Tuesday 3 February 2015

Two Factor Authentication And Smartcloud (Part 3)

Right, moving on...

The 2FA process, first we need to pair the app on the device with the User Id. So let's look at the process that does this.

The aim here is to make the mobile device as anonymous as possible and by that I mean there is nothing on it that will expose the first factor credentials.

  1. When the app installs it is preconfigured with the server's address
  2. The app requests a new DEVID from the server
  3. The server creates a Unique ID and stores it in a session variable
  4. The server then returns the DEVID to the device which stores it in it's own config
  5. The app on receipt prompts the user to go to a URL on their PC and get a passcode
  6. The user goes to the URL on a separate device usually a PC and Logs on using their UserID and Password.
  7. The server generates a 9 digit pass code saves it in the User Record table
  8. The User enters the 9 digit passcode in the prompt on the phone
  9. The app sends the 9 digit code to the server
  10. The server looks for the 9 digit code in the User table
  11. The server then sends a request for more information from the device.
  12. The device responds with DEVID, phone number and IMEI number
  13.  The server then stores this information against the user in the back end DB
  14.  All that is on the app is the DEVID
When this is complete the user has a "paired" device with the server and although the phone knows only that it has a DEVID it knows nothing about the user at all.

When the user's phone is online the app will register it's presence by sending a request to the server saying "I am here and I am online".

So when a user Signs-In and the server decides that 2FA is required (See last post for the logic used to decided this) the following happens:

  1. The server looks up the DEVID associated with the user (who has passed the first factor validation) If there is no DEVID the Sign-In Attempt fails
  2. The server creates a Transaction ID and stores this with the DEVID in a DB table with a status of WAITING
  3. The server sends the Transaction ID back to the browser and the browser starts a timer bases AJAX call to poll the server using the Transaction ID to see if the status changes
  4. Lastly the server pushes an message to the DEVID and the app generates a prompt for the user where they must click OK or CANCEL to continue.
  5. If the app returns the user's response to the server and the response is stored in the Transaction DB as OK or CANCEL. If the request times out with not response then the status on the DB is set to FAILED.
  6. The user's browser has been polling the server looking at the Transaction Table and notes the transaction change. If it changes to OK then the SAML token is constructed and is sent to the Smartcloud server. Any other change results in an error being displayed on the users browser.

    You will note that no information about the phone is sent or stored in the browser and no information about the browser or user is sent to the phone. The connection is conducted through the server.
From a user perspective, they enter their UserID and Password, Click the SIGN IN button if 2FA is required a window will appear telling them to get their 2FA device. They open their device, open the app, tap OK and they are signed on.

YIPPEEEEE! I hear you say you have 2FA up and running.

I know for most of us Geeks we are never far from our mobile devices, we keep them close and do the "WKP" check at least every 5 minutes (WPK== Wallet,Keys,Phone). Users don't they forget their phones, they drop them into toilets, sinks, swimming pools, jacuzzi (with or without buxom ladies) ,bend them, break them, put them in the mircowave (Honestly this happened, to and i quote "Dry it out after I dropped it in a pint of beer" ) , get them stolen ("She seemed like such a nice lady in the bar")... and you can be rest assured that this calamity will occur just when they are expecting an email that they really really really need to read and reply to or "ALL HELL WILL BREAK LOOSE!". I am sure you know what I mean.

Given that we all know what eejits users are we need to give them an alternate method of achieving Sign-In on those occasions when they for whatever reason find themselves without their paired devices and these alternatives I will expand on in the next post.

Two Factor Authentication And Smartcloud (Part 2)

Following on from the last post we had a idea for a solution to the problem of attaching two factory authentication (2FA) to Smartcloud, now what we needed was a more detailed "story" that would define the Sign-In Process we would use.

The first factor

The first factor is "something you know" which for us like nearly every application is the combination of User ID and Password. Smartcloud requires the remote IdP to pass the validated User ID but not the password in the SAML token and this User ID must be the user's email address as it is provisioned in the Smartcloud service.

The password needs to be strong, at least following the 8x4 rule.
8 Characters long and the characters should be a mixture of 4 types

  1. Lower case letters
  2. Upper case letters
  3. Numbers
  4. Special Characters
Any system would have to enforce this minimum policy.

Having a complex password alone does not protect the user's account, Phishing, keyloggers, man-in-the-middle attacks, having someone ask "What's you password?" not to mention the unfortunate habit of saving your Sign-In details in your browser means there is more than a small chance that an account's first factor will be compromised at some time.

The second factor

This is something you have, mitigates against this risk of the first factor being compromised. There are several types of second factor. Dongles that contain PKI Signatures, Biometric Scans and apps that run on a separate device usually a mobile phone or tablet.

USB Dongles are possibly the most secure but unless you have well trained users who do not loose them, do not leave them in the PC and do not figure out a way to save an episode of The Big Bang to it. There is also a cost involved providing everyone in the organisation with the dongle and the PKI certificates.

Biometrics are now becoming popular with fingerprint scan and eye scans. However this is even more expensive than the USB Dongles as not all hardware comes with a biometric reader and older PCs may not support peripheral devices.

Mobile Apps are the easiest way to get a second factor. The app gets a "pushed" request  from the IdP, presents the user with a message they must acknowledge and this mobile app acts as the thing you have. While possible it is unlikely both the phone and the PC will be stolen and if one is stolen the other is useless without the other.

Needless to say the app must NOT contain either the User ID or the Password, incase it is stolen.

The Sign-In Process

We thought about this long and hard and the process goes something like this

  1. The user Signs-In
  2. The user id and password are validated and the process exits if invalid
  3. Is the user id "active" if not exit the process
    This allows the admin to flag a user as ACTIVE or DELETED thus stopping access selectively
  4. Get the IP address from the posted header is it black listed? If Yes Exit
    This allows us to blacklist known "bad" IP locations.
  5. Get the IP address again is it whitelisted? If Yes send the SAML token with no 2FA
    This allows us to whitelist internal networks as "Safe" and therefore not requiring 2FA
  6. What sort of 2FA PROFILE does the user have?
    This is another special user attribute which can be:
    ALWAYS - The user is ALWAYS 2FAed and 2FA begins now
    NEVER - The user is NEVER 2FAed and the SAML TOKEN is sent now
    NORMAL - The Process continues
    This gives the admin the flexibility to force (or not) 2FA on a user.
  7.  What browser/pc is the user trying to access from?
    I will be covering this in some depth in a later post under "Fingerprinting"
    I can say it does NOT contain cookies!
  8. If the user has a NORMAL 2FA profile the last time they were 2FAed is tested and if it is greater than 7 days 2FA is requested if less than then the SAML TOKEN is sent.

    And that is basically what we coded for.
In the next post I will look at the 2FA process in some detail. I bet you can't wait.


Monday 2 February 2015

Two Factor Authentication And Smartcloud (Part 1)

The next set of posts, the first in over a year, will explore my latest project, attaching two factor authentication to IBM Smartcloud. This is the topic I bored the pants off people at ConnectED with this year, mainly because I am rather proud of doing it and it has a certain XML parsed coolness. So without further ado this is the first post of a multiple series that tells the story of how I added two factor authentication to Smartcloud for less than $20 Alterian dollars a day.


A. SmartCloud does not have it.
B. Google / Office 365 etc do have it.
C. Smartcloud is considered less secure because it does not have it and the others do.

Now whether or not C is actually the case is a moot point. When you line up a comparison table of functions available from the enterprise cloud providers. CIOs and CTOs notice that Two Factor Authentication (2FA) is missing in the Smartcloud column and they consider that to be a failing. A failing, sufficiently notable, to discount Smartcloud from consideration as a cloud based solution.

Such was the thinking in my case. Whilst a Hybrid model Smartcloud deployment ticked all the boxes for user functionality: Notes Mail, Calendar, To Do, Contacts, Connections, Files, Sametime, Meetings, Traveler, Connections Mobile and support for the myriad of our own applications. All this was for nothing if Smartcloud was considered less secure because of the absence of 2FA.

The addendum to the 2FA requirement was, as Google et al had 2FA built in as part of the subscription price any solution we provided needed to be without a noticeable increase in cost per user per month.


Well that stinger of minimal cost was the Prime Directive as far as our solution was concerned. There are plenty of Identity Providers (idP) out there that will supply you with 2FA facilities however these will cost you money, $2-$10 per user per month. So by definition these solutions however laudable were outside the bounds of consideration.

We had to this ourselves and we had to do it quickly.

Smartcloud allows for Federated Logon, where the sign-in process is passed to a third party IdP and once it has done all that it needs to do to verify the user's identity it passes a SAML token back to Smartcloud (aka the service provider SP) which allows the user to log on.

The Smartcloud servers do not care what the IdP does other than it has to pass a properly formatted SAML token back to the cloud. What we needed was something we could host on-prem that would validate the user and when required process the 2FA.

Smartcloud has several flavours of Federation

  • Normal - All users use Smartcloud for Sign-In
  • Federated - All users use a third party IdP to Sign-In
  • Hybrid - The user can choose to log on from either the third party IdP or Smartcloud
  • Partial - The Admins chooses the server the user will use to Sign-In
The best fit for our purposes was Partial as this left the choice of security to the Admin teams and as such we could enforce the security policies in such a way that we could guarantee that they were being followed while still leaving the option to switch a user back to IBM only security validation should the need arise. (eg a catastrophic failure of the on-prem IdP)

So with that taken care of we now had to select an IdP that would allow us to:
  1. Validate the user with the first factor (Userid and Password) 
  2. Allow us to control the 2FA process using a second factor
  3. Send IBM a properly formed SAML token

Validating the User with the first factor

There are four things to consider here.
  1. The data source that we will store the data attributes of the users
  2. The code that does the Initial Validation
  3. The code that does the 2FA
  4. The code that creates the SAML Token
The data store can be anything DB2, MsSQL, MySQL, LDAP. However as we shall see in a later post there are user attributes and separate session attributes the complexity of which made me discount LDAP as a data source.

The code was a thorny problem, while some platforms allow for user validation and SAML token production they do not provide easy hooks that allow you to interrupt the Sign-In process and insert the 2FA process and rightly so as this would be a security hole.The complexity of this avenue was discounted, although may want to explore it further.

My core competencies are in RPG/DB2, PHP/DB2 and PHP/MySQL and both allow for complex coding and data stores. The deciding factor was the production of the SAML token. There is an excellent open source SAML framework called SimpleSAMLphp This Framework allows you to create an IdP that will do the first factor (Username and Password) validation, allows you to add in your Second Factor Authentication code and produce a correctly formed SAML token which is posted to the Smartcloud all using PHP.


The platform choice was an internal one, we were already using our System i's for other web purposes and running the IdP on an SSLed port other than 443 while not impossible was going to be awkward because of the format of the URLs the SAML exchange requires. So the platform of choice for us was a LAMP server again because after System i, this is were our core competencies lie.


So we now had a starting point. A LAMP server with SimpleSAMLphp installed storing all the data we need in MySQL tables. Next we moved on to defining the Sign-In Process in detail and that we will explore in the next post.


Wednesday 2 October 2013

Of Bruce Elgort , (very small) Alien Abduction, OpenNTF and changing times.

The story of Bruce.

So today is one of those rare moments of transition when something moves from one era to another. Specifically Mr Bruce Elgort is after an illustrious career at the helm of OpenNTF is standing down as chairperson ... or should that be "is standing up from the chair" because if he doesn't stand up then they will need another chair .. anyway I digress.

I first met Bruce in 2007 when we were both abducted by  aliens easily identifiable by the fact they are  physically incapable of saying the words "Three" and "Column".These aliens plied us with drink arranged bus tours gave us a bag full of  "things" (thankfully there were no USB devices that could have been used for "probing") and held captive in a hotel in Dublin for several days. It was noted that aliens in question had assimilated themselves into the geek community by pretending to be Paul Mooney and Eileen Fitzgerald. Like white mice in a maze we were subjected to a series of tests one of which was to stand in front of a room full of other abductees and talk for an hour about something interesting and educational, whilst this test was going on our alien overloads hovered in the background with clipboards and waved signs that told us what would happen to kittens if we didn't stop talking.

I remember that afternoon as if it were 6 years ago, there I was along with 50 or 60 other abductees, tired and over emotional herded into a large room clutching a bag of "stuff" to hear all about "Free Stuff" and "OpenNTF" in particular from the triumvirate of Pettitt, Schumann and Elgort. We to a geek left that session buzzing with apps, code and a desire to find an Internet connection and start downloading and in my case uploading stuff to OpenNTF. But this was 2007 and we were in Dublin, the Internet had not been invented, indeed inside toilets and wire coat hangers were still some years in the Ireland's future. So there nothing to do other than drink Guinness and had to amuse ourselves by taking notes with a thing called "A PEN" on a device called "PAPER" - oh how the world has changed. I still have the Blackberry Notepad with the phrases "Elgort" - "Rather Bald" - and "Ben Poole  is not a Wiki- Mark Myers is a Wiki" and  "OpenNTF" the latter being underlined in 3 colours with 6 exclamation marks

Bruce has had many adventures since, when you have a hour to spare buy me a pint and ask me how Bruce rescued the party of nuns from the pirates using nothing but a RESTful API, a goat, some moisturiser and a funky paradiddle.

Bruce old bean you will be a very hard act to follow! So from this one example of someone you helped get "really" going in the geek profession - thank you for your indefatigable energy and enthusiasm .. it really did and does help folk like me get off their arses and start learning!

PS. Oh and thank you for having the amazingly good taste to marry the ever lovely Gayle ;-)

Thursday 5 September 2013

OK who turned out the lights and where is the tuna?

... and here I sit for the first time in 3 days alone with my thoughts outside Brighton railway station in glorious Autumn sunshine. ICON13 is over and real life drifts around me in ill advised shorts, double entendre tee-shirts and the occasional "kiss me quick" hat. Sitting on the low wall it occurs to me that I have been told by many people that we are afforded moments of clarity when all become clear and this wibbly wobbly continuum we call home makes perfect sense - sadly this is most definitely not one of those moments.

This post is not a plea to anyone to do anything or am getting all cross and pointing the finger and attributing blame it is simply the passing observations of a willing surfer dude who has enjoyed riding the wave of geek enthusiasm that Kitty and Warren and the rest of the team have provided year on year for the last 7 years.

I have been honoured to be a small and sometimes profane cog in the Lego Technic engine Kitty and Warren have crafted these 7 years and more out of the raw materials of knowledge, dedication, enthusiasm, the deadly cat herding skills of a ninja manager and when all else fails Kitty's tablet ... like all things I have found that echo with that indefinable "something" that sets apart the really great from the mundane I did not want it to end. .... but thing do end tis the nature of things and I (indeed we) need to look to the future and ensure that Kitty's and Warren's legacy in building a conference that has during its span changed from a simple crowd of geeks into a living breathing community of colleagues and indeed lots and lots of firm friends! As I sip my extra large 4 shot mocha I wonder what will come next but tis too early to speculate -

Hey ho *sigh* as a "helper" and I use the word helper advisably, I shall miss the craic of being in a team with a purpose and a pretty good and very satisfying purpose at that and with my next sip i remember that like 100's of others I was an attendee first. Dare I say it the single more important and yes vital ingredient for UKLUG, ILUG and ICON were the attendees. I can still vividly remember the day when I wandered from a Rob McDonagh/Julian Robichaux hour of Web Agent magic into a hour of  Bill Buchan at his very best. I was stunned, I was invigorated, I was inspired, I went home buzzing with a head full of ideas that went into the admin/dev teams I was working with and promptly led us in new directions that lead to our end users getting faster and better service from the company's investment in Domino.

Those 7 years of GB LUGS did for this one attendee much much much more that just be 3 days away from the office with the chance of a few pens and memory sticks. Although I have no actual metrics to back this up I am as sure as I can be that the LUGs were the driving force that took me to the next levels year on year enabling me to make a difference in the other 362 days of my professional life and that is just so fecking awesome!. I am sure I am not alone in that particular feeling and the feeling of loss is palpable.

I am at heart an old slightly unkempt hippy and my character was formed in that era of "vibes" and aqs an attendee, speaker and putterupper/takerdowner of things at LUGs the vibe was good. Indeed if truth be told it was a top drawer, primo, organic, free range excellent vibe (Young readers please note I did resist putting "Dude" at the end of that sentence as I completed the 12 step patchouli oil addiction program in 1979 and I have no wish to go through THAT again). The vibe came from the speakers who spoke because they knew their stuff and wanted to share it just because they could.  The sponsors who stumped up the cash to run the event recognised the LUG Vibe and never pushed the commercial side to hard I think because they saw the value of talking to customers and potential customers both at the booths and then later in the bar in a more convivial friendly atmosphere.

I think the LUGs are the "Farmers Market" of the community. The LUGs are the place you go to get the "special" stuff you cannot get in the high street. Don't get me wrong there is a place for the high street with the big shops we will always need them - BUT - there is a synergy between the formal and informal events that keep things fresh, vibrant and enthused.

I would love to go Connect, sadly it is unlikely I ever will but as a distant (and envious) observer the somewhat locked down Disneyfied formality and the sheer size of the endeavour makes me wonder if I would enjoy it as I do the LUGs ... very probably ... but in a very different way. I suppose what I am trying to say is the LUGs were "ours" and I have an affinity for what I is mine and I am saddened to have lost that and I think that the community will be much much less for it if a "postLUG" event does not fill the vacuum.

So my coffee is nearly done, and in 10 minutes I shall board my train and close the door on one part of my life that has been filled with education, laughter, amazement, friendship and the very best of company - it is really quite sad.

So here I sit like Schrodinger's cat in a dark box wondering where the nice Physics Geeks have gone and who ate all the tuna. - I wonder what I will find when the box is opened?

Tuesday 27 August 2013

All change has at it's heart a moment of melancholy

.... and today more than most.

For Warren Elsmore announced that ICON formerly known as UKLUGi s bowing out after 8 years of state of the art conferencing.

The world it seems changes, moves on and re-aligns it's priorities in new and interesting ways yet these changes are always tinged with a moistness of eye and a faint longing to be returned to "the good old days" a moment of Kleenex requirement if you will.

I am honoured to have helped with UKLUG and ILUG in a small way for several years and it is without hesitation that I am marking it's demise with a standing all be it virtual round of applause, cheering, whistling and throwing my cap in the air. For not to beat around the bush the work that Kitty and Warren and the other team members put in to making each and every UKLUG event a success is considerable ... very very considerable and this hard work was echoed at BLUG. MWLUG, AUSLUG and every other LUG around the world.

It is a matter of continuing amazement to me that a few people that care can make a substantial change, Theo at BLUG, Warren and Kitty at UKLUG and Paul and Eileen at ILUG and all the other people involved with LUGs are fired up to the point they are willing to give of their time and themselves and take that quite substantial risk .. a risk taken to make a difference.

Warren and Kitty's hard work over the years has left behind an enormous crowd of people who left each and every event better than when they arrived. They left with new skills ,they left better equipped to deal with the problems they face, they left with address books bulging  with contacts of both BP sponsors and fellow attendees and most valuable of all they left inspired .... and that is one hell of a most awesome wonderful thing to have achieved! So to the other team members, speakers, sponsors, partners, attendees and most of all Warren an Kitty I salute you.


Tuesday 29 January 2013

Who can say where the road goes, where the day goes? Only time....

Although I am not over in Orlando at Connect 13 this year the distance from my friends is all the more difficult with the news that one of the "Geek Bikers" , Kenneth Kjarbye from Denmark, had a fatal accident on the Annual Hog Ride.

Stuck in Ireland I have only my words to reach out to Kenneth's family and my friends who are at this time in a dark place they were not expecting to be not even in their worst nightmares .. <sigh> but there are no words I can think of that really do help, there are no words that wrap those in pain in the warmth of a hug, there are no words the equal of shared tears, there are no words that stop the birds of sorrow from flying over the heads of Kenneth's family and my friends.

It is sufficient to say that I and the 100's if not 1000's of community members near and far are thinking of all those affected directly and indirectly by Kenneth's tragic and untimely death. I like many others will raise a glass in the coming days and remember Kenneth fondly. For me he will be remembered as one of the "Vikings" from the LUGs and my toast will be - here is to Kenneth, fellow geek and fellow biker - good man yourself!

A sad day ... a sad day indeed.

Thursday 3 January 2013

Offical start of the Domino Charity Marathon Dander For Cash 2013

The Dander Route
A while back I mentioned that there would be a reprise of the Domino Dander for Cash this coming year.

It takes me great pleasure to announce that this year's Dander will be longer bigger and more challenging than the two that have preceeded it.

As of today it is offical, a spreadsheet has been created and accomodation is being looked at and foot care product sales have gone through the roof in certain places around the UK and USA

When I say "we" these are the brave souls that will attempt to walk the 80 miles of  "The Great Glen" in Scotland in kilts in May.

Eileen Fitzgerald, Tony Holder, Bill Buchan, Carl Tyler (and Niece) are definites and Julian Woodward may possibly join us. Frank Doherty has offered to do some of the logistics if needed. We are starting on the west side of Scotland and walking to the East from Fortwilliam in the south west up along the Caladonial Canal, along the full length of Lough Ness and then down to the city of Inverness on the East Coast.

80 miles split in 4 days of approximately 20 miles each day.

Well it needs to be a challenge otherwise you folks out there won't give us lots of your hard earned cash for the charity we are doing this for. To be blunt 80miles in 4 days is MORE than enough of a challenge for myself! So the walkers now have 20 weeks to get into shape, trim the kilts and get "fettled" as they say in Norn Iron for the task ahead.

Since we are walking in Scotland we though a local Scottish charity would be a good idea and although the actual charity is not finialised we have sort of agreed that given that Bill Buchan's village charity raft race is on the week-end we finish we will probably support the larger of the charities they help - it looks likely that the very excellent and deserving Childrens Hospice Association Scotland will be the one we will be raising monies for - watch this space for details.

Two years ago when all the cash was tallied up we raised over £3000.00 that was for 26 miles in Kilts, this time it is a good deal further AND "Big Firm Tony" will be with us. THE WHOLE WAY!!!!!!!!! So when the time comes I will be expecting you to be generous ;-) and I would think that we should be able to manage £4000.00 this year if we try extra hard.

There will hopefully be a dedicated blog on the way shortly where you can follow the preparations for the Dander and the Dander itself. I am also designing a tee-shirt for the walkers. Both the blog and tee-shirt will have spaces for any ISVs or  BPs out there that would like (for a small charitable donation) to have their logos emblasioned on blog and the manly and womanly chests of the participants.

So if you are a BP and would like to have your company associated with this kilted charitable community challenge, drop me an email and I will very gladly take any (or all) of your money :-D and do my best to plug the life out of your company name out there on the internet!

If any of the folks reading this want to join us for the walk but can't do the whole walk, feel free to come and join in for one or part of any of the days we are walking, the more the merrier again just drop me an email. and I will send you details of where we will be on what day.

There is also likely to be a big slap up meal in Inverness on the Friday to which any local Domino or indeed any geeky folks that might be about are more than welcome to come and buy us drink- again more details later.

So watch the new feeds for more details about blogs and how BPs and inviduals can help us reach our target for this year.

Spread the News  ..


03/Jan/2013 ** Update ** Chris Coates has just confirmed he has joined the Danders!!
03/Jan/2013 ** Updaye ** Julian Woodward has moved from "Possibly" to "Almost definitely"

Tuesday 27 November 2012

Interesting thing coming in ECMAScript 6

Javascript always has been the poor cousin to all that whizz-bangery that happens on a server and as a result anything new coming down the pipe line kinda gets lost in the news-stream of super-duper server improvements.

I try were possible to keep up to speed with what's about to come along and it was with this in mind I I was casting my eye over Juriy Zaytsev's EMCAScript 6 compatibility chart and I started to notice green's appear. Some of the current or beta versions of the browsers are starting to support the new V6 changes so it shouldn't be that long until we start to see them in the wild and can start to use them in anger.
(if you are interested in the EMCAScript 6 Draft Doc you can download it here)

Of the changes coming I am piqued by the idea of

1. Modules

While there are some JS libraries that do something very similar ES6 will provide support for modules, the rational behind this is to provide for:
  • Standardized mechanism for creating libraries.
  • In-language loading of external modules (non-blocking, direct style).
  • Portability between different host environments.
  • Future-proof mechanism for platforms to introduce experimental libraries without collision.
  • No installation/registration code within modules.
As Modules are static by default (but can be dynamically reflected) this makes them far more compatible with static scoping. Modules are loaded from the filesystem or network in direct style instead of by callbacks and this means the main thread of execution is not blocked by the load.

It is hoped that Modules will be used for scoping and their implementation preserves and promote static, lexical scoping, thus avoiding the many problems of dynamic scope: programming pitfalls, malicious scope injection, poor performance and  lack of modularity. Static scoping is also necessary for checking for unbound variables at compile time.

A simple module would look like this

module orders {
export function ASP(qty,val) { return val/qty; }
export var dollar = "$";
export var pound = "£";

This module would then be accessed in your JS code like this :

import orders( ASP ,  pound) from orders;
alert( pound+" "+ASP(ThisOrder.Quantity,ThisOrder.Value) );

I can see instances where this will be very useful!

More details on Modules can be found here

2. Object.Observe
Object.Observe gives us the ability to watch Javascript objects and report back changes to the application, changes like properties being added, updated, removed or reconfigured. When I am building a UI frameworks I often want to provide an ability to data-bind objects in a data-model to UI elements. A key component of data-binding is to track changes to the object being bound. Today, JavaScript frameworks which provide data-binding typically create objects wrapping the real data, or require objects being data-bound to be modified to buy in to data-binding. The first case leads to increased working set and more complex user model, and the second leads to siloing of data-binding frameworks. ES6 will get around this by providing a run-time capability to observe changes to an object. Here is interesting discussion on this soon to be available new feature

3 Default Parameter Values

Default parameter values allow us to initialize parameters if they are not explicitly supplied, so you can do things like

function dspInputPanel(footer = "Steve McDonagh")
       ... build inputPanel Object..
       footer.innerHTML = footer;


So when I call dspInputPanel() with no parameters the footer object will contain Steve McDonagh
if I call dspInputPanel("Anne Other") then the footer object will contain Anne Other

4. Block Scoping
There will be 2 new declarations available for scoping data in a single block

let which is similar to the var declaration but allows you to redefine a var in the let's block scope without changing the orginal var in the scope of the function

function doInterestingStuff()
         var x = 5;
         var y = 6;
         let (x = x*2,y =y*3) { alert( x+y ); }     // pops up 28
         alert(x+y)                                            // pops up 11

const is the other declaration and is like let but is used for read-only constant declarations

5. Maps
Arrays of Name - Value pairs have been around a long time in JS and ES 6 will introduce the new Map() object with it's functions SET(), HAS(), GET() and DELETE() that makes using them even easier

var myDogs = new Map();
myDogs.has("Fido")                                 // Returns true
myDogs.get("Fido")                                 // Returns "Poodle"
myDogs.delete("Fido")                             // Returns true when deleted
myDogs.has("Fido")                                //  Now returns false

6. Sets
SETs are basically arrays and there is a new object creator Set() with associated methods HAS(), ADD() and DELETE()

var myCustomers = new Set( ["IBM","DELL","APPLE"] )
myCustomers.has("IBM")                   // returns true
myCustomers.add("ASUS")               // adds "ASUS" to the set
myCustomer.delete("IBM")                // Removes IBM from the set
myCustomer.has("IBM")                   // now returns false

This will allow array filtering to be so much easier, consider the following where I have an Array of customer names that I want to ensure is unique this new method is much much much easier to read.

function unique( customers )
       var ucust = new Set();
       return customers.filter(item) {
                                     if(!ucust.has(item)) { ucust.add(item) }
                                     return true;

There are loads more changes and improvements in the spec and it seems that ES6 is targeting a 2013 full spec release but as always some browsers are already implementing individual features and it's only a matter of time before their availability is widespread.

JS it seems may be coming out of the closet in the next 6 months and may soon be considered a "proper" language :-)

Friday 23 November 2012

The new CSS3 @supports() rule is really rather cool!

As all devs know , browsers can in varying degrees be a right royal pain in the arse when it comes to standards compliance and when you throw in companies like Never Upgrade a PC Till It Breaks Inc. who are still running XP with IE6, planning your super duper new web site to support them can be fraught with problems.

Most of us are used to the idea of designing a UI that degrades into a DBA-UX  (Different But Acceptable User Experience) to do this we have to be able to work out exactly the support for each feature that use in our design and have some "alternate" view that we can switch to.

Up until now I have relied on the wonderful Modernizer.js which smooths out a lot of the inconsistencies between browsers particularly the older rust buckets that NUPCTIB Inc use.

However there is a new CSS rule that will also help you - ladies and gentlegeeks let me introduce @supports() which has the syntax

@supports <supports_condition> { /* specific rules */ }

@supports is supported in most of the current browsers but as you might expect IE has ignored it and Safari doesn't have it yet. If you do use it in your CSS and a browser loads it that does not know what @supports is.. it will ignore the enclosed block, so you can still use your normal methods.

Basically what @supports() does is , it queries the CSS engine for support of whatever it is you need and then invokes the enclosed CSS rules accordingly.

@supports (display: table-cell) { /* some table-cell css in here */ }

Will test the CSS capability for box-flex and apply the rule if it is supported
You can also use a negative test for a rule not being supported.

@supports not (display:table-cell) { /*cope with non support CSS here*/ }

... and you can string together logical NOTs and ORs!

@supports (display:table-cell) and (display:list-item) { /* CSS goes here }

I am sure you get the idea and can see the usefulness of this addition to the Designer's toolbox


Thursday 22 November 2012

Useful i5/OS tip - Displaying Locks on an IFS Object

I was plagued this week by an odd problem on one of our i5 boxes. I was trying to use the CPYFRMIMPF & CPYTOIMPF to pull in data from a new Japanese division that uses nothing but Japanese characters in their data. This of course means UTF-8 / Unicode data, which can be a bit of a pain to set up in a DB2/i5 data table (particularly if someone forgets to make fields something other than CCSID 65535!)

Anyway.... I could get data off the system using the CPYTOIMPF into the IFS no problem at all, DBCS to UNICODE worked like a treat and everything was well with the world ... BUT ... try as I might I could not get CPYFRMIMPF to bring the data back into the DB2 file again.

There was a rather odd CPE3025 message that  told me the input file or path did not exist (error code 3025) and yet there is was, I could open it, read it, edit and save it  and everything seemed perfect .. but time after time I got the CPE3025 error and no data was transferred. I tried all day with no sucess and eventually went home hoping that a nights sleep would clear the mind and inspiration would come in the morning.

This morning came in an did a CPYTOIMPF which worked fine, did a CPYFRMIMF .. and .. it worked perfectly with no errors
After a bit of experimenting the culprit was discovered to be the fact that I had opened the file using Operations Navigator and even though the file had been closed normally Ops Navigator holds a lock on the file until Ops Nav is closed, the net effect of this is that the file is unavailable for the CPY* command.

Part of this analysis used a rather useful but lesser known API that you can use to track locks on objects in the IFS .. the api is this :


You need to have the *SERVICE special authority and the api dumps the locks to a spool file.

Easy when you know how but not an obvious tool for this particular problem

Thursday 15 November 2012

Domino Dander for Dosh 2013

Gentle readers some non-techie news!

The bold Eileen Fitzgerald and myself are planning a Dander For Dosh in May next year.

Eileen and were joined by the indefatigable Carl Tyler for 2012's walk along the coast between Bray and Wicklow in Ireland. We didn't pester the life out of you because we didn't get the giving organized in time for the actual walk. This year we will get our act in gear and start demanding money with menaces in January - You have been warned!

Conscious of the fact that the world is a tad short of cash we felt that we needed a real challenge one that would stretch us physically and encourage you to part with your hard earned cash. We are still discussing our options but top of the list is "The Great Glen Way" from Fort William on the West Coast of Scotland to Inverness on the east..80+ miles at around 20 miles a day for 4 days.

As plans form there will be more posts and many many requests for cash however if anyone would like to join us for 4 days of walking the length of the Great Glen under Ben Nevis along the edge of Lough Ness and down into the "granite" city, drop me a line and I will add you to the distribution list for our detailed plans.

Eileen and I cannot guarantee you good weather, but we can guarantee you four days of eclectic conversations, beautiful views, good food and good company (as you would expect from a group of Domino Geeks) I you want to join us for one day, two or all you will be very welcome (mainly as Eileen knows all my jokes and craves new material)

So Watch this space , marvel at our foolishness and when the time comes sponsor us as much as you can!

Sunday 4 November 2012

Alternates to the evil EVAL() in javascript

I am interrupting the Design Series of post for a quick JavaScript post that comes out of a question asked on the JavaScript forum on LinkedIn about alternates to the eval() function in JavaScript.

The most pertinent reasons for not using eval() are:-

1. Security - it leaves your code open to a JS injection attack which is never a good thing
2. Debugging - no line numbers which is a PITA
3. Optimization -  as until the code to be executed is unknown, it cannot be optimized.

Sadly EVAL is way to easy to use and as a result we see it all to often in places we shouldn't really see it and this can leave the door open to some nere-do-well making a mockery of the rest of your obviously wonderful code.

So what to do to avoid using eval()? Well alternates to the the 3 main areas I have used EVAL in the past are listed below.

1. When working out a bit of an object to change for example something like this


Now I am not suggesting anyone WOULD do this given the tools available but I have come across code like this in older applications written by people just starting out in the wonderful world of JS.

document[IdName].style.display= 'none';



are both much safer and a lot faster.

2. Getting JSON that has been returned by AJAX calls to the server into the DOM, like this snippet of jQuery is doing.

$.ajax({ url: "getdata?openagent&key=SMCD-98LJM",

              success: function(data) { eval(data),

This will work but a more satisfactory way would be to use the JSON data type in the ajax call

  url: url,
  dataType: 'json',
  data: data,
  success: *callback*

alternately use the $.getJSON() jQuery shorthand function.

If you don't use jQuery (or dojo which has an equivalent) you can use the powerful JavaScript JSON object.

var myJSONData = JSON.parse(data, reviver);

Where DATA is the the JSON data string and REVIVER is an optional function that will be called for every KEY and VALUE at every level of the final resulting object. Each value will be replaced by the result of the REVIVER function. For example this can be used to change strings in the JSON text into JS Date() objects.

3. The thorny and potentially very insecure loading and execution of Code Blocks, probably the most common use of eval() function in Javascript. Anywhere you allow code as text to be passed and run in the browser is prone to attack, it is much better where possible not to do this. When you absolutely have to do it then I would say using the Function constructor is less risky than a bold eval() call.

var myCode = "... your JS code ..."
var doSomething = new Function(myCode)

This will have the same effect as EVAL() but is less prone to being found as an avenue of attack for the forces of chaos on the internet. ** Note** you can also use the constructor format below to pass parms to the code block.

var doSomething = new Function("..var1name..","..var2name..", etc .. "..myCodeString..")

On a side note but related note, when you create a normal JS function construct, the definition does not have to appear at the start of the script (though it is usually best to do so for the sake of clarity). It can even be defined after the the code that calls it. In most cases, no matter where you choose to define your function, the JavaScript engine will create the function at the start of the current scope. BUT and it is an all caps BUT if you need to construct a code block conditioned on an IF, like this
if( someThingIsTrue )
 function doSomeThingWonderful.call() { .... }

Mozilla based browsers will allow it, but most others do not as they will always evaluate the function, even if the condition evaluates to false. So do not try to declare functions in the way noted above. Declaring functions inside these statements is possible in all current browsers using assigned anonymous functions, so it is better to do it this way.

var doSomeThingWonderful;
if( someThingIsTrure ) {
  doSomeThingWonderful = function () { --CodeBlock A--};
} else {
  doSomeThingWonderful = function () { --CodeBlock B--};

There are other reasons you need to evaluate objects or code  but generally there are ways around most of them that whilst potential slower to process are more secure and sensible.


Monday 15 October 2012

Principles of Design #6 - Colour Theory, The basics

Right I could wax long an lyrical about colours and how to use them, which I have to say probably sounds odd coming from me given that I am nearly colour blind. However I have been colour blind all my life and to me the sky is blue and grass green because that is what we are taught from when we are small.

Colour is very hard to describe to someone else without using the word "like" in fact most colour names are based around a descriptor that carries with it the meaning of the colour being expressed..

For example "Cornflower Blue" should make you think of the colour of Cornflowers like the one on the left or of a room that was painted with cornflower blue paint. There is no such thing as normal colour vision, we all each and every one bring our own baggage to this quick wander down the garden path of colour theory.

Colour Theory is a BIG topic so I will only be looking at 3 specific areas in this post, areas that any web or app designer needs to have a firm grasp of if they are to produce finished code and colour schemes that are beautiful, pleasing and work within the context of the app you are developing. These topics are .
  1. The Colour Wheel
  2. Colour Harmony
  3. Colour Context
The Colour Wheel

 The colour wheel is one of those things I never see on a geek developers table or in their favourites and yet it is a tool that artists and graphic designers use daily!. Go to any art store and pick one up they will know exactly what you want is you ask for "A Colour Wheel". Alternately you can use one of the many online colour wheels .. this is one I use a lot and can recommend.

Color wheels are arranged so that the colours move from red at the top around the rainbow until you come again to the blues and violets at 11pm ish. You will notice that the wheel on http://colorschemedesigner.com has the words WARM and COLD at 1 and 7 o'clock. this does not mean that just the colors at these "times" are Warm or Cold but there is a transition going on from the reds,oranges and yellows which are the colours of fire, embers and the sun convey warmth where greens, turquoises and blues are the colours of grass and water traditionally cool things. But be careful it is transitional and you move from warmer to cooler in gradual steps in each colour.

A color circle, based on red, yellow and blue, is traditional in the field of artists however Sir Isaac Newton was the chap that developed the first circular diagram of colors we know of in 1666. Since then, scientists and artists have studied and designed numerous variations of this concept. Differences of opinion about the validity of one format over another continue to provoke debate. In reality, any color circle or color wheel which presents a logically arranged sequence of pure hues has merit.

Primary Colours: Red, yellow and blue
In traditional colour theory (used in paint and pigments), primary colour are the 3 pigment colours that can not be mixed or formed by any combination of other colours. All other colours are derived from these 3 hues.  When you mix these 3 colours you get the Secondary Colours Green, orange and purple. If you start mixing primary and secondary you get the Tertiary Colours Yellow-orange, red-orange, red-purple, blue-purple, blue-green & yellow-green etc. and so on. gradually as you mix the colours you get the wheel you can see at http://colorschemedesigner.com.

OK I got that colours are colours and they are can be placed on a wheel so how does that help me and why should I use a wheel at all?

Good Question - this is where the next topic comes in

Colour Harmony

In visual experiences, harmony is something that is pleasing to the eye. It engages the viewer and it creates an inner sense of order or a balance in the visual experience. When something is not harmonious, it's either boring or chaotic. At one extreme is a visual experience that is so bland that the viewer is not engaged. The human brain will reject under-stimulating information. At the other extreme is a visual experience that is so overdone, so chaotic that the viewer can't stand to look at it. The human brain rejects what it can not organize because it cannot understand it.. Creating harmony is the task designers need to get right as it delivers visual interest and a sense of order.

The Schemes!
Look again at the colour wheel

The very slime outer ring comprise the primary colors, the inner rings the secondary, terteriary and so on so how do we combine these into a scheme? Well look at the top of the site you will see what at first glance look like odd shaped buttons.

these are the 6 types of standard colour schemes that for want of a better word "work". Look at the one I have highlighted called ANALOGIC, note the 3 dark segments at the top of the circle, these represent colours that are close together on the wheel. If a colour is beside another other colour it is called Analogous (or Analogic) you see this quite a lot in nature and the human brain really quite likes it and accepts it readily and this is perhaps the easiest colour scheme to get right.
If two colours are opposite one another on the wheel they are deemed to be Complimentary and this is another of the scheme names. If you select the Complimentary button on the http://colorschemedesigner.com site you will see this.

Note the appearance of two dots one at 12 o'clock the other at 6, these are the complimentary colours if you drag the dark 12 o'clock dot around the circle the corresponding opposite dot moves with it and the colour scheme displayed on the right of the screen displays a palate of colours that work well together. Note that as you move the dot the palate colours on the left never clash, are never discordant, they "work" - and there-in lies the beauty of the colour wheel!

There are 6 schemes in total and you can explore them at your leisure however I will mention one more the Triadic which combines 3 colours on the wheel in a triangle shape. This can be hard to get right if you do not use a colour wheel!

as you can see you get the dark dot at the top, which you can move around clock wise and anti-clockwise, the two white dots at the bottom form a triangle and these can be dragged as well.. however they broaden or narrow the base of the triangle.Once again the wheel can be used to get colour schemes that work, although some may be a tad garish.. so use with caution!

you will notice that the center of the circle is the colour under the dark dot, this colour will be the one you select as the main colour of your scheme, the others will be secondary to it. hence the larger area of that colour on the right hand palate pane.


How colour behaves in relation to other colors and shapes is a complex area of color theory. Compare the contrast effects of different color backgrounds for the same red square
For most people with normal or nearly normal color vision red appears more brilliant against a black background and somewhat duller against the white background. In contrast with orange, the red appears lifeless; in contrast with blue-green, it exhibits brilliance. Also notice that the red square appears larger on black than on other background colors, this is context! Always try colour swatches of your colour scheme like this to see if they 'work' the way you expect them to and deliver the sort of balance and emphasis that you want to convey.

This is also where I have a problem and http://colorschemedesigner comes to the rescue again notice a the top right there is an option for..... Colour Blind

 Have a look at your color scheme when you apply the different types of colour blindness filters and note how the tonal values change use these options in combination with the preview buttons at the bottom to see how others will see your colour scheme always remember that how you see the context of your scheme is not how others will if they have colour blindness of if there monitor is configured differently from yours. (I am Tritanopy Colour blind have a go and welcome to my world ;-) )

Next post we will go a bit deeper into the world of color and look at hue, luminance and tone

Coping with Windows update 2661254 SSL FIx on a self certed domino server

Well well well, that was an interesting couple of days!
Microsoft in their infinite wisdom decided to release a fix that stops Internet Explorer (a pox on it) accessing any SSL site that has a <=512bit certificate.

Here is a link to the MS document

Now there are very good, sound and security related reasons for MS to do this but it did cause me some fretting and sleepless nights this week, i have no doubt once the fuss dies down you will see Firefox, Opera, Safari and the rest follow suit.

We protect a lot of our internally accessed data with self certed SSL certificates and these where created back in the days when 512 bytes was more than ample and secure for this purpose. These certs were renewed each year and over time have been forgotten about.

The symptoms of the problem post this fix being applied are:-

When IE <=8 tried to connect you get a "there is a problem with the web site" error and you can go no further, with IE >=9 you get the "There is a problem with the certificate" message but clicking on the "Proceed to the web site (not recommended)" does nothing.

Now on a i5 server (used to be the iSeries Server or AS400 and nicknamed iBoxes) renewing a self certed SSL server certificate is dead easy and you get the option to change the bit length so for our iBoxes it was dead easy. Admin Panel, renew certificate, change bit length, create, apply , restart server .. and the problem went away.

But Domino servers ... ahhhh ....

I went into the Certificate authority NSF created for the server, tried to create a new certificate, not a problem but no field to let me change the key length.. ARRRRRRGGHHHHHHH!!! Tried a whole lot of things to get a 1024 long key, with no great success. So my quickr users on the one server with the problem had to start using another browser whilst I sorted this problem out.

As it turns out Per Lausten Domino Guru and all around nice chap tweeted a link that lead me to the solution ...many thanks Per!!! Once again Social Networking helps the poor benighted admin out of a tight corner not really of his own making.

Basically what I did was the following which I was missing in the other ways I tried
The full details for what follows are on the link above, but in summary you just start from scratch.

01. I took a copy of the original Cert Authority NSF created for the server
02. I took a copy of the .key and .sth files currently in use on the server
03. I created a new nsf using the Domino Certificate Authority template CCA50.ntf
04. I created a new CERTIFICATE AUTHORITY KEY RING FILE with a 1024 bit key (option 1)
05. I ran the Configure Certificate Authority Profile (option 2) for the new key ring file
06. Set the expiry to 5 years
07. I ran option 3 - Create Server Key Ring & Certificate, filled in the guff required paying special attention to put CAKeyPair in as  the CA Certificate Label and the fully qualified domain name of the server as the "Common Name" and 1024 as the key length.

Et Voila!!! I have a new Keyfile.kyr and KeyFile.sth with 1024bit keys!

All that was left was to copy these to the server and stop and start the HTTP task and IE started to work again, which was accompanied by a massive sigh of relief and a couple of memo's suggesting we might as well go the whole hog and get "real" certificates even thought they cost money.

Thanks again Per for the link that got this sorted you are a star!

Wednesday 26 September 2012

Principles of Design #5 - Unity, Getting all to work together

Bit of a gap in the series, a 25 mile walk in the Mournes and a couple of projects at work got in the way.. Anyway on with the series - Unity, what is it?

Well that is a hard-ish concept as it sort of suggest that "What works ... works". However it is something that all devs should think about as most of aspire to create things that work and have an identity. Alternately we may work in a company that has a well defined corporate identity framework with in which we create our applications and whilst we work within this framework we may want to add to or improve the framework with our own ideas.

Other frameworks may be very well defined like IBMN's OneUI that we all know and some of us love. I have to add that I am not that keen on it but it does tick a lot of the "design" checkboxes  it is just a bit ... mmmm.... soulless unless you breath some of yourself into it.


So in broad terms unity is an umbrella principle for visual design, meaning all aspects of "The Language of Design" that I have talked about so far (and in those to come) contribute to the visual unity of an image. Consistency among parts that contribute to the whole is a hallmark of a unified design. Such parts include color schemes, typography, semantic hierarchy etc. When all of these parts are in sync, the end result is a unified design. However, if one of the parts is inconsistent or improperly applied, unity suffers and the image or site or app often appears disjointed. A common problem that makes a good web site look thrown together.

The site above whilst at first glance looks OK suffers from a lack of consistency, the images do not compliment each other and distract from the design The navigation is confusing and not centred, the colours do not complement each other and the page has no focus which leads nicely into ...


Unity is the relationship among the elements of a visual that helps all the elements function together. Unity gives a sense of oneness to a page as a seen by the user as a single visual. In other words, the words and the images work together to create meaning. So basically don't use a picture of a dog when you are talking about cats or as in the example above have way way way to many unconnected images.

Colour Schemes

I will be talking in a separate post about colour however keeping colour consistent across all the pages or parts of your app.This is where frameworks like OneUI or Twitter Bootstrap come into their own and will help the designer from the get go.

By whatever method you should try to achieve a design that should consistently use a stable color scheme that appeals to viewers. For example, if a Web site consists of multiple pages and the font color for hyperlinks is blue on the first Web page, then hyperlinks should be blue on subsequent Web pages. Also, background colors should be used consistently and should enhance readability preferably by relying on a template or some type of CSS to ensure that page loads are cohesive.


The simplest method of making objects or elements on a page appear to belong together is to group them closely together. We humans LOVE patterns and developing a pattern in your design or images will create unity in your design.


Things that are the same shape, size, colour or orientation allows the viewer to associate them with each other and visually bind them together.


Another method often used to promote unity is the use of repetition. Repetition of color, shape, texture or object can be used to tie a design together. 

A much more subtle method of unifying a design involves a trick borrowed from the art community. The continuation of a line, an edge or direction from one area to another. Continuation is often used in books and magazines to tie the elements of a page together with the use of ruled column dividers and by lining up edges of text  headlines and graphics.

Take the picture above the artist has used the continuity of the road to unite the fore-ground with the back ground. The left to right stroked in fore-ground unite the left and right of the picture.

This continuity allows the viewer to start at the front of the picture and work to the back without interruption. The continuity of the stokes allows the view to recognise a pattern that consolidates the idea that we are looking at a "worked" field.

When you have a group of elements in a design it is important they they are "closed" . By that I mean that the group should be a recognised shape itself and the closure can be achieved with either a boundary line or by whitespace. Have a look at the example below at the 3 panels at the bottom each panel has an image with text below surrounded by white space. This is a "closed" group. Also looking at the 6 panels as a single group bounded by the grey side bars can also be considered as "Closed"


Consider the site above it shows all the elements of unity as a whole - the overall T pattern is easy for the user to identify with. The images work well together the fonts work well and the colour scheme works. This unity allows the elements of the site to be more than the sum of their parts and bind the site into a single pleasant visual experience.

This is what we as design-centric developers need to strive for design not only each element well but ensure that each element works well with every other element on the page.

That brings the principals bit of this series to an end. I hope you found it useful and in the next series of posts I will be talking about how we can leverage these fundamental ideas together with with your current skill sets in the development cycle to both develop and design apps and web sites.

First up is colour in the next post.

Friday 21 September 2012

IT Sales Cold Calls - The bane of my life :(

Right - people who follow my tweets will already know that my patience with cold callers has worn perilously thin of late. Particularly with Oracle salespeople although SalesForce, HP and Macafee are not that far behind.

I am paid to do a job and I do that job reasonably well given the fact there there are only so many hours in the day that I can work in. What I am NOT paid to do is to engage with cold callers trying to engage me in a conversation that adds not a shred of productivity to my day, dozens of times a week. This week I have taken 14 of these deeply irritating calls and quite frankly enough is enough!

For the record :-

1. Were you even mildly interested in me as a person rather than as a revenue stream you would have asked someone how to pronounce my name, calling me Mr [long pause] Ma Dough Mag and when I correct it if you continue to get it wrong I WILL hang up.

2. Were I interested in your offering I will contact you until then LEAVE ME ALONE!

3. If I am on a list that says I am interested and you are from Oracle , Salesforce, HP or Macafee the list is wrong and I will  have asked many times to be taken off the list. People like yourself  haven' bothered so pardon me if I don't give a damn about professional courtesy if you or a colleague ring me the next fecking day with the same content.

4.  I really really really do not care a monkey's chuff if Gartner thinks the sun shines out of your collective orifices. Neither do I care a scintilla that product X will save the universe from heat death  or the effects of the antisocial cultural hegemony of Facebook. If you send me "White Papers" and I haven't explicitly asked for them then  I will figuratively wipe my arse with them, flush them into the toilet of my contempt and have them safely de-odourised by the toilet duck of derision.

6. Offering to come and meet me in person because you will "be in the area" does not in any way suddenly make me interested in your product. The fact I have said "I am not interested" does not in any way allow you to infer than me being able to smell your aftershave and marvel at the sartorial elegance of your suit is going to change my mind.

7. Implying that whatever competitor's product I am using is crap, worthless or might cause impotence does not endear your product in any shape or form (Unless it is Internet Explorer which of course does cause Impotence and that is the reason I do not use it) If I ever want someone to insult the tools I use every day I will be sure to put you at the top of my list.

8. I know "times are hard" and you are "just doing your job" but you do have to remember you are interrupting me at work. You are directly responsible for a hiatus in whatever it is I am doing, that hiatus better be something I AM interested in or you WILL suffer the thin sharp edge of my wrath.

9. If you come across me on your call list for the day - consider me "hostile and dangerous" you have been warned!!!!

That is all.

Friday 14 September 2012

Design Principles #4 - Use Emphasis to make your point

So in our wander through the skills and ideas useful for devs that do not have design team handy when they are designing apps and sites we arrive at emphasis.

"OK", I hear you cry, "I know all about the [em],[i] and [b] tags."

But emphasis is more so much more that typographical!

Emphasis is what gives you design a focal point and by that I mean that the element that is most important stands out in your design. For this reason emphasis is sometimes called dominance, but I don't want to get all "50 DIVs of Grey" here so I will stick with Emphasis for now.

In the web site above is a classical example of emphasis used to great effect. The rays of light slanting down from top left to the centre and the well lit center image and dark surround create the emphasis and drag the eye to the most important thing on the page. Rembrandt used exactly the same lighting technique all the time... the emphasis is on the lit characters and you find yourself looking at them first and paying more attention to them as a result.

Focal points are very important. In an earlier piece I mentioned the Web Page "Sweet Spot" which was roughly here.
However you do not have to place the focal point here, you can by using emphasis move the focal point to wherever you want on the page.

One of the biggest mistakes I see in design it when the dev tries to make everything in the design stand out or more commonly nothing has emphasis at all. The problem with that is the app will appear busy if too much emphasis is used, and boring and unappealing if not enough is used.

Instead I would recommend using a semantic flow to your HTML markup, a task now made all the easier with the HTML 5 which has changed and will continue to develop towards a semantic rather than presentational markup. Using this new semantic markup as a starting point the developer can arrange the elements of the app or page into a hierarchy.

So your Web page/app will have a hierarchy and all you need to do is put the emphasis on the correct elements so that your design leads the user on a journey you want them to take and hopefully that will be in IBMish an "exceptional experience" ;-) So how do I do it this emphasis thingie

White Space
Remember Emphasis is important but of equal importance is what you de-emphasise!
What I mean by that is the more an element is surrounded by white space or is isolated from other elements, the more weight and, thus, importance it takes on.

In the example above note the "Part of the story" unlike the rest of the page which is space-free this text is emphasised by the the fact it has white-space around it. It jumps from the page and screams "READ ME FIRST" to the viewer.

Emphasis can also be leveraged using contrast.

Contrast is about differences: light against dark, small next to large, a portrait-oriented photo next to several landscape-oriented photos. See the contrasts and subsequent focal point on “Love that Summer Feeling” above. The focal point is a rectangle alongside many squares; it is the largest shape on the page; and it also is colorful against a black-and-white backdrop.  This is Contrast pure and simple.

Establish and then break a pattern

In the last post I talked about Rhythm and patterns you can emphasise an element on your design by placing an element at odds with the established pattern on the site. the central item is rotated by 3 degrees clockwise (you can do this really easily with CSS3 *-transform:rotate(5deg); rule). Once again the eye is caught by the weight of the difference and drawn to the centre, the rotation be clockwise draws the eye down to the title "Tie-Dyed". Emphasis hard at work!


Continuance is a fancy way of saying once the eye starts moving it prefers to keep going in that direction until something with more emphasis comes along. Consider this

Even though the bottom splat is bigger and so tends to catch your eye first, your brain can’t help but go “FECK, look at the sexy arrow AND it is pointing right !” Soon enough, you’ll find yourself staring at the smaller object.This is the same effect as you get when someone stops on a crowded street and stares up at the sky, soon a bunch of people will be looking up trying to find what the person is looking at.. (Hint the person looking up is the arrow!!)


I started with a nod at typography I will do a complete post on fonts in the future so prepare yourself for an attack on the evil that is Comic Sans! But I will add here Fonts can play a bit part in emphasis but do NOT fall into the trap of having lots of different font-faces, sizes, colours and weights. This is NOT good! Use no more than 3 fonts on a page and make very very sure they look good together. Do not,for example mix serif and non serif fonts, on the same page it hurts the eyes! The experience of printers going back to the times of Caxton's printing press should be ignored at your peril!!!

So that was a quick dander through emphasis. It is a very very useful tool for a developer to use, but it is easily misused and can cause chaos , confusion and double-vision in your users! Like all things make it part of your thinking process when planning the site and experiment so you get the right emphasis on the right places.

Look at magazines at other web sites and applications, where is the emphasis? Does it help or hinder? You have your eyes open all day, use them to learn what makes "good" design!!

Next post will be UNITY!

Disqus for Domi-No-Yes-Maybe