james mckay dot net

I went to the dentist this afternoon.

She poked around my teeth briefly and said, “They’re looking pretty healthy. I’m quite impressed, given all the work I had to do on them initially,” then told me that one of my root fillings was chipped and needed to be repaired.

Not to worry, that was pretty quick and painless, and ten minutes later I was on my way back to the reception for The Extraction.

The Extraction, I hear you ask? Why do the receptionists do extractions when your teeth are healthy?

It’s actually the most painful bit of the lot. They may not extract anything from your mouth, but they certainly leave plenty gaps in your bank account. Forty-three pounds and sixty pence, to be precise. Ick. Seems dental fees have gone up a bit.

“Thank you, Mr Mac-EH,” said the receptionist, mis-pronouncing my name.

I don’t know why so many people insist on mis-pronouncing my surname. Listen up, folks, it’s pronounced Mac-EYE, not Mac-EH. Just think “iMac” with the syllables the wrong way round. If you’ve ever watched Porridge or Stargate Atlantis you should be well aware of the fact. Unfortunately, however, most people haven’t watched Porridge for years, and only geeks watch Stargate Atlantis, let alone know that it has a character in it with the same surname as yours trulyStargate Atlantis gets it wrong too. So, I think it’s forgivable.

I made eye contact. “Actually, it’s Mac-EYE. Everyone gets that wrong,” I said to her with a little laugh.

Getting the laugh right is important, as is the eye contact. You can’t take this kind of thing too seriously, after all. After all, she herself probably has a name whose pronunciation or spelling is even more ambiguous, as is the case for about half the names in the phone book. However, while I can generally get away with casually mentioning it to a dental receptionist, if I had been talking to a group of ten year olds, it would have been nothing short of cataclysmic. After all, one key rule of working with children is: if something makes you cringe, never let the little blighters know it.

I know this because once upon a time I was one such little blighter myself, as one Mrs F.M. Imrie found out.

When I was ten years old, one of our teachers, Mr P.F. Mann, broke his leg or something and ended up having to take half a term of sick leave. This was something of a disappointment, because “Puff Mann”, as we used to call him, was one of the most popular teachers in the school. He had a quirky sense of humour and a gift for making the dullest subjects come to life — talents that are absolutely essential for any school teacher.

The supply teacher who took his place was a stern, middle aged woman with horn rimmed glasses, her hair in a bun, a handbag with the initials “FMI” on the front, and less sense of humour than Darth Vader on a bad day. The first thing she did on walking into the room was to turn and write on the board.

“Im/rie.” With a large, distinctive, slash between the two syllables.

She turned back to face us. “Two syllables,” she said sternly. “Not three.”

Of course, this temptation is just too much for your average ten year old mind to bear, and right from the start, she was firmly entrenched in our minds as Mrs Immery.

Now every lesson at this particular school would start with the same ritual. The teacher would walk in. The class would stand up. “Good morning, boys,” the teacher would say. “Good morning, Sir/Mrs <insert name of teacher here>,” we would reply. The lesson would generally be preceded by five minutes or so waiting for the teacher to arrive. Ample time for one particular boy, in a bout of mischief, to turn to the kid behind him and say, “Immery. Pass it on.”

“Immery. Pass it on.”

“Immery. Pass it on.”

By the time the door opened, and Mrs Imrie walked in, the message had worked its way right round the class.

“Good morning, boys.”

“Good morning, Mrs Imm-ER-ry,” chimed out twenty-five pre-adolescent voices in unison, making the interstitial syllable as deliberate and obvious as possible.

Her reaction was most satisfying.

“I heard you practising in the library,” she said, with a look of total indignation. “Just how would you like it if I mis-pronounced all your names?” She then proceeded to read through the register, deliberately, systematically and sulkily mis-pronouncing all our names. When my turn came, she called me “McKite.”

Lame, I thought, struggling to keep a straight face. How are you supposed to take a teacher seriously when she gets as petulant as that?

However, there is a twist in the tale. You see, the mischievous boy who started this whole escapade that day was, in fact, me. And while there may not have been any immediate repercussions, a few years later we moved to the south of England, where 99% of the population are living with the delusion that “McKay” is pronounced “Mac-EH.” Some of them even persist in this misguided belief after I have pointed out their mistake to them. Mind you, the main offenders there are telemarketers, and I gather that telemarketers have scripts that they have to stick to, and they get fired if they deviate from them, e.g. by pronouncing your name correctly.

So perhaps I’ve been reaping what I sowed all those years ago. However, I’ve learned to just laugh it off. After all, perhaps one day I could end up having to work with ten year olds who read my blog.

Sorry, Mrs Immery.

Comments closed »

Posted at 22:11 on 17 December 2007.
Tagged: personal

Unapologetic mindless link propagation time — this is just way too useful to let it slip: Olivier Dagenais on a hack to make the "zoom" slider on the Microsoft Natural 4000 keyboard function as a "scroll" slider. (Hat tip: Ayende).

Comments closed »

Posted at 21:11 on 17 December 2007.
Tagged: Windows

Scott Mitchell gave some instructions on 4GuysFromRolla a while back on how to list the sizes of all the tables in a SQL Server database.

His solution uses a mixture of SQL and ASP.NET, but some people will want an alternative in pure SQL. So, with no further ado, here you go:

create procedure sp_get_table_usage
as
begin
    create table #t (
        name varchar(100),
        rows int,
        reserved varchar(100),
        data varchar(100),
        index_size varchar(100),
        unused varchar(100)
    )

    declare @name varchar(100)

    declare c cursor
        for select name from sysobjects where type='U'

    open c
    fetch next from c into @name
    while @@FETCH_STATUS = 0
    begin
        insert into #t
            exec sp_spaceused @name
        fetch next from c into @name
    end
    close c
    deallocate c
    update #t
        set reserved = rtrim(replace(reserved, 'KB', '')),
            data = rtrim(replace(data, 'KB', '')),
            index_size = rtrim(replace(index_size, 'KB', '')),
            unused = rtrim(replace(unused, 'KB', ''))

    alter table #t
        alter column reserved int
    alter table #t
        alter column data int
    alter table #t
        alter column index_size int
    alter table #t
        alter column unused int

    select * from #t
        order by name
end

You can change the sort order by changing the order by clause at the end. For instance, order by data desc will list them in descending order of size.

Comments closed »

Posted at 18:12 on 14 December 2007.
Tagged: sql server

There’s been quite a bit of hype recently about Volta, the latest and greatest offering from Microsoft. It’s a bit like the Google Web Toolkit or RJS in Ruby on Rails, in that it allows you to write everything in C# and have it translated into JavaScript. You don’t even have to use C#—you could just as easily use VB, since it works on the compiled MSIL, converting that into JavaScript. It allows you to split your application at the lower tiers as well, automatically generating web services so that you can put, say, the user authentication part of your application on a different server to the main site.

It sounds like a good idea in theory, and no doubt it will attract quite a bit of attention from developers who do not want to have to learn yet another programming language. The main attraction of this kind of framework is for developers who are frightened off JavaScript by all the cross-browser insanities and the useless, bizarre and often totally misleading messages that Internet Explorer throws up when it encounters a JavaScript error. The old “Syntax error in line 0″ syndrome. There is also the issue of testing on multiple browsers on multiple operating systems. But hey, now we can write JavaScript without writing JavaScript!

But is it really necessary?

About a year ago, I would have given an emphatic “yes” in answer to that question. However, a lot has happened in the JavaScript world in the past year and a half. We now have free virtualisation software and Intel Macs, so you can run several different operating systems—Windows XP, Windows Vista, Windows Server 2003, Linux and Mac OS X—on the same machine if you are that way inclined, making cross browser testing a whole lot easier. Firebug turns Firefox from a humble browser into a powerful debugging tool. JavaScript frameworks such as Prototype, Scriptaculous, jQuery and Dojo abstract away all the nasty cross-browser stuff, allowing you to discover just how nice a language JavaScript really is. And on top of that, they give you transitions, drag and drop, thickboxes, fade anything techniques, and a whole lot of other eye candy and cool stuff as a bonus.

I’m also rather sceptical of the whole write-language-A-in-language-B business.

Admittedly, I’ve never actually tried the Google Web Toolkit or RJS, but my guess is that while there’s undoubtedly a lot that you can do with them, I doubt if they’re the most efficient. Writing JavaScript in C# or Java or Ruby will inevitably involve a layer of abstraction, and all abstractions are, to a greater or lesser extent, leaky.

Now before you shout me down on this one, yes, I know that Prototype and jQuery are abstraction layers, and therefore may well have plenty leaks of their own. However, the point that I am making is that the process of converting between languages adds a whole further abstraction layer in addition. Making the whole thing even leakier.

At present, Volta has a lot of leaks. Late binding is not supported, for instance, which means that languages such as IronPython, IronRuby or PHP (via Phalanger) are effectively ruled out, and Visual Basic requires you to use Option Strict. This seems a bit surreal given that JavaScript itself is also a dynamically typed language, but it is a consequence of the fact that it all goes through the statically typed MSIL intermediary, and support for reflection (which is needed to simulate dynamic typing on a statically typed platform) is severely limited.

I am also sceptical of the benefit of being able to move parts of your application between the client and the server. Far from making things simpler, this could introduce a whole new can of worms if it is not carefully thought out, partly in terms of performance, particularly if you end up with a very chatty interface between them, but much more seriously, in terms of security. Maintaining state across multiple tiers is also very difficult if not impossible to abstract completely transparently, and it will be interesting to see how they tackle this problem.

However, it is probably a little unfair to knock it too much at this stage. Volta is only a technology preview and pretty experimental, so obviously some of these leaks will be patched as it matures. On the other hand, undoubtedly other leaks will remain and may even prove impossible to patch—in particular, performance will never be the same as with pure vanilla JavaScript, and download sizes will still be greater. So by all means check it out if you like, but as far as I’m concerned, if a task calls for JavaScript, JavaScript is what I intend to use.

Comments closed (4) »

Posted at 23:00 on 11 December 2007.
Tagged: .net, javascript

For anyone on the road heading to (or from) Scotland, Tebay services (Westmorland Farm Shops) on the M6 is the place to stop. It’s Britain’s only privately owned motorway service station and you really notice a difference. The food is way nicer for starters, and it has a much more homely atmosphere than the enterprisey corporate blandness of all the other places.

I’m writing this post from the above establishment, where we’ve stopped off for a meal en route to Scotland for a week’s holiday. We’ll be getting some much needed rest as well as celebrating my granny’s birthday on Tuesday. She will be 91.

Comments closed »

Posted at 19:31 on 1 December 2007.
Tagged: miscellaneous

Anyone who has ever tried to edit Wikipedia will have encountered wikitext, the rather esoteric syntax used for markup on its pages.

Wikitext is, in theory at least, simpler than HTML. Two single quotes delimit ''italics'', while three single quotes indicate '''bold text'''. [Square brackets] indicate external links, [[double square brackets]] indicate internal links, and so on. A lot of other wiki software uses similar syntax. For example, Trac, a popular open source bug tracking system, uses a very similar markup language, and since you can also embed HTML in it, and even use a fairly sophisticated macro language, it allows very fine-grained control of the contents of the page. For the novice, there is a helpful toolbar at the top of the edit box, so that you can easily mark up various parts of the text as bold, italics, hyperlinks, and so on.

However, in late 2007, it somehow feels wrong. As wrong as it felt not being able to get broadband in late 2005.

Perhaps there is a place for wikitext, as a fallback to improve accessibility when JavaScript is not available. And some things are simply not possible (yet) without it, such as typesetting mathematical equations. However, in terms of usability, it sucks. Apart from having to navigate away from the main article page, you have to scroll through the box to find the part of the wikitext corresponding to where you want to make the change (not obvious in an article with a lot of footnotes, references, tables and the like). It also creates a distinct range of systemic biases, which is a problem that Wikipedia itself acknowledges. How much nicer it would be, if clicking on “edit” on a section of a wiki page were to bring up an in-line rich text editor where what you see is what you get.

Web browsers have now had rich text editing capabilities for over seven years. This feature was first introduced in July 2000 in Internet Explorer 5.5, and nowadays every major browser supports it one way or another. It needs a lot of fiddling about with JavaScript in order to work properly on all of them, of course, but there are several popular and mature libraries and components such as FreeTextBox, TinyMCE and FCKeditor that handle this very well, so that’s pretty much a solved problem. Even cleaning Word HTML and producing valid XHTML — once common objections to rich text editors — are solved problems too.

There are many rich Internet applications these days that raise the bar significantly in terms of quality of user experience. Slick, good looking, easy to use sites are becoming more and more commonplace, and while ones such as Google Maps or EyeOS still have a bit of a “wow” factor, it’s getting easier all the time to develop them. With libraries like jQuery, for instance, you can implement a Google Suggest-style Ajax search facility in a couple of hours.

With it becoming increasingly easy to create elegant rich Internet applications, and the tools to do so being readily available, free and open source, having such an awkward and clunky way of editing content is beginning to look very last millennium. It’s time it went the way of the dinosaurs.

Comments closed (2) »

Posted at 12:30 on 26 November 2007.
Tagged: wikipedia

How does your website handle users who have forgotten their password?

Chances are, you ask for their e-mail address, look them up, extract their password from the database, and e-mail it to them. Nice and simple, and convenient for the end user, and easy to program.

Unfortunately, it is seriously and dangerously flawed.

Almost everyone re-uses login details across multiple web sites. It simply is not realistic to expect them to do otherwise. As a result, if an attacker manages to compromise your user database, they will be able to impersonate your users on potentially thousands of websites, including some that store their credit card details.

Never think you are immune to this. It happened to Reddit, a popular user-generated news site similar to Digg, and it can happen to you. It is very difficult to be 100% sure that your database will never fall into the wrong hands: unless you have enterprise-level security staff, infrastructure, procedures and budget, every single person involved with your data will be a weak link in the chain, from the developers to the DBAs to the dodgy geezer who comes in as a contractor to do the building’s networking. Do you know where all the copies of your data are — even the partial, out of date ones that your developers use for testing? Are you sure there aren’t any hanging around on backup CDs, USB key disks, laptops, or old PCs that you are throwing out?

No, you should never store your users’ passwords directly in a database. Instead, you must use a salted hash: a one-way encryption algorithm which makes it impossible — or at the very least, computationally very expensive and impractical — to reverse engineer them into the original password.

Unfortunately, this means that you can’t send password reminders to your users. Instead, you have to send them a single-use link to a page where they can reset their passwords on confirmation of their e-mail address. Because of this, some people prefer to sacrifice security in favour of convenience here. In fact, if the comments that were left on Jeff Atwood’s blog when he wrote about this subject are anything to go by, sometimes this design decision is imposed on developers, against their recommendations, by their managers.

I think that Mats Helander comes up with the best response to this, when he says that it should be illegal to store passwords in a database in plain text:

Many comments on Jeff [Atwood]’s blog lamented the fact that sometimes your boss will decide for you that passwords should be stored in plaintext (or two-way encrypted using a secret key, which the hacker will of course be able to obtain as readily as your password list, meaning it’s as good as plaintext). One often suggested reason would be a requirement that the system must be able to mail back a user’s forgotten password.

In my opinion, this is one of the very rare cases where I think the law should get involved, protecting the developer from having to compromise my security in order to keep his job. The developer should be able to say “No boss, that would be against the law”.

I couldn’t agree more. Really, the extra complexity introduced by the “reset password” option is very minor, and given the potential consequences of losing your data to an attacker, seriously compromising my security in favour of convenience in this way is inexcusably reckless, especially in a day and age when identity theft is a serious and growing problem.

Comments closed »

Posted at 00:55 on 15 November 2007.
Tagged: antipatterns, security

I clicked the “unsubscribe” link at the bottom of an e-newsletter from the kind of company that I tend to think of as being fairly reputable.

Admittedly, it was one of those companies that require you to register on their website before downloading their software, and demand all sorts of intrusive and unnecessary information such as what you had for breakfast and which football team you support. Don’t you just hate it when they do that?

The message said, “Thank you for unsubscribing. We will process your request within five working days.”

Five working days?!!

Excuse me, but it so happens that back in the dim and distant past I actually wrote an in-house e-newsletter program, and I know for a fact that it does not take five working days to unsubscribe someone’s e-mail address. In fact if it takes anywhere near five seconds, your architecture is completely wonky.

That part of the application is so easy to write that the kids that sell burgers at McDonald’s could do it. It’s a single SQL DELETE statement, that’s all.

This wasn’t the first time I’d unsubscribed from this particular newsletter either. Nor are they the only company that does something like this — another one said that it would take ten working days.

Sometimes I wonder if they do things like that so that your “unsubscribed” e-mail address can accidentallyonpurpose “slip through the cracks” when they consolidate their mailing lists with addresses from other departments or companies.

I thought there were laws against this kind of thing.

Is it any wonder that young people these days are eschewing e-mail in favour of IM and Facebook, when even reputable companies are acting in ways more befitting of spammers?

Comments closed »

Posted at 14:00 on 22 October 2007.
Tagged: programming

I’ve decided to call it a day with my Kinesis keyboard.

This hasn’t been an easy decision. The Kinesis Advantage is a very nice piece of hardware, and I actually quite like it. Once you get used to it, it is very comfortable to type with, though you need to use Dvorak or Colemak to make the most of it. However, there is one very important thing that I have never been able to get used to on it: programming.

I’ve tried it with qwerty, and with Dvorak, and more recently in the past couple of weeks with Colemak, but these haven’t made any difference. The fact remains that there are some keys which are rarely used in normal typing that are used very frequently in writing code. Keys such as the square and curly brackets, the backslash, plus, minus and equals, and the cursor keys. These are frustratingly awkwardly placed on the Kinesis, and I have never managed to get used to them.

Yes, I know that the keyboard is reprogrammable, but you would have to reprogram something else in their places, and that something else would just be as awkward.

A while ago, someone left a comment on my blog assuring me that I would get used to it and I just needed to bear with it. Well, I’ve now had it for eighteen months and I still haven’t got used to it. There comes a point when you just have to face the fact that something isn’t going anywhere and you need to throw in the towel.

Since programming is what earns me my daily bread, I just can’t carry on regardless.

I’m going back to the Microsoft Natural line of keyboards, which are a tried and trusted solution that I’ve always found very satisfactory. I’ve ordered myself a new Microsoft Natural Ergonomic 4000 keyboard, and I am expecting delivery on Wednesday. I first saw one earlier this year on a visit to a client and I was fairly impressed with it. The key beds are curved slightly to make it more ergonomic, though the effect is much more subtle than the Kinesis. And while the £30 price tag may sound a tad extravagant given that keyboards come pretty much free with computers these days anyway, it is a lot more reasonable than the £225 you spend on a Kinesis. Besides, I don’t like flat keyboards that don’t give you the separation between the hands.

I’m not sure whether I will settle for one of the alternative layouts in the end. I found them almost essential on the Kinesis, on which qwerty is particularly cumbersome, but on more conventional keyboards the difference seems much smaller to me, and probably not worth the effort involved in switching. I never managed to match my qwerty typing speed on Dvorak, and now that I’ve switched back over the past few days I’ve realised that I can manage quite a good rate on qwerty, though I haven’t actually measured it properly. There is also the Remote Desktop Problem — when you have to use other computers, alternative layouts tend to get in the way somewhat. Besides, I’ve expended far too much time and energy on this whole kettle of fish and I am rather disinclined to experiment any further now.

Comments closed (2) »

Posted at 14:00 on 9 October 2007.
Tagged: typing

Our church is organising a communication and media master class on 19-20 October with Mal Fletcher. This is highly recommended for anyone who is interested in using media in a Christian context. Mal Fletcher is one of those guys who is pretty hip with using modern technology and Web 2.0 and so on to communicate. I gather that the last time he was here, he was getting everyone excited about blogging, podcasting and the like. Unfortunately I missed that particular meeting so I don’t know exactly what he said, but the feedback sounded pretty good. His websites, nextwaveonline.com and edges.tv, have a lot of interesting and effective articles, videos and documentaries on various social issues that affect us all these days.

I often think it would be particularly good to see churches making much more effective use of blogging in particular to communicate their message. Blogging has a much more personal, authentic feel to it than traditional websites, especially if comments are enabled so that visitors can feel part of the discussion. For some reason, blogs don’t seem to have a particularly high profile on most major ministries’ websites though.

(For anyone wanting to get into blogging in a Christian context, The Blogging Church by Brian Bailey and Terry Storch is a must-read.)

Comments closed »

Posted at 14:00 on 1 October 2007.
Tagged: faith