Beyond the Code
or, how to win friends, influence people and make a living by writing open source software. It's not just about the code.
Follow me on Twitter as @jonobennett.
Friday 29 May 2009, 1:45 PM
Wave Hello, Say Goodbye (to closed-off collaboration platforms)
I'm still reading through what little detail we have on Google Wave, but there certainly appears to be enough for developers to get excited about.
Before we even get to the technical details of what Wave does, or how we develop for it, there's the way it's being designed, developed and distributed. At first glance, everything about Wave is open: Source, protocols, licence, including a patent retaliation clause.
This shows how far we've come towards open source development becoming the norm. Imagine ten years ago, if a company pre-announced a product and made it clear anyone else would be able to use the code, even before the original authors had a chance to build up an established user base — you'd have thought they were mad. Now it just seems normal.
Google's reasons for doing this as open source are no different from what anyone's reasons should be. As Vic Gundotra, Google's VP Engineering said at the launch of Wave, "frankly, we need developers to help us complete this product, and we need your support". Even Google's massive resources aren't enough to make a plan as ambitious as Wave succeed on its own.
By building Wave in an open source manner, Google not only gets additional developer help for free, but also gets a greater range of ideas and opinions than it would from within its own walls. It also reassures the rest of us that this isn't going to be a Google steamroller than flattens any other equivalent services before they start.
Wave won't just be important for what it's capable of, but also for the change in attitudes to software development it represents. Assuming all goes to the plan Google has laid out, everyone wins.
Before we even get to the technical details of what Wave does, or how we develop for it, there's the way it's being designed, developed and distributed. At first glance, everything about Wave is open: Source, protocols, licence, including a patent retaliation clause.
This shows how far we've come towards open source development becoming the norm. Imagine ten years ago, if a company pre-announced a product and made it clear anyone else would be able to use the code, even before the original authors had a chance to build up an established user base — you'd have thought they were mad. Now it just seems normal.
Google's reasons for doing this as open source are no different from what anyone's reasons should be. As Vic Gundotra, Google's VP Engineering said at the launch of Wave, "frankly, we need developers to help us complete this product, and we need your support". Even Google's massive resources aren't enough to make a plan as ambitious as Wave succeed on its own.
By building Wave in an open source manner, Google not only gets additional developer help for free, but also gets a greater range of ideas and opinions than it would from within its own walls. It also reassures the rest of us that this isn't going to be a Google steamroller than flattens any other equivalent services before they start.
Wave won't just be important for what it's capable of, but also for the change in attitudes to software development it represents. Assuming all goes to the plan Google has laid out, everyone wins.
Wednesday 27 May 2009, 1:48 PM
A call for an internet age speaker
If you think that the recent scandal in Westminster over MPs' expenses has little to do with technology, barring the odd flat screen TV, you'd probably be right. However, some open source software and the internet may well play a part in ensuring we never get into a similar situation again.
MySociety.org, a project of a charity called UK Citizens Online Democracy, has been producing web sites that allow you to interact with government services for some time. One of the sites MySociety has produced, TheyWorkForYou.com allows you to see into the workings of Westminster, and see what your MP has been speaking about in the house, the written questions they've been asking, how much they've claimed in expenses (but not details of individual items) and various other bits of information. This is all good stuff that's useful when your MP (or, more likely, their party activists) comes knocking on your door at General Election time.
What it doesn't do is allow you to see what's in bills that are being drafted before they make it into law. This information is available, but not in any form that's easily parseable in software -- certainly not in the same way as other bits of parliamentary information. This has so far prevented MySociety from making this information available on the internet. Unsurprisingly the group launched a campaign called Free Our Bills, aimed at changing this situation, but with limited success so far.
The resignation of the Speaker is seen as an opportunity to put this right, and MySociety is asking people to write to their MP on the subject. This reform could go even further. We're now used to buying and selling, keeping in touch with our friends, banking, and doing many other routine parts of our lives online. That could easily extend to government -- not just using public services, but taking part in the country's decision-making process.
If this sounds like a good idea to you, you could do far worse than get involved. The software to make an online democracy possible needs writing and testing — and of course it should be open source. It needs people to encourage its use. The internet has made many other aspects of life easier and more efficient. Why shouldn't it do the same for politics?
MySociety.org, a project of a charity called UK Citizens Online Democracy, has been producing web sites that allow you to interact with government services for some time. One of the sites MySociety has produced, TheyWorkForYou.com allows you to see into the workings of Westminster, and see what your MP has been speaking about in the house, the written questions they've been asking, how much they've claimed in expenses (but not details of individual items) and various other bits of information. This is all good stuff that's useful when your MP (or, more likely, their party activists) comes knocking on your door at General Election time.
What it doesn't do is allow you to see what's in bills that are being drafted before they make it into law. This information is available, but not in any form that's easily parseable in software -- certainly not in the same way as other bits of parliamentary information. This has so far prevented MySociety from making this information available on the internet. Unsurprisingly the group launched a campaign called Free Our Bills, aimed at changing this situation, but with limited success so far.
The resignation of the Speaker is seen as an opportunity to put this right, and MySociety is asking people to write to their MP on the subject. This reform could go even further. We're now used to buying and selling, keeping in touch with our friends, banking, and doing many other routine parts of our lives online. That could easily extend to government -- not just using public services, but taking part in the country's decision-making process.
If this sounds like a good idea to you, you could do far worse than get involved. The software to make an online democracy possible needs writing and testing — and of course it should be open source. It needs people to encourage its use. The internet has made many other aspects of life easier and more efficient. Why shouldn't it do the same for politics?
Friday 22 May 2009, 12:13 PM
Offers by SMS? Always read the small print...
Earlier in the month David Meyer reported on Vodafone's summer roaming promotion, where you can call in certain countries at no extra cost. As a Vodafone customer I've just received an SMS telling me about the promotion, only it simply says that roaming charges have been "abolished" and gives me the chance to opt in by SMS. Oh, sure, there's a URI of the terms and conditions for the promotion, but nowhere in the original message is it suggested that it's a time-limited offer. Most dictionaries agree that abolished means "ended", not temporarily suspended. Vodafone, sort your marketing out.
The lesson here is an old one: always read the small print.
The lesson here is an old one: always read the small print.
Wednesday 13 May 2009, 8:39 PM
The UK's first socially networked election
The public's confidence in politicians is taking a knock right now, but that event that's mean to hold them to account, a general election, is on the horizon. What's more, judging by what happened in the US last year, this may be an election with a difference. This is likely to be the UK's first socially networked election.
While the web was already in most homes at the time of the last election, social networking sites were nowhere near as widely used, and certainly not amongst people over 30. That's changed, and more people have Facebook accounts, and thanks to Stephen Fry virtually the whole country has heard of Twitter. While I don't think we've yet seen the death of the Swingometer, social media and the internet will play a massive part in the conversation around the election. We saw Twitter's power during the US election, but also during the presidential inauguration earlier this year, and I've already had one prospective parliamentary candidate follow me on Twitter.
The problem with politics on the 'net thus far is it's mostly been just talk. There are some exceptions: the sterling work done by MySociety.org to bring the workings of government onto the web, DirectGov's Innovate portal and the BBC does a good job of using the web in creative ways.
Politicians themselves leave far more to be desired. Mailing lists are often read-only, and just promote party propaganda. Web sites are static affairs with no interactivity at all. In short, there's no conversation going on. We all have a responsiblity to help change this, especially if you live in a constituency where it's likely your ideal choice of candidate won't get in.
If you're canvassed by a politician, incumbent or prospective, ask them this: Are you willing to use the internet to its full advantage to have a two-way conversation with your constituents? Will you use one or more of the many services that already exist to make it easier for you to communicate with the people you represent? If not, how good a representative will that make you?
While the web was already in most homes at the time of the last election, social networking sites were nowhere near as widely used, and certainly not amongst people over 30. That's changed, and more people have Facebook accounts, and thanks to Stephen Fry virtually the whole country has heard of Twitter. While I don't think we've yet seen the death of the Swingometer, social media and the internet will play a massive part in the conversation around the election. We saw Twitter's power during the US election, but also during the presidential inauguration earlier this year, and I've already had one prospective parliamentary candidate follow me on Twitter.
The problem with politics on the 'net thus far is it's mostly been just talk. There are some exceptions: the sterling work done by MySociety.org to bring the workings of government onto the web, DirectGov's Innovate portal and the BBC does a good job of using the web in creative ways.
Politicians themselves leave far more to be desired. Mailing lists are often read-only, and just promote party propaganda. Web sites are static affairs with no interactivity at all. In short, there's no conversation going on. We all have a responsiblity to help change this, especially if you live in a constituency where it's likely your ideal choice of candidate won't get in.
If you're canvassed by a politician, incumbent or prospective, ask them this: Are you willing to use the internet to its full advantage to have a two-way conversation with your constituents? Will you use one or more of the many services that already exist to make it easier for you to communicate with the people you represent? If not, how good a representative will that make you?
Friday 8 May 2009, 4:31 PM
Infections, Conficker and preventative medicine
We hear from the US that inertia in government has prevented medical devices infected with the Conficker virus from being cured of their malady. That's missing the point entirely — which should be obvious to everyone involved. They should never have been infected in the first place.
Conficker exploited a hole in Windows' Server service, which is included and enabled by default on all standard installations. The service is used for file sharing, which isn't a necessary function on a medical device. It may need to access files on other machines, but there's no obvious reason for a medical device to share its files. If the function isn't needed, the code for that function shouldn't even be present on the device, but this isn't easy using Windows. This isn't a problem with the quality of the code in Windows as such — you can get vulnerabilities in Linux, believe it or not — it's more about the packaging and distribution model. If you're forced to include code you don't need by the distribution model — rather than a genuine software dependency — then problems like this are going to keep happening.
The virus also updated itself across the internet by retrieving the code from web sites set up for the purpose. Again, this shouldn't have been allowed to happen. While it's tedious for a desktop PC user to continually authorise applications that want to access the internet, on a device that's not a general purpose computer, it should be mandatory.
Neither should the network infrastructure these devices were plugged into have allowed unrestricted internet access. It may be easier for the network administrators to have a policy of allowing all traffic barring exceptions, but in situations where a significant number of the devices attached to the network have no business having unrestricted 'net access, keeping such a gaping security hole open is nothing short of idiocy.
Hindsight is always a wonderful thing to have, and strict security measures aren't appropriate to the risk faced by every networked device. Equally, we don't know how much damage to patient care was done by these medical instruments getting infected, but if little has been done that could just be down to luck. Nevertheless, these lessons should have been learned before now. The sad thing is they still probably won't.
Conficker exploited a hole in Windows' Server service, which is included and enabled by default on all standard installations. The service is used for file sharing, which isn't a necessary function on a medical device. It may need to access files on other machines, but there's no obvious reason for a medical device to share its files. If the function isn't needed, the code for that function shouldn't even be present on the device, but this isn't easy using Windows. This isn't a problem with the quality of the code in Windows as such — you can get vulnerabilities in Linux, believe it or not — it's more about the packaging and distribution model. If you're forced to include code you don't need by the distribution model — rather than a genuine software dependency — then problems like this are going to keep happening.
The virus also updated itself across the internet by retrieving the code from web sites set up for the purpose. Again, this shouldn't have been allowed to happen. While it's tedious for a desktop PC user to continually authorise applications that want to access the internet, on a device that's not a general purpose computer, it should be mandatory.
Neither should the network infrastructure these devices were plugged into have allowed unrestricted internet access. It may be easier for the network administrators to have a policy of allowing all traffic barring exceptions, but in situations where a significant number of the devices attached to the network have no business having unrestricted 'net access, keeping such a gaping security hole open is nothing short of idiocy.
Hindsight is always a wonderful thing to have, and strict security measures aren't appropriate to the risk faced by every networked device. Equally, we don't know how much damage to patient care was done by these medical instruments getting infected, but if little has been done that could just be down to luck. Nevertheless, these lessons should have been learned before now. The sad thing is they still probably won't.
