Nothing Ventured ...

More in a couple of days ...

The Road to 3:45

Tomorrow is race day. It's the Royal Parks Half Marathon. The last time I ran that distance was in Windsor Great Park in the run up to the New York Marathon in late 2006. I finished the Windsor run in a relatively poor time for me - 1:58 I think - and went on to run NY in 3:58, which felt pretty good. I didn't run the Great North last week, although I'd half intended to - a friend had some spare tickets but in the end he didn't go and so I didn't either.

I'd be happy with 1:58 for the run tomorrow, or even 2:08. I haven't yet got back into full training and recent pressures mean that there just hasn't been the time to get more than 1 or sometimes 2 runs a week in.

I'm going to go out optimistically though and will even wear my 1:50 pace bracelet. Race days bring out the best in most of us perhaps, so I might as well shoot for a quicker time, knowing that getting round will be pretty good given that I've barely run in the last 2 years.

I'm certainly hoping not to look like the guy at left, who plainly could have done with a little Paula Radcliffe decorum - at least she stopped and went by the side of the road.

The real point of the run tomorrow though is as part of the preparation for the London Marathon on April 24th 2009. That's a good 200 days away so I have plenty of time to get fit, get damaged or get good. Hopefully fit and good.

It will be 10 years next year since I ran my first marathon and I'm hoping to get back to the kind of time I could run then when whilst obviously 10 years younger I was a good few pounds lighter too. 3:45 would be great. I'm hankering after 3:30 but will see how that looks the nearer I get.

In the run up to previous marathons, time pressures have meant that I've run lots of 6.25km loops - 25 or 30 even - and very few long runs, maybe twice over 30km. To get to 3:45 or better, I've resolved I'm going to have to get some longer runs in more regularly - so plenty of 12km and 15km loops and then at least 3, maybe 4 runs over 3 hours. Pressures of work mean that this looks too optimistic right now, but we'll see how things go - if I can get a couple of early morning runs in and then a long one most weekends, that might make the difference.

I'll post here how I get on - a few commenters have expressed interest in how I'm getting on, so apologies for being silent on that.

All Quiet in e-Gov Land

There have been a bunch of comments (ok, a couple - maybe even from the same person) and more than a few emails asking what's going on in e-Gov land. Why ask me I wonder but then I remember that this was originally in an e-government blog even if it is has more recently morphed into tales (tails?) of fish, running fun and religion to name but a few recent topics. Others have mailed me with things I should write about, and it seems churlish not to oblige.

First, something that fair warmed the cockles of my heart. I needed a .gov domain name the other day and I was pretty keen on having a top level one all of my own to match the name of a shiny project. Let's say I wanted "shinyproject.gov.uk". "Oh no!" said the domain name registrars, "can't be letting you have one of those". Instead they insisted that I have shinyproject.governmentdepartment.gov.uk. That is a good sign. A sign that domain names are not being given out like candy now and maybe even that new websites aren't being set up every week with stinking great content management systems proliferating. I haven't seen the total domain count for a long time, nor much information on progress on killing off .gov websites, but I hope that the latter is succeeding and the former is falling fast. As to CMS proliferation, I expect money is too tight to allow such fun.

Second, there's a new kind of consultation in town. A bit of history first:

Back in 2001 we used to do online consultations within ukonline.gov.uk - we'd post the documents and, I think, even allow comments to be made on the site - certainly via email. We dropped the idea not long after (as we did with discussion forums) because of lack of traffic (although in the case of the forums it was because the moderation job just became too great with endless homophobic, anti-semitic, anti-pretty much anyone that wasn't the person commenting points). Others took on the commentary job. CommentOnThis is certainly the best although it took seems to suffer from traffic problems - few people want to comment on the documents that they're allowed to comment on perhaps.

Alongside this were various efforts: thebigconversation.org which the Department of Health tried in 2001. And I'm pretty sure the Labour Party had something along those lines not all that long ago - maybe even with the same domain name, or a similar one? Hard to tell - the website is now closed. And maybe my memory is faulty anyway. More recently some politicians tried 2020vision.org.uk, which seems to be defunct now.

And now, there's an X-Prize for government - ShowMeTheMoney. No, ShowUsABetterWay.com - when I first saw the domain name I read it as ShowUSABetterWay and wondered if it was something from McCain or Obama. Instead, it's a really neat idea - drawn from Tom Steinberg's Power of Information report for the Cabinet Office. You submit an idea for how to aggregate (mash up in the vernacular) government content to create a useful service and you stand a chance of winning £20,000 - which you'd then use to refine and maybe even develop your idea. Oddly (when read alongside my point above about reducing domain names), if you want to fill in an entry form, you have to go to a completely different domain name - http://www.showusabetterwayentryform.co.uk - that's just weird. Using .co.uk or .com doesn't stop it being a gov website!.

In a brilliant example of joined up government - the Cabinet Office runs the competition and the Ministry of Justice is putting up the money. That's great - and rare, even if it didn't involve money. Kudos. Alongside the BetterWay, MoJ are asking for ideas on how to build democracy - also using a .co.uk domain name (http://www.buildingdemocracy.co.uk/) - It can't be just me that finds that weird, surely? And, if you're quick, you can have one of ten shots at up to £15k in that competition. Reminds me that about 7 or 8 years ago we wanted to incent people to file their tax forms online and suggested that we buy every one who did a lottery ticket - imagine the PR if someone who won the filed their tax online actually won a few million on the lottery! No one liked it and it didn't happen.

To give you some ideas on what you might propose, they give some examples (and a pile of links to places to look for coding ideas too). For instance:

My idea - in fact, an idea that I at least partly purloined, was this (posted here in February 2003)

Matt alerted me back then to something he'd heard about a plan to create an 888 number - just like 999 but for those things that weren't emergencies. That might mean everything from a cat in a tree to a pothole in a road to a zebra crossing light being broken. Nothing has emerged on such a number and, try as I might, I haven't found anything that relates to it. Now, imagine if the 888 service was web, phone, SMS text, DTV and kiosk integrated - so that no matter what level of income you had or what devices you had access to, there would be a way to get to it. People would report issues to the 888 service, all of which would be logged. The output would be a colour coded map of your postcode, your street, your borough, your town or your county, showing the issues being raised in your area. So if a particular road had holes in it and the local people were suitably mad, they'd get together, contact 888 and the map would glow flashing red. The local council seeing that they had a community of interest that was on their case would despatch the road fixers. Take this a little further forward and say there's a 777 service (or maybe still the 888 one) that lets you express concern about fox hunting, people who wear furs, drink driving or whatever ... interest groups could drive their members and supporters to log their point of view via this service and rapidly drive up support (or ant-support) for any given issue. The 777 service could be restricted to topics du jour, it could require authentication (using an anonymous token, as used in voting) to make sure that no-one voted more than once on any issue, for instance.

Oddly, the paragraph above was wrapped in a wider article about consultation around ID cards and whether there was a better way to get more engagement on that topic.

So ... it isn't at all "all quiet in e-Gov land" - there are some busy people, with some good ideas. A trawl through the ideas already posted on BetterWay is worth the few minutes it will take. There are plainly some from the loony end of the idea range (building perhaps on Jeremy Clarkson for PM), but there are plenty that make you go "yeah, that would be good to have". And with the iPhone app store flying along, maybe an interesting platform to provide them on too.

British Summer Time

I rained the Nike+ 10k Human Steeplechase last night. Did I say "rained" ... I meant swam - the puddles were that deep in places - and ran. If they'd given me a bike at 5km they could have called it a triathlon. It's a testament to British hardiness that so many people showed up, despite the weather forecast - I would say pretty near the full complement of 30,000 were there.

At a guess, 50% of the people there hated the concert stuff - they were there to run after all, and the other 50% loved it and stayed near the front of the stage. How often do you get to be 10' from Moby or Pendulum (who?).

But I suspect everyone thought it all dragged on for too long - most people where there well before 6pm and the first runners left the stadium around 7.15pm or even 7.30pm - the last runners probably didn't get out for at least another hour. During the music, the weather was clear. Just as the klaxon to start went off, the heavens opened and the rain fell pretty much non-stop for the rest of the race.

Photo: from the Nike+ website

Outlook, Exchange & Entourage - Moving from PC to Mac

File this in the "I can't believe I haven't done this before" box. I've done it now though. Finally. I've moved my email to a hosted exchange provider. It was simple; far simpler than I'd have imagined.

I set up the service - I use Sherweb - in about 20 minutes across 3 Macs and an iPhone. That didn't include the time to install Office 2008 on one of the Macs - so add 30 minutes or so for doing that if you haven't already done it.

Moving my email from the hard drive of my MacBook Air was as simple as selecting a huge set of it, dragging it and dropping it into my server-based inbox. I had my calendar in iCal so I synced it to the Exchange server and that was done. Contents, from Address Book, ditto.

So if I move Macs later, or even move back to a PC, I guess I'll never have to go through the whole conversion process again, unless I manage to find something that doesn't support exchange - and I really can't see myself doing that anytime soon.

What are the flaws? I haven't found any so far. It just works. That has to be a good sign given if anyone could have found a way to break it, it would have been me.

Ego Sum Ostium

I know that I often link into posts here by the strangest route. I think this hook will qualify as the most unlikely one so far - stranger than wine, Whole Foods Market, poker, Parisian bicycles and so on.

I used to work in Victoria and, most days, walked past Westminster Cathedral. I had never been in. A few weeks ago, walking between offices, I walked past it and thought, "I really should go in." I had fifteen minutes before my next meeting and so went through the door. As you can see from the photo, it's quite unlike your "average" cathedral - this is no St Paul's. St Paul's is one of my favourite buildings in London; one of the things that makes it particularly special is that it was the only cathedral of its era that was designed and built through to completion by the original architect. Strangely, the architect and builder of Wesminster Cathedral died the year before the first service was held, continuing the rarity of seeing it through.

There are three reasons why Westminster Cathedral was built in this Byzantine style (as opposed to the more usual Gothic style):

1. To be completely different from the Gothic style of Protestant cathedrals and, particularly, to contrast with Westminster Abbey which is at the top of the road

2. The structure is based on domes not arches and so allows for relatively open and spacious areas (the nave is 34m high by 18m wide, the largest in the country) within the church - up to 2,000 people, seated, have unobstructed views of the sanctuary

3. Because it can be built more quickly. In effect, the frame goes up quickly and the decoration is left to those who follow.

There's a fourth interesting point for me which may be related to the building style or may not - it's running cost is £1,000,000 a year. That covers all operational costs (not the occasional capital costs for major structural repairs). This church is just over 100 years old and it's going through a small capital repair project now - new electricity, roofing replacement and so on - and they're after about £3,000,000 to do that work.

Putting aside the fact that the UK's Catholic Church is run from this cathedral - a whole religion for a million quid a year! - what got me was two fold: that the operational costs are so low and that they had the foresight, a 100 years ago, to say "We'll build it and let other people add and modify and decorate it later, incrementally". Without major modification, it's stood the test of a 100 years. Show me an IT project that you could say that about even for 5 years.

So I'll pause at this point and ask that anyone reading puts the religious intro to one side - it really was only a lead in, not a point for debate about the merits of any particular religion (or absence of one) - and concentrates on the IT and e-government thread that I continue with:

£1 million doesn't sound a lot. Is it just that once you're in government for a while you start thinking in multiples of £5 million or £10 million? Is it only the true believers - those, say, in MySociety, who can both conceive of, deliver and operate a service for less than £50,000? Is it that a government doesn't take something seriously if it isn't priced in the tens of millions? Or is there some weird risk factor that gets added to cater for inevitable delays, requirement adjustments and re-thinking of specifications?

Why I'm on this point is that over the last few years I've been brought into several projects - and not just in UK government but other governments around the world and in private sector organisations - or seen projects from a moderate distance, that shared a few characteristics:

1. Capital spend was largely complete versus the original budget (and, in a few cases, spend was in excess of budget)
2. Actual scope delivered was some way (often quite some way) from the original expectation - meaning that more money would have to be found to deliver the full scope, or a commercial dispute with the supplier(s) would be needed
3. Benefits case was starting to look decidedly flaky (and the business units were suffering because of the shortfall in scope, either needing more people or doing less for their customers than they expected)
4. Ongoing operational costs were being calculated as the live date loomed and they were looking very much higher than had been forecast (putting pressure on future budgets). Sometimes this was because the builder was not the same as the operator - times had changed, contracts had been let separately and so on.
5. Cost of future upgrades had not been factored, usually on the assumption that such upgrades would each have their own business case, even where the upgrade was necessary just to stay within the support of the various packages

I have no statistics to bring here but it would seem, based on my experience, that projects too often match those characteristics. So, to provoke a debate:

Knowing the cost of change

What if you developed a system / application / solution with a known cost to operate? This would be a set of calculations covering a range of things, such as: cost to add a new customer, cost to add a new user, cost to add 100 product pages, cost to connect to a 3rd party system, cost to add a new tax credit / benefit, cost to add a new taxation profile, cost to delete 100 pages etc. You'd have to come up with the list at the beginning but the idea would be to cover two bases - the first would give you a known operational cost assuming you knew roughly what your business was going to do (note, I'm not saying here that you would set some modelled combination of these as your actual operating base, I'm saying that you would be able to forecast the cost of future change based on these numbers).

Is that even possible?

Some people solve this by allocating a fixed cost for post-live enhancement - a pot of £1 million or £10 million into which all changes go until some future point when a major business case is prepared for a big upgrade. The pot pays for a fixed set of developers who work their way through a hopper of proposed code changes, getting as many done as possible. This approach is as often used in the private sector as the public sector. You need more changes? Add more people and the hopper gets [somewhat] bigger - Fred Brooks' rules still apply.

What do other people do? What are the approaches?

25 Million Green Bottles Redux

Uhoh. More data has been lost. When it happened the first time (the first BIG time anyway) I suggested the following:

1. All of the processes around access to patient, customer, taxpayer, citizen etc data in every department, agency, non-departmental public body and local authority are going to go through a rapid review. New standards will be enforced: senior management sign-off, dual control (keys round the neck and everything), IT supplier held accountable for where data is put and so on. This will take time and still things will be missed and it will happen again - let's not hope that it's on this scale, but it will happen again.

* Lock down data exchange now. People come to the data, not the data to the people. Until better processes are in place, this should stop the problem from getting worse.

2. All staff should be taught the "green cross code" of using computers. The very basics need to be re-taught. For that matter, the code should be taught at schools, colleges and libraries.

3. The spooks should lead a review of deploying encryption technology to departments holding individual data so that all correspondence is encrypted automatically in transit using appropriate levels of protection for the job. This will be expensive. The alternative though is to make encryption optional - but because you can choose, sometimes people will choose not to (because it's too slow or something) and the problem will recur.

4. Systems being architected now and those to be architected in the future will look at what data they really need to hold and for how long and will, wherever possible, make transient use of data held elsewhere. The mother of all ID databases would be a good place to start.

They still seem like good suggestions, especially the one highlighted in bold. This isn't done yet. Not in the UK and not anywhere else. It may be that the UK is getting the news stories now, but that's because we rarely hear about those events in other countries.

This site,,Privacy Rights, chronicles more data losses than any other site I've yet seen, including those in the USA, the UK and somtimes other countries. It's not pretty - over 230,000,000 individual records, in the USA alone, lost, stolen, fraudulently obtained or otherwise maladministered since January 2005.

As if to reinforce the "It will happen again, to governments and companies alike" refrain, today's newspapers bring the story of Best Western Hotels and their IT systems being hacked - with the loss of 8 million guest records. If you've stayed in such a hotel in the last 12 months, you're vulnerable. The press are saying "The details, which included home addresses, phone numbers, place of employment and credit card details, were sold on through an underground network controlled by the Russian Mafia." Intriguingly, most of the press claim that the person at the heart of this heist was an Indian hacker, I can already hear those against off-shoring re-rehearsing their arguments.

Information Week has correspondence from Best Western refuting the more sensational claims in the press. I wouldn't take these protestations as a sign that you shouldn't worry

It's 1981 All Over Again

Andrew Glaister, Matthew Smith, Malcolm Evans, David Braben, Ian Bell, Chris & Tim Stamper, Jeff Minter, Eugene Jarvis ... all names from the early 80s, all famous to varying extents for single/double-handedly writing video games that were the stuff of legend. 1k Space Invaders, Manic Minder, 3d Monster Maze, Elite, Jetpac, Attack of the Mutant Camels, Defender. These were people that I recognised and even hung out with when I had my ZX81 and handcoded, in Z80, my first programmes.

Later, new names came to the fore: Jez San (Starglider), Will Wright (The Sims), Warren Spector (Deus Ex) and, of course, Shigeru Miyamoto (Mario). Try, though, to name the names behind current mega-hit video games - Halo (1,2 or 3), Gears of War, Killzone, Guitar Hero and I'm pretty sure - unless you're really, really into it - that you'll draw a blank. And even if you can name one person, you probably know that there are dozens or even hundreds of people working alongside them. Game development - or, for that matter, any development programme, has long been a team sport. A big team sport. As I moved from ZX81 to Spectrum to BBC Micro to Atari ST and then to consoles, many of these names stayed relevant and equally famous; but the solo coders gradually disappeared and became far, far rarer. Production values got sharper, costs rose - but software didn't necessarily get any better. 1981 seemed like a long way away.

When I was writing code back then, it was common to meet up with people who were single-handedly specifying, developing and distributing their own software - be it games, sports applications or business systems. They'd be working with 16kb or perhaps 32kb of memory and shipping their products on tapes - oh the expectation as you waited for the tape to load, with that peculiar ZX81 interference-like loading screen (when Manic Miner first debuted on the Spectrum, and had a loading screen that didn't just show seemingly random lines, it was a big deal). Games in 1981 cost a few pounds, perhaps £5 or £10. Games now generally cost £40 or even £50. The consoles, for the most part, shut down the ability for individuals to produce games. The barriers to entry were too high.

And now we have two, independent, but maybe highly related vehicles where individuals can develop, publish and distribute their wares without leaving their arm chairs at home. Xbox's Live Arcade and Apple's iPhone. Both of these platforms now allow single people [relatively] easy access to huge markets - in the millions or tens of millions. Xbox is a little harder with all of the certification processes but those barriers look like they're being lowered as the SDK gets out. The iPhone Applications store looks to have very few barriers, as long as you aren't trying to break the conditions that you accepted when you signed up to buy an iPhone. Certainly the latter is already populated by dozens or even hundreds of games written by solo coders. And these games and software titles cost from nothing to a few pounds. It's 1981 all over again; except this time, Apple and Microsoft bring the market to you, handle the distribution, the money and everything else. All you've got to do is write the code and deliver the quality - no easy task.

Perhaps the first star of Xbox Live Arcade is Jonathan Blow, author of Braid; Author doesn't sound too strong a word - there's a whole story behind the game and the production values are incredible for a solo game. It could so easily have been Jeff Minter - he of Mutant Camels, Gridrunner, Hovver Bovver and numerous others from the 80s - with his awesome but difficult to follow (for non-hardcore gamers) Space Giraffe. It might even have been Chris Cakebread with Geometry Wars although he arguably had the backing of a big studio in developing his game, even if he did all the heavy lifting of coding.

Who will the first star of iPhone games be? It could already be Nate True with his Guitar Hero-styled "Tap Tap" - reportedly over a million people have already downloaded this game already. Other games are already in the hundreds of thousands - Spinner Prologue for instance. Perhaps a surprise title is consistently at Number 1 for paid downloads, where "paid" means it costs you 59p or about $1 - Koi Pond (by Brandon Bogle apparently, but who knows). Just as back then, there are any number of poorly designed, poorly written, buggy bits of code - but feedback, on the iTunes Store at least, is merciless. And the "big team" developers have been no better historically- think of any game derived from a movie tie-in!

Just a couple of things for those people writing software (ok, ok, games), particularly for the iPhone but these thoughts perhaps apply just as much to Xbox Live Arcade, that would make them leagues better in my eyes:

1) I'm mobile, I have little time. I want the software to start quickly and be playable, if it's a game, very, very quickly. I don't much care about your logos, your branding, your studio names and whatever. Maybe you can display that the first time, but please don't doing it every time. Aurora Feint? 30 seconds to start? I'm already on the tube and off again before you've even started. If you must do something in the background, have a loading bar so that I know what's going on. But better still, load only what you need.

2) Autosave whenever I exit. If a call comes in, or I need to switch out to do a text or just need to hop off the tube, I want the last thing you do to be to save status just as I press the home button. I don't want to be at the end of a level, at a particular place or whatever, I just want it to save so that I can carry on when I restart.

But these are early days and the potential is enormous; new platforms can take years or more to come into their own - let's hope with the horsepower being applied to the iPhone and now to Xbox, that time period is massively compressed. In the background I'm downloading the 1.2GB Apple SDK. I haven't the faintest idea what Objective C is and I probably haven't got the time to figure it all out, but I wanted to get a sense of how it is, nearly 20 years on, now that PEEK and POKE are relics of the past. Don't hold your breath for my first code since probably 1983.

Unlucky Fish?

I got more than few emails and one or two comments asking what on earth I was talking about with the previous post on "unlucky fish." So here's a closer look:

Does that help? Like I said, not photoshopped (apart from the red ring and the "look here" of course) or edited in any way.

Unlucky fish? Absolutely not photo-shopped or edited in any way

As almost seen ...

British 10k

Two weeks ago I managed my first real run since March 2007 when I trashed the meniscus cartilage in my left knee. It felt good to be lined up in what I was counting as a race. I arrived a little late (who'd have thought the roads would be closed even to bicycles!) and so crossed the start line pretty much dead last. It was by no means a fast run at 52m 56s, but that was a good 7 minutes faster than I'd managed 10k in a training run the week before.

The organisation was strong as it has been when I've run this race before. One small improvement that I'd like them to make is to publish a proper map of the course before you run it. Despite checking the pamphlet they sent and all sorts of websites, all I could find was a curious isometric perspective map that didn't really allow you to trace the route. With my GPS tracking 10.35km at the end (and I can't remember taking a wrong turn) I wasn't absolutely sure when the finish line was going to show up - there are a couple of double-backs (westminster bridge, parliament square and whitehall in the last couple of km). It would be nice to see it marked clearly on a map.

Is this the start of the Road To 3:30?

I am ... I want to be ...

Sometime in early 2003 I gave a presentation to the DWP where I talked a lot about my usual topic of too many government websites. I'd taken a look at DWP sites in the run up to the conference and become very confused by all the different sites (all with different branding, different layouts, over-lapping information and so on) - this wasn't an uncommon problem then, either in the UK or globally, and, whilst I don't look too often, I suspect it's still pretty common.

This is one of the slides I put up:

I played around with the "I am a" and "I want to be a" concept - maybe people come to websites as unemployed and want to be employed, maybe they come as young unmarried folks and want to know what happens when you get married, maybe they come as employed and want to know what happens when they're retired. I pictured it as a set of dropdown lists that you could select from. There would have been all sorts of problems implementing it that way, but the essence of the point was that people come to a site wearing one hat but want to know about something else - and the path from one to the other might be what they're interested in - and we'd need to think hard about how to present that in a simple way, and it might need some data (that we'd need to keep hold of to improve the experience next time)

I hadn't seen any implementation of this at any level, until today when I happened on this:

It's on the Civil Service's own website and it makes perfect sense. You may visit because you're a civil servant and you want the latest news, or you may want a job - in which case, sadly, they send you to a new site built with a different engine, with a different layout, a different search engine etc.

Plainly they weren't thinking what I was thinking, but nonetheless, it raised a wry smile this morning amidst the gloom.

O Day

Zero day exploits are written about all of the time - there are 2.93 million hits on google for "zero day" and 314,000 for zero+day+exploit. Saturday of this weekend was the UK's first O day (and the ones exploited were early iPhone adopters):

- O2's servers fell over under the load of iPhone 3G activation. An eminently predictable event - one that should have seen months of planning - resulted in a Black Swan day for O2. The probability of high take up of the new iPhone was known, but the consequences were not well predicted. Nassim Nicholas Taleb can add this case study to his next book. O2 can perhaps be known just as "O" for the next few days.

- Oyster cards across London fell into disuse as the central unit that operates them fell over. I had no idea these were run by some central server - I always figured that the card only talked to the local reader during the transaction and that perhaps there was some kind of bulk upload of transactions periodically or even once a day. Every system has a bad day - and Oyster's seem few and far between - but for a multi-hour outage to occur? (Don't worry folks, David Frost would have been unaffected - Freedom passes are still paper-based)

Olympics organisers had better watch out. These are good examples of how not to demonstrate the capability of our infrastructure to respond to high load events.