Could Open Government initiatives help drive innovation in Singapore?

A few recent stories got me thinking about the status of open data in government, how that translates in Singapore, and in particular the importance of:

• open web publishing standards


• giving priority to open when developing web/data services

First, there was an interesting discussion on open government with Silona Bonewald, founder of the US League of Technical Voters, on the IT Conversations Network. Then the storm-in-a-teacup over a prematurely leaked LTA OPC announcement.

Tim O'Reilly made a convincing summary of the state of play and call for action in his recent O'Reilly Radar presentation at OSCON (and blog post Gov 2.0: It’s All About The Platform). Don't just use our voices to "shake the vending machine"; as technologists we should lend our hands to help prove that open is indeed a better strategy for Government.

And last but not least, Anil Dash posted a great review of the recent initiatives launched by the executive branch of the federal government of the United States in response to President Obama's Open Government Directive. Two notable achievements:

• Whitehouse.gov now publishes exclusively under a Creative Commons Attribution 3.0 License


• data.gov is providing public access to high value, machine readable datasets generated by the Executive Branch of the Federal Government, and I believe is the driver behind some incredibly useful services such as usaspending.gov

The President's CIO Vivek Kundra has since even outlined a vision where the default setting for information created by the government should be public, not secret.

President Obama is racking up some serious credibility for being able to push innovation and adoption in government, and raising the stakes for Governments the world over.

Getting traction in Singapore

As someone who has adopted Singapore as their home, my first reaction was: "it could have been us". It chaffs to see Singapore's world-leading ICT adoption not always translating into world-leading technology innovation and service enhancement.

To be fair, Singapore's iDA Infocomm Adoption Programme and the iGov2010 Strategic Plan encapsulate many of the right sentiments. The issue is timing and rate of change. But for that, Prime Minister Lee Hsien Long could easily have stolen President Obama's thunder.

But I guess the glory of being first isn't the point. Each government must run it's own race, with the focus being on sensible, timely initiatives to improve citizen engagement and stimulate innovation, the economy, and civil society in general.

There are two areas I personally believe deserve priority in Singapore, and are well within reach under the auspices of established strategies:

• Promote citizen engagement by adopting an open publishing standard for Government web sites


• Promote local innovation and technology development by giving priority to "Open" in all Government data initiatives.

Promote citizen engagement by adopting an open publishing standard for Government web sites

Case in point: Did you know that you cannot hyperlink to most government sites without first obtaining explicit permission?

I didn't believe it either until I started checking all the "Terms of Use" statements. This means, for example, that you can't post a link to the MOM list of Public Holidays on your corporate intranet without approval. To say that this flies in the face of how the web is intended to work is putting it mildly (remember what the H in HTML stands for).

mrbrown says it best in relation to the LTA brouhaha:

OPC scheme leaks online before Minister announces it. The internet is here, embargoes don't work. Tough.

Embergoes don't work, neither do attempts to prevent people from linking to a published, public internet website.

While trawling the various government Terms of Use statements, I was also struck by how widely they differ across all the government web properties.

Together, these failures to bring published government websites under some semblance of rational information rights cannot fail to hinder a real engagement of the intended consumers of the information.

Fortunately, the way forwarded has been mapped out clearly: with the example set by Whitehouse.gov, and the brave souls who have laboured over the production of the Singapore adaptation of Creative Commons.

I would dearly love to see the Government adopt a Creative Commons License (perhaps: attribution, no derivative works) as the standard for web site publishing and doing away with all the divergent and restrictive legalese in existing Terms of Use statements.

Why is this important? True citizen engagement and transparency (of the kind attempted by www.reach.gov.sg) will not succeed while Government terms of use still attempt to restrict access and use of information openly published on the web.

The results of my Terms of Use survey? 12 ministries prohibit unauthorised hyperlinking, 4 accept linking (at your own risk). I didn't count stat boards, but they typically have the more restrictive terms.

12 Ministries that prohibit Hyperlinking without Permission - 75% FAIL!

Wording varies, but generally you may only hyperlink to the homepage upon notifying in writing, and for other pages you must make a specific request and secure permission before making a hyperlink. Note that many statutory boards use similar terms. In case you think this may just be a holdover from the internet dark ages, note that all claim to have been "last updated" in the past 3 years, many in 2009.

www.gov.sg
www.mcys.gov.sg
www.mewr.gov.sg
www.mfa.gov.sg
www.mha.gov.sg
www.mica.gov.sg
www.mlaw.gov.sg
www.mof.gov.sg
www.moh.gov.sg
www.mom.gov.sg
www.mot.gov.sg
www.pmo.gov.sg

4 Ministries that are Hyperlink-friendly - 25% win

The heroes;-)

www.mindef.gov.sg
www.mnd.gov.sg
www.moe.gov.sgw
www.mti.gov.sg

Promote local innovation and technology development by giving priority to "Open" in all Government data initiatives

Earlier in August, I saw the latest press release from the Singapore Land Authority and Infocomm Development Authority concerning SG-Space (I would link to SLA's own press release from earlier in the year, but - you guessed it - according to their terms of use, I cannot without prior written permission. Here instead is the non-hyperlinked URL: http://www.sla.gov.sg/htm/new/new2009/new1002.htm)

The goals of SG-Space are laudible - "..to provide an infrastructure, mechanism and policies to allow convenient access to quality geospatial information.." and "..creating a transparent and collaborative environment.." - however it seems to be a good example of how closed, proprietary approaches to innovation still dominate:

• initial rollout will be limited to government agencies, this may mean for years given that this is now a $27m project over 5 years


• the scope seems not only limited to provision of data services, but also includes the provision of applications


• the intent is to extend to the private sector, and to the individual, but the timeframe and commercial basis for this are not clear

The approach has all the hallmarks of the traditional attempt to control and manage innovation through a series of government pilots, before gradually opening up a "fully baked" infrastructure for wider use. Valid, maybe, but one that ignores the lessons from successful API/service innovations such as flickr, google maps and amazon and so on. The open innovation route promises better results, faster:

• going open early drammatically accelerates innovation due to the network effect (a key theme of Patricia Seybold's Outside Innovation


• going open creates the opportunity for unexpected, unplanned innovation (who could have imagined a site like gothere.sg even 5 years ago?).


• by engaging a broader community in the open, much more can be achieved for less (an good example being how gothere.sg allow everyone to contribute missing or new location details)

As Tim O'Reilly put it: DIY on a civic scale (he since adopted a more civic-minded "Do It Ourselves" as suggested by Scott Heiferman)

Although SLA talk about wanting to "Start with pilot projects and be quick to scale up" (Mr Lam Joon Khoi, Chief Executive, SLA), by choosing a closed route there is the distinct possibility that quick just isn't quick enough. Rather than harness the collective energies of the technology community in Singapore, it's more likely to see private efforts stalled completely, or diverted into "Do It Ourselves" initiatives (e.g. OpenStreetMap).

A largely unsung example of how "open" can work very successfully in Singapore is BookJetty. By opening up it's information services, the National Library Board has provided the opportunity for an individual entrepreneur and technologist to combine government and non-government information and create an amazingly compelling service that is not only relevant in Singapore, but also has a global audience.

BookJetty is an example of service innovation that the NLB itself could not have attempted. Since the needs that BookJetty serves are at least one step removed from the core mission of the NLB, I doubt they would even be in the position to officially identify and imagine such a service. But by opening their information services to the private sector and individuals, they paved the way for others to innovate in unimagined ways.

Imagine what possibilities there would be for improving the efficiency and level of service if a similar approach was taken to Government Procurement by GeBIZ? http://www.gebiz.gov.sg (sigh, another site that prohibits hyperlinks)

I think it's worthwhile pausing to consider the restrictions imposed by data.gov:

data accessed through Data.gov do not, and should not, include controls over its end use.

This is fundamental to the idea of Government as a Platform. It recognises that government does not have a monopoly on creativity and innovation, and that promoting private sector innovation and entrepreneurship is a priority.

Here is an opportunity for Singapore to greatly boost innovation and ecomomic development by giving early priority to openness in all Government data and service initiatives. The community is certainly brimming with ideas (see what was discussed at a recent WebSG meeting for example).

Singapore seriously does have a small, but vibrant, technology "startup" community. The Government does a great deal to try and stimulate entrepreneurship in this sector, but I would say the results have been middling at best. The main support is in terms of grants and programs (offered by MDA, iDA, Spring and EDB for example), and the opportunity to secure standard government contracts to work directly for the public sector.

Why is this important? I think the time has come to seriously consider how Government can significantly accelerate local technology innovation and economic development by giving serious, strategic priority to opening up it's data and service platform. The iDA Web Services adoption strategy has in fact already lit the path, but it seems to miss the high level push it needs, and a recognition that it most definitely does not mean that Government needs to "Do It All Themselves":

..the programme targets government agencies encouraging them to make available information or services via Web Services. The end result would be citizens making use of richer services via their preferred access points.

Conclusion (or Hypothesis?)

I guess it boils down to a belief that "Open is Better" when applied to government data and services: both for the benefit of civic dialogue and engagement; and to maximise the stimulus for economic development in the local technology sector.

But I wonder if my thoughts are just "outliers"? I'd be very interested to hear more real examples from people of:

• successful innovations that have been enabled through the use of existing open data/services offered by the public sector


• areas you desperately would like to innovate in, but are being held back by closed or inaccessible services

Whether you agree with the priorities I am suggesting or not, I hope most would think that this is an important subject to be discussing.

Making HackerspaceSG: The Zouk of Geekdom

The technical/geek community in Singapore has been showing some vibrant signs of life in recent times.

• geekcampsg some 80 or so people gave up their Saturday for 12 solid hours of geekdom - from robotics, to natural language processing, to android development and more


• Singapore Ruby Brigade is going from strength to strength - last Thursday's meetup at wego packed in some 30 people (I guess). They had to kick us out after 10pm and 3 hours of presentations, questions and discussions. That didn't stop most from gathering around the corner for supper that ended after midnight!

The next project is more ambitious: establish a Hackerspace in Singapore. Hackerspaces are community-operated physical places, where people can meet and work on their projects (more)

In order to get this off the ground, a pledge drive has started. Find out how to pledge a donation.

Updated 5-Sep: pledgie no longer being used for the donation drive, so remove the badge

+0.1: Oracle Database 11g R2 now GA for Linux

Oracle has released Oracle Database 11g R2 today - currently only the Linux version, with other OS to follow.

The 11gR2 documentation is not yet available on OTN or for download yet, but I note it is already available online if you want to stay up tonight to digest all that's new. Chris Kanaracus' PCWorld review is one of the first to hit the streets.

I've yet to digest all the changes, but in general I'd call this a "refinement" release after what's been a very solid initial 11g release. It is interseting to see the cloud features creeping in though, for example backup to Amazon S3.

11g R1 has now been out for about two years, and while technically it was the "polish" needed to round out the major shift to 10g, my personal experience is that 11g adoption has been pretty slow, and mainly the result of fresh installs rather than upgrades. This is to be expected given that most customers fit into one of two camps: those still stuck on pre-10g, and those who finally got it and moved to 10g (few of whom are yet keen to regroup for a move to 11g). Apparently, Oracle estimates about 10-20% of customers have implemented 11g which sounds about right.

As fitting my tradition (going back to a very old and tired joke), this means the tardate blog gets a +0.1 increment. w00t!

jTab 1.1: Guitar tab for the web gets an update and a mailing list

I announced jTab back in July, and there have been some nice improvements over the past month which I just tagged as a "1.1" release.

jTab is a javascript-based library that allows you to easily render arbitrary guitar chord and tabulature (tab) notation on the web. Automatically. It is open source (available on github).

I've also established a mailing list for jTab. All are welcome to join in to discuss internal development issues, usage, and ideas for enhancement.


Some of the key new features:

1. All chords can be represented in any position on the fretboard e.g. Cm7 Cm7:3 Cm7:6


2. Now allows shorthand tab entry of 6-string chords e.g. X02220 (A chord at nut), 8.10.10.9.8.8 (C chord at the 8th fret)


3. jTab diagrams now inherit foreground and background color of the enclosing HTML element


4. When entering single-string tab, can reference strings by number (1-6) or by note in standard tuning (EAGDBe)


5. The chord library with fingerings has been extended to cover pretty much all common - and uncommon - chord variants (m, 6, m6, 69, 7, m7, maj7, 7b5, 7#5, m7b5, 7b9, 9, m9, maj9, add9, 13, sus2, sus4, dim, dim7, aug).


6. It has been integrated with TiddlyWiki: jTabTwiki combines the guitar chord and tab notation power of jTab with the very popular TiddlyWiki single-file wiki software. Together, they allow you to instantly setup a personal guitar tab wiki/notebook. No kidding. And it's free.

Rails dev pattern: collaborate on github, deploy to heroku

Heroku is an awesome no-fuss hosting service for rails applications (I think I've raved about it enough).

It works great for solo development. But what if you want a large team work on the app, while limiting production deployment privileges? Or if you want the application to run as an open source project?

Since git is core infrastructure for heroku, it actually makes setting up distributed source control trivial, like in the diagram:


Here's a simple pattern for setting up this way. It may fall into the special category of "the bleeding obvious" if you are an experienced git user. But many of us aren't;-)

First, I'm assuming you have a rails application in a local git repository to start with. Like this:

$ rails test
$ cd test
$ git init
$ git add .
$ git commit -m "initial check-in"

Next, you want to create a new, empty repository on github. Github will give you a clone URL for the new repo, like
"git@github.com:mygitname/test.git".

Now we can add the github repo as a new remote location, allowing us to push/pull from github. I'm going to name the destination "github":

$ git remote add github git@github.com:mygitname/test.git
$ git push github master
Enter passphrase for key '/home/myhome/Security/ssh/id_rsa':
Counting objects: 3, done.
Writing objects: 100% (3/3), 209 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@github.com:mygitname/test.git
 * [new branch]      master -> master

At this point, you are setup to work locally and also collaborate with other's via github. If you have a paid account on github, you can make this a private/secure collaboration, otherwise it will be open to all.

Next, we want to add the application to heroku. I'm assuming you are already registered on heroku and have the heroku gem setup. Creating the heroku app is a one-liner:

$ heroku create test
Created http://test.heroku.com/ | git@heroku.com:test.git
Git remote heroku added
$ 

You can see that this has added a new remote called "heroku", to which I can now push my app:

$ git push heroku master
Enter passphrase for key '/home/myhome/Security/ssh/id_rsa':
Counting objects: 29, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (17/17), done.
Writing objects: 100% (17/17), 2.17 KiB, done.
Total 17 (delta 12), reused 0 (delta 0)

-----> Heroku receiving push
-----> Rails app detected
       Compiled slug size is 208K
-----> Launching....... done
       http://test.heroku.com deployed to Heroku

To git@heroku.com:test.git
   4429990..4975a77  master -> master

So we are done! I can push/pull from the remote "github" to update the master source collection, and I can push/pull to the remote "heroku" to control what is deployed in production.

Sweet!

PS: Once you are comfortable with this, you might want to get a bit more sophisticated with branching between environments. Thomas Balthazar's "Deploying multiple environments on Heroku (while still hosting code on Github)" is a good post to help.

Launched: I Tweet My Way - Getting things done for the twitter generation

I Tweet My Way is a twitter application to help you to set goals and get things done with the support of your friends and followers.

It's an application I've had in stealth for a while, but decided it is about time to let it out in the wild.

Do you have a goal you really want to work on? Quitting smoking, losing weight, paying off the credit card, or learning a new skill - these (and anything else you can imagine) are all suitable objectives to set yourself with I Tweet My Way.

I've had a long-standing interest in goal setting and tracking, but I must admit it was the advent of the "twitter-application" fad that got me thinking about how you could do a "getting things done" style personal trainer with Twitter. Now I'm looking forward to see how it gets used for real. I'm very interested in any feedback you may have. Did it help? Does it work? Why didn't it help or fit your needs?

Technically, it was built with rails and uses the Twitter OAuth support for authentication (you can read more about that here). I have it hosted at heroku (my favourite rails hosting service, although I am a bit leary about performance in the Asian region at the moment).

NB: the site currently comes without soundtrack, but think "mbube, the lion sleeps tonight";-)

KISSWorld - applying good design to mundane matters

Must be at least two years ago that Singapore Airlines changed the layout of their KrisWorld inflight entertainment magazine and it has bugged me ever since. The update coincided with a revamp of the entertainment on offer (a staggering 80 movies and hundreds of CDs). Unfortunately, the magazine suffered.

I've been waiting for SIA to "fix" KrisWorld, but last I flew it was still the same. Maybe one day. Do let me know if you see a new layout on any of their flights!

But it had me thinking, and I thought worth discussing because it seems a good example of how marketing-driven design changes can have unintended usability consequences despite everyone's best intentions.

Don't get me wrong, SIA remains my favourite airline of all, but it is disheartening to see that even the best airline in the world is susceptible to getting stuck with "bad design". Makes you wonder if there is any hope for the rest of us.

My gripe is with the layout of the CD selections.

How do you select an album you might want to listen to?

• You might recognise the album cover
• Maybe you like certain artists, but not know the specific albums available
• Or you might be looking for a certain album title
• And for some, you don't recognise the album art, title or artist but are attracted to sample it because of the genre or the cover

When looking through a long list of albums, chances are that all of these methods of recognition and selection are at play.

The trouble with KrisWorld is that they have separated the album cover display from the listing of artist and album name. The only thing that links them is the artificial numeric code that is applied to each.

On the left is an approximation of my actual scan pattern when trying to make a selection.

First I scan the album covers. Many I don't recognise and skip over.

I find something I think I recognise. To be sure, I then cross-reference into the album list and start another search using the special code number.

At this point I'm wondering if eye exercises are a safety feature designed to prevent DVT, or just intended to make the flight pass more quickly.

Maybe Joanne Wang is a little too sedate for how I'm feeling now, so I start another search through the album/artist list.

Down we go. Some I recognise (but without the album cover I'm not 100% sure).

Ahah, Wu Bai. That's more like it. But which album is this? Cripes, time to find the matching album cover to make sure.

Finally. Time to listen. A good thing this is CD and not a movie, because my eyes need a rest now..

Why do I need to work so hard? How to solve this usability nightmare?

Well, one suggestion is to just keep it simple. Cover art, album title, and artist are bits of information that both separately and in combination help me search the listings the most effective way. So just put it all together in the list. For example:


The eliminates all cross-referenced look-ups, is simple and direct, and does not require significantly more space. Best of all, as a "user" it is effortless.

Funny ... isn't this exactly how the layout used to be designed?

The lesson? Sometimes, designs must be seen to change for marketing or other business reasons, letting you loose in a requirements vacuum. The danger is that in the absence of specific functional or usability needs, other factors such as aesthetics and branding will expand to fill the void. Done carelessly, you can inflict untold collateral damage on the product through the process.

The solution? Consciously re-introduce at least a usability/functional benchmark into the design process - "be no worse than it was before". Better yet, ensure usability improvements remain a key objective - no matter how good you might think it was before, perfection is always one better.

And yes, usability applies as much to the printed page as it does to the web!

Yes, of course we have an open social media policy

We embrace openness and customer engagement using the latest social media tools such as twitter, facebook and blogs*

* subject to prior approval, review, certain topic restrictions and we reserve the right to change our mind, terminating your network or your employment, now or at any time in the future. Have a nice day.

Tom Fishburne perfectly captures the reality of how many big companies really work. This may be painfully funny, but sadly I don't think it's all fiction...

Rocket Ship Galileo - Apollo 11 40th Anniversary

Houston, Tranquillity Base here. The Eagle has landed -- 20 July 1969 The 40th anniversary of the Apollo 11 landing has been getting quite a bit of coverage, but the coolest initiative has got to be the addition of the Moon in Google Earth. Quite coincidentally, I just read Robert A. Heinlein's "Rocket Ship Galileo" (well, actually listened to the audio version brilliantly narrated by Spider Robinson ).

Heinlein packs this atomic moonshot adventure with just about every Boy's Own plot twist possible and tells a rollicking ripping yarn. What's amazing is the detail of the hard science throughout the book - especially given the fact it was written in 1947.

All the shucks, gee willikins is quaintly pre-baby boom, while the embracing of atomic power with such wild abandon is frightening in retrospect. Altogether, it's a great - if dated - story; a true testament to Heinlein's genius and imagination.

On atomics: it is possible the tide of opinion may be swinging back to nuclear. The ABC Science show just featured a story on the safer and cheaper generations of reactors coming online (transcript, audio). Today's generation III reactors, and the generation IV on the horizon offer even cheaper, safer and cleaner power (literally eating the waste products of earlier designs). All well and good, but it would be a concern if "new atomics" became the quick and easy fix that sabotages the head of steam building up behind the true clean, green renewables (like solar nanopillars).



Originally posted on It's a PrataLife

ChordMaster 2000 - the sexy way to learn guitar chords

So this weekend I've dressed up jTab as a little web application to help you learn chord fingerings for guitar...

Introducing the ChordMaster 2000 ;-)




OK, so maybe I sexed up the design and UI a little too much for such a simple task, but it was fun to see how far I could go with javascript and SVG (and no flash or silverlight).

It was also a proof point for jTab - the javascript library I released last week that renders arbitrary guitar chord and tab using SVG. Happily, it worked fine without a tweak - just some extension methods that are specific to the ChordMaster application (like getting an array of all chords that are defined as "intermediate" level).

PS: big thanks to @jasonong who's jumped in and already made some great contributions to the jTab project on github -- It's amazing to see github rock as a "social coding" platform - create a public project one day, have changes to merge back the next. Trivial to do with git, and the great visualisation of the project revision/branch history makes merging so easy to understand.

jTab - Guitar Chord and Tab Notation for the Web

Guitar tab (notation) is all over the internet, but it is usually in either a fixed/non-interactive form, or painstaking ASCII format.

I've always wanted a better way, and two things I've looked at recently inspired me to think it might be possible: Dmitry Baranovskiy's fantastic work on the Raphaël SVG library, and Alex Gorbatchev's syntaxhighlighter.

So now I can introduce the result of my latest weekend project:

jTab - newly minted and ready to rock and roll!

See the project home page at http://jtab.tardate.com for more examples and information about how you can use it too. jTab is open source, with the master source code repository on github .

What does it do?

jTab is a javascript-based library that allows you to easily render arbitrary guitar chord and tabulature (tab) notation on the web. It handles implicit and automatic rendering of any page elements given the special class name 'jtab'. It can also be scripted for more sophisticated or interactive effects.

Bottom line: jTab turns this..

<div class="jtab">Bm $3 4 4h5p3h4 5 $2 3 5 7 7h8p7 5/7 | A $4 7 9 $3 7 6 $5 9 $4 7h9 7 $5 9\7 5/7 | </div>

..into this:


Grab it, use it, help me improve it, or just let me what you think...

Using Twitter OAuth with Rails + sample

I've been using rails with the Twitter REST API of late, using the oauth gem as the base. It works well, but keeping up with the API changes can be a challenge!

In the recent update to OAuth 1.0a, there were two critical changes required:

Web-apps should specify the oauth_callback

Through trial-and-error, I found that if you don't explicitly specify the oauth_callback when going through the authorization process, twitter will halt at the PIN page (behaving as if you are using a client application). That's easily fixed..

request_token = consumer.get_request_token( :oauth_callback => TWOAUTH_CALLBACK )
session[:request_token] = request_token.token
session[:request_token_secret] = request_token.secret
# Send to twitter.com to authorize
redirect_to request_token.authorize_url

NB: the root cause is that oauth 0.3.5 sets "oob" as the oauth_callback if you don't explicitly set it. This triggers the twitter desktop PIN flow.

Include the oauth_verifier when exchanging the request token for an access token

Next, the major change in 1.0a was to add an oauth_verifier parameter. Twitter sends this back to you after the user has authorized access, and you need to include this parameter when exchanging the request token for an access token.

request_token = OAuth::RequestToken.new(consumer, session[:request_token], session[:request_token_secret])
access_token = request_token.get_access_token( :oauth_verifier => params[:oauth_verifier] )

An example application

I've created a minimalist application that demonstrates the twitter API with OAuth 1.0a in rails. I've set this up to run at heroku.

The source is at github for all to share: http://github.com/tardate/rails-twitter-oauth-sample/tree/master

And there's a running demo site at http://rails-twitter-oauth-sample.heroku.com.

Running Heroku on Windows

What! Do rails development on Windows?

I've raved about heroku before, and it still roasts my bacon.

In recent months, there's been a bit of a switcheroo - first the migration to herokugarden, which retains all the original online editing and hosting. The perfect solution for hobby projects or prototypes. Now I'm migrating back to heroku itself, which has become their solid production hosting facility for rails applications.

As Sarah Mei reported, the heroku gem (used to create and manage your heroku application instances) had problems running under Windows, due to gem dependencies that do some decidely un-Windows things.

There is now an updated heroku gem (1.0) that I just tested out, and am happy to say it is now working fine under Windows. There are some dependent gems and it can be required to make sure you get the version that specifically supports windows. That used to include json, but at the moment the main version-pegged gem I'm using is sqlite3-ruby (at 1.2.3 instead of the head at 1.2.4)

$ gem install sqlite3-ruby -v 1.2.3
$ gem install heroku
  Successfully installed heroku-1.0
  1 gem installed
  Installing ri documentation for heroku-1.0...
  Installing RDoc documentation for heroku-1.0...

Perfect! Testing it out..

$ rails myapp
$ cd myapp
$ git init
$ git add .
$ git commit -m "init"
$ heroku create myapp
  Created http://myapp.heroku.com/ | git@heroku.com:myapp.git
  Git remote heroku added
$ git push heroku master
  Enter passphrase for key '/d/MyDocs/My Dropbox/Config/Security/ssh/id_rsa':
  Counting objects: 65, done.
  Compressing objects: 100% (58/58), done.
  Writing objects: 100% (65/65), 80.48 KiB, done.
  Total 65 (delta 14), reused 0 (delta 0)

  -----> Heroku receiving push
  -----> Rails app detected
         Compiled slug size is 80K

  -----> Launching...... done
         App deployed to Heroku

  To git@heroku.com:myapp.git
   * [new branch]      master -> master

Sarah gave the hint as to how to fix the older heroku gem (0.9.1), and has a forked version on github. A few people collaborated to fix up the code there so no longer any script editing required (basically to remove any dependency on taps for the gem build). Installing Sarah's version involved cloning the repository, building the gem and performing the local gem installation:

$ git clone git://github.com/sarahmei/heroku.git
$ cd heroku
$ gem build Rakefile
$ gem install heroku

Java Puzzlers. Be Afraid of the Dark.

Apparently, Joshua Block and Neal Gafter started the "Java Puzzlers" idea at Oracle Open World 2001. I wish I was there. Subsequently, they've turned it into a book , and a website. If you program in Java, you must read this book. It covers the kind of traps in your code you wouldn't even imagine could be there. I can guarantee you have written at least one of these issues into your code. And QA never caught it. And it is out in the wild RIGHT NOW. Arrgh!! These days, I think (and hope) that most professional developers are relatively atuned to coding security issues and the rise of opinionated testing methodologies (Unit testing, TDD, BDD etc).

But this book is a real eye-opener to the range of issues that you wouldn't even think worthy of a unit test case.

public static boolean isOdd(int i) {
  return i % 2 == 1;
}

Seems like a reasonable test for odd numbers? Except it is wrong a quarter of the time.

And that is just puzzle #1.

The book takes you through issues with strings, loops, classes, libraries, all the way to puzzle #95, where you learn why you shouldn't program like your brother.

Get a flavour from this presentation on Scribd from JavaOne 2007...

Publish at Scribd or explore others: School Work java puzzlers

Lessons in Re-branding: My Aquarium and SpeedDate's Agressive Acquisition Strategy

The My Aquarium Facebook application will soon become .. a dating app??? WTF!


At first I thought it must be a joke, or someone hacked the developer's facebook account.

But amazingly, it seems for real. SpeedDate have apparently been acquiring quite a number of Facebook applications, and My Aquarium is just one of the latest.

I don't know what on earth they are thinking though. Do they seriously expect to just buy users like this? Isn't there a fundamental demographic and motivational mismatch between users of a cute aquarium app and the dating crowd (except by pure coincidence)?

Rather than endearing people to SpeedDate, I'd expect the reaction is more like this:

Get the hell of my Facebook page. First you buy up and kill off one of my apps, then you expect me to use your totally unrelated app? Get real!

Kind of like if Microsoft came along and bought up Adobe then sent an email to all Photoshop users saying they must all upgrade to Excel. Can you imagine the consumer revolt that would cause?

I don't know anything about SpeedDate, but this behaviour just makes me want to see them fail big time. Not a good PR position to be in...

Hyperwords - fact-checking the web at a glance

Two things I find myself doing oh so frequently when on the net:

1. Getting referred to wikipedia after googling


2. Checking word spellings and definitions with one of the online dictionaries

With the Firefox add-on Hyperwords, both these activities just got incredibly easier. Just select text in your browser and you have instant access to the related wikipedia entry, check the dictionary and more (stock quote lookups etc).

Even better, the results pop-up in the browser so you are not left with a cascade of windows or tabs to get lost in.

It joins firebug as one of the top two "must-have" add-ons for my Firefox install!



Hat tip to blankanvas for putting me onto this..

TDD and BDD is old school. Make the jump to HDD (Humour Driven Development)

SlashWeb just posted their list of the 25 Best Programmer Comics. I wonder ... seems like it could have been inspired by the stackoverflow question What’s your favorite "programmer" cartoon?.

xkcd's Proper User Policy apparently means Simon Says (sudo make me a sandwich) comes #1 in the SlashWeb list, versus the stackoverflow community voting xkcd's Little Bobby Tables to #1.

Conclusion? Either way, xkcd rocks.

But how's this for cool: xkcd's "antigravity with python" actually made it in as a patch to the python source code!

The Software Architect's Professsion. Or Delusion?

That was a happy age, before the days of architects, before the days of builders. -- Seneca c.4BC-65AD I hesitated as I reached for The Software Architect's Profession: An Introduction (Software Architecture Series) on the library shelf. Did I really want to read another treatise on the role of the software architect? Hasn't the term architect been so abused as to now be worthless, even downright counter-productive? In this, I think I am one with Jeff Atwood and Joel Spolsky who discussed the questionable value of the title "Software Architect" on StackOverflow podcast #44. Nevertheless, my hand followed through. I think I was persuaded by the unimposing nature of this concise little 100-page book.

I was pleasantly surprised; this is a great little book for stimulating some thinking around the role of an architect for the advanced reader. But I worry that it attempts to position itself as "An Introduction". A novice, unprepared to read the text critically, may easily be mislead by the book's definitive statements about what a software architect is and what they do.

Personally, I believe the book is fundamentally flawed in three important aspects:

1. Are we really in Crisis because we lack a Software Architecture Profession?

Firstly, the premise that today's Crisis in Software -

[the] parade of failures and half-failures that has grown over the years as a result of a world without an established profession of software architecture

- is wholly unsupported by any direct evidence. The authors' central argument is flawed by asserting an apparent causal relationship when in fact only coincidence had been established beyond doubt. A number of well-known software runaways and failures are mentioned, but I don't know of any where the original case studies attributed the failure primarily to the lack of "an established profession of software architecture". The authors get around this problem by redefining the conclusions and suggesting that all faults may eventually be explained by architecture. It seems to me self-serving and circular.

2. A Flawed Analogy with Building Construction

Second, the authors attempt to reinforce their argument with the proposition that the analogy with building architecture is self-evident. Buildings need architects. Software is like building. Therefore software needs architects. Hmmm. I am reminded of Bernard Rudofsky's book "The Prodigious Builders" which celebrates the history of vernacular architecture. That is, architecture without Architects (unfortunately a stunningly boring book for what ought to be a highly inspirational subject).

I particularly disagree with the authors' contention that software is not developed: it is built (with a sense of finality). The Google-inspired trend towards the perpetual beta is the most visible evidence to the contrary. The authors object to the notion that to develop implies to unfold, uncover, and make known. On the contrary, I find this a most apt description of what we do within the software profession: the youth and continuing innovation within the field does mean that software development and the architecture it requires is more akin to exploration, invention and discovery than to a formalised application of the tried and true.

Strike two.

3. Premature Specialisation

I began to renew my hope for the book as it explored the historical foundations of architecture. Michelangelo can truly lay claim to the title of Architect ("master builder"); his work on St Peter's Basilica epitomizes the unltimate balance between function, beauty, and structure,

Vitruvius is famous for asserting in his book De architectura circa 50BC that a structure must exhibit the three qualities of firmitas, utilitas, venustas — that is, it must be strong or durable, useful, and beautiful. A sense of proportion and harmony is represented in Leonardo Da Vinci's famous illustration of Vitruvian Man.

Such ideas begin to shape the conventional definition of an architect. A master who not only understands structure, utility, and beauty in order to successfully render a design into plans, but has the practical experience to supervise their realisation through construction.

At this point, I think the authors are getting onto the right track. However they stumble at the last post by then inexplicably turning this into an argument for a limited and specialised concept of a "Software Architecture Profession", where the architect only retains responsibility for venustas (design/beauty). Utilitas (function/utility) is the client's problem, and firmitas (form, materials, logistics) is the province of the engineers, scientists and code monkeys.

Time for the Renaissance?

The authors' call for the codification and ossification of a software architecture practice is I think at least 50 years premature.

What an "Architect" needs to be concerned with is still going through successive waves of tumultuous change. Up to the green-screen era, computer system architecture necessarily had a strong hardware component. Come the GUIs and increasing processing power in the 90s, it seemed a singular focus on "software architecture" as a technical discipline was a valid vocation. Now the waves of web-driven innovation and the emergence of the "Rich Internet Application" is again challenging our notions of what architecture entails. And again, the "real world" is encroaching the pure software realm with the rise of increasingly powerful and widely available mobile computing platforms (think iPhone, Android), and the revolution in pervasive automation (think Arduino).

I think the Java Posse were spot on when they discussed the growing need for cross-fertilisation and collaboration between designers and developers on podcast #247 - Design and Engineering. This is a time of divergence, not convergence, in the business of producing software & technology-based systems.

In truth, I question how appropriate both words are in the term "Software Architect":

• Software - it is perhaps only in the last 10-20 years that it has been possible to construct computer software at the level of complexity that warrants the existence of an architect in the classical sense. And I suspect that in another 10 years it will seem ludicrous to suggest that you can be an Architect of only software ("just a turn-of-the-century fad"). Software is just one component of a "built environment" that encompasses everything from the information infrastructure and systems technology to the psychology, art and design of human interaction; ultimately leading to a desired collaboration between people and machines in the context of real-world objectives.
  
• Architect - the common use of the term in the computing field has stripped this word of it's more noble dimensions. No longer is the architect "the person with the vision and skill to make dreams a reality". They are more likely to be the person in the corner who produces nothing but paper, leaves no fingerprints on the pages of history, and is generally ignored by those who are really making things happen.

I don't know what you should call the people who have the experience and ability to lead others to do amazing things with the information technology we have at our disposal.

I'm just pretty sure that "Software Architect" doesn't even come close to being adequate. And building a "profession" around a woefully inadequate definition is a one-way ticket to irrelevance and obscurity.

Why would you open source a framework?

Interesting to listen to Scott Hanselman and Richard Campbell talking over the rationale for open sourcing Microsoft's ASP.net MVC framework on Hanselminutes show #175.

Part of the answer was a general desire to nudge Microsoft further towards embracing open source: "Why wouldn't you?". Which is admirable.

Partly it is a desire to open up the innovation envelope: Scott talked about his experience releasing TweetSandwich, and then seeing the unexpected derivative applications developed using the source as the base. Designing a framework is a daunting task. By definition, most of the framework's possible uses are not known ahead of time.

Take a listen to The Java Posse #241 which also came out this week, where they discuss the challenges of design as it applies to frameworks. One of the great concepts they talk about is how the best frameworks invariably have well designed escape hatches, to make sure you can overcome that typical problem of '..but the demo worked so well!'

Personally, I think having access to the source code of the framework is one of the most effective 'escape hatches' you can have.

Even if you never plan to fork or modify the framework, the ability to dive in and examine the source when things are not quite working as expected is really the difference between a framework you can work with, and a framework that will be discarded after a couple of projects. It is one of the great things about rails: often the documentation comes up short, but when you look at the api, the source code is but a click away!

Tweeting from your database with short urls

There's something cheekily enjoyable about getting all manner of 'non-human' things to tweet. I've heard of plants tweeting, but until I saw Lewis Cunningham's post announcing ORA_Tweet, I hadn't even thought of getting Oracle Database onto twitter.

Saturdays are good for little projects, so I thought I would add URL shortening service today;-)

Since twitter famously limits you to 140 characters, it is conventional to use a url-shortening service to include hyperlinks in your tweet. So my little play for today was to pair that idea up with ORA_Tweet.

There are a range of URL shortening services available including snipurl and tinyurl (here's a survey of services). I've been using is.gd for a while though, since it sports the simplest GET request 'api' you could imagine, making it great for ad-hoc programmatic use.

So I add an extra package called SHORT_URL which has just two functions:

  FUNCTION encode_url(
    p_url IN VARCHAR2 )
  RETURN VARCHAR2;

  FUNCTION encode_text(
    p_text IN VARCHAR2 )
  RETURN VARCHAR2;

encode_url the main wrapper around the http://is.gd call to get a short url for the one you provide.

encode_text is a more convenient function that takes a block of text, and will replace all the urls it contains with the appropriate shortened versions.

Then there's just one change to the ORA_TWEET package body:

45c45
<       url => 'status=' || SUBSTR( short_url.encode_text(p_string) ,1,140));
---
>       url => 'status=' || SUBSTR(p_string,1,140));

Now you can go wild with URLs in your database tweets:

BEGIN
  DBMS_OUTPUT.ENABLE;
  IF ora_tweet.tweet
    (
      p_user => 'twitter_username',
      p_pwd => 'twitter_password',
      p_string => 'ora_tweet v1.1 is complete! Now with url shortening ... see http://database-geek.com/2009/03/15/ora_tweet-tweet-from-oracle-a-plsql-twitter-api/' )
  THEN
    dbms_output.put_line('Success!');
  ELSE
    dbms_output.put_line('Failure!');
  END IF;
END;

Building on Lewis' original justification for building ORA_Tweet, you could for example include links to a report page or admin screen when your long-running process sends you its "I'm done" tweet.

That's if you need justification;-)

If you are interested, the source is up on my github account now: ORA_Tweet_With_Shorturls.zip

Idea #105: what name babby? (Dugg already pwned)

I just saw namemasher.com mentioned on programmable web.

It's a first step towards addressing one of humankind's biggest challenges: forget about running out of IP addresses, we're going to run out of usernames first!

What kind of handle do you think your children be able to get on Friendfeed? Under what name will your grandchildren be able to tweet? And do you think they stand a chance of getting the same nick across all their services?

There's a mad stampede for names going on, and any self-respecting parent (or prospective parent) who wants to bring up their children right ought to be out there buying up their progeny's place in cyberspace. Along with the tuition fund you need: website domain name, email account, twitter handle, skype, tumblr ... who knows which will survive, so get them all.

You never know: what if you kid gets famous, or even goes into politics? It wouldn't be very presidential if they tweeted as @spaceycasey123456.

Parents need something more than namemasher. In addition to the parents' names, it needs to munge in family and cultural background, existing baby name references like babynames.com (that's the one with the helpful definition of Espn), cross-check against existing accounts with something like namechk.com, and then go out and pre-register all the services for your unborn child. What an 18th birthday present that would make!

In short, the world needs wotnamebabby.com:

Learning not to love Java

Back in 99, I spent about six months procrastinating over a MAJOR decision (or so it seemed at the time).

To stick with the Microsoft camp - where I'd built up substantial experience through ActiveX to DCOM to COM, IIS and Commerce Server 3.0 - or jump onto the Java bandwagon?

Ultimately, Java won out, and along with millions of others, we've made Java the enterprise platform of choice (arguably).

The interesting point upon reflection, is that there was never any doubt in my mind that Java was somehow 'better' and more 'pure', in an academic sense.

Almost ten years later, I shocked myself recently when returning to Java after spending a good part of the past two years infatuated with ruby and rails and other scripting languages.

Where before I saw classical elegance, now my first thoughts were this sux and the language is just getting in my way.

First the verbosity kills me:

   WeLikeLongDescriptiveClassNames myReallyDescriptivelyNamedObject = WeLikeLongDescriptiveClassNamesFactory.getInstance(duh);

How many times do I have to tell the compiler what kind of object I am dealing with? Sure, I understand the benefits of the Factory pattern and the subtleties you can construct by virtue of the inheritance hierarchy. But most of the time, I just want the compiler to do what is most obvious, and don't make me write a novel for the most straight-forward tasks!

Then there's the language-promoted cultural phenomenon of class explosion. Need half a dozen value objects to represent the various information to be passed around in your domain? Sure! With unit tests all, I am sure. Most of the time, I'd now prefer to scream YAGNI!

But the true ephiphany was my run-in with primitives (again ... every year or so). Using JSP sessions as a perfect place to test this out. Take an int and stick it in the session:

int startingInt = 3;
session.setAttribute( "startingInt" , startingInt);

What type is in the session? An Integer object of course. Java has cleverly done a type conversion for you, from a primitive to an object. But woe betide the simple developer who assumes this must be a commutative operation:

int newInt = session.getAttribute( "startingInt" );
// Error!! 

That's what I call a language actively getting in your way. Kind of like if you deposited $10 cash in your bank, but when you went to withdraw the money, the teller threw the shutters down and said you could only get your money back in government bonds.

So do I have a point or is this just a rant (and certainly one that is not as erudite as many have written)?

I guess I must be pretty slow to catch on to what others knew long ago. The true test comes down to being able to realise one's goals. For personal projects, I find I'm able to knock out complete (and impressive) applications in Rails, while I still have ten java-based ideas on the drawing board.

It comes down to whatever works. And it should.

Does that mean I hate Java? Not at all. I still get a bit of a thrill out of its clean lines and voluminous open source library support. Much like seeing an aging and long-since outclassed 512BB. 'Classic' is timeless.

No. I don't hate Java, but neither do I love it the way it used to demand. I look back on my naïve 1999-self in wonder. Building experience is key, but it is a mistake to tie this to a language. Computer languages are the tools of our trade, and the more you know, the better you will be. When people mention Haskell, Scala, Eiffel ... do you know what they are on about, or do you just nod intelligently and pray not to get caught out?

With more tools at our disposal, we are better able to tackle new challenges in the most appropriate way.

To get the job done (which is generally the point, right?).

Crazy Stupid Security Policies #1

So we've all been there .. a super-secure data centre where they ban wireless access while in the server room.


I recently had an acquaintance pulled up for using wireless while in one such place. Twice. I won't name where, because this issue knows no bounds.

It is a nice and reasonable rule from the security policy astronauts' perspective, because usually those responsible for the policy are not also accountable for operations. I presume the main concern is bridging networks and (intentionally or not) providing backdoor access.

They conduct audits and spot-checks, and on the surface everything looks great. If all you are concerned about is the paperwork, your job is done.

But in practice, and from what I have observed over the years, reality is a very different thing.

Unless all you are doing is bolting a server into a rack or plugging the fibre cables in, it is hard to get the job done these days without external network access.

• Maybe that is for research: consulting vendor guides or searching the knowledge bases (because no-one provides all the doc on disk anymore - it's on the web!)


• Or often you need to test the system you are configuring or diagnosing, and that can only be done from "outside" (SSL termination at an external-facing load-balancer for instance).


• Or, in this Web 2.0 world, you need to collaborate with colleagues to get the job done. Skype or IM to get hold of the expertise needed for the task at hand.


• Worse still, you have an "escort" policy, but a simple request to get in or out of the data centre is meet with abuse, recalcitrance or outright hostility from the people who are meant to escort you (like it's not their job!)

All these factors increase the frustration of SEs the world over, in the face of data centre policies that treat IT as if it were like installing an air-conditioner.

Now what happens when the threshold of pain is pushed up and up like this? At some point, the immediate pain (can't get to metalink) exceeds the potential future pain (maybe I'll get caught using wifi).

And, dear data center security experts, happens next?

Human nature takes over. Before you know it, you have a feral group of wifi/bluetooth/3G connected people running around your DC.

The worst part is that you have pushed the behaviour underground, where it is truly uncontrolled. In being secretive, people are breaking the most significant security prohibitions of all: bridging networks. Sorry, you don't know how much it goes on. (personal aside: yes, I admit I have, in the past, used wifi in a non-wifi DC. But being the conscientious and security aware guy that I am, I was always quite anal about disconnecting from the DC network before getting on wifi. Not that anyone knew. And if they did, my reward would have been ... a punishment!!)

So what approach would an enlightened, modern data center manage take? I would sleep much better at night if I:

• Had an open wifi usage policy to bring the practive into the light of day. Maybe tables running between your racks for wifi-connected laptops (bolt them to the desk if you like, with a CCTV overhead), while direct network/server access had to be done rack-side.


• Educate on responsible wifi use. Make sure people understand the risks of bridging nets and make it clear its OK to be on wifi, but not ok to bridge.


• And have a clear understanding with my internal staff that "escorting" is not an interruption to the work they are doing, it is a vital task that will be rewarded.

Fundamentally, this means I would need to reconsider how I defined my job as a data centre manager: I'm not a slave to a policy handed down from upon high, my job is to implement and enforce the best procedures possible that both enforce the policy goals, while providing excellent customer service. Achieving this may mean I need to think a little out of the box, even be a little creative and pragmatic.

Now I should be clear that in writing this I am not condoning anyone who breaks a clearly published policy not to use wifi in a data center. On the contrary, if you have to work in such a place, I'd say stick to the policy, and drive the escorts nuts as you go in, out, in, out and in again to get the job done. Demand a full time escort if you need it.

My real message is to anyone with authority over security policies and their application: recognise that a policy on paper is worth exactly the cost of the paper unless you have taken into consideration the human factors involved and done your best to ensure that your procedures and environment are optimally designed to encourage the very best behaviours, and not the ones you most want to avoid.

Anyone have data centre security horror stories to share? I would love to hear about them! Better yet, how you manage to get around the stupidity, yet stay "legal".

Like you scroll wheel? You want KatMouse!

I just heard about KatMouse on Security Now! #182.

I type fast, but love my mouse ( ... and there has been lot's of controversy about the numeric keyboard getting in the way too).

That means I'm a scroll-wheel addict. Till now, I just accepted the fact that it doesn't kick in all the times I would naturally expect it to work, like old applications, or in controls or windows that don;t have focus.

As soon as I heard Steve talk about KatMouse I knew I just had to get it. Two minutes later, it is installed and I'm loving it!

Best feature: when I have overlapping windows, I can scroll whichever window the mouse is over. Doesn't have to be in focus. Beautiful! This is how the scroll wheel should have worked all along;-)

Wordling your twitter flock (and an aside on sniffing out bad proposals)

Twitter just keeps on attracting people who glob on new and interesting innovations; the latest I've seen is TwitterSheep which does a neat wordle of your followers.

Twitter has got to be the poster-child for YAGNI. By keeping things real minimalist, it not only creates the space but also the yearning for innovation - and we're seeing that in bucketloads (see also MrTweet; proud to say, Singapore compatriots!).

Wordles are simple but interesting semantic analysis toys. How useful can a word frequency count be? You may see a bit of noise, but I read them as a measure of obsession.

I've been using wordle.net for a while to do proposal analysis. It's become a "must-do" step before submission, as the insights can be invaluable. Simply paste in the full text of your proposal, and reflect on the resulting wordle. It's better than therapy!

What should be prominent of course are the concerns and issues that you know your client highly values. But what you will often see in your first drafts are a whole lot of words that are basically synonyms for ME! As in: my company, our product names, our partners, our technology etc etc.

All very well (it is a proposal after all), but just like a good conversationalist, shouldn't good proposals be at least equally weighted towards your listener's needs and desires? I think so, and wordles are quick and easy tools for sniffing out the boilerplate proposal that doesn't give a flying fig for the customer!

Still not convinced? Well, see the wordles that Billy Cripe did of Obama and McCain's convention speeches. Thank god you voted in Obama is all I can say!

What scares me is a seeing an obsession with "Country" "Americans", "fight", "war", "God" and even friggin' "nuclear", "attack" in the one wordle!!!!

So here's my twitter flock. Hmm, we're a pretty boring bunch!



Props to Daryl Tay for the TwitterSheep link.

Best Practices in Web Form Design

I'm humming and hahing over some form designs at the moment. These days you have so many options, especially when you are getting smart with ajax and scriptaculous tricks.

Having options is always a double-edged sword. Yes, they allow you to do amazing things. But they provide a great recipe for procrastination.

.. just the situation where some thoughtful, concise guidance on leading practices from someone who knows their stuff can be a goldmine.

Thankfully I stumbled upon this great presentation on web form design by Luke Wroblewksi. It's a classic, and now I see he has a book out on the topic which instantly went on my "must read" list.

SOA is dead! Was it ever alive?

There's nothing like a "financial correction" to make people wake up and start sniffing the crap that has been shoveled their way.

Waddya know? SOA is dead says Burton.

If I was paying for Burton services, I would be asking for a refund and an explanation as to why it took so long to identify the bleedin' obvious

The irony may have been a bit thick for anyone to realise that my story of Eric the Architect was little more than a lampoon on the generations of IT attempting to find a home within business (true friend - true story - honest!!!).

Guys - pragmatism rules. SOA never had anything to do with the bottom-line. Directly. And the indirect contributions lacked evidence and credibility.

In an excess of pragmatism, Miko Matsumura shut down the SOA center blog on the back of the Burton article. The new blog will be called the Whatever Center. Love the name, but will the dns changes ever propagate? I hope so, for Matsumura-san's integrity. Unlike WFTs transition to WTH, this is not a joke.

Personally, I'm with Justin Kestelyn:

The problems remain with us, whatever we choose to call the solution.

Tripping up on base64 encoding with webcache

Looking at an Oracle Portal installation recently, I wanted to call the WebCache invalidation API from SQL.

$ORACLE_HOME/webcache/examples/invalidation.sql sounds like a good idea, until:

begin
invalidate('hostname.com',9451,'password1','http://hostname.com/page')
end;
Error report:
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at "SCOTT.BASE64_ENCODE", line 51
ORA-06512: at "SCOTT.BASE64_ENCODE", line 57
ORA-06512: at "SCOTT.INVALIDATE", line 38
ORA-06512: at line 2

Uh-oh. The base64_encode function included in the script is having trouble with the password. A quick look at the code...

create or replace function base64_encode
(
   p_value in varchar2
) 
return varchar2 is

    BASE64_KEY constant varchar2(64) := 
        'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
    l_buffer varchar2(32767);
    l_len integer := trunc(length(p_value) / 3);

...

begin
    for i in 0..l_len loop
        l_buffer := l_buffer || encode_chunk(substr(p_value, i * 3 + 1, 3));
    end loop;

    return l_buffer;
end base64_encode;

Note l_len division by 3, then using it in the for loop. Yep, classic 0/1 base offset issue. Any password with a length of 3, 6, 9 etc characters breaks the code. Fixed with a -1:

    for i in 0..l_len - 1 loop
        l_buffer := l_buffer || encode_chunk(substr(p_value, i * 3 + 1, 3));
    end loop;

But that raises more questions. What is this base64 encoding function doing here anyway?

At some point in time it might have been required, but Oracle Database has had the standard function utl_encode.base64_encode for at least a few versions. It encodes RAW so there's a bit of friggin around with types:

select utl_raw.cast_to_varchar2( utl_encode.base64_encode( utl_raw.cast_to_raw('password1') ) ) as B64 from dual;

B64                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
-------------
cGFzc3dvcmQx     

I did note the comment in invalidation.sql to the effect that:

-- this old example is replaced by 2 files, collectively known as the
-- PL/SQL invalidation API.
--
-- the 2 files are
--
-- wxvutil.sql which does similar things as what invalidate.sql did
-- wxvappl.sql which is a wrapper of wxvutil.sql
--
-- both files are located in the same directory.

Well, these files are not in the same directory (they are actually in ../toolkit), and what's the excuse for shipping broken examples anyway, even if they are old and obsolete?

A case of severe backblogarrythmia

My backblog is giving me the irits. And what's worse I join the sad club of people who thought they cleverly invented a new word!

Backblog - Overflow of incidents you intend to write about on your weblog.

However, perhaps I can claim backblogarrythmia as my own:

.. a disruption in the regular flow of weblog posts, often caused by overwork, booze or a new romance. Primary symptom is the backblog, which in turn can exacerbate the problem through increased levels of performance stress. Treatment: JFPS*.

I used to work in a factory where I swear one of the leading hands had a personal goal of inventing a new word everyday. He'd casually call over something like "Hey, pass me the gumlicker would ya?" and take great pleasure in our confusion. He'd be mock-shocked of course at our "ignorance", and delight in explaining the word and how stupid we were for not knowing it. Crazy thing is, he'd always have a great and usually convoluted etymology.

He did this pretty much every day I knew him. Just an average working class bloke, with an average education. But I always secretly admired and envied his creativity with words, wondered where the inspiration came from, and whether he'd use the gift for anything more than keeping his workmates from boredom.

Me? The only words I invent tend to arrive as serendipitous typos. Yesterday's effort:

Museover - particularly thought-provoking and succinct tip or pop-up text that is displayed when you hover your mouse over an icon or word.

恭喜发财!

Update 27-Jan: It's official: museover and backblogarrythmia are in the (pseudo)dictionary

* just fucking post something