Monthly Archives: February 2013

development, open source, software development

LocationTech: a new Eclipse working group for location technologies

The Eclipse Foundation has announced a new working group, called LocationTech.

What is it? There is only one project currently, called LocationTech Technology.

Here is what it covers:

LTT projects provide artifacts such as libraries, user interfaces, and methodology logic that enable location aware applications and services. The nature of this work is scoped as follows:

  • Developing and delivering location aware services for web, mobile, and desktop based systems.
  • Storage, exchange, processing, and interpretation of massive data volumes with a component of spatial information
  • Apply Model based design in the context of geospatial information systems, building information modeling, and computer aided design
  • Aggregating and relating data from diverse sources including a spatial component. e.g. Analytics, Geospatial Business Intelligence, Geocoding, Routing
  • The implementation of generally applicable geospatial standards (e.g., Open Geospatial Consortium, ISO TC211, SQL MM, etc.)

The group is sponsored by IBM, Oracle, OpenGeo and Actuate.

Projects hosted at LocationTech benefit from a range of services, including git code repository, bugzilla bug tracking, hudson continuous integration, apache and drupal for a project dashboard, and “intellectual property services” covering licensing and related areas.

LocationTech is seeking involvement from OpenStreetMap (discussed here) and MapBox, among others.

Names not on the list of sponsors include Google and Nokia. Is this, perhaps, an effort to support location-based development in a manner that does not include a dependency on Google?

development

The Monki Gras London 2013: scaling craft, how to be happy at work, defining software excellence, and lots of beer

I attend numerous technical events, most of which are vendor-specific. There is nothing wrong with vendor-specific events. If you want to explore what is on offer from that vendor and quiz  their people, they are ideal. You will be aware though that they are promotional events and give you a skewed view of the world, for which you need to make allowance.

Therefore I particularly value events which are not vendor-specific. They may still offer a skewed view of the world, but at least it is vendor-neutral. Redmonk’s Monki Gras is one such, managed by analyst company RedMonk, in particular by its co-founder James Governor.

image

The event is small, with around 200 attendees, with a bias towards software developers. Seeing the picture above you will observe that it is not entirely vendor-neutral, in that it is sponsored by companies including Amazon, Adobe, twilio, Red Hat, Citrix, SAP and Heroku. Multi-vendor then, rather than vendor-neutral? Arguable, but there was little patience for product pitches and the event was one which was able to hear Basho’s Shanley Kane telling us to discard all our tools (a move unlikely to please vendors), so on a scale where zero is pure marketing fluff and ten searing honesty, I would award it at least an eight.

The Monki Gras is not just about technology. It is also about craft beer. This its second year, and there was even more beer content this time around. Possibly (said sotto voce) more than you might prefer if you have only a passing interest in the subject; but if so, perhaps this was not the right event for you.

image

Why the beer? Because developers like it. Because it is a craft that does not scale easily. Because it is characterful, flavoursome and distinctive, and individual examples aspire to excellence, all qualities that I suspect Redmonk value.

The combination of Redmonk values, generous sponsors and small size make this an event with exceptional catering. Not only craft beer, but also fresh fruit, Sushi, fresh ground coffee prepared by a skilled barista, and at the evening event, a breathtakingly good selection of cheeses of which I got to taste only a few slivers because my hotel arrangements required an early departure.

image

One of the ironies of the Monki Gras is that this kind of excellence does not scale well, with long queues for coffee and lunch, and on the Thursday evening one of the slowest meals I have attended. I left after three hours by which time it had reached the third course, but missed dessert and cheese. Good things take time and I guess this is all part of the Monki Gras experience.

What about the technical content? Technical may be the wrong word; and the published agenda is only an approximate guide. A Twitter search is one way to discover what was said; or you can check my tweets for those days; despite poor wifi there were enough smart gadgets that plenty of tweets got through. The focus was on the human aspect of software development, summed up for me by Cyndi Mitchell of Logspace and Thoughtworks, who said:

Software is fundamentally a human, interactive activity – if you don’t understand that, forget it.

Here are some other highlights, not comprehensive, but some of the things which caught my attention.

Rafe Colburn from Etsy who observed that to improve the craft of software development, you need to make time available by automating whatever you can.

Craig Kersteins and Matt Thompson from Heroku talked about developer productivity, with the startling statistic (I have no idea how they get these figures) that 76% of the worst-performing engineers suffer frequent interruptions. Software development needs focus; they suggested 4 hours of continuous uninterrupted work each day. At Heroku they use headphones as a “do not disturb” sign and respect that.

That risks the opposite danger, lack of communication. Hence another Heroku strategy is to give staff free lunch with long tables, to promote communication, and slow coffee machines that make a jug at a time, to promote sharing and collaboration.

Mazz Mosley and Nick Stenning from the Government Digital Service – which is transforming UK government IT from the inside, with generous use of open source and common sense – spoke on not recruiting developer rock stars, who create a single point of failure in your team. Rather, they aim to nurture collective intelligence.

This talk went down well at the Monki Gras, but while the thought makes sense, it intrigues me. Could the same person who becomes a “rock star” in one team be part of “collective intelligence” in another? Is not this more about how you manage your team, than how you recruit? And could a key leader that creates such a team be a bit of a rock star for doing so?

Phil Gilbert from IBM spoke about transforming IBM’s software products with design and rationalisation. The slide that has stayed with me showed how 20+ products in the areas of business process management were consolidated into two or three.

Chris Thorpe from Boffin talked about steam engines and 3D printing. Using 3D printing, steam engines can be repaired, while in another context model railway enthusiasts can get models in whatever size they want.

Steve Citron-Pousty from Red Hat gave us a sideways look at technology by talking about ecosystems. How do you nurture a vibrant ecosystem as opposed to one in which just a few creatures dominate? The answer is about monitoring, measuring, and testing hypotheses.

Ted Nyman at GitHub gave a memorable talk on being happy at work. His answer: no managers.

image

He described how GitHub is managed: nobody reports to anyone else, decisions are made by consensus, teams form naturally, nobody is forced to do anything, but individuals are highly motivated because they have authenticity and autonomy. Employees are happy and nobody ever quits. “Developers are awkward people, accept awkwardness,” he added.

This was another thought-provoking talk. How much of GitHub’s management model would translate or scale to other businesses? Does it depend on having smart, highly motivated team members? Will it work for ever, or end in disaster? Is Nyman’s description accurate, or are there disguised channels of authority which he did not articulate?

Day two, Friday, opened strongly. I have already mentioned Shanley Kane’s talk. She addressed the problem of dishonesty in software development, explaining that software roadmaps which show features on a timeline are inherently dishonest and cause erosion of trust. Developers have a responsibility to explain to others in the business that development does not work like that. Her suggested alternative is some sort of interactive document covering “what we’re working on”.

Cyndi Mitchell, also mentioned above, talked about excellence in software development. This is not just about technically sound code, but is multi-faceted, including business value, customer value, user experience, delivery and operations as well. It was another take on a common theme in Agile: the team is everyone, not just the developers.

Chris Aniszczyk from Twitter spoke about open source software. Twitter always evaluates open source options before risking wheel reinvention by cutting new code. He also advocates always writing code on the assumption that it will one day be open source. This promotes high quality APIs, sensible naming conventions, and other good things. Twitter aims to give code that is not its “secret sauce” back to the community, he said. However, Twitter avoids code with viral open source licenses like the GPL; it causes too many problems, he said.

An intriguing aside; Aniszczyk says that Twitter acquires companies to get the people, since “you can’t hire engineers these days.” This may create an open source project, as the code that company was working on is given away/abandoned to the community. I am not sure what examples of this process there are.

After that, there was lunch, more beer, brewers spoke, and a wood carver competed with a 3D printer to make a spoon; I’ve written about this here.

Lee Bofkin from Global Street Art spoke about street art. Where we see a wall or an alley, he said, a street artist sees a place that can be transformed with art. His slides were wonderful; check the Global Street Art site for a flavour.

image

There is no event quite like the Monki Gras; it was not deeply technical but was rich in ideas. Plenty to reflect on.

gadgets

Two ways to make a spoon: 3D printing in action

1 Comment

Last week I attended the Monki Gras, a distinctive event exploring how to scale craft, mainly in the context of technology but also in the context of beer.

On the second day there was a light-hearted competition. Who can make a spoon faster, a wood carver, or a geek with a 3D printer?

image

A skilled craftsperson can make a spoon in around half an hour, we learned.

In the other corner was a techie, a laptop computer and a 3D printer.

image

image

Said techie (I did not get the name unfortunately) had downloaded a spoon design from the internet and was printing it on a Prusa Mendal RepRap machine. Cost: from a few hundred pounds if you self-assemble, or £1000 or more if you purchase complete.

The software is open source: slic3r to convert a 3D model into printing instructions, and pronterface to talk to the 3D printer.

Looking in more detail at the printer, what you have is a system of cogs, rails and stepper motors that lets a print head move in three dimensions. The raw material is a spool of green plastic from faberdashery. This could be fed from the rotating white spooler at the top of the machine, though in this case only a little was needed and it was floating loose.

image

The plastic is melted by the print head and squirted out to form the object being printed. Apparently once formed it is reasonably rigid and strong.

image

Attendees observed that the competition was pretty silly, since speed is not a goal of 3D printing (and the wood carver was indeed the victor). In that sense, 3D printing is a poor way of scaling craft, though it has some potential in that a brilliant design can be reproduced as an object many times over. If you want a lot though, it is worth investing in traditional plastic moulding: setup is expensive, but once you have done one, you can do thousands more cheaply.

Still, imagine what 3D printing enables. I have a nice set of headphones, for example, which are useless because a small plastic component has broken. If I can get hold of (or make) a 3D computer model of the part, I can now make that part for little cost. You do not even need your own 3D printer; services like Shapeways let you upload the design and get the part in the post a few days later.

In niche areas like model trains and landscapes, 3D printing makes models viable even if only a few are needed. You can also have exactly the size you want, rather than being restricted to the standard sizes that are volume manufactured.

For inventors, 3D printing makes prototyping easier. You can iterate through hundreds of slightly different designs and try them out physically, rather than relying on computer models.

The opportunities are fantastic, and you can get started for little cost; though the guy at Monki Gras did note that his RepRap was temperamental and therefore a high maintenance gadget. Maybe by making a few modified parts he can improve it.

security

Another reason to use tablets: desktop anti-virus does not work

4 Comments

The New York Times has described in detail how it was hacked by a group looking for data on Chinese dissidents and Tibetan activists. The attack was investigated by security company Mandiant.

Note the following:

Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant.

Apparently the initial attack method was simple: emails with malicious links or attachments.

Symantec made an unconvincing defence of its products in a statement quoted by The Register:

Advanced attacks like the ones the New York Times described … underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.

Could the New York Times hack have been prevented by switching on more Symantec features? Count me as sceptical; in fact, it would not surprise me if these additional features were on anyway.

Anti-malware solutions based on detecting suspicious behaviour do not work. The task is too difficult, balancing inconvenience, performance, and limited knowledge of what really is or is not suspicious. Further, dialogs presented to non-technical users are mystifying and whether or not the right response is made is a matter of chance.

This does not mean that secure computing, or at least more secure computing, is impossible. A Windows desktop can be locked-down using whitelisting technology and limited user permissions, at the expense of inconvenience if you need to run something not on the whitelist. In addition, users can avoid most attacks without the need of any anti-virus software, by careful avoidance of malicious links and attachments, and untrustworthy websites.

Aside: it is utterly stupid that Windows 8 ships with a new mail client which does not allow you to delete emails without previewing them or to see the real destination of an URL in the body of an email.

This kind of locked-down client is available in another guise though. Tablets such as those running iOS, Android or Windows RT (mail client aside) are designed to be resistant to attack, since apps are sandboxed and normally can only be installed via a trusted app store. Although users can bypass this restriction, for example by enabling developer permissions, this is not such a problem in a corporate deployment. The users most at risk are probably those least likely to make the effort to bypass corporate policies.

Note that in this context a Windows 8 Professional tablet such as Surface Pro is just another desktop and no more secure.

Another approach is to stop believing that the endpoint – the user’s device – can ever be secured. Lock down the server side instead, and take steps to protect just that little piece of functionality the client needs to access the critical data and server applications.

The key message though is this. Anti-virus software is ineffective. It is not completely useless, but can be counter-productive if users believe that because they have security software installed, they are safe from malware. This has never been true, and despite the maturity of the security software industry, remains untrue.

New types of client devices hold more promise as a route to safer personal computing.