my recent reads..

Atomic Accidents: A History of Nuclear Meltdowns and Disasters; From the Ozark Mountains to Fukushima
Power Sources and Supplies: World Class Designs
Red Storm Rising
Locked On
Analog Circuits Cookbook
The Teeth Of The Tiger
Sharpe's Gold
Without Remorse
Practical Oscillator Handbook
Red Rabbit

Wednesday, December 30, 2009

Two Ruby Books To Own..

If I had to pick two..

Design Patterns in Ruby by Russ Olsen is the first technical book in a very long time that I have enjoyed reading from cover to cover.

It's more than just a naïve translation of the classic GoF patterns. Olsen manages the dual trick of not only demonstrating how the classic patterns can still be relevant in Ruby, but how to approach them with the full power of ruby at your disposal.

I liked the way that Olsen avoided doing bare minimum implementations. So when looking at the Composite pattern, he spruces things up with a little operator overloading. And where ruby affords a number of possible approaches, these get discussed and compared (like with the Decorator pattern).

The final chapters in the book present a few additional patterns that go beyond the GoF and are particularly topical and relevant for ruby: DSLs, meta-programming, and convention over configuration.

In short, Design Patterns in Ruby is a grand tour, an effective tutorial in a selection of ruby practices, and ultimately a very enjoyable, rewarding, and sometimes even funny book to read.

The second book I'd stowaway with is Ruby Best Practices by Gregory Brown.

It doesn't pretend to be encyclopedic in the manner of The Ruby Way. However, where sometimes I find The Ruby Way curtails topics just when they start to get interesting, Brown dives deep with Ruby Best Practices.

Clear examples are accompanied by thoughtful and full treatments of the subject at hand. It has particularly useful focus on "Mastering the Dynamic Toolkit", "Text Processing", "Functional Programming Techniques", and "Designing Beautiful APIs".

So they're my picks. Now, obviously these are not ideal books for learning ruby from scratch, but once you're past the basics these are the two at the top of my pile;-)

Anyone willing to counter with their top two picks? Agree or disagree with my choice?

Soundtrack for this post: I Like Your Old Stuff Better than Your New Stuff - Regurgitator from the album Unit Re-Booted

#Amazon, #Audible: can you get your global act together?

I bitched about Audible for not doing a good job of serving the global audience.

Well. I just got an email today that reminded me not to forget lambasting Amazon (now audible's parent company).
Over 800 Albums for $5 Each..

..from the Amazon mp3 store. Or so it said. It was a lie and grand deception.

I so want to buy from Amazon's mp3 store - heaven save me from even considering the Apple iTunes Store - but guess what? I can't. Not authorized outside the US (even though I can buy the exact same thing on a bit of plastic and have it shipped to me).

Now, I know it is not Audible and Amazon that set these policies. It's the RIAA and the rest of the old-fashioned publishing industry (be it books or music). And judging by The Washington Post's recent article "E-books spark battle inside the publishing industry", it seems things may get worse before they get better.

But I wish Audible and Amazon were a little more aggressive in championing consumer rights. In particular, take close aim at the notion of regional distribution deals.

Once upon a time, it was reasonable to ink regional deals. After all, someone needed to provide the warehouse, retail frontage and so on. In far off, foreign lands. But in the digital age, we have global retail frontage. Local distribution deals (and all their attendant evils such as DVD region coding) are an anachronism.

To put it simply: When Amazon, Audible or any other internet distributor puts a product in their stores, it should be available (and have been sold on) a global basis. If publishers are not able to make such a deal, don't stock their stuff. Send them packing and tell them to come back when they've got a deal that works for a global audience.

But is there an incentive for Amazon, Audible and the like to take such a stand against the publishers? Well here's one: the other 80% of the world market. I loo-ve Audible (props @jason), and Amazon has been a favoured source for years. But if you keep jilting me under the control of US-centric publishers, I'll be the first to jump to a regional/truly-global competitor. Your future growth will be limited to the shores of the continental US.

Soundtrack for this post: Can't Take Me Home - Pink

Tuesday, December 29, 2009

Understanding Authlogic Plugin Dynamics

authlogic is by far and away my favourite authentication framework for Rails. I've raved enough in my slides on Authlogic_RPX.

It's true beauty is making authentication so unobtrusive for application developers.

However, the same can't be said for Authlogic plugin developers. I spent quite a bit of time meandering through the authlogic source and other plugins in order to produce Authlogic_RPX (the RPX plugin for authlogic, to support JanRain's RPX service).

I recently returned to the Authlogic_RPX in order to provide an update that finally adds identity mapping (with contributions from John and Damir; thanks guys!).

Luckily my previous exploits were recent enough that much of what I learned about authlogic were still pretty fresh. But before I forget it all again, I thought it would be worthwhile to write up a few of the "insights" I had on the authlogic source.

Hence this post. I'm just going to focus on one thing for now. Since authlogic is so "unobtrusive", one of the big conceptual hurdles you need to get over if you are attempting to write an authlogic plugin is simply:
Just how the heck does it all get loaded and mixed in with my models??

(To follow this discussion, I'd recommend you have a plugin close to hand. Either my previously mentioned Authlogic_RPX, or another like Authlogic_OAuth, or Authlogic_openid)

By unobtrusive, I mean like this. Here is the minimal configuration for a user model that uses Authlogic_RPX:
  class User < ActiveRecord::Base

Pretty simple, right? But what power lies behind that little "acts_as_authentic" statement?

What follows is my attempt at a description of what goes on behind the scenes..

First: get loaded

The main file in an authlogic plugin/gem is going to have the relevant requires to the library files. But they do squat. We start mixing in our plugin with the includes and helper registrations:
require "authlogic_rpx/version"
require "authlogic_rpx/acts_as_authentic"
require "authlogic_rpx/session"
require "authlogic_rpx/helper"
require "authlogic_rpx/rpx_identifier"

ActiveRecord::Base.send(:include, AuthlogicRpx::ActsAsAuthentic)
Authlogic::Session::Base.send(:include, AuthlogicRpx::Session)
ActionController::Base.helper AuthlogicRpx::Helper

Note that your plugin ActsAsAuthentic module get's mixed in with ActiveRecord itself (not just a specific ActiveRecord model). That's crucial to remember when considering class methods in your plugin (they are basically global across all ActiveRecord).

What including ActsAsAuthentic in ActiveRecord::Base does..

What happens when the previous lines included the plugin's ActsAsAuthentic module?
The self.included method handles the initial bootstrap..

module AuthlogicRpx
module ActsAsAuthentic
def self.included(klass)
klass.class_eval do
extend Config
add_acts_as_authentic_module(Methods, :prepend)

Here we see we do a class_eval on the class that the module is included in (i.e. ActiveRecord::Base). You'll immediately get the sense we're doing some kind of mixin with the Config and Methods modules. The Config / Methods module structure is a common pattern you will see throughout authlogic.

extend Config takes the Config module (AuthlogicRpx::ActsAsAuthentic::Config) and add it to the ActiveRecord::Base class cdefinition. i.e. methods defined in Config become class methods of ActiveRecord::Base. (If you add a def self.extended(klass) method to Config you'll be able to hook the extension).

add_acts_as_authentic_module(Methods, :prepend) adds the Methods module (AuthlogicRpx::ActsAsAuthentic::Methods) to the authlogic modules list. That's all. Take a look at add_acts_as_authentic_module:

def add_acts_as_authentic_module(mod, action = :append)
modules = acts_as_authentic_modules
case action
when :append
modules << mod
when :prepend
modules = [mod] + modules
write_inheritable_attribute(:acts_as_authentic_modules, modules)

Ready to launch..

It is only when we add the acts_as_authentic in our model class that things start to happen. This method loads all the modules from the list built up by all the call(s) to "add_acts_as_authentic_module". Note the include in the last line of the method:

def acts_as_authentic(unsupported_options = nil, &block)
# Stop all configuration if the DB is not set up
return if !db_setup?

raise"You are using the old v1.X.X configuration method for Authlogic. Instead of " +
"passing a hash of configuration options to acts_as_authentic, pass a block: acts_as_authentic { |c| c.my_option = my_value }") if !unsupported_options.nil?

yield self if block_given?
acts_as_authentic_modules.each { |mod| include mod }


Once the include is invoked, our plugin will usually hook the event and do some setup activity in our module's def self.included method.

module Methods
def self.included(klass)
klass.class_eval do

Unlike the Config extension, the class you are including in (the klass parameter in the example), is the specific ActiveRecord model you have marked as "acts_as_authentic".

In other words, the methods in the Methods module get included as instance methods for the specific ActiveRecord models class (User in the example I presented earlier).

Hanging it on the line..

Let's hang it all out in a simplified and contrived example. Take this basic structure:

module AuthlogicPlugin
module ActsAsAuthentic
def self.included(klass)
klass.class_eval do
extend Config
add_acts_as_authentic_module(Methods, :prepend)
module Config
def config_item
module Methods
def self.included(klass)
klass.class_eval do
def self.special_setting
def instance_item

If we add this to our User model, then the result we'd end up with is this:

  • config_item: will be a class method on ActiveRecord::Base

  • instance_item: will be an instance method on User

  • special_setting: will be a class method on User

Conclusions & Implications?

I've covered the main points in bootstrapping authlogic. There's obviously a lot more that goes on, but I think once you get these basics it makes authlogic-related code so much easier to read and understand. It's a pretty neat demonstration of dynamic ruby at work.

Understanding the loading process is also makes it possible to be definitive about how your application will behave, rather than just treating it as a heuristic black box.

Take authlogic configuration settings for example. Say we have a configuration parameter in our plugin called "big_red_button" that takes values :on and :off.

Syntactically, both of these user model definitions are valid:

class User < ActiveRecord::Base
acts_as_authentic do |c|
c.big_red_button :on

class User < ActiveRecord::Base
big_red_button :on

However, the behaviour is slightly different, and the difference will be significant if you have any initialisation code in the plugin that cares about the setting of the big_red_button.

In the second case, it should be clear that setting big_red_button :on only happens after all the plugin initialisation is complete.

But in the first case, it is a little more subtle. If you go back to review the acts_as_authentic method you'll see that setting the big_red_button occurs at yield self if block_given?. Implications:

  • Config extension of ActiveRecord::Base takes place before the big_red_button is set

  • Method methods are included in the User model before the big_red_button is set

  • Method's def self.included is called after the big_red_button is set (meaning you can safely do conditional initialisation here based on the big_red_button setting)

How's that? Pretty cool stuff, but thankfully as I mentioned before, these details only really concern plugin authors and anyone who just loves to read dynamic ruby code.

There's much more to authlogic that what I've discussed here of course (and RPX). Perhaps good fodder for a future post? Let's see..

Soundtrack for this post: Because it's There - Michael Hedges

Saturday, December 26, 2009

Watching people shop

I've been a long time Amazon customer, but a while ago I stumbled upon The Book Depository in the UK. Not only are their prices competitive with Amazon (especially when you consider the free shipping), but I was totally sucked in by their live "Watch people shop" widget - a very cool Google maps mashup.

..although it does look a bit strange when all the book buyers in Australia seems to be based in Alice Springs;-)

Soundtrack for this post: Someone To Watch Over Me - Blossom Dearie

Thursday, December 24, 2009

The #joojoo is coming (with or without the true story)

Michael Arrington hasn't been shy about arguing his position on the CrunchPad/joojoo story, and until recently that's all we've really heard.

Reading the filing, I had the distinct feeling that everything wasn't so cut and dried as Mike claimed, and there's another story to tell.

Andrew Warner's Mixergy interview with Chandra (and subsequent discussion on TWiT) finally starts to bring some balance. I'm sure it all won't come out until the dust has settled around the court case, but I reckon there's a book in this story, a lá The Accidental Billionaires ("Crunch!"?)

Besides, now having seen it .. I want a joojoo! Short of an injunction, the joojoo is due to ship in the US in 8-10 weeks. It will be a real sad thing if the legal wrangle scuttles the joojoo's chances to have a serious shot in the market.

Business Tips via Mixergy, home of the ambitious upstart!

Monday, December 21, 2009

FREE: The Future of Intense Irony

@audible_com please can you do more to convince your audio book publishers that you are an internet company, and by definition operating in a global marketplace.

Does Chris Anderson (@chr1sa) know that FREE is not FREE (contrary to his intent I believe), but it is completely UNAVAILABLE in the audio form for large parts of the world. What is this crap!

As @jason says "We LOVE audible", but the love get a little tougher when we get dissed and discriminated by @audible_com based on where we live.

Free offers to people following @audible_com? Great PR you would think...

.. but that turns into real bummer for a lot of us - actively poisonous PR. Couldn't you simply check to make sure that any freebie you want to offer is one that you can do globally?

Bah humbug!

Tuesday, December 01, 2009

Launched: CloudJetty - a community guide to the latest "cloud" services and applications on the web

Time to drop the cloak of stealth from a new web application I've had in production for the past month or two..

CloudJetty is a site born from my own frustration in trying to find out what was really available in terms of business applications and services delivered "in the cloud". How do you find what is available, and how do you know what is trustworthy? That's what CloudJetty is for.
..a community-maintained buyers' guide to the latest "cloud" services and applications on the web, many for free or a nominal monthly subscription.

This is my open invitation for all to check out the site and help it grow..

  • It is still early days, but the first step is just to take it for a test drive! Looking for an invoicing solution for your business? Take your pick. CRM? Of course. Personal backup solutions? Yep. Did you know you can even do BI in the Cloud? You bet.

  • I'm looking for your help to grow the service listings. Got a favourite cloud/web app you are already using? If it's already in CloudJetty, add you rating and recommendation. If it's not there, then please feel free to go ahead and add it

  • If you are a provider of cloud services and applications, I'm especially keen to get your products listed. Vendors are welcome to add their own listings, provided they go along with the community-wiki rules: no sales hype; and accept that your listings can be edited by others.

  • I have no misconception that CloudJetty is perfect. I'd really like to hear about any problems, comments or suggestions you may have (there is a CloudJetty Google Group for feedback and discussion, or you can follow CloudJetty on twitter)

Looking forward to seeing you on CloudJetty!

Do we really need another "Cloud" site?

Honestly, that was the first thing I thought when contemplating CloudJetty. There are lots of sites with news and opinion about Cloud. Twitter is full of cloud !spam! Most vendors worth their salt have got a "cloud" section on their sites. But seriously, I've failed to find much in the way of information for people who don't really want to talk about cloud, they just want to use what works, and avoid what doesn't.

The good news is that there's already an incredible range of services available - think of any personal productivity tool, business application, or infrastructure service, and chances are there's already a cloud service for it (but whether its any good is another question!)

And this is only the beginning. may have fired the first shots in the SaaS war and has forever shaken up the CRM space. And an array of "infrastructure" services (like Amazon EC2) have radically change the economics of a technology startup. But personally I expect in time we'll see these initial waves dwarfed by the mass migration of (especially) small business to cloud/web applications that is only now starting to gain momentum.

Just as this is only the beginning for cloud in general, it's also just the beginning for CloudJetty. Hopefully much more in store for this site .. but let's not run before we can walk, eh?


It wouldn't be my tardate blog if I didn't geek out a little and share some of the behind the scenes details. CloudJetty is written in Ruby on Rails (2.3.4) and of course uses a good handful of gems (like vestal_versions, will_paginate, and my own Authlogic_RPX).

Best of all, I can get nice and self-referential. CloudJetty, being a application about the cloud, was built using cloud services, and to find out what cloud services it uses, you can look them up on ... CloudJetty;-)

Thursday, October 08, 2009

Project Nimbus: 2.0 gaining momentum!

I was excited to hear about the Project Nimbus initiative at last night's SRB meetup (Jason's the great Gladwellian connector)

When I wrote my opinion piece "Could Open Government initiatives help drive innovation in Singapore?", I had in mind a key proposition that it would be really smart for Government to push open data initiatives, as any costs or concerns associated would be repaid many times over by the resulting stimulus to local innovation and economic development.

With that in mind, it's really heartening to see that some cool cookies have gone beyond just talk, and established Project Nimbus with the goals:

  • To unite the voices of Singapore Innovators and identify data sets and services we as Innovators want

  • To work with content owner and government entities for the appropriate release of these data sets and services to Singapore Innovators

The main engagement point is the UserVoice page they have setup to collect and filter ideas (through the voting process). This is a great way of first making sure you are dealing with ideas that have real support and interest.

Once you have qualified ideas, the next steps are where Project Nimbus could make the difference from every other idea that ever got sent up only to have its wings fold on launch: make sure you have the idea packaged in a Government/agency-friendly way, and then ensure the message gets through to the right people (who care, and have appropriate authority).

As we were discussing yesterday, good ideas without execution are .. nothing but wishful thinking really. It seems like Project Nimbus has all the right bases covered. It will be really exciting to see the first successes start to come through (they already have two ideas progressed to the stage of taking to the agency concerned).

This could be a really interesting year;-)

Rails authentication with Authlogic and RPX

The Singapore Ruby Brigade had it's monthly meetup last night. Great discussions as always, and how can you complain when you get to carry on over maggi mee goreng supper until the wee hours;-)

Here are the slides from my talk about Rails authentication options in general, and specifically why and how to use RPX with Authlogic (using the Authlogic_RPX gem I released last week).

Sunday, September 27, 2009

Released: Authlogic_RPX gem, the easiest way to support multiple authentication schemes in Rails

I've just made Authlogic_RPX public for the first time and invite any rails developers to take a look. It's a ruby gem that adds suppport for RPX authentication in the Authlogic framework for Ruby on Rails. With RPX, you get to support all the common authentication schemes in one shot (Facebook, twitter, OpenID etc).

Authlogic_RPX is available under the MIT license, and a number of resources are available:

The best place to find out more is the README, it contains the full background and details on how to start using it. Feedback and comments are welcome and invited (either directly to me, or you can enter them in the github issues list for the project).

Authlogic_RPX plugs into the fantastic Authlogic framework by Ben Johnson/binarylogic. Authlogic is elegant and unobtrusive, making it currently one of the more popular approaches to authentication in Rails.

RPX is the website single-sign-on service provided by JanRain (the OpenID folks). It complements their OPX offerings I wrote about recently. RPX abstracts the authentication process for developers and provides a single, simple API to deal with. This approach is great for developers because you only need to build a single authentication integration, and leave to JanRain the messy details of implementing and maintaining support for the range of authentication providers: OpenID, OAuth, Facebook Connect, AOL, Yahoo, Google, and so on..

If you want to learn more, there was recently a great podcast interview with Brian Ellin from JanRain on the IT Conversations Network: RPX and Identity Systems

Thursday, September 10, 2009

Twitpocalypse II: Developers beware of DB variances

Alert: "Twitpocalypse II" coming Friday, September 11th - make sure you can handle large status IDs!
Twitter operations team will artificially increase the maximum status ID to 4294967296 this coming Friday, September 11th.

"Twitpocalypse (I)" occured back in June, when twitter and application developers had to deal with the fact that message status IDs broke the signed 32-bit integer limit (2,147,483,647).

At that point, the limit was raised to the unsigned 32-bit limit of 4,294,967,296. Now we're heading to crack that this week. You can track our collective rush to the brink social celebrity meltdown at;-)

First reaction: OMG, it's taken only 3 months to double the volume of tweets sent over all time? That's a serious adoption curve.

Next reaction: once again, application developers are reminded that we unfortunately can't ignore the specifics of the database platform they are running on and just take it for granted.

It's actually quite common for development and production infrastructure to be subtly different. This is especially true in the Rails world where SQLite is the default development database, but production systems will often be using MySQL or PostgreSQL.

If you are using a hosted ("cloud") service it may even take some digging to actually find out what kind of database you are running on. For example, if you use Heroku to host Rails applications, most of the time you don't care that they run PostgreSQL (originally I think they were using MySQL but migrated a while back).

It's in situations like Twitpocalypse that you care. With a Rails-based twitter application, use an "integer" in your database migrations and you will have no problem running locally on SQLite, but you're app will blow up on a production PostgreSQL database when you encounter a message with status_id above 2,147,483,647.

Fortunately, the solution is simple: migrate to bigint data types.

And the even better news is that ActiveRecord database migrations make this a cinch if you have been using integer types in the past. For example, if you've been using an integer type to store "in_reply_to_status_id" references in twitter mentions table, the change_column method will happily manage the messy details for you:

class ForcebigintMentions < ActiveRecord::Migration
def self.up
change_column :mentions, :in_reply_to_status_id, :bigint

def self.down
change_column :mentions, :in_reply_to_status_id, :integer

It's always a good idea to check fundamental limits for the database platforms you are using. They are not always what you expect, and you can't safely apply lessons from one product to another without doing your homework.

Here's a quick comparison of integer on some of the common platforms:
  • SQLite: INTEGER. The value is a signed integer, stored in 1, 2, 3, 4, 6, or 8 bytes depending on the magnitude of the value. i.e. will automatically scale to an 8 byte signed BIGINT (-9223372036854775808 to 9223372036854775807)

  • PostgreSQL: INTEGER 4 bytes (-2147483648 to +2147483647). Use BIGINT for 8 byte signed integer.

  • MySQL: INT (alias INTEGER) has a signed range of -2147483648 to 2147483647, or an unsigned range of 0 to 4294967295. Use BIGINT is the 8 byte integers.

  • Oracle : NUMBER type ranges from 1.0 x 10^-130 to but not including 1.0 x 10^126. The activerecord-oracle-enhanced-adapter provides facilities for intepreting NUMBER as FixNum or BigDecimal in ActiveRecord as appropriate.

PS: there's been some discussion of why twitter would schedule this update on Sep 11th and publicise it as the Twitpocalypse II. I hope it was just an EQ+IQ deficiency, not someone's twisted idea of a funny or attention-grabbing stunt.

Monday, September 07, 2009

OPX: Almost, but not quite, what we need to get the Enterprise on the cloud?

A post today by Dana Gardner - Cloud adoption needs a support spectrum of technology, services, best practices - got me thinking again about the importance of a universal "business" identity to make cloud computing a reality for the enterprise sector.

I wrote some time ago about OpenID - the missing spice in Enterprise 2.0? The basic premise being that for Enterprises to truely exploit the exploding cloud offerings, they first need a way of exporting business identities to the web.

While most businesses at the moment have not officially adopted cloud services, the reality is that cloud services are already penetrating all organisations - whether it is sales people keeping touch with contacts on twitter, pre-sales engineers collaborating via google docs, or consultants using to get around email size restrictions when sending documents to partners and customers.

The issue I wrote about in my previous post is that we need to wake up and recognise that the flood gates are already open: we are mixing personal and business identities in a tangled mess that is becoming harder to unravel each day.

The risk for business? While free cloud services are giving a tactical boost, when employees move on, they will take all of their cloud-attached contributions with them. At best, a relationship management issue to recover, at worst you find all kinds of SOX and compliance issues lurking to bite back.

Now pretty much all IT-enabled organisations have a form of internal directory and authentication service (be it AD or an LDAP variant). My premise is that organisation do want to be able to exploit google apps, Zoho or Salesforce, but when doing so, we should care deeply that employees apply their business (not personal) identity to any transaction.

From a technologist's point of view, this essentially means that we want to take our internal authentication processes and expose them in a very controlled way on the web. SAML was the deathstar standards approach, but I think in reality OpenID has won the hearts and minds at this point.

One of my projects-on-the-drawingboard is an OpenID provider designed for the Enterprise - a drop in module that allows you to export internal identities from AD or LDAP in a very controlled and auditable way. It is still on the drawing board and has been for ages - if others are interested in making it reality, drop me a line.

However, I think the options may already be available. I am talking about janrain's OPX, although I'm not sure that any of their offerings are really designed for this specific scenario. Even the OPX:Groups offering, which seems to be the closest seems to require establishing a new directory of identities rather than leverging your existing assets. I may be wrong... still investigating and certainly appreciate a steer in the right direction.

Sunday, September 06, 2009

Could Open Government initiatives help drive innovation in Singapore?

A few recent stories got me thinking about the status of open data in government, how that translates in Singapore, and in particular the importance of:
  • open web publishing standards

  • giving priority to open when developing web/data services

First, there was an interesting discussion on open government with Silona Bonewald, founder of the US League of Technical Voters, on the IT Conversations Network. Then the storm-in-a-teacup over a prematurely leaked LTA OPC announcement.

Tim O'Reilly made a convincing summary of the state of play and call for action in his recent O'Reilly Radar presentation at OSCON (and blog post Gov 2.0: It’s All About The Platform). Don't just use our voices to "shake the vending machine"; as technologists we should lend our hands to help prove that open is indeed a better strategy for Government.

And last but not least, Anil Dash posted a great review of the recent initiatives launched by the executive branch of the federal government of the United States in response to President Obama's Open Government Directive. Two notable achievements:

  • now publishes exclusively under a Creative Commons Attribution 3.0 License

  • is providing public access to high value, machine readable datasets generated by the Executive Branch of the Federal Government, and I believe is the driver behind some incredibly useful services such as

The President's CIO Vivek Kundra has since even outlined a vision where the default setting for information created by the government should be public, not secret.

President Obama is racking up some serious credibility for being able to push innovation and adoption in government, and raising the stakes for Governments the world over.

Getting traction in Singapore

As someone who has adopted Singapore as their home, my first reaction was: "it could have been us". It chaffs to see Singapore's world-leading ICT adoption not always translating into world-leading technology innovation and service enhancement.

To be fair, Singapore's iDA Infocomm Adoption Programme and the iGov2010 Strategic Plan encapsulate many of the right sentiments. The issue is timing and rate of change. But for that, Prime Minister Lee Hsien Long could easily have stolen President Obama's thunder.

But I guess the glory of being first isn't the point. Each government must run it's own race, with the focus being on sensible, timely initiatives to improve citizen engagement and stimulate innovation, the economy, and civil society in general.

There are two areas I personally believe deserve priority in Singapore, and are well within reach under the auspices of established strategies:
  • Promote citizen engagement by adopting an open publishing standard for Government web sites

  • Promote local innovation and technology development by giving priority to "Open" in all Government data initiatives.

Promote citizen engagement by adopting an open publishing standard for Government web sites

Case in point: Did you know that you cannot hyperlink to most government sites without first obtaining explicit permission?

I didn't believe it either until I started checking all the "Terms of Use" statements. This means, for example, that you can't post a link to the MOM list of Public Holidays on your corporate intranet without approval. To say that this flies in the face of how the web is intended to work is putting it mildly (remember what the H in HTML stands for).

mrbrown says it best in relation to the LTA brouhaha:
OPC scheme leaks online before Minister announces it. The internet is here, embargoes don't work. Tough.

Embergoes don't work, neither do attempts to prevent people from linking to a published, public internet website.

While trawling the various government Terms of Use statements, I was also struck by how widely they differ across all the government web properties.

Together, these failures to bring published government websites under some semblance of rational information rights cannot fail to hinder a real engagement of the intended consumers of the information.

Fortunately, the way forwarded has been mapped out clearly: with the example set by, and the brave souls who have laboured over the production of the Singapore adaptation of Creative Commons.

I would dearly love to see the Government adopt a Creative Commons License (perhaps: attribution, no derivative works) as the standard for web site publishing and doing away with all the divergent and restrictive legalese in existing Terms of Use statements.

Why is this important? True citizen engagement and transparency (of the kind attempted by will not succeed while Government terms of use still attempt to restrict access and use of information openly published on the web.

The results of my Terms of Use survey? 12 ministries prohibit unauthorised hyperlinking, 4 accept linking (at your own risk). I didn't count stat boards, but they typically have the more restrictive terms.

12 Ministries that prohibit Hyperlinking without Permission - 75% FAIL!

Wording varies, but generally you may only hyperlink to the homepage upon notifying in writing, and for other pages you must make a specific request and secure permission before making a hyperlink. Note that many statutory boards use similar terms. In case you think this may just be a holdover from the internet dark ages, note that all claim to have been "last updated" in the past 3 years, many in 2009.

4 Ministries that are Hyperlink-friendly - 25% win

The heroes;-)

Promote local innovation and technology development by giving priority to "Open" in all Government data initiatives

Earlier in August, I saw the latest press release from the Singapore Land Authority and Infocomm Development Authority concerning SG-Space (I would link to SLA's own press release from earlier in the year, but - you guessed it - according to their terms of use, I cannot without prior written permission. Here instead is the non-hyperlinked URL:

The goals of SG-Space are laudible - " provide an infrastructure, mechanism and policies to allow convenient access to quality geospatial information.." and "..creating a transparent and collaborative environment.." - however it seems to be a good example of how closed, proprietary approaches to innovation still dominate:
  • initial rollout will be limited to government agencies, this may mean for years given that this is now a $27m project over 5 years

  • the scope seems not only limited to provision of data services, but also includes the provision of applications

  • the intent is to extend to the private sector, and to the individual, but the timeframe and commercial basis for this are not clear

The approach has all the hallmarks of the traditional attempt to control and manage innovation through a series of government pilots, before gradually opening up a "fully baked" infrastructure for wider use. Valid, maybe, but one that ignores the lessons from successful API/service innovations such as flickr, google maps and amazon and so on. The open innovation route promises better results, faster:
  • going open early drammatically accelerates innovation due to the network effect (a key theme of Patricia Seybold's Outside Innovation

  • going open creates the opportunity for unexpected, unplanned innovation (who could have imagined a site like even 5 years ago?).

  • by engaging a broader community in the open, much more can be achieved for less (an good example being how allow everyone to contribute missing or new location details)

As Tim O'Reilly put it: DIY on a civic scale (he since adopted a more civic-minded "Do It Ourselves" as suggested by Scott Heiferman)

Although SLA talk about wanting to "Start with pilot projects and be quick to scale up" (Mr Lam Joon Khoi, Chief Executive, SLA), by choosing a closed route there is the distinct possibility that quick just isn't quick enough. Rather than harness the collective energies of the technology community in Singapore, it's more likely to see private efforts stalled completely, or diverted into "Do It Ourselves" initiatives (e.g. OpenStreetMap).

A largely unsung example of how "open" can work very successfully in Singapore is BookJetty. By opening up it's information services, the National Library Board has provided the opportunity for an individual entrepreneur and technologist to combine government and non-government information and create an amazingly compelling service that is not only relevant in Singapore, but also has a global audience.

BookJetty is an example of service innovation that the NLB itself could not have attempted. Since the needs that BookJetty serves are at least one step removed from the core mission of the NLB, I doubt they would even be in the position to officially identify and imagine such a service. But by opening their information services to the private sector and individuals, they paved the way for others to innovate in unimagined ways.

Imagine what possibilities there would be for improving the efficiency and level of service if a similar approach was taken to Government Procurement by GeBIZ? (sigh, another site that prohibits hyperlinks)

I think it's worthwhile pausing to consider the restrictions imposed by
data accessed through do not, and should not, include controls over its end use.

This is fundamental to the idea of Government as a Platform. It recognises that government does not have a monopoly on creativity and innovation, and that promoting private sector innovation and entrepreneurship is a priority.

Here is an opportunity for Singapore to greatly boost innovation and ecomomic development by giving early priority to openness in all Government data and service initiatives. The community is certainly brimming with ideas (see what was discussed at a recent WebSG meeting for example).

Singapore seriously does have a small, but vibrant, technology "startup" community. The Government does a great deal to try and stimulate entrepreneurship in this sector, but I would say the results have been middling at best. The main support is in terms of grants and programs (offered by MDA, iDA, Spring and EDB for example), and the opportunity to secure standard government contracts to work directly for the public sector.

Why is this important? I think the time has come to seriously consider how Government can significantly accelerate local technology innovation and economic development by giving serious, strategic priority to opening up it's data and service platform. The iDA Web Services adoption strategy has in fact already lit the path, but it seems to miss the high level push it needs, and a recognition that it most definitely does not mean that Government needs to "Do It All Themselves":
..the programme targets government agencies encouraging them to make available information or services via Web Services. The end result would be citizens making use of richer services via their preferred access points.

Conclusion (or Hypothesis?)

I guess it boils down to a belief that "Open is Better" when applied to government data and services: both for the benefit of civic dialogue and engagement; and to maximise the stimulus for economic development in the local technology sector.

But I wonder if my thoughts are just "outliers"? I'd be very interested to hear more real examples from people of:
  • successful innovations that have been enabled through the use of existing open data/services offered by the public sector

  • areas you desperately would like to innovate in, but are being held back by closed or inaccessible services

Whether you agree with the priorities I am suggesting or not, I hope most would think that this is an important subject to be discussing.

Friday, September 04, 2009

Making HackerspaceSG: The Zouk of Geekdom

The technical/geek community in Singapore has been showing some vibrant signs of life in recent times.

  • geekcampsg some 80 or so people gave up their Saturday for 12 solid hours of geekdom - from robotics, to natural language processing, to android development and more

  • Singapore Ruby Brigade is going from strength to strength - last Thursday's meetup at wego packed in some 30 people (I guess). They had to kick us out after 10pm and 3 hours of presentations, questions and discussions. That didn't stop most from gathering around the corner for supper that ended after midnight!

The next project is more ambitious: establish a Hackerspace in Singapore. Hackerspaces are community-operated physical places, where people can meet and work on their projects (more)

In order to get this off the ground, a pledge drive has started. Find out how to pledge a donation.

Updated 5-Sep: pledgie no longer being used for the donation drive, so remove the badge

Tuesday, September 01, 2009

+0.1: Oracle Database 11g R2 now GA for Linux

Oracle has released Oracle Database 11g R2 today - currently only the Linux version, with other OS to follow.

The 11gR2 documentation is not yet available on OTN or for download yet, but I note it is already available online if you want to stay up tonight to digest all that's new. Chris Kanaracus' PCWorld review is one of the first to hit the streets.

I've yet to digest all the changes, but in general I'd call this a "refinement" release after what's been a very solid initial 11g release. It is interseting to see the cloud features creeping in though, for example backup to Amazon S3.

11g R1 has now been out for about two years, and while technically it was the "polish" needed to round out the major shift to 10g, my personal experience is that 11g adoption has been pretty slow, and mainly the result of fresh installs rather than upgrades. This is to be expected given that most customers fit into one of two camps: those still stuck on pre-10g, and those who finally got it and moved to 10g (few of whom are yet keen to regroup for a move to 11g). Apparently, Oracle estimates about 10-20% of customers have implemented 11g which sounds about right.

As fitting my tradition (going back to a very old and tired joke), this means the tardate blog gets a +0.1 increment. w00t!

Sunday, August 30, 2009

jTab 1.1: Guitar tab for the web gets an update and a mailing list

I announced jTab back in July, and there have been some nice improvements over the past month which I just tagged as a "1.1" release.

jTab is a javascript-based library that allows you to easily render arbitrary guitar chord and tabulature (tab) notation on the web. Automatically. It is open source (available on github).

I've also established a mailing list for jTab. All are welcome to join in to discuss internal development issues, usage, and ideas for enhancement.

Some of the key new features:

  1. All chords can be represented in any position on the fretboard e.g. Cm7 Cm7:3 Cm7:6

  2. Now allows shorthand tab entry of 6-string chords e.g. X02220 (A chord at nut), (C chord at the 8th fret)

  3. jTab diagrams now inherit foreground and background color of the enclosing HTML element

  4. When entering single-string tab, can reference strings by number (1-6) or by note in standard tuning (EAGDBe)

  5. The chord library with fingerings has been extended to cover pretty much all common - and uncommon - chord variants (m, 6, m6, 69, 7, m7, maj7, 7b5, 7#5, m7b5, 7b9, 9, m9, maj9, add9, 13, sus2, sus4, dim, dim7, aug).

  6. It has been integrated with TiddlyWiki: jTabTwiki combines the guitar chord and tab notation power of jTab with the very popular TiddlyWiki single-file wiki software. Together, they allow you to instantly setup a personal guitar tab wiki/notebook. No kidding. And it's free.

Thursday, August 13, 2009

Rails dev pattern: collaborate on github, deploy to heroku

Heroku is an awesome no-fuss hosting service for rails applications (I think I've raved about it enough).

It works great for solo development. But what if you want a large team work on the app, while limiting production deployment privileges? Or if you want the application to run as an open source project?

Since git is core infrastructure for heroku, it actually makes setting up distributed source control trivial, like in the diagram:

Here's a simple pattern for setting up this way. It may fall into the special category of "the bleeding obvious" if you are an experienced git user. But many of us aren't;-)

First, I'm assuming you have a rails application in a local git repository to start with. Like this:
$ rails test
$ cd test
$ git init
$ git add .
$ git commit -m "initial check-in"

Next, you want to create a new, empty repository on github. Github will give you a clone URL for the new repo, like

Now we can add the github repo as a new remote location, allowing us to push/pull from github. I'm going to name the destination "github":
$ git remote add github
$ git push github master
Enter passphrase for key '/home/myhome/Security/ssh/id_rsa':
Counting objects: 3, done.
Writing objects: 100% (3/3), 209 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
* [new branch] master -> master

At this point, you are setup to work locally and also collaborate with other's via github. If you have a paid account on github, you can make this a private/secure collaboration, otherwise it will be open to all.

Next, we want to add the application to heroku. I'm assuming you are already registered on heroku and have the heroku gem setup. Creating the heroku app is a one-liner:
$ heroku create test
Created |
Git remote heroku added

You can see that this has added a new remote called "heroku", to which I can now push my app:
$ git push heroku master
Enter passphrase for key '/home/myhome/Security/ssh/id_rsa':
Counting objects: 29, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (17/17), done.
Writing objects: 100% (17/17), 2.17 KiB, done.
Total 17 (delta 12), reused 0 (delta 0)

-----> Heroku receiving push
-----> Rails app detected
Compiled slug size is 208K
-----> Launching....... done deployed to Heroku

4429990..4975a77 master -> master

So we are done! I can push/pull from the remote "github" to update the master source collection, and I can push/pull to the remote "heroku" to control what is deployed in production.


PS: Once you are comfortable with this, you might want to get a bit more sophisticated with branching between environments. Thomas Balthazar's "Deploying multiple environments on Heroku (while still hosting code on Github)" is a good post to help.

Wednesday, August 12, 2009

Launched: I Tweet My Way - Getting things done for the twitter generation

I Tweet My Way is a twitter application to help you to set goals and get things done with the support of your friends and followers.

It's an application I've had in stealth for a while, but decided it is about time to let it out in the wild.

Do you have a goal you really want to work on? Quitting smoking, losing weight, paying off the credit card, or learning a new skill - these (and anything else you can imagine) are all suitable objectives to set yourself with I Tweet My Way.

I've had a long-standing interest in goal setting and tracking, but I must admit it was the advent of the "twitter-application" fad that got me thinking about how you could do a "getting things done" style personal trainer with Twitter. Now I'm looking forward to see how it gets used for real. I'm very interested in any feedback you may have. Did it help? Does it work? Why didn't it help or fit your needs?

Technically, it was built with rails and uses the Twitter OAuth support for authentication (you can read more about that here). I have it hosted at heroku (my favourite rails hosting service, although I am a bit leary about performance in the Asian region at the moment).

NB: the site currently comes without soundtrack, but think "mbube, the lion sleeps tonight";-)

KISSWorld - applying good design to mundane matters

Must be at least two years ago that Singapore Airlines changed the layout of their KrisWorld inflight entertainment magazine and it has bugged me ever since. The update coincided with a revamp of the entertainment on offer (a staggering 80 movies and hundreds of CDs). Unfortunately, the magazine suffered.

I've been waiting for SIA to "fix" KrisWorld, but last I flew it was still the same. Maybe one day. Do let me know if you see a new layout on any of their flights!

But it had me thinking, and I thought worth discussing because it seems a good example of how marketing-driven design changes can have unintended usability consequences despite everyone's best intentions.

Don't get me wrong, SIA remains my favourite airline of all, but it is disheartening to see that even the best airline in the world is susceptible to getting stuck with "bad design". Makes you wonder if there is any hope for the rest of us.

My gripe is with the layout of the CD selections.

How do you select an album you might want to listen to?
  • You might recognise the album cover
  • Maybe you like certain artists, but not know the specific albums available
  • Or you might be looking for a certain album title
  • And for some, you don't recognise the album art, title or artist but are attracted to sample it because of the genre or the cover

When looking through a long list of albums, chances are that all of these methods of recognition and selection are at play.

The trouble with KrisWorld is that they have separated the album cover display from the listing of artist and album name. The only thing that links them is the artificial numeric code that is applied to each.

On the left is an approximation of my actual scan pattern when trying to make a selection.

First I scan the album covers. Many I don't recognise and skip over.

I find something I think I recognise. To be sure, I then cross-reference into the album list and start another search using the special code number.

At this point I'm wondering if eye exercises are a safety feature designed to prevent DVT, or just intended to make the flight pass more quickly.

Maybe Joanne Wang is a little too sedate for how I'm feeling now, so I start another search through the album/artist list.

Down we go. Some I recognise (but without the album cover I'm not 100% sure).

Ahah, Wu Bai. That's more like it. But which album is this? Cripes, time to find the matching album cover to make sure.

Finally. Time to listen. A good thing this is CD and not a movie, because my eyes need a rest now..

Why do I need to work so hard? How to solve this usability nightmare?

Well, one suggestion is to just keep it simple. Cover art, album title, and artist are bits of information that both separately and in combination help me search the listings the most effective way. So just put it all together in the list. For example:

The eliminates all cross-referenced look-ups, is simple and direct, and does not require significantly more space. Best of all, as a "user" it is effortless.

Funny ... isn't this exactly how the layout used to be designed?

The lesson? Sometimes, designs must be seen to change for marketing or other business reasons, letting you loose in a requirements vacuum. The danger is that in the absence of specific functional or usability needs, other factors such as aesthetics and branding will expand to fill the void. Done carelessly, you can inflict untold collateral damage on the product through the process.

The solution? Consciously re-introduce at least a usability/functional benchmark into the design process - "be no worse than it was before". Better yet, ensure usability improvements remain a key objective - no matter how good you might think it was before, perfection is always one better.

And yes, usability applies as much to the printed page as it does to the web!

Monday, July 27, 2009

Yes, of course we have an open social media policy

We embrace openness and customer engagement using the latest social media tools such as twitter, facebook and blogs*

* subject to prior approval, review, certain topic restrictions and we reserve the right to change our mind, terminating your network or your employment, now or at any time in the future. Have a nice day.

Tom Fishburne perfectly captures the reality of how many big companies really work. This may be painfully funny, but sadly I don't think it's all fiction...

Thursday, July 23, 2009

Rocket Ship Galileo - Apollo 11 40th Anniversary

Houston, Tranquillity Base here. The Eagle has landed -- 20 July 1969

The 40th anniversary of the Apollo 11 landing has been getting quite a bit of coverage, but the coolest initiative has got to be the addition of the Moon in Google Earth.

Quite coincidentally, I just read Robert A. Heinlein's "Rocket Ship Galileo" (well, actually listened to the audio version brilliantly narrated by Spider Robinson ).

Heinlein packs this atomic moonshot adventure with just about every Boy's Own plot twist possible and tells a rollicking ripping yarn. What's amazing is the detail of the hard science throughout the book - especially given the fact it was written in 1947.

All the shucks, gee willikins is quaintly pre-baby boom, while the embracing of atomic power with such wild abandon is frightening in retrospect. Altogether, it's a great - if dated - story; a true testament to Heinlein's genius and imagination.

On atomics: it is possible the tide of opinion may be swinging back to nuclear. The ABC Science show just featured a story on the safer and cheaper generations of reactors coming online (transcript, audio). Today's generation III reactors, and the generation IV on the horizon offer even cheaper, safer and cleaner power (literally eating the waste products of earlier designs). All well and good, but it would be a concern if "new atomics" became the quick and easy fix that sabotages the head of steam building up behind the true clean, green renewables (like solar nanopillars).

Originally posted on It's a PrataLife

Sunday, July 12, 2009

ChordMaster 2000 - the sexy way to learn guitar chords

So this weekend I've dressed up jTab as a little web application to help you learn chord fingerings for guitar...

Introducing the ChordMaster 2000 ;-)

OK, so maybe I sexed up the design and UI a little too much for such a simple task, but it was fun to see how far I could go with javascript and SVG (and no flash or silverlight).

It was also a proof point for jTab - the javascript library I released last week that renders arbitrary guitar chord and tab using SVG. Happily, it worked fine without a tweak - just some extension methods that are specific to the ChordMaster application (like getting an array of all chords that are defined as "intermediate" level).

PS: big thanks to @jasonong who's jumped in and already made some great contributions to the jTab project on github -- It's amazing to see github rock as a "social coding" platform - create a public project one day, have changes to merge back the next. Trivial to do with git, and the great visualisation of the project revision/branch history makes merging so easy to understand.

Sunday, July 05, 2009

jTab - Guitar Chord and Tab Notation for the Web

Guitar tab (notation) is all over the internet, but it is usually in either a fixed/non-interactive form, or painstaking ASCII format.

I've always wanted a better way, and two things I've looked at recently inspired me to think it might be possible: Dmitry Baranovskiy's fantastic work on the Raphaël SVG library, and Alex Gorbatchev's syntaxhighlighter.

So now I can introduce the result of my latest weekend project:

jTab - newly minted and ready to rock and roll!

See the project home page at for more examples and information about how you can use it too. jTab is open source, with the master source code repository on github .

What does it do?

jTab is a javascript-based library that allows you to easily render arbitrary guitar chord and tabulature (tab) notation on the web. It handles implicit and automatic rendering of any page elements given the special class name 'jtab'. It can also be scripted for more sophisticated or interactive effects.

Bottom line: jTab turns this..

<div class="jtab">Bm $3 4 4h5p3h4 5 $2 3 5 7 7h8p7 5/7 | A $4 7 9 $3 7 6 $5 9 $4 7h9 7 $5 9\7 5/7 | </div>

..into this:

Grab it, use it, help me improve it, or just let me what you think...

Monday, June 29, 2009

Using Twitter OAuth with Rails + sample

I've been using rails with the Twitter REST API of late, using the oauth gem as the base. It works well, but keeping up with the API changes can be a challenge!

In the recent update to OAuth 1.0a, there were two critical changes required:

Web-apps should specify the oauth_callback

Through trial-and-error, I found that if you don't explicitly specify the oauth_callback when going through the authorization process, twitter will halt at the PIN page (behaving as if you are using a client application). That's easily fixed..
request_token = consumer.get_request_token( :oauth_callback => TWOAUTH_CALLBACK )
session[:request_token] = request_token.token
session[:request_token_secret] = request_token.secret
# Send to to authorize
redirect_to request_token.authorize_url

NB: the root cause is that oauth 0.3.5 sets "oob" as the oauth_callback if you don't explicitly set it. This triggers the twitter desktop PIN flow.

Include the oauth_verifier when exchanging the request token for an access token

Next, the major change in 1.0a was to add an oauth_verifier parameter. Twitter sends this back to you after the user has authorized access, and you need to include this parameter when exchanging the request token for an access token.
request_token =, session[:request_token], session[:request_token_secret])
access_token = request_token.get_access_token( :oauth_verifier => params[:oauth_verifier] )

An example application

I've created a minimalist application that demonstrates the twitter API with OAuth 1.0a in rails. I've set this up to run at heroku.

The source is at github for all to share:

And there's a running demo site at

Tuesday, June 23, 2009

Running Heroku on Windows

What! Do rails development on Windows?

I've raved about heroku before, and it still roasts my bacon.

In recent months, there's been a bit of a switcheroo - first the migration to herokugarden, which retains all the original online editing and hosting. The perfect solution for hobby projects or prototypes. Now I'm migrating back to heroku itself, which has become their solid production hosting facility for rails applications.

As Sarah Mei reported, the heroku gem (used to create and manage your heroku application instances) had problems running under Windows, due to gem dependencies that do some decidely un-Windows things.

There is now an updated heroku gem (1.0) that I just tested out, and am happy to say it is now working fine under Windows. There are some dependent gems and it can be required to make sure you get the version that specifically supports windows. That used to include json, but at the moment the main version-pegged gem I'm using is sqlite3-ruby (at 1.2.3 instead of the head at 1.2.4)

$ gem install sqlite3-ruby -v 1.2.3
$ gem install heroku
Successfully installed heroku-1.0
1 gem installed
Installing ri documentation for heroku-1.0...
Installing RDoc documentation for heroku-1.0...

Perfect! Testing it out..

$ rails myapp
$ cd myapp
$ git init
$ git add .
$ git commit -m "init"
$ heroku create myapp
Created |
Git remote heroku added
$ git push heroku master
Enter passphrase for key '/d/MyDocs/My Dropbox/Config/Security/ssh/id_rsa':
Counting objects: 65, done.
Compressing objects: 100% (58/58), done.
Writing objects: 100% (65/65), 80.48 KiB, done.
Total 65 (delta 14), reused 0 (delta 0)

-----> Heroku receiving push
-----> Rails app detected
Compiled slug size is 80K

-----> Launching...... done
App deployed to Heroku

* [new branch] master -> master

Sarah gave the hint as to how to fix the older heroku gem (0.9.1), and has a forked version on github. A few people collaborated to fix up the code there so no longer any script editing required (basically to remove any dependency on taps for the gem build). Installing Sarah's version involved cloning the repository, building the gem and performing the local gem installation:

$ git clone git://
$ cd heroku
$ gem build Rakefile
$ gem install heroku

Tuesday, June 02, 2009

Java Puzzlers. Be Afraid of the Dark.

Apparently, Joshua Block and Neal Gafter started the "Java Puzzlers" idea at Oracle Open World 2001. I wish I was there.

Subsequently, they've turned it into a book
, and a website.

If you program in Java, you must read this book. It covers the kind of traps in your code you wouldn't even imagine could be there.

I can guarantee you have written at least one of these issues into your code. And QA never caught it. And it is out in the wild RIGHT NOW. Arrgh!!

These days, I think (and hope) that most professional developers are relatively atuned to coding security issues and the rise of opinionated testing methodologies (Unit testing, TDD, BDD etc).

But this book is a real eye-opener to the range of issues that you wouldn't even think worthy of a unit test case.
public static boolean isOdd(int i) {
return i % 2 == 1;
Seems like a reasonable test for odd numbers? Except it is wrong a quarter of the time.

And that is just puzzle #1.

The book takes you through issues with strings, loops, classes, libraries, all the way to puzzle #95, where you learn why you shouldn't program like your brother.

Get a flavour from this presentation on Scribd from JavaOne 2007... Java Puzzlers me java puzzlers from javaone 2007