A year later

A year ago I joined the Government Digital Service, and boy, does time fly. We’ve got an incredible team, working with lots of people from the wider civil service, and some really switched-on suppliers and partners.

I wanted to mark the 1 year point, but don’t have a huge amount to say, except that it’s loads of fun, and I’m looking forward to what we can do in the next 12 months.

Posted in gdsteam, Tech, work


Unlike Dave Winer, I’m happy to opine on the decentralised social network du jour – tent.io

At first glance, what’s not to like – a thought through JSON api which uses HTTP PATCH – see that proves they’ve been thinking.

Unfortunately it repeats what I believe is the big mistake in OpenID – assuming that HTTP URLs (and in the end DNS) is the right place to root the decentralisation.

OpenID proved that most people won’t register a domain and set up a service on it just to have an identity on-line (and arguably that they just don’t think of themselves as URLs). And if you don’t do that, you’re still tied to whichever host you initially choose. You might have data portability, but you don’t have identity/graph portability. Even with e-mail (one of the 2 obviously successful internet-scale decentralised systems), most people only have data portability and not identity portability because they don’t own the domain they’re sitting on. That massively increases the costs of moving, and I’d argue moving e-mail providers is easier that moving social graphs because of the variety of relationships and associated data you have with people in your social graph.

So can/how do we do a social network/graph/identity system where everything isn’t tied to URLs/DNS?

Having given it a full couple of hours though, I think it’s possible with judicious use of crypto, really good UX, and probably some help from the smart devices everyone carries around.

Posted in Tech

Maps and Dictionaries

Nope, not musty books, but programming constructs.

When you learn to program in C, you’re exposed to data structures which map easily to underlying hardware. Basic data types are of a fixed size, and locating information within them is based on indexing a number of bytes into them. If you want a variable size data structure, or to find information within a structure based on something other than a count then you need to either build something complex or find a library to use.

Of course keeping mappings between data, and dealing with unpredictable and variable sized collections of data are incredibly common.

When Java came along in the mid 90’s, it dealt with this by modelling the language in the same way on the workings of the machine, but provided a bunch of high quality variable and associative data structures as part of the standard library. These have evolved over the years, and we now have some incredibly capable and flexible data structure available.

However, in 2012, the way they’re available feels increasingly archaic.

Other languages which eschew the direct mapping to the underlying hardware for developer productivity make these structures available as ‘part of the language’. Sometimes these implementations aren’t as fully-functional, but they make simple things simple, and allow leave options open for the more complex cases.

Javascript objects are all dictionaries (maps from string to something). Ruby arrays are variable length. In Scala lists and maps feel like they’re part of the language.

While I have sympathy with the idea of designing a language which maps cleanly to the underlying system, I don’t think it’s a decision which makes sense any more. Good developers will learn/understand how these feature work, and when it’s (in)appropriate to use them. And they won’t adopt/stick with your language when it makes simple things difficult.

Yes, Java 9, I’m pointing at you.

Posted in java, Tech


Facebook, Google, twitter, aside from all being social networks, all allow you to log in to third party websites with your account with them.

This is convenient for users as they have fewer logins to remember, and don’t have to repeatedly enter the same information every time they want to use a new web site.

It’s good for third party sites because it’s fast and easy for the users, and also because they often gain easy access to extended data about the user in the form of their social network.

It’s good for the social network because they get more information about what their users do when they’re not active on the network directly. This is valuable both to improve the network, but more significantly is valuable for ad targeting which allows them to make money.

There are some downsides though. For the user, a loss of privacy, and for the third party site, having to share the usage data with the identifying party.

There are a number of alternatives, but none have yet taken off.

Mozilla BrowserID/Persona is a recent attempt I’ve been experimenting with over the last couple of months.

The two core design decisions which differentiate it from other attempts are:
1. Use of am email address to identify users rather than a URI as users are used to thinking of themselves in terms of email addresses.
2. Designed to be natively implemented by browsers. This is good for preventing phishing and protecting privacy.

Like OpenID, it’s decentralised, allowing domain owners to vouch for users at that domain. One of the challenges that brings is in bootstrap. Most people don’t run their own domains, so for people to opt-in, they’d have to wait until their e-mail provider adds support. In order to work round this, Mozilla has set up a fallback system which verifies ownership of e-mail in the traditional way, with the intention that over time, fewer and fewer people will use this.

Tagged with: , , ,
Posted in Uncategorized

Java on the web…

It is time.

As a Java developer, this probably should be difficult to say, but it’s not. Now is the time to disable the Java browser plugin by default. In the past year I’ve only consciously used it on one site, and in that time there have been a whole bunch of security vulnerabilities in it.

The era of native plugins is nearly over, Java included. There are still a few sites out there which need it, but those are so few and far between that I’d recommend keeping it installed and disabling the plugin and re-enabling only when absolutely required.

This is trivial to do in Firefox, and I’m sure must be in other browsers as well.

Posted in Uncategorized

Mozilla Popcorn (JS)

I’ll confess that I’ve been a little sceptical about the Mozilla Popcorn.js effort over the last year or so. Putting twitter feeds beside a video doesn’t feel particularly interesting. The mozillapopcorn.org site says “Popcorn makes video work like the web”, but I haven’t understood what that means until now. It means 2 things. Firstly, a radially different video-on-the-web experience, where content and video are interleaved. Where video insn’t relegated to being a box on the page with a set of controls. Even simple things like being able to add a ticker to the bottom of the video which contains other ‘page’ content allows the video to be given much greater prominence. And secondly, it’s about the ‘view-source’ nature of the web, and extending this to video effects. Popcorn.js isn’t ‘editing’ the video, but applying effects and overlays in a non-destructive way. This makes it possible for people to come along and discover and learn how things were done. It’s early days for much of this, but I now at least understand why there’s so much excitement as it might have a profound impact on the future web.

Tagged with: ,
Posted in Uncategorized

BarCampLondon 9

Just a brief post to thank all the organisers and sponsors of BarCampLondon9 this past weekend. It was a 2 day marathon of interesting talks, discussions, tech-humour, and werewolf. It really sparked off a number of interesting thoughts which I’ll have to dig into sometime soon. I did a quick talk on building Firefox addons using http://builder.addons.mozilla.org which seemed to go down ok. No slides. No fear.

Tagged with: ,
Posted in Uncategorized
I’m David Illsley, I’m a Software Engineer, currently in London. In the past I've worked for Morgan Stanley on front office credit technology, for IBM developing products in the WebSphere family, and before that I studied at Edinburgh University. I'm also a PMC member @TheASF, and outside the realms of technology, enjoy skulking around the dark corners of theatre...
The postings on this site solely reflect the personal views of the author and do not necessarily represent the views, positions, strategies or opinions of my employer.
  • RT @monkchips: On Drawbridges and SecOps – James Governor's Monkchips bit.ly/1C5yozG 13 hours ago
  • RT @bagder: "At this time s2n does not perform certificate validation" doesn't really sit well with me, even if client mode is disabled 2 days ago
  • RT @russel_winder: #DevoxxUK closing paraphrased: The terms "Rock Star Programmer" and "Ninja Programmer" should be banned. 2 weeks ago
  • @KushalP maybe. might be better that way though if it lessened the compatibility drag effect on browsers 2 weeks ago
  • I wonder if shortening TLS certificate lifetimes would mean people have better TLS configs as they'd *have* to check them more frequently 2 weeks ago

Get every new post delivered to your Inbox.