james mckay dot net

I went to the dentist this afternoon.

She poked around my teeth briefly and said, “They’re looking pretty healthy. I’m quite impressed, given all the work I had to do on them initially,” then told me that one of my root fillings was chipped and needed to be repaired.

Not to worry, that was pretty quick and painless, and ten minutes later I was on my way back to the reception for The Extraction.

The Extraction, I hear you ask? Why do the receptionists do extractions when your teeth are healthy?

It’s actually the most painful bit of the lot. They may not extract anything from your mouth, but they certainly leave plenty gaps in your bank account. Forty-three pounds and sixty pence, to be precise. Ick. Seems dental fees have gone up a bit.

“Thank you, Mr Mac-EH,” said the receptionist, mis-pronouncing my name.

I don’t know why so many people insist on mis-pronouncing my surname. Listen up, folks, it’s pronounced Mac-EYE, not Mac-EH. Just think “iMac” with the syllables the wrong way round. If you’ve ever watched Porridge or Stargate Atlantis you should be well aware of the fact. Unfortunately, however, most people haven’t watched Porridge for years, and only geeks watch Stargate Atlantis, let alone know that it has a character in it with the same surname as yours trulyStargate Atlantis gets it wrong too. So, I think it’s forgivable.

I made eye contact. “Actually, it’s Mac-EYE. Everyone gets that wrong,” I said to her with a little laugh.

Getting the laugh right is important, as is the eye contact. You can’t take this kind of thing too seriously, after all. After all, she herself probably has a name whose pronunciation or spelling is even more ambiguous, as is the case for about half the names in the phone book. However, while I can generally get away with casually mentioning it to a dental receptionist, if I had been talking to a group of ten year olds, it would have been nothing short of cataclysmic. After all, one key rule of working with children is: if something makes you cringe, never let the little blighters know it.

I know this because once upon a time I was one such little blighter myself, as one Mrs F.M. Imrie found out.

When I was ten years old, one of our teachers, Mr P.F. Mann, broke his leg or something and ended up having to take half a term of sick leave. This was something of a disappointment, because “Puff Mann”, as we used to call him, was one of the most popular teachers in the school. He had a quirky sense of humour and a gift for making the dullest subjects come to life — talents that are absolutely essential for any school teacher.

The supply teacher who took his place was a stern, middle aged woman with horn rimmed glasses, her hair in a bun, a handbag with the initials “FMI” on the front, and less sense of humour than Darth Vader on a bad day. The first thing she did on walking into the room was to turn and write on the board.

“Im/rie.” With a large, distinctive, slash between the two syllables.

She turned back to face us. “Two syllables,” she said sternly. “Not three.”

Of course, this temptation is just too much for your average ten year old mind to bear, and right from the start, she was firmly entrenched in our minds as Mrs Immery.

Now every lesson at this particular school would start with the same ritual. The teacher would walk in. The class would stand up. “Good morning, boys,” the teacher would say. “Good morning, Sir/Mrs <insert name of teacher here>,” we would reply. The lesson would generally be preceded by five minutes or so waiting for the teacher to arrive. Ample time for one particular boy, in a bout of mischief, to turn to the kid behind him and say, “Immery. Pass it on.”

“Immery. Pass it on.”

“Immery. Pass it on.”

By the time the door opened, and Mrs Imrie walked in, the message had worked its way right round the class.

“Good morning, boys.”

“Good morning, Mrs Imm-ER-ry,” chimed out twenty-five pre-adolescent voices in unison, making the interstitial syllable as deliberate and obvious as possible.

Her reaction was most satisfying.

“I heard you practising in the library,” she said, with a look of total indignation. “Just how would you like it if I mis-pronounced all your names?” She then proceeded to read through the register, deliberately, systematically and sulkily mis-pronouncing all our names. When my turn came, she called me “McKite.”

Lame, I thought, struggling to keep a straight face. How are you supposed to take a teacher seriously when she gets as petulant as that?

However, there is a twist in the tale. You see, the mischievous boy who started this whole escapade that day was, in fact, me. And while there may not have been any immediate repercussions, a few years later we moved to the south of England, where 99% of the population are living with the delusion that “McKay” is pronounced “Mac-EH.” Some of them even persist in this misguided belief after I have pointed out their mistake to them. Mind you, the main offenders there are telemarketers, and I gather that telemarketers have scripts that they have to stick to, and they get fired if they deviate from them, e.g. by pronouncing your name correctly.

So perhaps I’ve been reaping what I sowed all those years ago. However, I’ve learned to just laugh it off. After all, perhaps one day I could end up having to work with ten year olds who read my blog.

Sorry, Mrs Immery.

Comments closed »

Posted at 22:11 on 17 December 2007.
Tagged: dentist, memoirs

Unapologetic mindless link propagation time — this is just way too useful to let it slip: Olivier Dagenais on a hack to make the "zoom" slider on the Microsoft Natural 4000 keyboard function as a "scroll" slider. (Hat tip: Ayende).

Comments closed »

Posted at 21:11 on 17 December 2007.
Tagged: ergonomic keyboards, typing

Scott Mitchell gave some instructions on 4GuysFromRolla a while back on how to list the sizes of all the tables in a SQL Server database.

His solution uses a mixture of SQL and ASP.NET, but some people will want an alternative in pure SQL. So, with no further ado, here you go:

create procedure sp_get_table_usage
as
begin
    create table #t (
        name varchar(100),
        rows int,
        reserved varchar(100),
        data varchar(100),
        index_size varchar(100),
        unused varchar(100)
    )

    declare @name varchar(100)

    declare c cursor
        for select name from sysobjects where type='U'

    open c
    fetch next from c into @name
    while @@FETCH_STATUS = 0
    begin
        insert into #t
            exec sp_spaceused @name
        fetch next from c into @name
    end
    close c
    deallocate c
    update #t
        set reserved = rtrim(replace(reserved, 'KB', '')),
            data = rtrim(replace(data, 'KB', '')),
            index_size = rtrim(replace(index_size, 'KB', '')),
            unused = rtrim(replace(unused, 'KB', ''))

    alter table #t
        alter column reserved int
    alter table #t
        alter column data int
    alter table #t
        alter column index_size int
    alter table #t
        alter column unused int

    select * from #t
        order by name
end

You can change the sort order by changing the order by clause at the end. For instance, order by data desc will list them in descending order of size.

Comments closed »

Posted at 18:12 on 14 December 2007.
Tagged: SQL Server

There’s been quite a bit of hype recently about Volta, the latest and greatest offering from Microsoft. It’s a bit like the Google Web Toolkit or RJS in Ruby on Rails, in that it allows you to write everything in C# and have it translated into JavaScript. You don’t even have to use C#—you could just as easily use VB, since it works on the compiled MSIL, converting that into JavaScript. It allows you to split your application at the lower tiers as well, automatically generating web services so that you can put, say, the user authentication part of your application on a different server to the main site.

It sounds like a good idea in theory, and no doubt it will attract quite a bit of attention from developers who do not want to have to learn yet another programming language. The main attraction of this kind of framework is for developers who are frightened off JavaScript by all the cross-browser insanities and the useless, bizarre and often totally misleading messages that Internet Explorer throws up when it encounters a JavaScript error. The old “Syntax error in line 0″ syndrome. There is also the issue of testing on multiple browsers on multiple operating systems. But hey, now we can write JavaScript without writing JavaScript!

But is it really necessary?

About a year ago, I would have given an emphatic “yes” in answer to that question. However, a lot has happened in the JavaScript world in the past year and a half. We now have free virtualisation software and Intel Macs, so you can run several different operating systems—Windows XP, Windows Vista, Windows Server 2003, Linux and Mac OS X—on the same machine if you are that way inclined, making cross browser testing a whole lot easier. Firebug turns Firefox from a humble browser into a powerful debugging tool. JavaScript frameworks such as Prototype, Scriptaculous, jQuery and Dojo abstract away all the nasty cross-browser stuff, allowing you to discover just how nice a language JavaScript really is. And on top of that, they give you transitions, drag and drop, thickboxes, fade anything techniques, and a whole lot of other eye candy and cool stuff as a bonus.

I’m also rather sceptical of the whole write-language-A-in-language-B business.

Admittedly, I’ve never actually tried the Google Web Toolkit or RJS, but my guess is that while there’s undoubtedly a lot that you can do with them, I doubt if they’re the most efficient. Writing JavaScript in C# or Java or Ruby will inevitably involve a layer of abstraction, and all abstractions are, to a greater or lesser extent, leaky.

Now before you shout me down on this one, yes, I know that Prototype and jQuery are abstraction layers, and therefore may well have plenty leaks of their own. However, the point that I am making is that the process of converting between languages adds a whole further abstraction layer in addition. Making the whole thing even leakier.

At present, Volta has a lot of leaks. Late binding is not supported, for instance, which means that languages such as IronPython, IronRuby or PHP (via Phalanger) are effectively ruled out, and Visual Basic requires you to use Option Strict. This seems a bit surreal given that JavaScript itself is also a dynamically typed language, but it is a consequence of the fact that it all goes through the statically typed MSIL intermediary, and support for reflection (which is needed to simulate dynamic typing on a statically typed platform) is severely limited.

I am also sceptical of the benefit of being able to move parts of your application between the client and the server. Far from making things simpler, this could introduce a whole new can of worms if it is not carefully thought out, partly in terms of performance, particularly if you end up with a very chatty interface between them, but much more seriously, in terms of security. Maintaining state across multiple tiers is also very difficult if not impossible to abstract completely transparently, and it will be interesting to see how they tackle this problem.

However, it is probably a little unfair to knock it too much at this stage. Volta is only a technology preview and pretty experimental, so obviously some of these leaks will be patched as it matures. On the other hand, undoubtedly other leaks will remain and may even prove impossible to patch—in particular, performance will never be the same as with pure vanilla JavaScript, and download sizes will still be greater. So by all means check it out if you like, but as far as I’m concerned, if a task calls for JavaScript, JavaScript is what I intend to use.

Comments closed (4) »

Posted at 23:00 on 11 December 2007.
Tagged: Firebug, GWT, JavaScript, leaky abstractions, volta

For anyone on the road heading to (or from) Scotland, Tebay services (Westmorland Farm Shops) on the M6 is the place to stop. It’s Britain’s only privately owned motorway service station and you really notice a difference. The food is way nicer for starters, and it has a much more homely atmosphere than the enterprisey corporate blandness of all the other places.

I’m writing this post from the above establishment, where we’ve stopped off for a meal en route to Scotland for a week’s holiday. We’ll be getting some much needed rest as well as celebrating my granny’s birthday on Tuesday. She will be 91.

Comments closed »

Posted at 19:31 on 1 December 2007.
Tagged: driving, travel

Anyone who has ever tried to edit Wikipedia will have encountered wikitext, the rather esoteric syntax used for markup on its pages.

Wikitext is, in theory at least, simpler than HTML. Two single quotes delimit ''italics'', while three single quotes indicate '''bold text'''. [Square brackets] indicate external links, [[double square brackets]] indicate internal links, and so on. A lot of other wiki software uses similar syntax. For example, Trac, a popular open source bug tracking system, uses a very similar markup language, and since you can also embed HTML in it, and even use a fairly sophisticated macro language, it allows very fine-grained control of the contents of the page. For the novice, there is a helpful toolbar at the top of the edit box, so that you can easily mark up various parts of the text as bold, italics, hyperlinks, and so on.

However, in late 2007, it somehow feels wrong. As wrong as it felt not being able to get broadband in late 2005.

Perhaps there is a place for wikitext, as a fallback to improve accessibility when JavaScript is not available. And some things are simply not possible (yet) without it, such as typesetting mathematical equations. However, in terms of usability, it sucks. Apart from having to navigate away from the main article page, you have to scroll through the box to find the part of the wikitext corresponding to where you want to make the change (not obvious in an article with a lot of footnotes, references, tables and the like). It also creates a distinct range of systemic biases, which is a problem that Wikipedia itself acknowledges. How much nicer it would be, if clicking on “edit” on a section of a wiki page were to bring up an in-line rich text editor where what you see is what you get.

Web browsers have now had rich text editing capabilities for over seven years. This feature was first introduced in July 2000 in Internet Explorer 5.5, and nowadays every major browser supports it one way or another. It needs a lot of fiddling about with JavaScript in order to work properly on all of them, of course, but there are several popular and mature libraries and components such as FreeTextBox, TinyMCE and FCKeditor that handle this very well, so that’s pretty much a solved problem. Even cleaning Word HTML and producing valid XHTML — once common objections to rich text editors — are solved problems too.

There are many rich Internet applications these days that raise the bar significantly in terms of quality of user experience. Slick, good looking, easy to use sites are becoming more and more commonplace, and while ones such as Google Maps or EyeOS still have a bit of a “wow” factor, it’s getting easier all the time to develop them. With libraries like jQuery, for instance, you can implement a Google Suggest-style Ajax search facility in a couple of hours.

With it becoming increasingly easy to create elegant rich Internet applications, and the tools to do so being readily available, free and open source, having such an awkward and clunky way of editing content is beginning to look very last millennium. It’s time it went the way of the dinosaurs.

Comments closed (2) »

Posted at 12:30 on 26 November 2007.
Tagged: Wikipedia, wikitext

Over the past week or so I’ve been moving to a new computer at work. This is partly because my old machine had been going for nearly two years without a re-installation of Windows and was beginning to get cranky as a result, but also because I needed to move to Windows Server 2003.

Yes, you read that correctly: I am now using a Windows Server 2003 box as a workstation.

There is actually a very good reason why you would want to do something like this: SharePoint development. You can not install SharePoint on Windows XP or Windows Vista, which means that up to now we’ve had to remote desktop into our main development server for much of our SharePoint work. It works up to a point, but that way I don’t have all my other tools such as Reflector, Paint.net, Tortoise Subversion and Dreamweaver immediately to hand and set up the way I like them, I have to spend an inordinate amount of time shunting files to and fro across network shares (a very annoying faff), and I haven’t been able to make the most of my dual vertical monitor setup.

Now as Windows Server 2003 is built on the same code base as Windows XP, you would think that you are simply dealing with a souped-up version of XP on steroids. However, in practice, things are never that simple.

Out of the box, Windows Server 2003 is not configured for any of the cool stuff. It has a whole raft of settings that you tend to just take for granted when it’s running on a box in a server cabinet or a data centre and only ever gets accessed by terminal services. These let it take all the boring bits in its stride, but if you want to use it as a workstation, you have quite a bit of leg-work and tweaking to do. However, there is a pretty comprehensive guide on how to get it to behave like a workstation rather than a server, so it seems that if you want to run both MOSS 2007 and Lego Star Wars on the same box, it is possible. In theory, at least.

Windows XP hardware drivers tend to be up to snuff, at least insomuch as Windows XP drivers are up to snuff in general, but I had quite a struggle getting the video card to work correctly, and eventually I had to disable DirectDraw and Direct3D accelerations to stop it crashing altogether. I am not sure whether it’s the driver, the video card or the OS that’s at fault there, but since my work doesn’t involve anything that requires DirectDraw or Direct3D acceleration, fixing it has had to take a back seat.

The only real downside is that the current version of Windows Live Writer stubbornly refuses to install. It’s a bug or a design flaw in the installer, and there is apparently a workaround for it, but you can blog from Word 2007, so for the time being I won’t worry too much about that. However,I don’t think I’ll be in much of a hurry to deploy Windows Server 2003 similarly at home, especially when you consider that Windows Movie Maker is also absent.

And yes, perhaps I could have waited for the Windows Server 2008 RTM. However, with a survey at the start of this week showing that even after about nine months, 90% of IT professionals have concerns about migrating to Vista, and half of them have no plans to deploy it, I don’t think I’ll worry too much about that just yet either.

Comments closed (3) »

Posted at 23:52 on 23 November 2007.
Tagged: Windows Server 2003

How does your website handle users who have forgotten their password?

Chances are, you ask for their e-mail address, look them up, extract their password from the database, and e-mail it to them. Nice and simple, and convenient for the end user, and easy to program.

Unfortunately, it is seriously and dangerously flawed.

Almost everyone re-uses login details across multiple web sites. It simply is not realistic to expect them to do otherwise. As a result, if an attacker manages to compromise your user database, they will be able to impersonate your users on potentially thousands of websites, including some that store their credit card details.

Never think you are immune to this. It happened to Reddit, a popular user-generated news site similar to Digg, and it can happen to you. It is very difficult to be 100% sure that your database will never fall into the wrong hands: unless you have enterprise-level security staff, infrastructure, procedures and budget, every single person involved with your data will be a weak link in the chain, from the developers to the DBAs to the dodgy geezer who comes in as a contractor to do the building’s networking. Do you know where all the copies of your data are — even the partial, out of date ones that your developers use for testing? Are you sure there aren’t any hanging around on backup CDs, USB key disks, laptops, or old PCs that you are throwing out?

No, you should never store your users’ passwords directly in a database. Instead, you must use a salted hash: a one-way encryption algorithm which makes it impossible — or at the very least, computationally very expensive and impractical — to reverse engineer them into the original password.

Unfortunately, this means that you can’t send password reminders to your users. Instead, you have to send them a single-use link to a page where they can reset their passwords on confirmation of their e-mail address. Because of this, some people prefer to sacrifice security in favour of convenience here. In fact, if the comments that were left on Jeff Atwood’s blog when he wrote about this subject are anything to go by, sometimes this design decision is imposed on developers, against their recommendations, by their managers.

I think that Mats Helander comes up with the best response to this, when he says that it should be illegal to store passwords in a database in plain text:

Many comments on Jeff [Atwood]’s blog lamented the fact that sometimes your boss will decide for you that passwords should be stored in plaintext (or two-way encrypted using a secret key, which the hacker will of course be able to obtain as readily as your password list, meaning it’s as good as plaintext). One often suggested reason would be a requirement that the system must be able to mail back a user’s forgotten password.

In my opinion, this is one of the very rare cases where I think the law should get involved, protecting the developer from having to compromise my security in order to keep his job. The developer should be able to say “No boss, that would be against the law”.

I couldn’t agree more. Really, the extra complexity introduced by the “reset password” option is very minor, and given the potential consequences of losing your data to an attacker, seriously compromising my security in favour of convenience in this way is inexcusably reckless, especially in a day and age when identity theft is a serious and growing problem.

Comments closed »

Posted at 00:55 on 15 November 2007.
Tagged: best practices, security

One thing that irks me a bit is when developers deride “functional programming” as something for complete n00bs and script kiddies who haven’t a clue about writing software.

The most common offenders seem to be some advanced PHP developers who know something (perhaps quite a lot) about object oriented programming, think it’s the greatest thing since sliced bread, consider themselves smart (with some justification) because a lot of developers simply don’t “get” OO and they do, and look down on what they call “functional” programming.

Now they’re mostly right, but they’ve got their terminology wrong. What they actually mean is procedural programming.

There is a big difference.

Procedural programming is where you view your code linearly, as a set of instructions to be executed one after the other. You write a series of instructions outlining what you want to do, extracting commonly used bits of it into procedures and functions. You think in terms of do this, do that, if-then-else, and so on. It’s useful for small quick-and-dirty scripts, it’s very easy to learn, and it’s the way that most people start off programming. It’s software development at the level that trendy designers in Brighton who do beautiful stuff with Flash and Photoshop can understand.

However, it gets a rough press from OO geeks, since more often than not you end up with things like copy-and-paste code, global variables all over the place colliding with each other, and functions with parameter lists that reach into double figures. And when your app reaches the size and complexity of, say, WordPress, it becomes pretty unpleasant to maintain.

Functional programming, on the other hand, is a bit closer to rocket science. Joel Spolsky describes functional paradigms as considerably harder than OO, and considers them a good discriminator between really brilliant developers and the unwashed masses, along with concepts such as pointers and recursion. Most of the trendy designers in Brighton would struggle with many of the concepts, and the real experts in functional programming tend to congregate in places such as NASA, Google and MIT, writing massively scalable search algorithms and the code that keeps the Mars rovers entertaining us with panoramas of the Red Planet.

It’s where functions take on a different nature altogether: they are first class objects, and you can pass them as parameters to other functions, or have them as return values. Differential calculus is one such example: you pass a function, such as y=x³, into the “differentiate” function, and it returns another function, y=3x².

It gives you useful and powerful features such as closures — where the function runs in the context of its scope as it was when it was created — or iterators (the yield statement) and it allows you to do very fancy things with very little code. Things that would require fancy design patterns such as Abstract Factory, Decorator and so on in classic OO, and even fancier hoops to jump through in merely procedural languages. It is used at a fairly basic but very effective level in jQuery, for example, which allows you to produce jaw-droppingly fancy Ajax-enabled websites with only a few lines of code. However, that is only scratching the surface: once you really get into it, you have to grapple with highfalutinalia such as fixed point computation, monads, and much more.

Perhaps I’m being a bit pedantic here — you tend to get that way a bit when you spend a lot of time coding — but the next time you are tempted to knock “functional programming” just bear in mind that by so doing, you are inadvertently dissing people who are a lot smarter than you.

Comments closed »

Posted at 15:22 on 12 November 2007.
Tagged: functional programming

By some strange quirk of Google, I tend to hover around the top of the listing for a search for “James McKay”. Here in Blighty, I seem to be jostling for the top spot with a criminal defence solicitor in Elgin, Scotland, but in most of the rest of the world, “I’m feeling lucky” sends the average punter to yours truly.

Now this namesake of mine may or may not be a distant relative, but he is not me. Unless of course it is somehow possible to simultaneously be both a web developer in the south of England and a criminal defence solicitor in the north of Scotland and be totally unaware of the fact. However, while that may be the case on TV programmes like Stargate SG-1, it doesn’t happen in real life.

We also both share our name with, among others, the author of a book on ferrets, a nineteenth century Canadian politician, a historian at the University of Birmingham, and thousands of other random individuals in Scotland, England, the USA, Canada and everywhere else you could possibly imagine. There are no less than 147 of us on Facebook.

As you can imagine, occasionally I get e-mails or Skype messages or whatever out of the blue from people whose names I don’t recognise, addressing me as if we’ve known each other for years. Just to make things slightly complicated, we may actually have met before. Is it really appropriate to say bluntly to them, “Sorry, who are you?” in such cases?

I may have met them when I worked with my father, for instance. As a well respected Bible teacher, author and public speaker, he enjoyed something of a minor celebrity status in some Christian circles, and inevitably some of that rubbed off onto me, and as a result, I got to meet a lot of people. Unfortunately, I am not the best person in the world at remembering people and putting names to faces, so that complicates things a little bit.

Facebook friend requests are easy. Especially if we have a mutual friend: I can fire off a message to them and ask them to jog my memory and spare me any embarrassment, if I am still puzzled by the person concerned’s profile page. Other means of communication are slightly more complicated, however, since I am then faced with the task of breaking it gently to them that rather than being the close friend they expect, I may in fact be a complete stranger.

Don’t let this put you off from getting in touch with me of course. I’ve no objections to widening my social circle, or renewing old acquaintances, and as long as I can establish that you’re not an axe-murderer and you’re not trying to sell me viagra, cheap mortgages or pirated software, I won’t mind. And please don’t be offended if my memory of you falls short of your expectations: if we have met, you may just have fallen foul of the absent minded side of me, especially if it’s been a long time. However, if you are looking for a criminal defence solicitor, a ferret expert or a historian, I’m afraid I can’t help you.

Comments closed »

Posted at 23:30 on 9 November 2007.
Tagged: e-mail