Michael Brunton-Spall     About     Archive     Feed


Using AWS Workspaces to control access to documents

I’ve recently worked on a project where we had to have some documents that needed to be kept reasonably secure, and on the clients computers for our project. We needed our developers to have some access to the documents, to visually inspect them, and to be able to run code on them, but we didn’t want the developers to have copies on their local laptops or computers.

posted on 2020-04-28 10:00:00 +0000

What is legal basis under GDPR?

In a conversation the other day, I was trying to explain why some data couldn’t be collected and processed under “legitimate interests”. I wrote the following to try to outline the different types of legal basis that data can be collected or processed.

posted on 2019-02-25 12:39:45 +0000

Brexit and data transfers

Post brexit, there may or may not be a problem with data being transferred across borders. But all of the guidance and people talking about this seem to have some very confused concepts of terms and the processes involved, making it really hard to get clear guidance for organisations.

posted on 2019-02-21 16:10:15 +0000

Discovery, Alpha, Beta, Live… Part 2

This seems to have come up again, with discussions about what the purpose of a discovery, alpha beta actually is, and when you should build your MVP.

posted on 2018-12-09 12:00:42 +0000

Getting started in programming with Advent of Code and Python

Have you always wanted to program? Have you been interested in the dark and mysterious ways of development? Maybe you’ve done some reading, done a bit of practice, but haven’t been able to find the motivation or the right kind of thing?

posted on 2018-12-03 10:47:29 +0000

The basics are sometimes the hardest things

If only we could apply patches, then we could do more interesting security work.

posted on 2018-11-07 23:06:44 +0000

Nudge or strategy?

Should you nudge your users into better behaviour, a small microaction at a time or do you need large sweeping changes to change behaviours?

posted on 2018-11-06 20:49:23 +0000

Language forms mental furrows

When I worked at GDS, I worked with a lot of people who got very specific about their language. We talked about users, not customers; user needs not requirements and clear plain english where possible.

posted on 2018-11-06 01:14:10 +0000

Organisations are made of people

Does Google value your privacy? How about Facebook? Your bank cares about you we are told.

posted on 2018-11-04 22:23:01 +0000

Build and Deploy are different concerns

You’ve spent days crafting the perfect bit of code, and you are ready to put it in front of real users.

posted on 2018-11-03 23:39:41 +0000

Bimodal isn’t a dirty word

“I said bimodal in a meeting and I feel dirty”

posted on 2018-11-02 22:56:42 +0000

The tyranny of the service desk

“Have you raised a ticket for that?”

posted on 2018-11-01 12:24:11 +0000

Security concerns with platforms and services in the cloud

When we talk about using SaaS or PaaS (or IaaS or even the new Serverless or FunctionAsAService, FaaS) it’s important that we understand that security concerns change.

posted on 2018-07-02 16:30:55 +0000

A vision for the future of GDS

There’s been a lot written about the death of GDS or the decline of GDS, but very little of it seem to be articulate what GDS should stand for, what it should be doing and how it should go about it.

posted on 2018-02-27 15:20:20 +0000

Dealing with major security issues

So a few days ago, a new vulnerability, yet again with interesting names, Meltdown (pdf) and Spectre (pdf) was announced.

posted on 2018-01-09 18:14:36 +0000

Alpha to Live is not a linear progression

I’ve always felt like the diagram that shows the linear progression of a project from discovery through to live, which GDS constructed to demonstrate the lifecycle of an agile project had a pretty critical mistake in it.

posted on 2017-11-06 21:22:46 +0000

Malware, Cyber Attacks and the problem of patching

Network Rack by Kev
Network Rack by Kev

According to news reports, the UK, among over 90 other countries has just been hit by a large malware campaign which has taken down various services, including a number of health based services.

posted on 2017-05-13 08:06:57 +0000

Agile and Lean, what’s the difference?

A schoolteacher friend asked recently whether I knew anything about Agile, and whether any of those agile or lean methods would work for helping to organise projects and people in an education environment.

posted on 2017-02-24 10:27:53 +0000

What I mean when I say ‘Digital Transformation’

Digital transformation is what I’ve been doing for over 3 years in Government.

posted on 2016-10-18 22:04:09 +0000

Build pipelines, deployment, and immutable artifacts

What is the best way to build your code? How can you ensure repeatable deploys? What does build and deployment look like in a devops, continuous delivery kind of world?

posted on 2016-08-23 23:18:42 +0000

Making a flap at Electromagnetic Field

I lost — again! I lost — again!

posted on 2016-08-09 22:03:49 +0000

The Inverse Conway Manoeuvre and Security

If you want security to be taken seriously by your development team, then you need to deliberately adjust your organisational structure to ensure that security not in a silo by itself, but instead considered part of the team.

posted on 2015-11-02 12:42:46 +0000

Should I allow different languages or runtimes in my organisation?

Networking by jairoagua
Networking by jairoagua

One of the much vaunted benefits of microservices is the claim of heterogeneous development environments. Because we agree that microservices should interact via well known or standardised protocols (like HTTP, Thrift, RPC), it means that different microservices can be written in completely different technology stacks.

posted on 2015-04-04 23:09:00 +0000

The real benefit of Agile

Agile vs. Prince2 by Matthew Hutchinson
Agile vs. Prince2 by Matthew Hutchinson

What is the point of doing agile development? We’re told that we will be more efficient, higher quality software that matches what the user wants, but is that really the best reason to do it?

posted on 2014-06-24 07:11:00 +0000

What are microservices and why are they important

Microservices Architecture by Michael Brunton-Spall
Microservices Architecture by Michael Brunton-Spall

Part of the problem with the debate around microservices is that we aren’t always arguing about the same definition of microservice, probably because not enough of them have read James Lewis’s defining post on microservices. So when two people disagree on the implementation details of the microservice, they can be speaking at cross purposes because they haven’t agreed what they are talking about.

posted on 2014-05-21 20:47:34 +0000

Database migrations done right

Migration by ashokbaghani
Migration by ashokbaghani

The rule is simple. You should never tie database migrations to application deploys or vice versa. By minimising dependencies you enable faster, easier and cleaner deployments

posted on 2014-05-06 19:20:24 +0000

Dev, Ops and Business Value

Thinkin' about the code by Ed Yourden
Thinkin' about the code by Ed Yourden

I find myself increasingly being worried about the way that us technologists view our value to the organisations that we work in. Part of that is a strong lack of understanding of the purpose of the business and an over identification of technology and technology choices to the value of an organisation.

posted on 2014-05-03 09:00:00 +0000

Scale Camp - A Brief History

Scale Camp Attendees by Adewale Oshineye
Scale Camp Attendees by Adewale Oshineye

In organising the upcoming Scale Summit unconference, I’ve been reflecting on the history of Scale Camp, and what the purpose and point of running these events was to me.

posted on 2014-01-31 09:44:23 +0000

2013 In Review


It’s the new year, and as should be typical, it’s probably time to write an update on my blog about what I’ve done this year.

posted on 2013-12-31 18:56:10 +0000

The medium of fear

Writers Block by flickr.com/PhotoSteve101  Writers Block by flickr.com/PhotoSteve101 

posted on 2013-08-05 22:54:39 +0000

Prism and NSA Spying: why I don't (entirely) believe it.

Prism by Tim Cummins
Prism by Tim Cummins

[EDIT: Note, I have absolutely no inside knowledge here whatsoever. I haven’t seen anything except via the stuff the Guardian has published publically.] You may have read this morning that the Guardian and the Washington Post announced that they had an authenticated NSA training presentation on PRISM which claimed that they had access to multiple large companies servers and were able to spy on any and all communications.

posted on 2013-06-07 12:10:02 +0000

A return to form for Google IO

Google IO Glass Office Hours - By Fumi
Google IO Glass Office Hours - By Fumi

Google IO Keynote was watched by nearly a million people, six thousand of them in the auditorium, and the sense of disappointment in some cases was palpable.

posted on 2013-05-18 10:16:10 +0000

Learning management skills as a developer

Flow by vankuso
Flow by vankuso

I’m embarking on a program to build up my management skills and learn more about what the business that I work in actually does. To achieve that I’m reading some classic management books. Why?? Because I’ve realised that I have a hole in my education. I know surprisingly little about Sales and Marketing; Business Management, Facility management; Supply chains; procurement and the various other things that happen in a business. I’m trying to fix that, and I’m trying to build respect for the people in my organisation who do those jobs.

posted on 2013-04-30 13:32:13 +0000

Bad Conference Speakers

Michael Brunton-Spall speaking at BASE by Dave Briccetti
Michael Brunton-Spall speaking at BASE by Dave Briccetti

Are you at a conference and bored? Do you start using the backchannel to start sniping at the presenters taste in clothing, presentation background, or speech idiosyncrasies? What you should be doing is asking yourself one very important question - What is this presenter doing that is not keeping your attention, or rather what could they do to keep your attention? See as a sometime presenter I find myself analysing what good and poor presenters do. I find myself looking to see what is irritating me, whether it be the presenters suit, or the way she keeps swearing, or the number of times he says “Um”.

posted on 2012-11-17 11:07:05 +0000

Securing web cookies with signatures

cookie for elsa by Marshsu
cookie for elsa by Marshsu

How can you authenticate a user in a web system with a “Shared-Nothing” architecture when you are not sure what webserver you’ll come back to for any given request?

posted on 2012-11-08 23:38:14 +0000

Pragmatic Coding

YIP day 231 by auntiep
YIP day 231 by auntiep

At its core, pragmatic development is about getting code written, getting it deployed and getting it out there.  Pragmatism should lead us towards minimum viable products, and releasing the minimum that we do have as early as possible to garner the quickest and best feedback.

posted on 2012-11-04 22:21:33 +0000

Functionally Pragmatic

Michael Brunton-Spall by Adewale Oshineye
Michael Brunton-Spall by Adewale Oshineye

I was lucky enough to give the keynote at FP Days Cambridge last week, where I was able to wax enthusiastically about functional programming and the future of software development.

posted on 2012-11-03 23:15:46 +0000

HTTP Status Codes and APIs: how the Guardian's Content API does it

We’ve managed to build up a certain amount of experience over the last few years with building API’s.
During the building of our latest Content, Identity and Discussion systems, we realised that we have learnt some things that are worth sharing, especially since the reasoning behind these common practices might not be as well understood.

Today’s story is about why calling our Content API in JSONP format results in a 200 OK response for invalid urls, and why we littered our json response with a seemingly pointless status field.

posted on 2012-08-02 13:31:35 +0000

A geek's diet plan

So I’ve been getting a little rotund of belly of late, and my family had started making jokes about my waistline and the jelly like qualities of my stomach.

I’m not terribly keen on this for all the reasons that you might expect, but I’ve been putting it down to lack of exercise (I do about 15 minutes walking to a from work every day, that’s it), and a natural aging spread effect.

This leaves me only three choices, join a gym, start a diet or accept being that fat geek!

posted on 2012-04-09 14:57:47 +0000

What is DevOps not?

I’ve spent the last two weeks at conferences, and for some reason people keep assuming that I work in operations. I can kind of understand why, but it’s also started a number of conversations about DevOps, and the complete misunderstanding of the term. It seems that DevOps is a confusing movement for people, and lots of people are assuming that some of the practices that might come with organisations embracing DevOps are themselves what make you DevOps.

Defining what devops is can be hard, so instead I thought I’d feature a few of the things that devops isn’t.

posted on 2012-03-13 12:13:14 +0000

Tech Weekly podcast: when books go social

Charles Arthur meets the man behind Anobii.com, a social network for your bookshelf. Plus the curious case of Rupert Murdoch and Wendi Deng’s Twitter accounts. Are they real?

posted on 2012-01-09 11:20:16 +0000

Map, map and flatMap in Scala

Scala (stairs) by Paolo Campioni
Scala (stairs) by Paolo Campioni

One of the things I like about Scala is it’s collections framework. As a non CS graduate I only very lightly covered functional programming at university and I’d never come across it until Scala. One the benefits of Scala is that the functional programming concepts can be introduced slowly to the programmer. One of the first places you’ll start to use functional constructs is with the collections framework.

posted on 2011-12-02 10:56:39 +0000

Annoyed by Guardian Facebook app?

Are your friends sharing links to the Guardian Facebook app in their twitter feeds but you don’t use Facebook and want to see the original guardian page?

posted on 2011-11-12 15:26:26 +0000

Adding Google Plus redirect to your Nginx powered site

A quick one, this morning I’ve added the plus url to my website, so http://www.brunton-spall.co.uk/+ now redirects to my Google+ profile.

posted on 2011-11-12 12:55:02 +0000

Identifiers are not numbers

“I am not a number, I am a free man”

posted on 2011-09-24 12:13:14 +0000

Scala, lazy collections, streams and recursion

I’m currently rewriting the deployment system at the guardian in Scala, and although I’d say I know Scala, I’m learning lots of things as we go.  I’m lucky enough to be pairing with Graham Tackley, our platform team lead and someone who knows Scala far better than I do, and this means that we often write a bit of code, then go back and improve it and so forth.

posted on 2011-09-01 17:08:22 +0000

Google+ - A gentle introduction

So a couple of days ago Google launched Google+, a product that did not slip out quietly it seems despite Google’s intentions.

posted on 2011-07-01 21:48:59 +0000

Google's Chrome browser hits 160m users - but what does it mean for the web?

Search giant’s browser gets automatically updated, yet there’s a hint that it might be shifting towards the territory that made Internet Explorer so divisive

posted on 2011-06-14 12:30:38 +0000

Clearing up some myths about AV

I’ve been thinking about the AV question a lot recently, partly because it’s happening here and now, partly because it’s naturally been the talk of the office and partly because I find the whole area quite fascinating.

posted on 2011-04-28 00:10:24 +0000

Failure at scale

Snap of the front page of police.uk
When you launch a high profile website, it sometimes will spectacularly fail for reasons of scale.  Since this is an area of professional interest I thought I’d have a look to see whether there was anything obvious, and it was apparent that the developers didn’t appear to think at scale (and still haven’t fixed the issues).

posted on 2011-02-04 14:01:16 +0000

Packaging and deploying python web apps

I love python. I have really started to get into python in a big way since I was a beta tester for Google’s App Engine, and I’ve used it for a number of production projects now. It is probably my go to quick language.

posted on 2011-01-26 21:30:51 +0000

New tweet button on guardian.co.uk

We’ve made some changes to improve how the tweet button on guardian.co.uk works

posted on 2011-01-25 16:10:27 +0000

How to tighten up your passwords

The hijacking by hackers of US gossip site Gawker is a timely reminder to check your internet security

posted on 2011-01-25 12:10:22 +0000

Announcing Scale Camp 2010

On December 10th 2010 we will be hosting Scale Camp 2010, a chance for people interested in scaling and performance to get together and chat.

posted on 2010-12-09 12:08:03 +0000

Interview Questions, The XOR trick, and why you should just say No

So I’m going to talk about the XOR trick, but first I’m going to say where I came across it.

posted on 2010-09-07 10:46:29 +0000

Stack traces in production

There have been a number of incidents recently where a public website I've been using has gone wrong shown me a nice server provided stack trace on the screen.  The most recent of these examples was the Cineworld website.

posted on 2010-08-03 18:19:02 +0000

Using Twitter @Anywhere – An introduction

Note: This post was written when this blog was hosted on a custom written blog engine.  I’ve since moved back to wordpress so some details refering to this site may no longer be accurate. - MBS

posted on 2010-04-14 22:40:54 +0000

PyCharm – First Impressions

Did you see my link a few days ago, about PyCharm being released by JetBrains?  I hope so because it is a very interesting IDE for python and django developers.

posted on 2010-02-03 17:48:56 +0000

The end of a year and a decade

So as 2009 draws to a close, I look back over the year and consider what has happened.  With this being the end of the decade for everyone but pedants (that will be another year yet), I've also thought about the previous decade.

posted on 2010-01-01 15:13:46 +0000

Regular Expressions

I'm not a big fan of regular expressions.  They can be powerful, but for anything remotely complicated they can be a nightmare to maintain and re-read.  I had an idea recently for an easy to use chaining regular expression building library but I can't find anybody doing it, so I've created one myself.

posted on 2009-12-18 22:57:30 +0000

Boring Conference Sessions

What do you do when you are at a conference and bored?  Do you start using the backchannel to start sniping at the presenters taste in clothing, presentation background, or speech idiosyncrinisities?  I've seen this at a number of conferences and I find this to be extremely unprofessional behaviour, especially in a public forum.  If you see my twitter feed, you will see that I might object to the content of a presentation, for example my dislike of Objective-C as a language.  However to object to a presentation because of the presenters choice of words to describe a fuzzy topic, or the quality of photography in their slides as I saw at a recent conference, is the epitome of rudeness. When somebody who is an expert in their field, has given up their time to attempt to share with you, picking holes in the format of the message rather than the content of the message is small-minded and rude.

posted on 2009-11-10 15:24:28 +0000

Introducing Scale Camp

I've been to a fair few conferences recently, and something that has struck me is the large number of people who are dealing with similar issues.  How to deal with large numbers of users. how to scale their website to handle peak loads, how to identify what capacity they have for peak loads and so on.  The problem here is that although people are talking about it at conferences, and there are a few books around, there isn't anything dedicated entirely to performance and scalability.  The only thing I could find was the Velocity conference, run by O'Reilly over in the states, but over here in London?  Nothing that I could find.

posted on 2009-11-04 16:56:49 +0000

Javascript libraries and offline support

A quick one here.  I develop most of the functionality to this website when I am offline on the train.  I wanted to use the jQuery library on my website, and the most performant way of doing so is to use Googles javascript mirror. (Yes I know about the privacy implications).  However that doesn't work offline, rendering my website into non-jquery mode and making it a bugger to implement jquery features.

posted on 2009-10-26 19:49:17 +0000

Christian Voice, Stephen Gately and missing the point

I am a christian and I am proud of the fact.  My faith makes it clear that I should be willing to share my faith whenever and wherever I can, but sometimes that can be made hard.  Not because of beligerant athiests (most of the most hardcore athiests I know are lovely) but because there are some supposedly Christian organisations that portray the Christian faith in such a bad light that it makes me feel ashamed to be branded as a Christian.

posted on 2009-10-21 12:52:20 +0000

Facebook Connect and Identity

The more I think about Facebook Connect and identity the more worried I get.  Lets start with my basic premise, your online identity is much too valuable to be controlled by a single company.  We've been there before, we've seen what happens to the internet when a core technology is controlled by a single company, and Internet Explorer 6 was the result.

posted on 2009-10-19 23:45:48 +0000

Some new features

So I've finally added a couple of new features, so thought I'd pop up a quick explanation of what I did and why.

posted on 2009-10-10 01:07:18 +0000

Building a personal website

One of the requested articles on this site was a comprehensive diary of what went into building this website, and why I did so.  Since for shits and giggles wasn't exactly the answer you wanted, I thought I'd elucidate on why I built this and how I went about it.

posted on 2009-10-09 23:18:57 +0000

Future of Web Apps - day two

So what was the highlight of the second day of FOWA for me?  Believe it or not the marketing stuff.  We were exhorted, repeatedly, that listening to your customers is the most important thing in business.  Something that I've forgotten, and something that can be applied to all areas of Software Development.  The customer is king, fail to understand what he/she wants and you may as well be building sandcastles for all the good it will do when the tide comes in. 

posted on 2009-10-06 21:28:03 +0000

Future of Web Apps - day one

So today I've been down to London to attend the Future of Web Apps conference, and it has been a fascinating day for me.

posted on 2009-10-01 22:44:45 +0000

Welcome to turning 30

Most people for their 30th birthday do something to recapture their youth. I went paintballing and created this site.

posted on 2009-09-28 19:52:30 +0000