This blog has moved!

So, I’ve decided to do my own website, and am moving Buhjillions there.  Please update your bookmarks/RSS readers:

Thanks for reading!

Apple-Microsoft Advertising Détente

Microsoft and Apple seem to be willing to give implicit nods to one another’s products in their advertising.

Apple’s MobileMe service, whose launch coincided with the iPhone 3G, billed itself on the Apple website as “Exchange for the rest of us,” referring to Microsoft’s Exchange Server.  It seems to have recently cleansed its marketing copy of such phrases.

As pointed out on Boing Boing Gadgets, the homepage for Microsoft Office currently contains a picture of a nice shiny Mac notebook runnining Office.

Just a weird pair of weird marketing choices coming around the same time coincidentially, or is this the beginning of an Apple-Microsoft détente?

A programmer’s first language is?

My good friend and collaborator, Shawn Cornally, recently asked for my opinion on what language to use to teach programming.  He teaches science & math at Solon High School in eastern Iowa.

I’ll preface these comments by saying that choice of language is probably not as important as other things, like competence and enthusiasm of the instructor.  I started learning to program, on my own, in Apple BASIC, then QBASIC.  I can recommend neither of these, even though the B in BASIC stands for “beginner.”  Picking a poor first language is unlikely to either put off an enthusiastic student, or hinder their ability to learn better languages later.  Still, it’s worth thinking about, should you be thinking of learning to program, or are planning to teach it.

Java was the language chosen by my professor, Lynn Andrea Stein, for my first programming course at Olin, and I think it was a good one.  It has a consistent, powerful object model, and its structure encourages good practice.  And so, after a single term with Java, I was convinced.

But Java wasn’t the last language to wow me.  Several years later, a new professor (Allen Downey) arrived, and decided to teach programming in Python.  I didn’t take his course, but I did talk to him about it.  Python made a big splash across our close-knit group of engineers, and quickly became my favorite language to program in.  I’ll take the liberty to copy what he says in his course notes:

Why Python?

1) Python is a great first language

pleasant syntax

not too many exceptions

for many tasks, there is one (natural) solution, rather than an unnecessary choice

2) but it’s also powerful

can handle large programs

has lots of features and libraries

some friendly languages are limited to small, “toy” programs

By “pleasant” or “friendly” I think he means that Python syntax is often more intuitive (for English-speakers, anyway).  It’s often easier to figure out what a Python code-fragment does, even if you don’t know the language well.  This may not cause problems for professionals, who presumably do know the language well, but it’s an important consideration for beginners.  Consider the following blocks of code:


phrase = "I am Jack's Colon."
count = 0
for letter in phrase:
    if letter == "a":
        count = count + 1
print count


String phrase = "I am Jack's Colon.";
int count = 0;
for (Character letter : phrase.toCharArray() ) {
    if (letter == 'a') {

The Python is just less cluttered with things which don’t have intuitive meaning (things like the “for ( : )” construction and “++,” and… you get the idea).  Don’t get me wrong, I think Java is a great language too, but Python is certainly friendlier.

(July 28th: Edited above code based on comments; thanks Christoph & tgdavis.  As other commenters have pointed out, there are more compact ways to accomplish this task in either language–but I’m just trying to explain what it means for syntax to be “friendly,” and so am trying to write an example that does the same thing in roughly the same way.)

There’s an intimidation factor involved, especially when teaching things that stretch students beyond what they know.  For beginners, convincing them that understanding programming is within their ability is important.  Programming is not difficult (at least, not at a beginner’s level), but our society is surprisingly tolerant, occasionally laudatory, of people who say things like “I can’t understand computers,” or “I’m not smart enough to do programming.”  That makes it really easy for students to give up on programming if they get too frustrated at the early stage.  I’m not saying that we need to make our courses easy—students are smart enough to see through that.  They don’t want to be spoon-fed or patronized, they want to feel comfortable… most of all capable with programming. It’s important that the path from “Hello World” to some kind of real power is as uncluttered as possible.  From that point, they’re hooked.  Or at least realize that they can’t get off the hook by claiming they’re not smart enough.

Shawn specifically asked me if I thought it was a good idea for him to teach in PHP, since wanted to teach them to build internet applications.  I think internet programming is really exciting, and a very relevant teaching ground for programming.   Doing interesting things with web pages is accessible to beginners, and lets them do things that they might find actually useful.  It’s not often that pedagogical and practical problems have as much overlap as they do in this sphere.

While I wholeheartedly endorse internet programming as a good place to do examples and assignments, I can’t really recommend PHP as a teaching language.  In the first place, I don’t think PHP enjoys any particular claim to fame as the language of choice for internet programming, and in the second I think Java and Python have strengths as general languages which make them better suited for elementary concepts and examples.  While PHP is used almost exclusively for internet programming, the reverse is definitely not true.  I’d venture to say that there will be plenty of opportunity for internet programming (especially at a beginner’s level) almost irregardless of the language chosen.

Unfortunately, PHP is comparatively less capable for more general programming tasks.  Java and Python code can be written and easily run on students own machines without the need for a webserver.  They also both have large built-in libraries of well-documented, consistently designed classes which make it easy to incorporate relatively sophisticated behaviours like graphics and network communications.  While there are plenty of PHP libraries out there, they are not all well-designed or well-documented.  Again, I don’t think PHP is a bad language–just not a good choice for teaching.

Some colleagues in my research group also point out that FORTRAN, for example, has intuitive syntax.  I can’t, however, recommend languages that are not object-oriented.  Object-oriented programming (OOP) is simply too important a paradigm in modern programming to not introduce it from the start.  It encourages good programming practice as well as scoping and modularization—all of which are fundamental concepts to writing elegant and maintainable software.

Allen Downey, the professor from Olin, has written and released textbooks for introductory programming in Java and Python.  They are free, released under GNU Free Documentation License, so you can download PDFs of the books to distribute, or print your own copy.  The Python one (Think Python) is also being published by Cambridge University Press, should you desire a hardcovers.  The Java one was updated this year, and specifically addresses the AP syllabus.

Inhumane URLs (and why Oxford University fails, again.)

Uniform Resource Locators, commonly known as URLs are the address system for finding things on the internet.  Unfortunately, they’re often not very humane.  Can you imagine having to type this lovely example into your browser (much less trying to remember it!)

Yikes! (This, by the way, is the URL of our new physics paper) Getabs? Servlet? prog=normal?  WTF?

This blog, powered by WordPress, does a little better:

The blog’s domain, followed by the year, month, and date of the post, and finally the title.  Not bad for something generated by a computer each time I sit down and write a new post.  WordPress also gives me the option of writing the URL myself, but I never bother.  Why?  Because people have designed systems to deal with this problem, or have otherwise learned to cope.  People create bookmarks for places they want to get back to, or remember instead of the URL, the path that they took to get there from other websites, or enough keywords that they locate it again via Google.

Still, the one part of a URL which people actually do try to remember is the domain name, the  It is the part which is often spoken aloud, in conversation or in radio and TV adverts.  People remember the domain names, and good ones are worth a lot of money.

Which is why doing inhumane things with your domains is an inexcusable offense.  Consider the difference between typing and in your browser bar.  That’s right, one dumps you to an ‘address not found’ failwhale, and the other gets you to the University of Oxford’s homepage.  Why doesn’t redirect to just like every other website on the internet?

Fail Whale.

Fail Whale.

I requested this ‘feature’ on a feedback form from the OUCS website (located at  The response?

“I’m afraid that this isn’t possible in the Oxford environment.”

That’s right folks.  Whatever crazy hosting technologies we’re packing here at the 2nd best university in the world (12th best in technology), they aren’t capable of issuing an HTTP redirectWhat kind of shady bub’s business are we running here? I’m not sure if I should be reassured that it isn’t just OUCS being too lazy to set up the redirect.

Oxford, I’m not sure how you’ve managed to rest on your laurels for this long and not drop completely off the top 100 list, but it’s high time that you get your shit together.

(Postscript: Although I mention OUCS in this post, I’m not necessisarily pointing the finger of blame directly at them.  Maybe OUCS needs to sober up to what it really takes to run a world-class information technology department, or maybe the University governanace needs to actually give them the resources they need.  How high up the org chart this issue goes, I don’t really know.)

Of iPhones and Oxford

Having used the iPhone at the University of Oxford since November, my experience has been generally good, but there are a mishmash of departments, colleges, and the central university computing service (OUCS) to deal with.  Now, with the iPhone 2.0 software update, I finally feel like I can take advantage of all the services that are on offer.

OUCS announced today that iPhone will be an officially supported platform, at least for getting WiFi access, with the possibility of them building some ‘local applications’ (which I interpret to mean native apps).  The site claims that they’ll release instructions for accessing eduroam WiFi access points shortly, which will add iPhone to the list of mobile platforms that already includes Windows Mobile 5 as well as the Nokia N95, 770 and N800.

However, eduroam isn’t as widely available as the older OWL-VPN system, which is available in most libraries and commom rooms.  In order to use this service, you had to install a Cisco VPN client which authenticated your connection and allowed you to access the internet.  Unfortunately, mobile users (not just iPhone) were left out in the cold because there was no Cisco VPN client for mobile platforms, hence the switch to eduroam, which doesn’t require the VPN.  However, the new iPhone 2.0 software includes support for Cisco VPNs, meaning that OWL-VPN is now available for iPhone!  You can use the instructions below to configure your iPhone to access the OWL-VPN for places where eduroam is not yet available.

  1. Register for a remote access account.  If you’re accessing OWL-VPN from a laptop, you’re already good to go.
  2. View this configuration document (you’ll need to sign into WebAuth to view it), and make note of the IPSec secret.
  3. On your iPhone, connect to an OWL-VPN wireless access point.  This will appear without the ‘lock’ symbol, but when you connect to the VPN, you’ll be secure.
  4. Next, on your iPhone, select Settings -> General -> Network -> VPN -> Add VPN Configuration.
  5. Choose IPSec at the top, and enter the following:
    Description:  <whatever you want it to appear as, I used ‘OUCS’>
    Account: <your remote access username, i.e. abcd3456, from step 1>
    Password: <your password from step 1>
    Use Certificate: <should be grayed out, leave it alone>
    Group Name: oxford
    Secret: <the secret from the document in step 2>
  6. Tap Save
  7. On the VPN control at the top, tap to turn it ON.  If all goes well you should see a ‘VPN’ symbol next to the WiFi signal indicator at the top of your iPhone.  Surf away!

I haven’t tried to get onto an eduroam access point yet, but as soon as I do, I’ll post an update with any special instructions.

Update: I’ve been able to connect to eduroam (outside the Earth Sciences building, if anyone cares).  Oxford types will need to get a Remote Access account, then connect to the ‘eduroam’ access point from their iPhone.  It should ask you for the username and password (your remote access password, not your WebAuth/Email password).  You’ll be prompted to accept a certificate, which should be issued by GTE Cybertrust Global Root.  It came up ‘not verified’ on my iPhone, but I connected anyway and was able to start surfing away.

Update 2: After my triumphant first day of success with iPhone and OWL-VPN, I’ve been subsequently unable to surf successfully.  It connects to the WiFi and VPN without complaint, but seems unable to get any data.  Anyone else have this trouble?  I’ll have to investigate this further when I’m back in Oxford.

Midomi: first iPhone app to blow my mind

Just a quick post to share some excitement.

After a bit of a struggle, I pulled down and installed the iPhone 2.0 software last night and added some apps.  There are some good ones, which I’m sure you’ll hear described all over the intertoobs if you’re so inclined.  My favorite so far is called Midomi.  You fire it up, then sing or hum at your iPhone and it tries to figure out what song you’re after, then gives you links to the iTunes store to buy it.  What floored me is how incredibly good it seems to be at figuring out what you’re singing.  I did a 12 second off-key rendidtion of the opening line of “Don’t Stop Believing,” and in seconds it came back with the correct result.  This’ll be great for those moments when you hear a song you recognize on the radio but can’t for the life of you remember who it’s by.

The Stun Switch

In thinking about Bruce Schneier’s post on, I’ve Seen the Future, and It Has a Kill Switch, I can’t help replaying in my head an Eddie Izzard bit about the kill/stun dichotomy of the “phaser” weapons in Star Trek.

There should have been many more settings, not just kill and stun.  Kill, stun, limp: that’s the next one down, isn’t it?  …or maybe on “bit of a cough” setting, even lower than that.

Some devices already have a remotely enabled kill switch, such as corporate Blackberries with remote wipe cabability (intended to protect sensitive company data should it be lost or stolen), and others will soon follow, like reports that OnStar is adding the ability to remotely stop the engine of a connected car (again, marketed as an anti-theft system).

Microsoft, however, is looking to set its phasers on stun, limp, or even “bit of a cough.”  They’ve filed a patent application for something they call Device Manners Policies (DMP), another Minitrue-style name and acronym, which, like Digital Rights Management is less about manners (or rights) andPhaser 2 by Ted Sali more about restrictions.  Schneier calls it Selective Device Jamming.  Essentially, under this scheme, locations will be outfitted with hardware to broadcast to your devices the rules of the land, such as “vibrate only” for cell phones, or “no photography” for cameras.  Hospitals or airplanes where critical equipment can be subject to interference from wireless devces would be able to force your devices into sleep mode until you leave the area (how will such wireless transmissions be guaranteed not to cause interference themselves?).

Microsoft wants to draw analogies with the societal guidelines we call “manners,” i.e. that it’s considered rude to talk on your cell phone in the movie theatre.  However, this is a false analogy since manners are guidelines, not rules.  DMP wants to disable functionality in your electronics (albeit temporarily) without your consent, or force them into sleep mode: limp and stun settings.

No, an actual manners technology is only a short step away from the “location-based services” stuff that all the cool kids were talking about 2 years ago–some of which are already out.  See, once your devices know where they are, you can do digital manners all client-side, without having to contact the Borg Cube to get your orders.  You have a couple different profiles, such as “theatre” which might mean switching to silent, “office” which sets ring volume to low, and “street” which sets it to high so you can hear it above the sounds of the city.  Simple, no external restrictions, and the user still stays in control.  Each person is free to choose to obey social guidelines or not: just like real manners.

Photo by Ted Sali
Creative Commons Licensed

Teaching email

I remember my first lesson on how to write a letter: how to address an envelope, the rigid explanation of formatting differences between business and personal, the impressive-sounding terms for the parts of a letter (the salutation, the complimentary closing, the postscript).  It was in elementary school language arts class.  We wrote letters and the teacher marked them up in red pen.  Commas missed after “Dear Mr. President,” and things like that.

They understandably assumed that letter writing would be one of the most common ways that I expressed myself to other people.  Little did they suspect that letter writing would be almost entirely supplanted by the writing of emails.  In fact, letter writing is still important because it is so infrequent.  It is a way to get noticed.  Writing a letter, to a company which has pissed me off, to my senator, or to a company I want to hire me, is the epistolary equivalent of breaking out the big guns.  Far, far more pedestrian is the humble email to which most of my written communication is consigned.

As regular readers may have guessed, I’m often appalled at how bad some people are at communicating through the medium of email.

This is why I think that email should be an important part of elementary education.  And, it should be taught by teachers of language.  (Tangentally, in my day they called this subject “language arts,” which I suspect is a rebranding of the subject “English.”photo by adam79 I have no idea what they call it these days.)  Email is (or should be) no longer any more mystifying to a 10 year old than the postal service—so we don’t need computer/technology teachers to introduce it.  Using language to communicate is what email is all about, and kids will need more guidance on how to write emails than they will on how to send them.

Letter writing and email writing share a similar core, but should really be taught as distinct media.  A fundamental reality of email in today’s world is the sheer volume that people receive, unparalleled by letter-writing that preceeded it.  Most people will decide in a matter of seconds whether or not an email is worth the time to ever 1) read or 2) resond to.  In order to have any hope of getting their message across, students need to know how to write emails that sound out clearly among the constant noise—not an easy task for beginning writers!  They need to know the importance of writing good subject lines, how to get to the point quickly in the body of the email, and how to make it clear (and easy for their recipient to respond with) what they want.

They should be taught the (only slightly) technical details of email, just like we did for letters: how to address it, the parts (To:, From:, CC:, BCC:, Subject:, then the familiar salutation, body, closing), how to format not only original emails, but forwards and replies as well, the difference between HTML and Plaintext.  They should be introduced to all the fun that can be had with formatting, colors, fonts, pictures, hyperlinks and the <blink> tag, have their little hearts broken when it doesn’t display like they intended on their friend’s email client, and then be gradually weaned away from all the bling to find styles that fit the tone and purpose of the email.

If there are any elementary school teachers out there, I’d love to collaborate on writing some lesson plans for this. Get in touch!

Photo by adam79

PayPal drops fees for personal payments (UK)

PayPal just sent me an email saying that starting July 9th, they’ll stop charging for “Personal Payments” if they are funded from a bank account (i.e. not a credit/debit card).  I’m guessing this is an attempt to cut into the market share that online banking gets for making these types of payments.  It may also be a direct response to the move by banks to make these transfers instant (see post on card readers).

I have to admit, it’s pretty attractive.  No more messy exchange of bank details, just the email address of your recipient is all that’s needed.  However, I imagine that it will take somewhat longer than the new “instant” transfers offered by banks.  I wonder if I can move money overseas this way?  Also, what’s the difference between “personal” and “commercial” payments?  Is there anything to stop ebayers from getting their cash monies as personal payments and avoiding paying fees to PayPal entirely?

Card Reader arrives from NatWest

NatWest, my bank here in good ole England has seen fit to beef up security for some aspects of internet banking by moving to Strong Authentication.  Unfortunately, they haven’t seemed to have done the PR on this move as well as hoped.  Most of the reaction I’ve read on the net so far has been people annoyed.

Strong Authentication, or multi-factor authentication is considered by researchers to be significantly more secure than using a single factor.  A factor in this case is something that identifies a person, and factors are usually classified into 1) things a person knows, like a password or PIN, 2) things a person has such as a bankcard or keyfob built for this purpose, and 3) things a person is or does, like a retinal scan or fingerprint.  So online banking, which only required the user to enter in username/password combo relied on a single factor, whereas the ATM uses strong authentication since the user is required to have their bankcard and know their pin.

The Smart Card Reader NatWest sent me today.

So NatWest (and I guess other RBS banks?) are sending that ATM-style authentication home to users by sending each a small calculator-like card reader for use with their bankcard.  It works pretty much exactly like the card readers in the grocery store, except that they give you a code online to enter in reader, and then the reader gives you a code to enter online.  I, for one am pleasantly geeked-out to use it, and glad to see that NatWest is taking the security of online banking seriously by putting so much money and effort into getting it out to users.

I don’t think they’ve done a particularly good job so far of allaying people’s concerns.  Lots of comments on blog posts are bemoaning the fact that they’ll have to carry the damn thing around with them—no, you wont.  You’ll only need it to make a payment to someone online if you’ve never made a payment to them before.  The readers are also entirely identical, meaning you can borrow your cubemate’s reader if he has his at work and you keep yours at home.  But I’ve heard rumors that the big reason NatWest is beefing up security is because they’ll be cutting down the delay between making a payment and the recipient getting credited.  It’s now about 3 working days, and apparently the plan is to make it happen in seconds.  If true, that’s a really important new feature that NatWest could use as a way to introduce the readers:  “We’re working faster to process your payments, but also means that we need to increase security.”

Finally, since the reader is just a standard thing (even readers from other banks will apparently work), I’m hoping either they’ll release software that works with laptop smartcard readers, or someone hacks it together.  The security is in the microchip on the card, so putting the reader as widely available as possible shouldn’t undermine the system.