It’s been quite a while since I last wrote a blog post on my own site. Partly this is because I’ve been busy with work. Partly it’s because I’ve been busy with life. Mostly it’s been because I haven’t had the time to configure a server to host it since we moved the company site to its current location.

One might retort that I could just have set something up on TypePad, or Blogger or some such, and that’s true, but it doesn’t really provide the kind of service I’m after. So I waited, thinking that eventually I’d get around to organising myself another server with MovableType on it. Of course, this never happened (too busy), so the situation persisted, and in the meantime I’ve built up quite a few things I wanted to say, but didn’t really have anywhere to say them.

Then, just the other day, we received the sad news that Steve Jobs, the visionary behind Apple, NeXT, Pixar and all of the great work that flowed forth from those companies, died. Sure, I posted something brief on my company’s blog, but more than that doesn’t seem appropriate for that location.

Anyway, in the meantime, Matt Gemmell had been talking about changing blogging platform as a result of persistent performance problems with WordPress, and indeed had actually switched to Octopress. MovableType, my previous blogging platform of choice, doesn’t suffer from the performance issues that plague dynamic blogging software such as WordPress, but Octopress does offer other advantages, especially the fact that posts are stored in plain text files, under version control.

So, I’m switching. This does mean that it might be a little while before my website settles back down again, and I’m intending to move one or two things about a bit. Plus I’m vain enough to want my blog to look unique, so now I have a new blog theme to design. But hey… it’s all fun.

So I said ages ago (here too) that I’d release the source code for a Finder-style icon view that I had sitting around on my disk.

Yesterday, while listening to the speakers at the first day of NSConference, I managed to find the time to tidy up what I had and to make it build and run properly on Snow Leopard.

The code isn’t perfect — I can think of lots of things that need doing to get it to the stage where I’d want to use it myself in an app — and because it was started way back in 2005 and slowly tinkered with over time, I’m sure there’s plenty that could be tidied up too… but it does provide a lot of examples of using all kinds of Cocoa functionality, some of which is not so obvious until you’ve tried it once or twice.

Anyway, it’s available under an MIT-style license from Google Code.

Earlier today I went to see Avatar 3D over at the Vue Cinema in Eastleigh. James Cameron has a pretty good track record, but I won’t deny being a little worried that the film might concentrate too much on special effects at the expense of the story, but I was very pleasantly surprised.

It would be very easy for the 3-D effect to become the centrepiece of a 3-D movie, but it seemed as if it was carefully thought out. Nice touches included the fact that some of the humans’ display devices were themselves displaying images with depth and the various things floating in the atmosphere (including the Atokirina’ and the dust after the destruction of the Na’vi Hometree).

The only thing really wrong with this type of 3-D right now is that you can’t focus anywhere other than where the camera is focused. Of course, fixing that is incredibly difficult, since you’d need to be able to adjust the focal length for specific areas of the image in the projector, not to mention adding the requirement of being able to film everything in every shot in perfect sharp focus in the first place.

Pandora itself is amazingly beautiful, particularly at night with all of the bioluminescence, and it really is difficult not to marvel at the amount of work that went into designing the lush and importantly believable landscape of the Pandoran forest and its native wildlife.

Anyway, it’s a wonderful film; let’s hope James Cameron gets to make a sequel. Let’s also hope that unlike the Alien series (which has been fatally marred by the awful Alien Resurrection, not to mention a certain amount of stupidity in the AvP films), the studio knows when to call it quits.

So far over the past week, we’ve had two people tell us that they think some sort of scam is going on via our website after their bank decided to ask them for something stupid as part of its 3-D Secure (Verified by Visa/MasterCard SecureCode) implementation.

The first one was a U.S. bank that decided it’d be a great idea to ask its customers to enter their Social Security Number into a web form on the Internet. U.S. citizens are understandably very wary about giving out their Social Security Numbers on-line, particularly on websites they don’t recognise, and it also seems that the bank in question apparently hadn’t mentioned to the cardholder that it might go and ask them for this information during a card payment transaction, resulting in a worried e-mail to us asking if it was some sort of scam.

The second incident involved a credit union that had told its members that it would never ask them to enter their credit union member number online. And then it did, in its 3-D Secure authentication form. Again, we get an e-mail asking us if it’s some sort of scam.

Most of these problems seem to be due to inept security policies at U.S.-based card issuers. At the very least if you are going to enroll your customers’ cards for 3-D Secure, you need to make sure they know what to expect when they see the Verified by Visa or MasterCard SecureCode boxes appear. Otherwise it’s actually a major security risk, because someone could set-up a site that pretends to use VbyV or MCSC and asks for information like Social Security Numbers that can then be used for credit fraud.

OK, so this will probably go wrong (usually does, thanks to the amount of customisation of the templates and the fact that my site is based on rather old template files now).

OK, so yesterday sucked. One of my guys’ computers went wrong, and he cycles to work and had left his laptop at home, so I had to drive him there, in the rain, to pick it up (much to the irritation of his wife, who had been hoping to use it — but it is company property so the outcome of that discussion was pretty obvious at the outset). Then I spent ages on the phone trying to locate a replacement, until the extremely helpful chap at the Apple Business Store (hi Rod!) sorted me out with next day delivery on a new one.

Then I spent the rest of the day doing customer support. We all do that at Coriolis Systems; it’s good that we software developers get involved with real customers and see what the real problems are with our products. All too often people are divorced from the actual customers because they have (sometimes layers) of customer support staff in between them and the real world. We don’t. The downside of that is that it can be a bit of a drag at times, dealing with yet another “I forgot my password”, “My e-mail address is wrong” query, punctuated with occasional customer angry that “we didn’t reply” (translation: they, their IT department, and/or their ISP are not competent to run a mail server, but are trying to anyway, and have cunningly configured it to ignore/junk/bounce e-mail from us).

Anyway, the remainder of yesterday was spent doing that. We always get a lot of mail to deal with on a Monday, because we don’t work weekends, but I really don’t like not making progress with whatever else I’m working on.

Today, on the other hand, was great. Made plenty of progress with what I’ve been working on. It still isn’t perfect (just checked it remotely, and it’s broken :-)), but it’s definitely getting there, which is good news indeed, as it means I’ll soon be back working on what I was doing before (both more interesting and more fun, quite frankly).

Also managed to do a load of housework when I got home, so that’s good too. Surprising how much work it is to keep on top of all the housework, but I really do love living in my new house :-) :-)

Someone on darwin-dev recently asked how to go about obtaining a cross-process semaphore that can be waited on with a timeout on OS X.

POSIX semaphores currently don’t support this feature on OS X; nor do System V semaphores. Mach semaphores do support timeouts (see /usr/include/mach/semaphore.h), but it isn’t immediately obvious how to pass one to another process.

Anyway, I thought I’d stick together a simple Mach server to implement named semaphores…

Update 2011-10-14

I’ve moved the code and most of the description to a new page, as that seemed better than leaving it here.

From the BBC:

The scam is hard for police or other agencies to investigate because the individual sums of money involved are very small.

I wonder if the political class or the general public realise the implications of this situation, or the true scale of the amount of money that goes missing, entirely without police investigation for the simple reason that the amount is “too small”.

Fairly recently, we had a purchase put through our website from a customer in Paris, France. This customer used someone else’s card to make the purchase, and the owner of that card was understandably irritated and complained to their card issuer who, under the card scheme rules, returned the money, which was subsequently recovered from us along with a so-called “chargeback fee”.

The account on our website was locked and the licenses cancelled so they couldn’t re-activate the software if they needed to at any point in the future.

Subsequently, the same person made another purchase, using an entirely different set of card details belonging to another third party, who also complained at their card issuer, who returned the money as before, recovering it from us and resulting in another “chargeback fee”.

It is entirely obvious that this person has access to multiple sets of stolen credit/debit card details. It is equally obvious that the total amount that is likely to be at stake is many, many times the amount of any individual purchase. Yet when we asked the police to look into the matter, we were told that the French police wouldn’t investigate because the sum of money was too small¹.

It should be immediately apparent to anyone with half a brain that this attitude results in the perverse outcome that even large-scale credit or debit card fraud involving multiple small transactions in foreign countries, ideally spread across many online retailers, will go undetected and more importantly unpunished, while vendors (particularly of digital goods and services, where the losses are almost invariably passed on by the card issuer) are unfairly penalised for being the final victims of this fraud.

This amounts to nothing less than a license to defraud and is, quite frankly, a disgrace.

Surprise surprise, ISPs are angry at suggestions that they will be forced to disconnect customers for copyright infringement.

This isn’t exactly news as far as copyright holders are concerned. We’ve known for ages, because of the capricious and unhelpful way that ISPs act when we ask them to remove illegal copies of our material, that they are, on the whole, supporters of copyright infringement. They may not admit it, of course, but since it drives use of bandwidth, encourages customers to use their services and results in a net revenue stream for them, it’s pretty easy to see why they would support it.

It’s also interesting to consider the comments of Rupert Goodwins, one of ZD Net’s editors. Interesting because the press, particularly the dead tree variety, has also been largely pro-infringement—as long as we aren’t talking about their content, anyway. Predictably, therefore, Goodwins trots out the ISPs’ tropes about how expensive and impractical it will be, how it might infringe peoples’ human rights, how there isn’t enough evidence that it’s really harming peoples’ livelihoods and so on. He even at one point talks about ISPs having to “cut off their own customers… for no reason”. Not to mention implying that the changes to the proposals have something to do with Peter Mandelson’s meeting with David Geffen.

It never fails to amaze me just how stupid some people are. The row about the NHS that was started in the United States has led to the BBC starting one of their “Have Your Say” threads (which always seem to be full of the most depressingly banal rubbish), but in this case I just can’t help commenting myself; the thing that annoys me the most is posts like this one:

Hows this for the NHS - My Dad had a heart attack 2 months ago, within 4 minutes the paramedics arrived with in 25 mins we were in A&E and within 2 hours he was on a specialist ward, life saved! - All this for Free, Oh forgot it must be Evil! - MURRRHAHAH!!

Since then I have been so impressed by the NHS and their staff, I have been applying for jobs with them, even on less salary than I currently am.

This is one Brit with pride in our NHS and its staff

john s, wigan

where the commenter appears to think that the NHS is free. It isn’t. It’s free at the point of use, but that just means that we pay for it through taxation.

And boy, do we pay for it. Government spending on health is listed in the 2009 Budget as £119bn, much of which is covered by the £98bn that was collected in National Insurance payments. National Insurance, for those who don’t know, is an over-complicated form of income tax that is paid by both employers and their employees so that the government can increase it by a notional 1% and actually get 2% extra (of your gross salary) in tax. It’s widely criticised (and rightly so) as being a tax on employment, and the excuse for its existence is that it’s there to pay for the NHS and the state pension scheme¹.

But it’s very unlikely that the health figure on that graph includes payments related to debt interest on NHS-related projects, or the costs of PFI, all of which must come from somewhere (hint: that’s your pocket, stupid). See, for instance, this or this. Quite a chunk of the £28bn of debt interest payments shown in the Budget will relate to these kinds of things. There’s also a very suspicious £72bn of “Other” shown in the Budget…

Anyway, even if we believe the figure of £119bn (and I don’t know about you, but I’m skeptical that that number is the whole truth of it), the NHS costs us each around £2,000 per annum (or between US$3,000 and US$4,000 depending on exchange rates).

In reality, not all of the population pays National Insurance; it’s only paid by those in employment, and even then not everybody pays. The Office of National Statistics tells us that 28.93 million people are currently in employment, so the figure per working person is more like £4,000 per working person, per annum, assuming that everyone pays which I’ve already noted is not the case. (For the benefit of U.S. readers, that’s between US$6,000 and US$8,000 depending on exchange rate fluctuations!)

Of course, we can also look at this another way, which is to consider what “the man on the street” actually pays in National Insurance contributions, including his employer’s contribution (which, whether he knows it or not, comes out of what his employer is prepared to pay for him to work there).

According to average weekly earnings figures from the ONS, in May 2009, average weekly earnings were £440. Using the NI tables HMRC publishes, we can work out roughly² how much someone on average weekly earnings pays £36.30 per week in Employees’ contributions, and a further £42.24 per week in Employers’ contributions that they usually don’t see (though it still effectively comes out of their pay, of course). That’s £78.54 per week, or a little over £300 per month. Or £4,000 per annum. Yes, that’s right, a person on average income has to pay over £300 per month for the NHS (that’s US$450 to US$600 depending on exchange rates).

So is the NHS free? No, it isn’t.

How does it compare with the U.S.? That’s a difficult question to answer sensibly and I’m not really going to attempt to do so here. But I note that here in the U.K. it’s quite likely that a family of four will have two parents out to work, especially if both are on average incomes (in which case the total NI contribution is around £8,000pa, or US$12,000-ish), while the National Coalition on Health Care estimated that in 2008, employers paid on average US$12,700 for a health plan for a family of four. Again, as an employee you may only be expected to front up US$3,400 of that, but the rest still comes out of what your employer is prepared to pay for employing you.

There are lots of other factors, of course. While the NHS theoretically provides dentistry and optometry and so on, in practice those are usually paid for separately. And I know in the U.S. there are excesses, limits and co-payments to worry about.