supervise their realisation through construction.

At this point, I think the authors are getting onto the right track. However they stumble at the last post by then inexplicably turning this into an argument for a limited and specialised concept of a "Software Architecture Profession", where the architect only retains responsibility for venustas (design/beauty). Utilitas (function/utility) is the client's problem, and firmitas (form, materials, logistics) is the province of the engineers, scientists and code monkeys.

Time for the Renaissance?

The authors' call for the codification and ossification of a software architecture practice is I think at least 50 years premature.

What an "Architect" needs to be concerned with is still going through successive waves of tumultuous change. Up to the green-screen era, computer system architecture necessarily had a strong hardware component. Come the GUIs and increasing processing power in the 90s, it seemed a singular focus on "software architecture" as a technical discipline was a valid vocation. Now the waves of web-driven innovation and the emergence of the "Rich Internet Application" is again challenging our notions of what architecture entails. And again, the "real world" is encroaching the pure software realm with the rise of increasingly powerful and widely available mobile computing platforms (think iPhone, Android), and the revolution in pervasive automation (think Arduino).

I think the Java Posse were spot on when they discussed the growing need for cross-fertilisation and collaboration between designers and developers on podcast #247 - Design and Engineering. This is a time of divergence, not convergence, in the business of producing software & technology-based systems.

In truth, I question how appropriate both words are in the term "Software Architect":

• Software - it is perhaps only in the last 10-20 years that it has been possible to construct computer software at the level of complexity that warrants the existence of an architect in the classical sense. And I suspect that in another 10 years it will seem ludicrous to suggest that you can be an Architect of only software ("just a turn-of-the-century fad"). Software is just one component of a "built environment" that encompasses everything from the information infrastructure and systems technology to the psychology, art and design of human interaction; ultimately leading to a desired collaboration between people and machines in the context of real-world objectives.
  
• Architect - the common use of the term in the computing field has stripped this word of it's more noble dimensions. No longer is the architect "the person with the vision and skill to make dreams a reality". They are more likely to be the person in the corner who produces nothing but paper, leaves no fingerprints on the pages of history, and is generally ignored by those who are really making things happen.

I don't know what you should call the people who have the experience and ability to lead others to do amazing things with the information technology we have at our disposal.

I'm just pretty sure that "Software Architect" doesn't even come close to being adequate. And building a "profession" around a woefully inadequate definition is a one-way ticket to irrelevance and obscurity.

Why would you open source a framework?

Interesting to listen to Scott Hanselman and Richard Campbell talking over the rationale for open sourcing Microsoft's ASP.net MVC framework on Hanselminutes show #175.

Part of the answer was a general desire to nudge Microsoft further towards embracing open source: "Why wouldn't you?". Which is admirable.

Partly it is a desire to open up the innovation envelope: Scott talked about his experience releasing TweetSandwich, and then seeing the unexpected derivative applications developed using the source as the base. Designing a framework is a daunting task. By definition, most of the framework's possible uses are not known ahead of time.

Take a listen to The Java Posse #241 which also came out this week, where they discuss the challenges of design as it applies to frameworks. One of the great concepts they talk about is how the best frameworks invariably have well designed escape hatches, to make sure you can overcome that typical problem of '..but the demo worked so well!'

Personally, I think having access to the source code of the framework is one of the most effective 'escape hatches' you can have.

Even if you never plan to fork or modify the framework, the ability to dive in and examine the source when things are not quite working as expected is really the difference between a framework you can work with, and a framework that will be discarded after a couple of projects. It is one of the great things about rails: often the documentation comes up short, but when you look at the api, the source code is but a click away!

Tweeting from your database with short urls

There's something cheekily enjoyable about getting all manner of 'non-human' things to tweet. I've heard of plants tweeting, but until I saw Lewis Cunningham's post announcing ORA_Tweet, I hadn't even thought of getting Oracle Database onto twitter.

Saturdays are good for little projects, so I thought I would add URL shortening service today;-)

Since twitter famously limits you to 140 characters, it is conventional to use a url-shortening service to include hyperlinks in your tweet. So my little play for today was to pair that idea up with ORA_Tweet.

There are a range of URL shortening services available including snipurl and tinyurl (here's a survey of services). I've been using is.gd for a while though, since it sports the simplest GET request 'api' you could imagine, making it great for ad-hoc programmatic use.

So I add an extra package called SHORT_URL which has just two functions:

  FUNCTION encode_url(
    p_url IN VARCHAR2 )
  RETURN VARCHAR2;

  FUNCTION encode_text(
    p_text IN VARCHAR2 )
  RETURN VARCHAR2;

encode_url the main wrapper around the http://is.gd call to get a short url for the one you provide.

encode_text is a more convenient function that takes a block of text, and will replace all the urls it contains with the appropriate shortened versions.

Then there's just one change to the ORA_TWEET package body:

45c45
<       url => 'status=' || SUBSTR( short_url.encode_text(p_string) ,1,140));
---
>       url => 'status=' || SUBSTR(p_string,1,140));

Now you can go wild with URLs in your database tweets:

BEGIN
  DBMS_OUTPUT.ENABLE;
  IF ora_tweet.tweet
    (
      p_user => 'twitter_username',
      p_pwd => 'twitter_password',
      p_string => 'ora_tweet v1.1 is complete! Now with url shortening ... see http://database-geek.com/2009/03/15/ora_tweet-tweet-from-oracle-a-plsql-twitter-api/' )
  THEN
    dbms_output.put_line('Success!');
  ELSE
    dbms_output.put_line('Failure!');
  END IF;
END;

Building on Lewis' original justification for building ORA_Tweet, you could for example include links to a report page or admin screen when your long-running process sends you its "I'm done" tweet.

That's if you need justification;-)

If you are interested, the source is up on my github account now: ORA_Tweet_With_Shorturls.zip

Idea #105: what name babby? (Dugg already pwned)

I just saw namemasher.com mentioned on programmable web.

It's a first step towards addressing one of humankind's biggest challenges: forget about running out of IP addresses, we're going to run out of usernames first!

What kind of handle do you think your children be able to get on Friendfeed? Under what name will your grandchildren be able to tweet? And do you think they stand a chance of getting the same nick across all their services?

There's a mad stampede for names going on, and any self-respecting parent (or prospective parent) who wants to bring up their children right ought to be out there buying up their progeny's place in cyberspace. Along with the tuition fund you need: website domain name, email account, twitter handle, skype, tumblr ... who knows which will survive, so get them all.

You never know: what if you kid gets famous, or even goes into politics? It wouldn't be very presidential if they tweeted as @spaceycasey123456.

Parents need something more than namemasher. In addition to the parents' names, it needs to munge in family and cultural background, existing baby name references like babynames.com (that's the one with the helpful definition of Espn), cross-check against existing accounts with something like namechk.com, and then go out and pre-register all the services for your unborn child. What an 18th birthday present that would make!

In short, the world needs wotnamebabby.com:

Learning not to love Java

Back in 99, I spent about six months procrastinating over a MAJOR decision (or so it seemed at the time).

To stick with the Microsoft camp - where I'd built up substantial experience through ActiveX to DCOM to COM, IIS and Commerce Server 3.0 - or jump onto the Java bandwagon?

Ultimately, Java won out, and along with millions of others, we've made Java the enterprise platform of choice (arguably).

The interesting point upon reflection, is that there was never any doubt in my mind that Java was somehow 'better' and more 'pure', in an academic sense.

Almost ten years later, I shocked myself recently when returning to Java after spending a good part of the past two years infatuated with ruby and rails and other scripting languages.

Where before I saw classical elegance, now my first thoughts were this sux and the language is just getting in my way.

First the verbosity kills me:

   WeLikeLongDescriptiveClassNames myReallyDescriptivelyNamedObject = WeLikeLongDescriptiveClassNamesFactory.getInstance(duh);

How many times do I have to tell the compiler what kind of object I am dealing with? Sure, I understand the benefits of the Factory pattern and the subtleties you can construct by virtue of the inheritance hierarchy. But most of the time, I just want the compiler to do what is most obvious, and don't make me write a novel for the most straight-forward tasks!

Then there's the language-promoted cultural phenomenon of class explosion. Need half a dozen value objects to represent the various information to be passed around in your domain? Sure! With unit tests all, I am sure. Most of the time, I'd now prefer to scream YAGNI!

But the true ephiphany was my run-in with primitives (again ... every year or so). Using JSP sessions as a perfect place to test this out. Take an int and stick it in the session:

int startingInt = 3;
session.setAttribute( "startingInt" , startingInt);

What type is in the session? An Integer object of course. Java has cleverly done a type conversion for you, from a primitive to an object. But woe betide the simple developer who assumes this must be a commutative operation:

int newInt = session.getAttribute( "startingInt" );
// Error!! 

That's what I call a language actively getting in your way. Kind of like if you deposited $10 cash in your bank, but when you went to withdraw the money, the teller threw the shutters down and said you could only get your money back in government bonds.

So do I have a point or is this just a rant (and certainly one that is not as erudite as many have written)?

I guess I must be pretty slow to catch on to what others knew long ago. The true test comes down to being able to realise one's goals. For personal projects, I find I'm able to knock out complete (and impressive) applications in Rails, while I still have ten java-based ideas on the drawing board.

It comes down to whatever works. And it should.

Does that mean I hate Java? Not at all. I still get a bit of a thrill out of its clean lines and voluminous open source library support. Much like seeing an aging and long-since outclassed 512BB. 'Classic' is timeless.

No. I don't hate Java, but neither do I love it the way it used to demand. I look back on my naïve 1999-self in wonder. Building experience is key, but it is a mistake to tie this to a language. Computer languages are the tools of our trade, and the more you know, the better you will be. When people mention Haskell, Scala, Eiffel ... do you know what they are on about, or do you just nod intelligently and pray not to get caught out?

With more tools at our disposal, we are better able to tackle new challenges in the most appropriate way.

To get the job done (which is generally the point, right?).

Crazy Stupid Security Policies #1

So we've all been there .. a super-secure data centre where they ban wireless access while in the server room.


I recently had an acquaintance pulled up for using wireless while in one such place. Twice. I won't name where, because this issue knows no bounds.

It is a nice and reasonable rule from the security policy astronauts' perspective, because usually those responsible for the policy are not also accountable for operations. I presume the main concern is bridging networks and (intentionally or not) providing backdoor access.

They conduct audits and spot-checks, and on the surface everything looks great. If all you are concerned about is the paperwork, your job is done.

But in practice, and from what I have observed over the years, reality is a very different thing.

Unless all you are doing is bolting a server into a rack or plugging the fibre cables in, it is hard to get the job done these days without external network access.

• Maybe that is for research: consulting vendor guides or searching the knowledge bases (because no-one provides all the doc on disk anymore - it's on the web!)


• Or often you need to test the system you are configuring or diagnosing, and that can only be done from "outside" (SSL termination at an external-facing load-balancer for instance).


• Or, in this Web 2.0 world, you need to collaborate with colleagues to get the job done. Skype or IM to get hold of the expertise needed for the task at hand.


• Worse still, you have an "escort" policy, but a simple request to get in or out of the data centre is meet with abuse, recalcitrance or outright hostility from the people who are meant to escort you (like it's not their job!)

All these factors increase the frustration of SEs the world over, in the face of data centre policies that treat IT as if it were like installing an air-conditioner.

Now what happens when the threshold of pain is pushed up and up like this? At some point, the immediate pain (can't get to metalink) exceeds the potential future pain (maybe I'll get caught using wifi).

And, dear data center security experts, happens next?

Human nature takes over. Before you know it, you have a feral group of wifi/bluetooth/3G connected people running around your DC.

The worst part is that you have pushed the behaviour underground, where it is truly uncontrolled. In being secretive, people are breaking the most significant security prohibitions of all: bridging networks. Sorry, you don't know how much it goes on. (personal aside: yes, I admit I have, in the past, used wifi in a non-wifi DC. But being the conscientious and security aware guy that I am, I was always quite anal about disconnecting from the DC network before getting on wifi. Not that anyone knew. And if they did, my reward would have been ... a punishment!!)

So what approach would an enlightened, modern data center manage take? I would sleep much better at night if I:

• Had an open wifi usage policy to bring the practive into the light of day. Maybe tables running between your racks for wifi-connected laptops (bolt them to the desk if you like, with a CCTV overhead), while direct network/server access had to be done rack-side.


• Educate on responsible wifi use. Make sure people understand the risks of bridging nets and make it clear its OK to be on wifi, but not ok to bridge.


• And have a clear understanding with my internal staff that "escorting" is not an interruption to the work they are doing, it is a vital task that will be rewarded.

Fundamentally, this means I would need to reconsider how I defined my job as a data centre manager: I'm not a slave to a policy handed down from upon high, my job is to implement and enforce the best procedures possible that both enforce the policy goals, while providing excellent customer service. Achieving this may mean I need to think a little out of the box, even be a little creative and pragmatic.

Now I should be clear that in writing this I am not condoning anyone who breaks a clearly published policy not to use wifi in a data center. On the contrary, if you have to work in such a place, I'd say stick to the policy, and drive the escorts nuts as you go in, out, in, out and in again to get the job done. Demand a full time escort if you need it.

My real message is to anyone with authority over security policies and their application: recognise that a policy on paper is worth exactly the cost of the paper unless you have taken into consideration the human factors involved and done your best to ensure that your procedures and environment are optimally designed to encourage the very best behaviours, and not the ones you most want to avoid.

Anyone have data centre security horror stories to share? I would love to hear about them! Better yet, how you manage to get around the stupidity, yet stay "legal".

Like you scroll wheel? You want KatMouse!

I just heard about KatMouse on Security Now! #182.

I type fast, but love my mouse ( ... and there has been lot's of controversy about the numeric keyboard getting in the way too).

That means I'm a scroll-wheel addict. Till now, I just accepted the fact that it doesn't kick in all the times I would naturally expect it to work, like old applications, or in controls or windows that don;t have focus.

As soon as I heard Steve talk about KatMouse I knew I just had to get it. Two minutes later, it is installed and I'm loving it!

Best feature: when I have overlapping windows, I can scroll whichever window the mouse is over. Doesn't have to be in focus. Beautiful! This is how the scroll wheel should have worked all along;-)