Archive
Using AWS Workspaces to control access to documents
I’ve recently worked on a project where we had to have some documents that needed to be kept reasonably secure, and on the clients computers for our project. We needed our developers to have some access to the documents, to visually inspect them, and to be able to run code on them, but we didn’t want the developers to have copies on their local laptops or computers.
posted on 2020-04-28 10:00:00 +0000
What is legal basis under GDPR?
In a conversation the other day, I was trying to explain why some data couldn’t be collected and processed under “legitimate interests”. I wrote the following to try to outline the different types of legal basis that data can be collected or processed.
posted on 2019-02-25 12:39:45 +0000
Brexit and data transfers
Post brexit, there may or may not be a problem with data being transferred across borders. But all of the guidance and people talking about this seem to have some very confused concepts of terms and the processes involved, making it really hard to get clear guidance for organisations.
posted on 2019-02-21 16:10:15 +0000
Discovery, Alpha, Beta, Live… Part 2
This seems to have come up again, with discussions about what the purpose of a discovery, alpha beta actually is, and when you should build your MVP.
posted on 2018-12-09 12:00:42 +0000
Getting started in programming with Advent of Code and Python
Have you always wanted to program? Have you been interested in the dark and mysterious ways of development? Maybe you’ve done some reading, done a bit of practice, but haven’t been able to find the motivation or the right kind of thing?
posted on 2018-12-03 10:47:29 +0000
The basics are sometimes the hardest things
If only we could apply patches, then we could do more interesting security work.
posted on 2018-11-07 23:06:44 +0000
Nudge or strategy?
Should you nudge your users into better behaviour, a small microaction at a time or do you need large sweeping changes to change behaviours?
posted on 2018-11-06 20:49:23 +0000
Language forms mental furrows
When I worked at GDS, I worked with a lot of people who got very specific about their language. We talked about users, not customers; user needs not requirements and clear plain english where possible.
posted on 2018-11-06 01:14:10 +0000
Organisations are made of people
Does Google value your privacy? How about Facebook? Your bank cares about you we are told.
posted on 2018-11-04 22:23:01 +0000
Build and Deploy are different concerns
You’ve spent days crafting the perfect bit of code, and you are ready to put it in front of real users.
posted on 2018-11-03 23:39:41 +0000
Bimodal isn’t a dirty word
“I said bimodal in a meeting and I feel dirty”
posted on 2018-11-02 22:56:42 +0000
The tyranny of the service desk
“Have you raised a ticket for that?”
posted on 2018-11-01 12:24:11 +0000
Security concerns with platforms and services in the cloud
When we talk about using SaaS or PaaS (or IaaS or even the new Serverless or FunctionAsAService, FaaS) it’s important that we understand that security concerns change.
posted on 2018-07-02 16:30:55 +0000
A vision for the future of GDS
There’s been a lot written about the death of GDS or the decline of GDS, but very little of it seem to be articulate what GDS should stand for, what it should be doing and how it should go about it.
posted on 2018-02-27 15:20:20 +0000
Dealing with major security issues
So a few days ago, a new vulnerability, yet again with interesting names, Meltdown (pdf) and Spectre (pdf) was announced.
posted on 2018-01-09 18:14:36 +0000
Alpha to Live is not a linear progression
I’ve always felt like the diagram that shows the linear progression of a project from discovery through to live, which GDS constructed to demonstrate the lifecycle of an agile project had a pretty critical mistake in it.
posted on 2017-11-06 21:22:46 +0000
Malware, Cyber Attacks and the problem of patching
According to news reports, the UK, among over 90 other countries has just been hit by a large malware campaign which has taken down various services, including a number of health based services.
posted on 2017-05-13 08:06:57 +0000
Agile and Lean, what’s the difference?
A schoolteacher friend asked recently whether I knew anything about Agile, and whether any of those agile or lean methods would work for helping to organise projects and people in an education environment.
posted on 2017-02-24 10:27:53 +0000
What I mean when I say ‘Digital Transformation’
Digital transformation is what I’ve been doing for over 3 years in Government.
posted on 2016-10-18 22:04:09 +0000
Build pipelines, deployment, and immutable artifacts
What is the best way to build your code? How can you ensure repeatable deploys? What does build and deployment look like in a devops, continuous delivery kind of world?
posted on 2016-08-23 23:18:42 +0000
Making a flap at Electromagnetic Field
I lost — again!
posted on 2016-08-09 22:03:49 +0000
The Inverse Conway Manoeuvre and Security
If you want security to be taken seriously by your development team, then you need to deliberately adjust your organisational structure to ensure that security not in a silo by itself, but instead considered part of the team.
posted on 2015-11-02 12:42:46 +0000
Should I allow different languages or runtimes in my organisation?
One of the much vaunted benefits of microservices is the claim of heterogeneous development environments. Because we agree that microservices should interact via well known or standardised protocols (like HTTP, Thrift, RPC), it means that different microservices can be written in completely different technology stacks.
posted on 2015-04-04 23:09:00 +0000
The real benefit of Agile
What is the point of doing agile development? We’re told that we will be more efficient, higher quality software that matches what the user wants, but is that really the best reason to do it?
posted on 2014-06-24 07:11:00 +0000
What are microservices and why are they important
Part of the problem with the debate around microservices is that we aren’t always arguing about the same definition of microservice, probably because not enough of them have read James Lewis’s defining post on microservices. So when two people disagree on the implementation details of the microservice, they can be speaking at cross purposes because they haven’t agreed what they are talking about.
posted on 2014-05-21 20:47:34 +0000
Database migrations done right
The rule is simple. You should never tie database migrations to application deploys or vice versa. By minimising dependencies you enable faster, easier and cleaner deployments
posted on 2014-05-06 19:20:24 +0000
Dev, Ops and Business Value
I find myself increasingly being worried about the way that us technologists view our value to the organisations that we work in. Part of that is a strong lack of understanding of the purpose of the business and an over identification of technology and technology choices to the value of an organisation.
posted on 2014-05-03 09:00:00 +0000
Scale Camp - A Brief History
In organising the upcoming Scale Summit unconference, I’ve been reflecting on the history of Scale Camp, and what the purpose and point of running these events was to me.
posted on 2014-01-31 09:44:23 +0000
2013 In Review
It’s the new year, and as should be typical, it’s probably time to write an update on my blog about what I’ve done this year.
posted on 2013-12-31 18:56:10 +0000
The medium of fear
Writers Block by flickr.com/PhotoSteve101
posted on 2013-08-05 22:54:39 +0000
Prism and NSA Spying: why I don't (entirely) believe it.
[EDIT: Note, I have absolutely no inside knowledge here whatsoever. I haven’t seen anything except via the stuff the Guardian has published publically.] You may have read this morning that the Guardian and the Washington Post announced that they had an authenticated NSA training presentation on PRISM which claimed that they had access to multiple large companies servers and were able to spy on any and all communications.
posted on 2013-06-07 12:10:02 +0000
A return to form for Google IO
Google IO Keynote was watched by nearly a million people, six thousand of them in the auditorium, and the sense of disappointment in some cases was palpable.
posted on 2013-05-18 10:16:10 +0000
Learning management skills as a developer
I’m embarking on a program to build up my management skills and learn more about what the business that I work in actually does. To achieve that I’m reading some classic management books. Why?? Because I’ve realised that I have a hole in my education. I know surprisingly little about Sales and Marketing; Business Management, Facility management; Supply chains; procurement and the various other things that happen in a business. I’m trying to fix that, and I’m trying to build respect for the people in my organisation who do those jobs.
posted on 2013-04-30 13:32:13 +0000
Bad Conference Speakers
Are you at a conference and bored? Do you start using the backchannel to start sniping at the presenters taste in clothing, presentation background, or speech idiosyncrasies? What you should be doing is asking yourself one very important question - What is this presenter doing that is not keeping your attention, or rather what could they do to keep your attention? See as a sometime presenter I find myself analysing what good and poor presenters do. I find myself looking to see what is irritating me, whether it be the presenters suit, or the way she keeps swearing, or the number of times he says “Um”.
posted on 2012-11-17 11:07:05 +0000
Securing web cookies with signatures
How can you authenticate a user in a web system with a “Shared-Nothing” architecture when you are not sure what webserver you’ll come back to for any given request?
posted on 2012-11-08 23:38:14 +0000
Pragmatic Coding
At its core, pragmatic development is about getting code written, getting it deployed and getting it out there. Pragmatism should lead us towards minimum viable products, and releasing the minimum that we do have as early as possible to garner the quickest and best feedback.
posted on 2012-11-04 22:21:33 +0000
Functionally Pragmatic
I was lucky enough to give the keynote at FP Days Cambridge last week, where I was able to wax enthusiastically about functional programming and the future of software development.
posted on 2012-11-03 23:15:46 +0000
HTTP Status Codes and APIs: how the Guardian's Content API does it
We’ve managed to build up a certain amount of experience over the last few years with building API’s.
During the building of our latest Content, Identity and Discussion systems, we realised that we have learnt some things that are worth sharing, especially since the reasoning behind these common practices might not be as well understood.
Today’s story is about why calling our Content API in JSONP format results in a 200 OK response for invalid urls, and why we littered our json response with a seemingly pointless status field.
posted on 2012-08-02 13:31:35 +0000
A geek's diet plan
So I’ve been getting a little rotund of belly of late, and my family had started making jokes about my waistline and the jelly like qualities of my stomach.
I’m not terribly keen on this for all the reasons that you might expect, but I’ve been putting it down to lack of exercise (I do about 15 minutes walking to a from work every day, that’s it), and a natural aging spread effect.
This leaves me only three choices, join a gym, start a diet or accept being that fat geek!
posted on 2012-04-09 14:57:47 +0000
What is DevOps not?
I’ve spent the last two weeks at conferences, and for some reason people keep assuming that I work in operations. I can kind of understand why, but it’s also started a number of conversations about DevOps, and the complete misunderstanding of the term. It seems that DevOps is a confusing movement for people, and lots of people are assuming that some of the practices that might come with organisations embracing DevOps are themselves what make you DevOps.
Defining what devops is can be hard, so instead I thought I’d feature a few of the things that devops isn’t.
posted on 2012-03-13 12:13:14 +0000
Tech Weekly podcast: when books go social
Charles Arthur meets the man behind Anobii.com, a social network for your bookshelf. Plus the curious case of Rupert Murdoch and Wendi Deng’s Twitter accounts. Are they real?
posted on 2012-01-09 11:20:16 +0000
Map, map and flatMap in Scala
One of the things I like about Scala is it’s collections framework. As a non CS graduate I only very lightly covered functional programming at university and I’d never come across it until Scala. One the benefits of Scala is that the functional programming concepts can be introduced slowly to the programmer. One of the first places you’ll start to use functional constructs is with the collections framework.
posted on 2011-12-02 10:56:39 +0000
Annoyed by Guardian Facebook app?
Are your friends sharing links to the Guardian Facebook app in their twitter feeds but you don’t use Facebook and want to see the original guardian page?
posted on 2011-11-12 15:26:26 +0000
Adding Google Plus redirect to your Nginx powered site
A quick one, this morning I’ve added the plus url to my website, so http://www.brunton-spall.co.uk/+ now redirects to my Google+ profile.
posted on 2011-11-12 12:55:02 +0000
Identifiers are not numbers
“I am not a number, I am a free man”
posted on 2011-09-24 12:13:14 +0000
Scala, lazy collections, streams and recursion
I’m currently rewriting the deployment system at the guardian in Scala, and although I’d say I know Scala, I’m learning lots of things as we go. I’m lucky enough to be pairing with Graham Tackley, our platform team lead and someone who knows Scala far better than I do, and this means that we often write a bit of code, then go back and improve it and so forth.
posted on 2011-09-01 17:08:22 +0000
Google+ - A gentle introduction
So a couple of days ago Google launched Google+, a product that did not slip out quietly it seems despite Google’s intentions.
posted on 2011-07-01 21:48:59 +0000
Google's Chrome browser hits 160m users - but what does it mean for the web?
Search giant’s browser gets automatically updated, yet there’s a hint that it might be shifting towards the territory that made Internet Explorer so divisive
posted on 2011-06-14 12:30:38 +0000
Clearing up some myths about AV
I’ve been thinking about the AV question a lot recently, partly because it’s happening here and now, partly because it’s naturally been the talk of the office and partly because I find the whole area quite fascinating.
posted on 2011-04-28 00:10:24 +0000
Failure at scale
When you launch a high profile website, it sometimes will spectacularly fail for reasons of scale. Since this is an area of professional interest I thought I’d have a look to see whether there was anything obvious, and it was apparent that the developers didn’t appear to think at scale (and still haven’t fixed the issues).
posted on 2011-02-04 14:01:16 +0000
Packaging and deploying python web apps
I love python. I have really started to get into python in a big way since I was a beta tester for Google’s App Engine, and I’ve used it for a number of production projects now. It is probably my go to quick language.
posted on 2011-01-26 21:30:51 +0000
New tweet button on guardian.co.uk
We’ve made some changes to improve how the tweet button on guardian.co.uk works
posted on 2011-01-25 16:10:27 +0000
How to tighten up your passwords
The hijacking by hackers of US gossip site Gawker is a timely reminder to check your internet security
posted on 2011-01-25 12:10:22 +0000
Announcing Scale Camp 2010
On December 10th 2010 we will be hosting Scale Camp 2010, a chance for people interested in scaling and performance to get together and chat.
posted on 2010-12-09 12:08:03 +0000
Interview Questions, The XOR trick, and why you should just say No
So I’m going to talk about the XOR trick, but first I’m going to say where I came across it.
posted on 2010-09-07 10:46:29 +0000
Stack traces in production
There have been a number of incidents recently where a public website I've been using has gone wrong shown me a nice server provided stack trace on the screen. The most recent of these examples was the Cineworld website.
posted on 2010-08-03 18:19:02 +0000
Using Twitter @Anywhere – An introduction
Note: This post was written when this blog was hosted on a custom written blog engine. I’ve since moved back to wordpress so some details refering to this site may no longer be accurate. - MBS
posted on 2010-04-14 22:40:54 +0000
PyCharm – First Impressions
Did you see my link a few days ago, about PyCharm being released by JetBrains? I hope so because it is a very interesting IDE for python and django developers.
posted on 2010-02-03 17:48:56 +0000
The end of a year and a decade
So as 2009 draws to a close, I look back over the year and consider what has happened. With this being the end of the decade for everyone but pedants (that will be another year yet), I've also thought about the previous decade.
posted on 2010-01-01 15:13:46 +0000
Regular Expressions
I'm not a big fan of regular expressions. They can be powerful, but for anything remotely complicated they can be a nightmare to maintain and re-read. I had an idea recently for an easy to use chaining regular expression building library but I can't find anybody doing it, so I've created one myself.
posted on 2009-12-18 22:57:30 +0000
Boring Conference Sessions
What do you do when you are at a conference and bored? Do you start using the backchannel to start sniping at the presenters taste in clothing, presentation background, or speech idiosyncrinisities? I've seen this at a number of conferences and I find this to be extremely unprofessional behaviour, especially in a public forum. If you see my twitter feed, you will see that I might object to the content of a presentation, for example my dislike of Objective-C as a language. However to object to a presentation because of the presenters choice of words to describe a fuzzy topic, or the quality of photography in their slides as I saw at a recent conference, is the epitome of rudeness. When somebody who is an expert in their field, has given up their time to attempt to share with you, picking holes in the format of the message rather than the content of the message is small-minded and rude.
posted on 2009-11-10 15:24:28 +0000
Introducing Scale Camp
I've been to a fair few conferences recently, and something that has struck me is the large number of people who are dealing with similar issues. How to deal with large numbers of users. how to scale their website to handle peak loads, how to identify what capacity they have for peak loads and so on. The problem here is that although people are talking about it at conferences, and there are a few books around, there isn't anything dedicated entirely to performance and scalability. The only thing I could find was the Velocity conference, run by O'Reilly over in the states, but over here in London? Nothing that I could find.
posted on 2009-11-04 16:56:49 +0000
Javascript libraries and offline support
A quick one here. I develop most of the functionality to this website when I am offline on the train. I wanted to use the jQuery library on my website, and the most performant way of doing so is to use Googles javascript mirror. (Yes I know about the privacy implications). However that doesn't work offline, rendering my website into non-jquery mode and making it a bugger to implement jquery features.
posted on 2009-10-26 19:49:17 +0000
Christian Voice, Stephen Gately and missing the point
I am a christian and I am proud of the fact. My faith makes it clear that I should be willing to share my faith whenever and wherever I can, but sometimes that can be made hard. Not because of beligerant athiests (most of the most hardcore athiests I know are lovely) but because there are some supposedly Christian organisations that portray the Christian faith in such a bad light that it makes me feel ashamed to be branded as a Christian.
posted on 2009-10-21 12:52:20 +0000
Facebook Connect and Identity
The more I think about Facebook Connect and identity the more worried I get. Lets start with my basic premise, your online identity is much too valuable to be controlled by a single company. We've been there before, we've seen what happens to the internet when a core technology is controlled by a single company, and Internet Explorer 6 was the result.
posted on 2009-10-19 23:45:48 +0000
Some new features
So I've finally added a couple of new features, so thought I'd pop up a quick explanation of what I did and why.
posted on 2009-10-10 01:07:18 +0000
Building a personal website
One of the requested articles on this site was a comprehensive diary of what went into building this website, and why I did so. Since for shits and giggles wasn't exactly the answer you wanted, I thought I'd elucidate on why I built this and how I went about it.
posted on 2009-10-09 23:18:57 +0000
Future of Web Apps - day two
So what was the highlight of the second day of FOWA for me? Believe it or not the marketing stuff. We were exhorted, repeatedly, that listening to your customers is the most important thing in business. Something that I've forgotten, and something that can be applied to all areas of Software Development. The customer is king, fail to understand what he/she wants and you may as well be building sandcastles for all the good it will do when the tide comes in.
posted on 2009-10-06 21:28:03 +0000
Future of Web Apps - day one
So today I've been down to London to attend the Future of Web Apps conference, and it has been a fascinating day for me.
posted on 2009-10-01 22:44:45 +0000
Welcome to turning 30
Most people for their 30th birthday do something to recapture their youth. I went paintballing and created this site.
posted on 2009-09-28 19:52:30 +0000