An IoT doorbell

Flic button stuck to front door

Press me! Go on!

I live in a council estate which has recently undergone a snazzy renovation, with economies of scale that seem to have included the bulk purchase of a wireless doorbells, all of which are competing for a very small pool of frequencies. This means that a visitor to anyone’s house within range results in a mass summons of householders to their front doors.

Although this is the perfect excuse for curtain-twitching, it’s quite annoying. So when I heard about the Amazon IoT button (£22.99 from, er, Amazon), I wondered if I could use it as a solution. The IoT button can be used to trigger an AWS Lambda, which I could have used to send a push notification to an old Android phone I have knocking about, and I could then have written an app to respond to the push notification and played a sound.

However, the fact that the AWS IoT button has a non-replaceable battery and is designed only to last for 2000 clicks put me off, even though we aren’t really popular enough for this to pose much of a problem. So I looked around for alternatives and came across the Flic button, a Bluetooth Low-Energy button with a replaceable coin battery, out-of-the-box integrations with lots of things such as Ikea smart lights and If This Then That, and, more excitingly, an SDK which I could use to make my Android phone respond to button-pushes with custom logic.

The button is accompanied by a free app which you can use to pair your phone or tablet and manage your integrations. In Android, the app sends a Broadcast Intent out whenever it receives a message from the button; you can then create another app which subscribes to these broadcasts and takes a custom action. The Flic website has a great tutorial which provided everything I needed except for the few lines of code needed to get my phone to ring – i.e. my custom action. The iOS version of the app came with a ‘virtual Flic’, which I assume provides the ability to test your integrations without buying an actual button, but this feature is absent from the Android app for some reason.

I ordered my Flic button for £19.99 from Ryman’s on Sunday evening, used free click-and-collect and picked it up on Wednesday. (Only the turquoise one was £19.99; the button is also available in black and white, but these more blendable colours were £29.99, so that’s the explanation for the hideous visual assault on our visitors depicted above.) I started writing the Android app on Tuesday evening, and couldn’t test it without the physical button, but it worked with only the tiniest of tweaks to my custom logic once the I had picked the button up. All in all, the project has taken 5 days from conception to installation (i.e. sticking it to the door) which must be a record for me, because I hardly ever finish anything. And this all the more remarkable for the fact that I’ve never done any professional Android development, and haven’t done even any amateur stuff for 2 years. Bottom line – IT’S EASY!

You need to log into the Flic app to register your buttons, and you need to download a developer key and secret from the Flic site and put it in Android app when you subscribe to the Flic broadcast. However, the solution works without the phone being connected to the internet, which is marvellous, because it means I can remove the Wi-Fi key and all my personal info from my phone, so that if there are any insecurities on Bluetooth Low-Energy allowing an attacker to gain access to my phone via the doorbell, they still won’t be able to get on to the home network or steal my emails.

Maybe the biggest threat in this solution is that someone will steal the button itself. The glue isn’t very strong, and there’s nothing that prevents it from being paired with another device. But, as the people who live on my street are frequently reminded, that’s also true of a normal wireless doorbell.

Using Bayesian statistics and inaccurate genetics to guess the eye-colour of my next child

My next child is currently in my uterus. I’ve recently had a scan and found out a little bit about its genetic make-up – that bit which has turned it into a girl. That’s the only characteristic I’ll know about for a while, and I can only speculate on the rest. So I’ve decided to speculate on the colour of its eyes.

In GCSE Biology, which I took in 1994, I learned the following model for how genes determine the colour of eyes. As a simplification, it pretends there are only two types of eyes: brown and blue. and that the eye-colour a person has is controlled by a pair of genes – one gene inherited from their mother and the other from their father. The gene determining eye colour can come in one of two variants, a brown variant, which is labelled ‘B’, and a blue variant, labelled ‘b’.

If both genes in the pair are b (written as bb), then you get blue eyes. If they’re both B (written as BB), you get brown eyes. And the B gene always overrides the blue gene, so if you’ve got one B gene and one b gene (Bb) you get brown eyes too. Because the brown-eyed gene always gets its way whenever it’s present, it’s known as a dominant gene, while the blue-eyed gene is called recessive because it meekly submits to its partner’s wishes.

If you know the genes of a mother and father, you can work out what genes their children are likely to have. If both parents have blue eyes then they’re clearly bb, and their children will get a b from both of them, so they’ll all have blue eyes too. If the mother is Bb, and the father is bb, then half the children will get a B from the mother and a b from the father and be brown-eyed Bbs, and half the children will get a b from both parents and be blue-eyed bbs.

As I mentioned before, this model was taught to me in the nineties and is an oversimplification, as many genes have been shown to contribute to eye colour. I’m not sure that it’s still taught today: on BBC GCSE Bitesize, the less happy examples of cystic fibrosis and Huntington’s disease are used to illustrate the theory of dominant and recessive genes. Until today I believed that to claim that the blue/brown eyed model was correct would be an act of disrespect towards the British Royal Family, as I had thought that the Duke and Duchess of Cambridge had blue eyes and their son Prince George had brown eyes, but now having examined many pictures of the Duchess of Cambridge I can’t decide if her eyes are brown or blue, and on revisiting a discussion page on the subject I have realised that the image of the indisputably blue-eyed woman displayed there is not in fact of the Duchess of Cambridge but a professional look-alike named Heidi Agan. Anyway, I’m going to stick the single-gene theory because nothing in my personal experience has happened to contradict it, and it makes the maths simple.

I have brown eyes, but I don’t know whether I’m a BB or a Bb. Both my parents have brown eyes. I’m assuming that my mother is a BB, as she comes from Thailand and blue eyes are rare or absent in that population. I know that my father is a Bb, as my niece (my brother’s child) has blue eyes, so my brown-eyed brother must be a Bb. My husband also has blue eyes, so he’s a bb. In fact I am the only person in my and my husband’s family whose genome with respect to eye-colour isn’t fully known.

If I were to give birth to a blue-eyed child, then it would be clear that I was a Bb, and that the next child would have a probability of 50% of also having brown eyes. If I’d already had 20 brown-eyed children with my blue-eyed partner, then I’d be pretty confident that I was a BB, as the probability of having 20 brown-eyed children if I were Bb would be 1/2^{20}, or about 0.000001. So I wondered what the chances of the next child also having brown eyes are, given that already have one child, whose eyes are brown.

This is one of the rare opportunities in my life to apply Bayes’ Theorem. (It’s rare not because Bayes’ Theorem isn’t useful, but because I’m not involved in statistics.) Bayes’ theorem can be written as

P(A|B) = \frac{P(B|A)P(A)}{P(B)}

Explanation helps, though. In statistics, the raw materials are observations, such as having a child with brown eyes, and what we want to determine is the underlying probabilities. In the formula above B represents an observation, and A is an underlying probability distribution. In the context of this post, A is the probability that I am BB (say) and B is the evidence that I have a child with brown eyes.

  • P(A) is the a priori probability – the probability of being BB before the evidence of a brown-eyed child came along
  • P(B) is the probability of a brown-eyed child depending on the a priori probability
  • P(B|A) is the probability of a brown-eyed child assuming that A has happened – i.e. that I’m BB.
  • The result, P(A|B), is the probability that I’m BB based on the evidence.

So let’s evaluate those first three points in turn.


My parents, being BB mother and a Bb, would have expected to have children who were half BBs and half Bbs. So let’s put the a priori probability, P(A) down as \frac{1}{2}.


Assuming the a priori probability, the chance of my having a brown-eyed child is

\frac{1}{2} \times \text{probability of brown eyed child with BB} + \frac{1}{2} \times \text{probability of brown eyed child with Bb}

because I have half a chance of being BB and half of being Bb.

This equals

\frac{1}{2} \times 1 + \frac{1}{2} \times \frac{1}{2}

which equals \frac{3}{4}


This is, assuming I’m BB, what is the probability of having a brown-eyed child? It’s 1, because all offspring will be Bb.

So, plugging these three values back into the Bayes’ theorem formula:

P(A|B) = \frac{1 \times \frac{1}{2}}{\frac{3}{4}} = \frac{2}{3}

So the evidence of having a single child with brown eyes with a blue-eyed partner has made the probability of my having BB rather than Bb jump from \frac{1}{2} to \frac{2}{3}.

Now I know the probability of being BB, I can work out the probability of having a brown-eyed child: it’s

\frac{2}{3} \times 1 + \frac{1}{3} \times \frac {1}{2} = \frac{5}{6}

I find it interesting to think about how much probability is sometimes just a question of perspective. Both my genome and my child’s are already established – we just haven’t examined our DNA to find out about it – so in a way there’s no probability about it. I said earlier that my parents, as a BB/Bb couple, would have expected to have half BB and half Bb children, but in fact their genomes were not revealed until it became clear that the eyes of their first child would never change from their original baby-blue.

Running plain JUnit tests with Resource files in Android Studio

I’m currently writing a podcast app for Android in my spare time. I haven’t yet read any books or done any courses on it yet, though I’ve signed up for a Coursera course called ‘Programming Mobile Applications for Android Handheld Devices’ in the hope of learning some theory behind what I’m thrashing out. So I’m not quite sure what the standard practices are for unit testing. The way an Android project is set up by default is that the tests have to run on a device or an emulator (and I’ve never got the emulator to work.) This feels strange to me – the .NET orthodoxy is that you should be able to test logic independently of the platform it runs on. So I’ve split up my Android project into my main ‘App’ module, which contains all the things which depend on hardware, such as UI, network and storage, and some pure Java modules containing the business logic, such as how to retrieve objects from the SQLite database and how to parse podcast XML into Java objects.


Yesterday I was writing testing my XML parsing logic, so I put a test XML file inside my test assembly as a resource:


And I tried to load that resource in my test:

    public void canReadSerial() throws IOException, XmlPullParserException {
        InputStream xmlInputStream = getClass().getClassLoader().

But when I ran the test, I kept on getting a NullPointer inspection. The file was definitely in the jar – I checked by finding the jar in the filesystem and ran jar tf to list its contents.

The problem turned out to be that when Android Studio runs the tests, it runs the classes from the .class files rather than from the jar, and so therefore it couldn’t find the resource file. So after a bit of trial and error, I came across this solution:

  • Go to the .iml file of your test package
  • Find this section:
<component name="NewModuleRootManager" inherit-compiler-output="false">
    <output url="file://$MODULE_DIR$/build/classes/main" />
    <output-test url="file://$MODULE_DIR$/build/classes/test" />
  •  Replace the url attribute of the <output> element:
<component name="NewModuleRootManager" inherit-compiler-output="false">
    <output url="file://$MODULE_DIR$/build/libs/<YOUR MODULE NAME>.jar" />
    <output-test url="file://$MODULE_DIR$/build/classes/test" />

This means that the tests will run from the jar rather than the class files, and you’ll be able to access your resource files. I don’t know if this has any unwanted side-effects, but it’s working for me so far.

Seven Types of Ambiguity – in Adverts

I am not very good at reading poetry, but I suspect it says important things in a way that could not otherwise be said, and that’s why I’m attracted to books which contain a small amount of poetry alongside a lot of prose telling me what to think about it. One such book is Seven Types of Ambiguity, published in 1930, when its author, William Empson, was 24. (Which is the age I learned how to use a semi-colon.) Empson studied two years of a maths degree before switching to English Literature, so I regard the book as a primer in ‘English for Mathematicians’, especially as he peppers his writing with maths-friendly phrases such as  ‘one must assume that n+1 is more valuable than n for any but the most evasively mystical theory of value.’

Empson’s thesis is that because poetry is concise and aims to say a lot of things, it tends to contain phrases which can be interpreted in several ways: i.e. ambiguous phrases. (Another category which has the same constraints and goals is names for pop bands. Consider The Wanted: a dangerous band of outlaws or a group of desirable young men? I presume, without having done much research into the matter, that both implications are relevant to the impression the band intends to create.) His book identifies seven sub-categories of ambiguity, and lists examples drawn from poetry under each.

I thought it might be interesting to take Empson’s original seven types, and see if I could find examples drawn from the field of advertising slogans to fill them. Like poetry, advertising slogans aim to say a lot of things using few words. To adapt a quote from a book:

The demands of metre catchiness and the cost of air time allow the poet copywriter to say something which is not normal colloquial English, so that the reader thinks of the various colloquial forms which are near to it, and puts them together, weighting their probabilities in proportion to their nearness. It is for such reasons as this that poetry advertising slogans can be more compact, while seeming to be less precise, than prose.

As it turned out, I couldn’t think of an example for each type. But here are the list of types, together with examples where I could find them.

Type 1 – Details are effective in several ways (comparisons with several points of likeness, antitheses with several points of difference)

I didn’t find rich pickings in this space. But here’s an antithesis with several points of difference:

Between love and madness lies Obsession

Calvin Klein

Love (assuming sexual love is meant) is sexually exciting, self-denying, and personal; madness is usually impersonal and involves one’s perceptions being in disagreement with the norm. The audience is free to choose which of these properties obsession has: if you take all the properties of sexual love together with the warped perception of madness, you get stalking; or, taking both properties of madness and only the self-denying property of love, you get something more like academic fervour – an interest in insects so strong that you forget to eat, say. Although intense sexual desire is probably the image that the marketers would most like to purvey, the vagueness of the definition given for obsession may mean the audience identifying with the slogan, and therefore interested in the product, is wider than it would be if more precision were used.

I should say that the definition of this type is wider than the truncated version I have described here. There may be more examples than I have the power to categorise. Perhaps You’re worth it (L’Oréal) qualifies because it leaves open exactly what worth and it are.

Type 2 – two or more alternative meanings are fully resolved into one

I am going to argue that my favourite advertising slogan of all time, Zanussi’s The Appliance of Science [video link], falls into this category. Again, there aren’t many examples of this type – it seems that copywriters want to use their words to say multiple things in one sentence, rather than the same thing twice. There are two ways that The Appliance of Science can be parsed:

  1. Interpreting Appliance as a piece of kitchen white-ware, the slogan means ‘We create good fridges, dishwashers and cookers using the results of scientific investigations’
  2. Interpreting Appliance as equivalent to ‘application’, the slogan means ‘We apply the results of scientific investigations.’

If you accept that the subject in interpretation [2] is implicitly kitchen white-ware, both parsings amount to the same thing. And the slogan rhymes! Amazing.

Type 3 – Two apparently unconnected meanings are given simultaneously

This type, which allows you to say two relevant things using one set of words, is very well represented in the advertising world. Almost all punning advertising slogans fall into this category. I’ll start with my second favourite slogan of all time, which is sadly under-exposed, being a private employee induction slogan for my current employer, Tesco.

A chance to get on


This five word sentence contains an impressive three meanings.

  1. Taking get on to mean ‘ascend’, it is a chance to get on the vehicle that is employment at Tesco (whether that’s a carriage to the stars or a bus to a business park in Welwyn Garden City.)
  2. Taking get on to mean ‘associate amicably with people’, it is a chance to work in a constructive manner alongside colleagues. (Tesco prides itself, in my view with justification, on the supportive environment it offers employees.)
  3. Taking get on to mean ‘achieve career success’, it is a chance to, well, achieve career success.

The next example is another favourite of mine because it brazenly addresses the squeamish subject of what the product actually does.

Take everything in your stride

Simplicity press-on towels (1989) [video link]

From the context of the advert, which features women rollerskating and cycling, it seems clear that the primary meaning of the slogan derives from its usual idiomatic meaning – to take something in your stride is to experience something negative it without it affecting you. Which is to say that if you use Simplicity press-on towels, you will feel able to get on with life when you have your period. But the more literal meaning of ‘stride’ is to do with the separation of your legs – which is, of course, where the press-on towel goes.

Type 4 – Alternative meanings combine to make clear a complicated state of mind in the author

I haven’t been able to think of any good examples for this type, and I think it’s because adverts aren’t usually trying to convey a complicated state of mind. I thought I might be able to mine something from charity or public health slogans, which aim to deter bad things rather than promote good things, but the ones I can think of are pretty unambiguous e.g. Oxfam’s Make Poverty History, Save the Children’s No child born to die. Perhaps the best example is the below, which I think I’ve seen on a British advert from the government-sponsored Think! road safety campaign but can’t find anywhere.

Mothers against Drink Driving poster: slogan 'Don't drink and DrIvE'

Here, the D, the I and the E of ‘Drive’ in the slogan ‘Don’t drink and Drive’ are highlighted so that it simultaneously says ‘Don’t drink and DIE’. This could be said to represent a complex state of mind in the author, because drink-drive adverts are expected to emphasise the harm that can be done to passengers and other road users, but this one also points out that drunk drivers also risk harming themselves.

The example is a bit of a cheat, though, because it relies on colouring in certain letters, so it’s really two slogans instead of one.

Type 5 – Author is discovering their idea in the act of writing

I also haven’t been able to think of any examples of this type of ambiguity. The problem of type 4, which is that copywriters aren’t usually trying to convey a complicated state of mind, also affects this type, because this type suggests at least two states – the state of not having the idea, and the state of having it. But in type 5 the problem is compounded by the lack of space – you need more words than slogans afford to go from one state to another.

Type 6 – Forcing the reader to invent interpretations

In this type a statement says nothing, so the reader is forced to invent interpretations for themselves. There are quite a lot of examples of this type in advertising.

Made in Scotland from Girders

Irn-Bru [video link]

The claim is clearly not intended to be believed. However, it does allow the viewer to imagine strength and Scottishness diffusing out of a mouthful of Irn-Bru into their body.

Impossible is nothing

Adidas [video link]

This slogan qualifies on the grounds of grammatical delinquency. The viewer may correct it to ‘Nothing is impossible’, or may turn Impossible into a noun, meaning either ‘the set of things which are impossible’ or impossibility itself.

Type 7 – Full contradiction

I’m not sure I understand this type, so I’m going to quote its definition in full:

An example of the seventh type of ambiguity … occurs when the two meanings of the word, the two values of the ambiguity, are the two opposite meanings defined by the context, so that the total effect is to show a fundamental division in the writer’s mind.

Taking this definition on its own, I would claim that

Tax doesn’t have to be taxing

HMRC [video link]

qualifies. Taking taxing literally, as in ‘pay money’, tax, obviously, is taxing, so the statement is a contradiction, but interpreting taxing to mean ‘be hard work’ the statement means that ‘it’s not much administrative effort to pay tax’, which is the intent of the slogan.

If this were the extent of this type then the examples in the seventh chapter of Seven Types of Ambiguity would all be the type of puns that Idlewild are fond of making, such as I think you’re young without youth (American English) and And did I hear you sing / That we exist without existing (I understand it). However, the examples in the chapter are statements which say the opposite of what they mean. The true meaning of the statements is has to be deduced from the context. The nearest things to this I can think of in adverts are those adverts which don’t explicitly endorse the products that they’re promoting:

You either love it or hate it

Marmite [video link]

In Marmite adverts, the emphasis is generally more on the people who hate Marmite than those who love it, but the implication to the viewer is (presumably) that it’s more likely to be loved than hated.

Just a little better. But better.

Philips in the 1980’s

Unfortunately, I can’t find any evidence on the internet to back up my claim that this was once a Philips slogan. The intended implication was presumably ‘actually, it’s heaps better’. I think the company must have decided pretty quickly that it was too understated, because it was replaced by Let’s make things better.


So, my finding is that, whilst it’s interesting to analyse advertising slogans using the seven types, in fact most of the ambiguous ones fall into two types – type 3 (the pun) and type 6 (the meaningless statement.) If you can think of any examples, of any type, but especially of the other five types then I’d love to hear from you.

Django/ASP.NET MVC Dictionary

Although I’m usually a .NET stacker, I’ve recently been experimenting with Django, a Python-based web framework, because at work we’ve been trying out Sayit, a transcript-rendering tool from mySociety which comes in a Django app. From my limited viewpoint I’m pretty impressed with Django as a tool for building websites quickly. I did the tutorial and I particularly liked the fact that it auto-generated back-end admin pages for you, and (even better) that these could be customised easily using proper code. I have even less knowledge of Microsoft Lightswitch, but it feels as though they’re trying to do the same thing except that Django is more cody and more powerful – unlike Lightswitch, you can’t get anywhere with Django without coding, but you could actually use it to build a public website rather than it being limited to internal-facing business applications.

Anyway, despite the fact that the Django documentation says that it’s not really an MVC framework, I was struck by the similarity of the architecture with ASP.NET MVC, and also the difference in the terminology between the two frameworks. So I’ve written a little dictionary to translate between the two. I particularly like the fact that an ASP.NET MVC Action is analogous to a Django View. 


ASP.NET MVC Django English
Model Model A class which encapsulates part of the business logic of the application and usually contains data fields which get persisted in a database.
View Template HTML template which is filled in by the ASP.NET MVC ViewModel / Django Context before being served to the client.
Controller App (arguably) A collection of handlers usually relating to one Model in ASP.NET MVC, and a closely related set of Models in Django. Only a loose analogy.
Action View A handler for an HTTP request, taking in data from the user, getting it processed, generating an appropriate ViewModel/Context for the response, allocating a View/Template and passing it back to the user.
Routes Urls The logic which maps browser URLs to ASP.NET MVC Actions / Django Views.
ViewModel Context The data that is shown on an ASP.NET MVC View/ Django Template. In some MVC applications the ViewModel is the same as the Model, but often the display logic is a bit different from the business logic, so it’s useful to distinguish between the two.
Layout Base template A skeleton page containing resources and layout used throughout a site: stylesheets, references to JavaScript libraries, <HEAD> and <BODY> tags and standard links such as Home, About, Contact us, Terms of Service etc.
Partial View Sub template An HTML fragment which does not form a standalone page in itself but can be used as part of other pages.
Area App (arguably) In ASP.NET MVC, an Area is related set of Controllers and associated Views and Routes that is partitioned off from the rest of the app. In Django, an App is an independent set of Models, Templates and Views which can be plugged into a website. Only a loose analogy.


Stateful Systems

National sovereignty is a hot topic at the moment. In the United Kingdom, we are shortly going to have two public votes on the issue: in September on whether Scotland should be an independent country, and in May on whether we agree with Nigel Farage that we should leave the EU. (The former vote is overtly on the Scotland issue, but the latter will be disguised as the European Parliament elections.) Further afield, a part of Ukraine has controversially chosen to join Russia. And in the office, I have been debating with developers over whether new functionality should be an extension of an existing application, or whether it should stand alone.

Does the previous paragraph seem to hang together as a coherent, logical whole? Perhaps not, but I hope it will after you’ve read this post, because I’m proposing geopolitics as an analogy to help talk about systems architecture.

Before I start, I’d like to point out the limitations of this analogy. It’s an illustrative, rather than a predictive, model. So you won’t be able to deduce my views on Scottish independence based on whether or not I say that a particular piece of business logic should be moved out to a service; nor should you tweet about my scandalous opinions on how heavy-handed EU regulations should be because of what I say about standards for RESTful services. I just think it might aid communication, particularly with non-technical managers and newbie techies, both of whom will probably be more familiar with politics than systems architecture.

The basic metaphor is that an application is a sovereign state. For the purpose of argument I shall here define an application as a set of files, database schemas and other configuration settings which all need to be released at the same time.

Here are some derived metaphors:

  • Inter-application communication is import and export trade.
  • The collection of standards governing application interfaces and messaging is international trade law.
  • Standards and conventions internal to applications are national laws and culture.
  • Standards imposed across all applications, such as sticking to a limited set of programming languages or components, are international laws or principles, such as the UN Universal Declaration of Human Rights.
  • Enterprise architects are supranational bodies, such as the UN.

And here are a couple of examples of points that this analogy helps illustrate.

Smaller applications can be changed more quickly

We know that the smaller applications are, the easier they are to adapt and refactor, and the same is true of nation states. I was recently listening to a Radio 4 programme on Estonia, which described how all interactions with the state, including healthcare and voting, could be done online. Now this is no mean achievement, but it is easier in Estonia, a country of 1.34 million citizens, than it is in the UK, where a project to store patient records electronically was conceived in 2002 and was dismantled in 2011 without having achieved its aim.

It’s more attractive to create small applications when integration is easy

In his Undercover Economist column in the Financial Times, Tim Harford relates the tendency over the last 70 years for countries to split up rather than join together to the progressive lowering of trade barriers since the end of the second world war. The theory is that in an environment in which trading between countries is expensive and difficult, it’s better to be part of a large empire to improve access to markets, but when international trade is cheap and easy, states aren’t punished economically if they choose to split up into smaller units. From a systems architecture point of view, if it’s difficult to create application interfaces – perhaps because you don’t have software libraries to help you create services, or because your organisation requires you to go through several governance boards before you are authorised to create a service endpoint – you’ll be tempted to create monolithic applications.

And extending the metaphor, we can categorise certain types of software systems as geopolitical entities:

If you have a subset of applications adhering to a common set of policies, it’s the EU

Sometimes the output of a particular programme or business area may be a suite of applications, each one being a stand-alone entity, but sharing a common set of standards, over and above those required by the enterprise. For example, applications may share a set of XML schemas for defining their APIs, or they may be built on a common framework. I think the EU is a good analogy to this – each country in the EU is a sovereign state, but adheres to EU law affecting internal standards, such as minimum cage sizes for hens, and international interfaces, such as our all having a burgundy passport.

The USA is an application platform

Some businesses have lots of separate units of functionality running on a single platform, such as SharePoint or SalesForce. The platform provides utility functionality, such as user authentication and database storage, which are used to help build functionality more quickly and provide a uniform user experience. So, for example, SharePoint might contain a timesheet system, a recruitment tracking page and a wiki, none of which could survive outside the SharePoint ecosystem. I think this is like the United States, with the platform being the federal government and the individual business applications (OK, I wanted to avoid this, but here I’m introducing Application (2): something a platform is used for) being the states.

I’m trying to think what the Cayman Islands or Monaco (sovereign states which have very low rates of tax for doing certain things) could be. The big cheese’s pet platform, which is pre-approved and therefore has has relaxed governance, perhaps?

Finally, I feel as though I should write some words to justify introducing a new analogy, when systems architecture already has a perfectly serviceable canonical analogy: Proper Architecture! In this realm, applications are buildings, classes are features such as windows and doors, and interaction between applications is modelled by things like streets, electricity wires and water pipes. I feel a bit like Microsoft when they supplemented their implementation of the W3C’s standard XML DOM with their homegrown LINQ to XML interface. Why introduce something new when there’s nothing wrong with what we’ve got?

Well, I just think it won’t hurt, and it might help. Firstly, lots of people are more interested in politics than they are in buildings, so they might be more receptive to an analogy with a harbour than an architrave. Secondly, software feels very dynamic, and so do countries, while buildings seem a little static – they aren’t, of course, being full of internal movement and flows in and out, but that’s just they feeling they evoke within me. And finally, I think it’s quite fun to think about what sort of application countries would be. What could China be? What’s Vatican City?

Android, my new cool companion with dodgy friends

Google has made its money by gathering the world’s personal data, and now, in Android, it has generously created a platform to allow small-time devs to do the same. Or so it feels to me at the moment.

I recently purchased a Samsung Galaxy Note 10.1 (2014 edition) so that I could write a dinosaur-themed letter recognition game for my son. (The development isn’t going too badly; I’m using Corona, which is a 2D engine which provides gravity, animations and collisions and stuff, and allows you to program logic in Lua, which is a scripting language that’s new to me and I think will give me an opportunity to implement all those JavaScript patterns I read about in Douglas Crockford’s JavaScript: The Good Parts. But that’s another story.) Now, I went for Android rather than buying an iPad because I had read in the Financial Times that the youth of today consider Android to be cooler than iOS. (I’m afraid I can’t find the article anywhere, though.) Also I do have an iPhone and a MacBook and I didn’t want to have only Apple devices: it would feel a bit like being one of those girls in the 90s who would buy every Take That single on cassette, 7″ vinyl, and two CD formats.

The device itself seems fine, although I haven’t done that much on it. And the reason I haven’t done that much on it is that I’m too paranoid to install anything. Everything I’ve tried so far seems designed to steal my information or other resources. For instance, the first thing I tried installing was Facebook. I like using Facebook on the iPhone, although I do think it is overstepping the mark in asking to access all my photos (it could easily allow me to upload pictures without asking for any special permission.) But I was quite shocked at the permissions it asked for.


Read my text messages? (Not relevant to a tablet, but anyway, pretty audacious.) Send emails to guests without owners’ knowledge? Add or remove accounts, create accounts and set passwords? No thanks. Except, unfortunately, on Android you don’t get the opportunity to say ‘no thanks’ to individual permissions, you have to accept them all or forgo the app altogether. (It looks like there were once moves to allow you to cherry pick permissions but no longer.) I much prefer iOS’s model, whereby all apps by default have limited access, and have to ask for anything more. This allows users to try apps to see if they’re any use without elevated permissions, and encourages developers to degrade gracefully if permissions aren’t available.

So I wasn’t going to use my tablet for Facebook. Another thing I wanted was a drawing app so I could entertain my son by creating pictures of dinosaurs. So I looked for a drawing app on the Play store. There were many of them, and I couldn’t see a way of filtering them, even by whether they were paid-for or free. Clicking on a few random apps – even the paid-for ones – showed that most of them asked for network access, which is perhaps reasonable for serving ads, but I didn’t know whether they were intending to generate revenue in this relatively innocent and up-front way, or do something more nefarious such as launch a distributed denial of service attack on a site or use my computational power to mine Bitcoins.

The Play store isn’t the only game in town on Android; there are rival app stores, including Samsung Apps, which is installed by default on my Samsung device. Perhaps that would give me a better, safer experience. The Wikipedia page states

Unlike some other Android application markets, Samsung Apps validates all third-party applications for malware and harmful content before making them available for download or purchase through the store. This validation process includes verification of installation permissions.

Which sounded promising, although there weren’t any citations. So I gave it a go.

One of the first things I need to do was create a Samsung account. Hurrumph. I hate creating passwords, because I try to make them all different for different sites, and then I forget them. However, it offered me the option to ‘Use [my] Facebook info’. Hurray! I love single sign-on.


So I logged into Facebook which told me that Samsung wanted to know several things about me of varying degrees of reasonableness.


I did baulk at ‘friend list’, but I agreed in the name of convenience. But then I was sent back to the Samsung Account screen and found that I still had to enter a password! All that had happened was that the email, date of birth, first name and last name fields had been populated. I had sacrificed my and my friends’ privacy for the sake of not having to fill in four fields. Sorry, Facebook friends.

So now I was finally in a position to download a Samsung App. I had a look at ‘Coloring Pages for kids’, but I found that it required the following permissions:


Which is all very suspicious. Why does it need to monitor, record and process phone calls? What’s the non-malicious motivation for that? What does it want to do with the other applications on my device? It doesn’t look as though it’s sensible to trust the anti-malware claim made on the Samsung Apps Wikipedia page.

So in summary, it seems as though everyone is out to steal information, CPU or network access on the Android platform. Perhaps this is an inevitable consequence of it being difficult to make money legitimately out of it. Which is sad. I may be being idealistic, but here are my recommendations:

  1. [Most important by far!] In the App stores, make it possible to filter apps by the permissions that they demand. If I could filter out all the apps that demanded, say, details of my contacts and phone calls, I wouldn’t even see the malicious apps, which would have several benefits:
    • It would make it easier for users to find benign apps.
    • It would support indie developers. At the moment the only assurance I have that an app is likely to be safe without going through the process of clicking into it, pressing Install and viewing the permission list is that it’s from a reputable company. Clicking in to view the permissions is a tedious process so I avoid it, and go for famous names instead. I’d be much more inclined to try indie apps if they were items in a pre-filtered safe list.
    • It would make malicious apps less profitable.
  2. Allow users to pick and choose permissions, as on iOS. Again, this would help indie developers because people like me would be more inclined to use apps from unknown sources if they lived in a sandbox
  3. Allow apps to serve up advertising content without demanding the blanket permission of ‘Network Access’. I would be fairly confident about allowing an app to access the network if I knew that all it was going to do was open up a browser frame and serve a static HTML page, or even one with Javascript in it, as long as it couldn’t access arbitrary information on my device.
  4. Implement some sort of same origin policy, in which an app has to declare which domains it can access.

P.S. After I started this article, I did return to the Play store and settled on Autodesk SketchBook Pro for my drawing app because it had good reviews, and as it cost £3.03 and was from a reputable company I thought it probably wouldn’t resort to stealing my CPU to make ends meet, even though it does demand network access.