Kenneth's Picnic

In this blog post, I critique the modern door, it’s place in our lives, and the social awkwardness that results. I propose a simpler system of door management, providing greater efficiency, hygiene and social satisfaction.
(more…)

It’s lovely to see someone stand up and take the blame for a mistake they’ve made. I’m not talking about the Government (obviously), I’m talking Tim Berners-Lee, inventor of the World-Wide Web. He’s come out and apologised for the redundant slashes that appear in every web address (url).

Good man. But what of the rest? The “www.” that was so unpronounceable is already obsolete, and personally I think twitter can take credit for popularising the contemporary non-dubbed url form. Boffins in lab coats has worked tirelessly to make memory ubiquitous and cheap, but we’ve just stuck some character limits in there to be fashionable or something. Hey ho. But the “www” is gone.

Can anyone tell me why there’s a huhtetep, “http:”, still shown in my address bar? What’s it for? What does it tell me? I don’t actually have to type it in these days, but it appears there anyway. Why?

Is it to show that I’m looking at a document provided by HyperText Transfer Protocol? I don’t care about that!

Is it to show that I *could* be looking at an FTP site, using the same browser? Ok, fair call, but that’s so rare to do so, that you could default to not showing “http:”, and then only show “ftp:” when FTP sites are used. It’s not like every browser has a built-in FTP client anyway. Same goes for local files.

Is it to show the “s” when I look at an “https” page, meaning that the connection between my browser and the website is encrypted? Well, ok, but what was wrong with the padlock? Why is there such a strong connection between certificates and https anyway? They mean completely different things. I don’t need a certificate to know gmail.com is Google. Equally, a certificate costs about 20 bucks and has so few checks that I’m hardly reassured when dealing with a new site by the presence of the certificate. What I want to see is a padlock. Drop the “https” and show me a padlock.

Is it for future extensibility, to enable a future Internet to use new and unusual protocols? Like “about:”? Again, it would be simple enough to recognise a default of http. If you go to about:config, then display the protocol. Why is this hard? If a new protocol came along to overtake http, then I think a bigger browser update would be needed anyway.

I think browser manufacturers should take treat it like the port. Every web page is served by a port, and for most of the web, that’s port 80. You could look at this website by typing http://kenneth.kufluk.com:80. But mostly, the 80 is assumed. You only ever type in a port if you’re not using port 80, such as for local development. If you type “:80″ into a web browser like Chrome, it disappears. Let’s do that for “http://” as well. if you’re thinking there might be confusion between ports and protocols, you’re wrong. Protocols are letters-only, Internet domains need at least one dot, and ports are only numeric.

I’m using Chrome version 5, the latest in a long history of browsers. Surely it’s long past time to kill off the http://. And if you look closely, you’ll see the iPhone already has.

One of the government’s most unpopular policies in the past few years has been the national ID card scheme. Although they’ve got quiet on all this and other huge IT projects in the past year or so, the project is still under way, albeit with so many compromises that any benefits that could have justified the excessive cost (estimated at £6bn) are now invalid.

But the Chancellor’s Budget introduced a new scheme which could give him a complete solution to everyone’s satisfaction, without him spending a penny. It’s not clear if he’s seen it.

Identification is vital to many forms of communication on the web, and we all have dozens of logins and passwords distributed across dozens of system.

OpenID is not software or a service. It’s not a company or organisation. It is simply a method of allowing you to use a single login for multiple websites. The key to this is that you choose who to handle your details, whether it be Google, Microsoft, Twitter or even your own server. You’ll have seen this when you see one of these “The application xxxx would like to access your Facebook details. Do you trust them?”.

The Chancellor announced bank accounts for all citizens. Effectively, everyone will have a bank account. Bank accounts issue credit/debit cards to their account holders. And these are forms of ID.

Those IDs could be used anywhere. If the government want to check your ID to give you a passport/pension/health/benefit, they could check your bank card. The banks will be able to add any security methods they like in order to secure the identity of the provider, be it biometric, photographic or secret key.

The government doesn’t have to spend a penny on issuing unpopular ID cards. There will be no national database of people. I can choose who to trust with my ID. And most people are already signed up.

That’s £6bn saved. Now all we need is to swap the NHS database for Google Health, and we’ll have saved ourselves the national debt.

1) I expect you to manage my files. Maintain a list of my purchased files and let me download them whenever I want. Why am I expected to keep backups? It’s just weird.

2) I expect you to allow me to deauthorize a computer remotely. For example, I’ve just lost my hard disc. How do I deauthorize it? You tell me I’ve got 5 out of my 5 computers authorized. Ok, which ones? Unlike 1975, five is not a big number of computers. How about automatically deauthorizing a computer after 12 months?

3) I expect you to tell me that I can’t play HD films on a non-approved TV BEFORE I buy it. Or, to be honest, never. I’ve never heard of such ridiculous bullshit. I’m not about to go and buy a new TV, just because it doesn’t have your DRM built in.
The discussion here has 8 pages, and the last one says “Apple Support has no idea this problem exists.”
http://discussions.apple.com/thread.jspa?messageID=8472731

4) If I tell you I own an MP3 I expect you to trust me. Allow me to copy and transfer it like any other file.

We like our iPods, we love our iPhones, and when our wives aren’t looking, we might secretly give our MacBooks a cuddle. But no-one likes iTunes. And not because it’s a bad idea. It’s just clunky and unusable.

If I were the EU, I would consider Apple bundling iTunes in the same light as Windows bundling Internet Explorer. Let’s start the fine running at €1m/day and start talking openness.

Ok, so the headline of this article is probably a little OTT. But I’ve just had one of the most annoying, and expensive, experiences working with Amazon’s hosting.

Actually, it’s really only annoying because it was expensive.

What happened was this: I moved a sizeable set of sites over from my previous standard hosting to the Amazon EC2 set. It was LAMP based, but I’m not going to tell you which site, because it was built a long time ago and hasn’t had enough TLC recently.

The site was suffering from some pretty terrible response times. Using a top to find the slow process seemed to give me no clues at all, and yet the cloudwatch service was showing consistently high CPU usage.

The site is database driven, and that work is quite intensive. Each page on the site executes several queries, and there is a chatroom which drums the database on a regular basis. But the site doesn’t do much else. And so my culprit was obvious: the database.

I’d read about Amazon RDS and it seemed the perfect solution. There’s no denying that my database is relational, it’s almost the textbook relational example, and so RDS beat Simple DB any day of the week. It was cool to have my own EC2 instance running MySQL, but really, Amazon can be a bit complicated with backups and storage. The thought of carefree backups, and a consistent long-running database as I toggled between application servers definitely appealed. I have a new site to roll out? Easy. I run a new server in parallel, and switch the IP across when it’s tested. Dream scenario, right?

And so it seemed. The cost seemed a little high, but I had high hopes for the performance, and it was still less than our (3 year old) prior hosting. I followed the Amazon online setup guide together with someone’s step-by-step tutorial (since sadly the console did not support RDS yet).

Except that it wasn’t much faster. “Shit”, I thought. That was a waste of time. But that’s ok – I now can toggle between different instances of application server, and figure out the problem there without worrying about the database at all. The site was fast enough to leave it running for a week to “bed in”.

One week later, a spring in my step, time to get working on the application. This is working out well. Database still intact, Cloudwatch says CPU load still high, so the blame must be with the PHP not the MySQL. Ok, fair enough. And a quick check of the running costs, gives me $400, not bad for the …

No, wait, go back to that bit again.

Four hundred dollars? A WEEK?

WHAT. THE. DUCK.

That’s over twenty grand a year. Sucre.
My fingers have rarely moved as fast as they did to get that server switched back.

So what happened?
It turned out that I’d been charged for the bandwidth between the app server and the database. And in that week, I’d racked up a terabyte of data. That sounds like a lot, but like I say, this was a DB-heavy site. And actually, you never really look at the bandwidth to your DB do you? It’s not what I would consider “external bandwidth”, which is what Amazon charge for.

After a very stressful couple of hours, I had a medium size instance (high cpu) running, with a clean Ubuntu install and Apache PHP MySQL on top. Performance was back to proper levels (so the PHP just needed another processor), and the costs were back down.

I sent a message to Amazon asking what had happened, and whether I could have my money back. Answer: not on your nelly. You used the bandwidth, you pay the price.

I protest. “Come on”, I say, “I’m not sure what happened here”. I’m a loyal customer and they could at least be generous on this. A bit of faith in the newly-subscribed. Better than that, I paid up and reserved an instance to demostrate my commitment. Just drop the week’s charges, I asked.

My question was passed to management. Not on your nelly, they said. You used the bandwidth, you pay the price. Your bandwidth was cross continent, they say.

AHHHHHHHHH.

Now I get it. My servers were naturally in Europe. Obviously I’d omitted the step of putting my RDS instance in Europe too, and it had defaulted to the US. Bollocks. I moved 1TB of data across the ocean because of a silly oversight.

Of course, it would’ve been nice if the setup commands had mentioned this.
It would’ve been nice if they had added RDS to the console, so I could see this (seriously, they can develop a distributed database system, but haven’t got the time for a bit of HTML?)
It would’ve been much better if they’d alerted me as I switched from a $1,000 setup to a $20,000 setup.
Not much to ask.

And really, it’s not much to ask for my $400 back. Ok, so I got it wrong. But where’s the love?