Scraplab

We went to visit one of our printers today. They don't just print newspapers, they also print things like this:

It's a book of Admiralty Chart Correction Tracings. It contains a compilation of changes to marine navigation maps, published by the UK Hydrographic Office.

Ships will subscribe to the service through a third party, and receive the latest copy of the book when they dock at port. They tear out each page, and apply the relevant changes to their paper maps with a pencil and transfer paper. They're paper map diffs, if you like.

I love it. For a start, you can print on tracing paper - who knew? And it made me wonder if all of the maps that the UK Hydrographic Office maintain are entirely hand-drawn, or if only the changes are done by hand. And if they use paper as the primary workflow, how they store the changes so they can extract the appropriate patches for printing, at the same time as maintaining a master copy. Maybe someone out there knows.

The kind of processes and expertise that build up inside an organisation, over a long period of time, for managing a workflow like this, seem complex and fascinating.

And ignoring all of that, it's just a gorgeous book to pore over.

In case you missed it, a Firefox extension was released a couple of days ago called FireSheep. It's basically a simple, easy to use UI around a packet sniffer, allowing any user on an open wireless network to listen for authenticated HTTP requests from other users on that network, and use those to pose as them.

It uses an old technique, dating back to token ring or unswitched ethernet networks, when all packets passed through every node on the network, making it easy to grab them, but now it's a one-click install for anyone with a browser, specifically targeted at major social networking sites, and hijacking those connections seamlessly.

The author, Eric Butler, says:

Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.

Eric isn't wrong. If all authenticated requests on the web used SSL, it would make packet sniffing and sidejacking impossible. In that sense, he's right.

But security is hard. Finding the balance between inconvenience and security is tricky. Facebook (to use an example) could issue card readers or fingerprint scanners, but they don't, because they figure that it would annoy their customers and the cost would be too high, relative to the potential risk.

The unspoken message is that your Facebook account is both not too important, nor too easy a target to require SSL for everything. Your bank considers your account to be at the other end of the scale - they use SSL, amongst other things, because it's an obvious target with a lot to lose if compromised.

But FireSheep has just changed the game. Your Facebook account is now a very easy target by any kid in your class at school. The relative easy of compromise means that it's a target, despite its relative unimportance.

(Side note: I wonder how prevalent FireSheep is at schools and universities at the moment.)

Given that this tool has received the attention it has, Facebook probably should make SSL mandatory, and I wouldn't be surprised if they did in the next couple of months (remember: it's harder than flicking a switch when you're at their scale).

Security isn't binary. Everything is insecure in some way, given enough effort.

What happens when the next tool comes out? Perhaps it pretends to be an access point of a similar name, or runs a rogue DHCP server on the same access point. It spoofs the DNS, and uses a self-certified SSL certificate (which most people will bypass) to proxy Facebook and the rest. I could probably write that in a long weekend, and have a post on Techcrunch on Monday.

And then maybe there will be some fuss, and eventually it'll die down, and maybe someone else will write another tool, using more advanced techniques (PDF).

Of course, forcing SSL doesn't add much inconvenience to users, nor is it a significant operations overhead for the services at risk, it's just that it's not the point here. The point is that making one-click tools that force the entire web to play catchup, whilst putting people at risk, just isn't a sensible way of talking about security.

There's a reason we (most of us, anyway) don't secure our houses with turret guns and dogs, and that's because most of the time, a lock and key is good enough. We want just enough security to feel safe at night, and not to cause us too much hassle.

And that's why this tool makes me sad. Because it's a symbol of an arms race - a fight to the death over unimportant things, when really, I'd rather not have to remember to lock my windows at night.

There's something that seems to happen after a few hours in the saddle. Slowly, everything decomposes from exercise and motion, into kinetics and mechanics.

This coarse, complex system of power, heat and motion begins to become something simpler, more malleable, and dare I say, "purer".

Balancing comfort and progress becomes a game of fine adjustments: lower the revolutions per minute by five to lower the number of watts I'm radiating; pull my sleeves up 3 cm to increase the energy lost to convection; change up a gear to lower the torque, as the incline shifts by half a percent.

The GPS looks forward for me, projecting all my future successes and failings. Every bit of information helps to optimise my path. Contour maps spring out of the hills surrounding, and round the corner ahead. It took a space shuttle and an army of volunteers to help me shift down a gear, and hopefully the data exhaust I leave behind will help someone do it better next time.

It's day 4. We're sitting in Bristol, in the sun, with 218 miles behind us.

Yesterday, we went to visit some friends who live near Llanberis, at the foot of Snowden, in North Wales.

We went for a walk from Dinorwig up into the old slate quarry, high above the north side of Llyn Padarn, over from Snowden.

The quarry shut in 1969 and is fenced off but often used by climbers. It's slowly being reclaimed by both nature and the locals. Rusting railway lines hang above crumbling rock, young trees are springing up on beds of slate, and old machine rooms have been stripped of movable iron.

Deep inside the mountain is an 800m shaft, about 30m wide. During times of excess energy on the National Grid, water from the lake below is pumped up into the reservoir above the shaft. And when a surge of energy is needed on the grid, (say during a football match half-time), it's released back into the lake, hurtling through the turbines and generating up to 1,320 MW from standstill in 12 seconds.

You can't get near this, but you can jump the fence, and scramble around the slate, into the surrounding caves left over from the quarrying.

Once inside, the scratching and clinking of the slate gives way to the low hum of the mountain. It's less like a noise with a source, and more like everything around is resonating somewhere in the range between hearing and feeling. It's quite something.

After we climbed out, I asked about the lake below. "You could say that it's tidal, but with the television schedules, rather than the moon."

In other project reviews, @lowflyingrocks has been trundling along for a while now. I've not written much about that either - it's there, and it works, and that's good enough.

But Elizabeth Howell from Pars3c, a Candian space blog, asked me a few questions about it recently, and I've dutifully answered her for your reading pleasure.

The Noticings iPhone app is the first paid iPhone app I wrote, and I've been meaning to write a bit about how that went, and what I've learnt.

I released it in November 2009, so it's been ticking away for a decent while now. It's now up to version 2.0, with version 2.1 just submitted to fix some performance issues with large photo libraries. It supports iOS 4.0, including background uploading and fast app-switching.

Since launch there have been 180 odd downloads, all at £1.79, which makes the return laughably small (I net £1.09 after Apple's cut and VAT). This is about what I expected - it's a niche app, for a small game, played by a handful of people. It took 5 months before I saw any money for it - Apple only pay you after you accrue $150 or equivalent.

About 50% of those sales were made in the first 48 hours or so - during which time I entered the top 10 photography apps (#6 from memory) for a while. Photography is probably not as popular as, say, games, but that gives you an idea of the kind of numbers those charts are doing.

There must be a lot of developers out there watching their software fall on its arse. And I imagine lots will be/are making their apps free, and looking to iAds as a way of making their products generate some kind of revenue.

I hope someone, somewhere is pulling hopeful app monsters out of the trough of app disillusionment.

Personally, iAds and all that isn't for me. I'm happy keeping the app at £1.79 - that feels about right for what it is for me. It's a good quality app that does one thing well. I use it every day. It's on my home screen, and it's on plenty of my friends'. I've not received a crash report for it in months. £1.79 is enough of a barrier to keep the users down, and my support time to a minimum.

But I also believe in open source, and like I've stood on the shoulders of others whilst building the app, I'd like others to be able to stand on mine.

So I've open sourced the code, and it's all on Github. If you want to add features to the app, or fix a bug you find, that'd be lovely, and I'll be sure to credit you. And if you want to use a portion of the code for another app, that's fine too, just don't call it "Noticings" or use our logo.

The app will still be £1.79 in the App Store, and the code will always be identical. I hope someone finds it useful.

A few of weeks ago I was lucky enough to take a tour around not one, but two nuclear fusion reactors. The Culham Centre for Fusion Energy is big science, British style. A non-descript science park outside Oxford, just up the road from a non-descript rural station. Say hello to the non-descript security desk, walk past the Civil Nuclear Constabulary vehicle ("Defend, deny, recover."), into the type of building that university engineering departments built in the 70s do so well.

First, some science. The largest fusion reactor we have is the Sun. Fusion generates energy by smashing together two isotypes of Hydrogen, Deuterium and Tritium at high enough temperatures that they overcome their electromagnetic repulsion and fuse together. This fusion results in a heavy helium isotype and a free neutron with lots of energy. This excess energy is then used to turn water into steam, which drives turbines and creates power on the grid. Easy.

The sorts of temperatures/energy required to overcome electromagnetic repulsion are high. The Sun's core is about 15 million Kelvin, but due to the smaller size of an Earth based reactor, we'd need to get to about 200 million K. At those sorts of temperatures, the fuel becomes plasma, a state where the electrons are free moving.

Culham has two different experiments, MAST (Mega Amp Spherical Tokamak) and JET (Joint European Torus). These are both Tokamak-type reactors, named after the torus (doughnut) shape used to contain the plasma.

To maintain the energy levels required for the reaction, the plasma must be contained in a magnetic field. If the plasma touches the sides of the torus, it'll lose energy to the walls. Managing this containment is one of the most difficult bits, and was described by one of the scientists as like "holding jelly with elastic bands".

MAST is the British experiment, and the one I visited first. Its goal is to learn how the Tokamak design behaves, and to experiment with magnetic field designs and strategies.

It's in a large warehouse, full of narrow corridors, meshed wire fencing and flashing hazard signs.

Just looking at it is complicated. Every space is covered with sensors, pipes and wiring. Despite not being very big (maybe the size of a small truck) you can't really take a good photo of it.

Oddly, it feels a bit weird to watch the videos from inside MAST. There's something about the combination of these being taken in the visible light spectrum inside a reactor, at super high speeds, with a CCTV-like aesthetic, makes me feel like I shouldn't be able to observe what's going on. Somehow reams of sensor data is fine, but watching the actual reaction feels... wrong. Like you're looking into the soul of something amazing.

JET is the larger, but older European experiment. It's huge. The size of a big house. This is just one bit of one side of it:

Its main goal is to develop the complete reactor design into something that can be scaled up for future designs that can produce power. At the moment JET can produce power, but less than they put in. Scale is a limiting factor - the next Tokamak reactor, ITER (International Thermonuclear Experimental Reactor), scheduled to be built in France in 2018, is double the size of JET in every dimension and should produce a net positive energy output.

ITER will be based not just on JET, but also all on the other experiments around the world. It's a genuinely pan-global project, with China, the EU, India, Japan, Korea, Russia and the USA all contributing.

After that, DEMO will be the first reactor connected to the grid producing power continuously. But that's not scheduled to enter operations until 2033.

JET had great warning signs:

And there are fantastic controls and screens everywhere:

If you're anything like me, you're probably thinking "I bet fusion blows up in amazing ways". But you'd be wrong. Apparently, it's so hard just to get the reaction going, and keeping it there, that if anything goes wrong the reaction will just fail, quietly, and you'll have to spent a long time checking the equipment before starting it up again. There are no runaway conditions. "Well, I say that... I suppose there's one theoretical situation..."

After the tour I was struck by two main things:

The first, that the way they describe the problems and solutions is much more like I'd expect engineers to talk, than physicists. They talk about pushing the plasma around with magnetic fields, and sub-lightspeed particles in the way that I'd expect a team of engineers to talk about carburettor design. It doesn't mean I understand it any more, just that it's much more practical and hands on than I expected.

And the second was that this is something genuinely inspirational. Big science, funded from numerous countries, to create something potentially human-race saving for our future. We should be proud.

Which is why the recent news that ITER might have its budgets cut or even be cancelled is so disappointing. Fusion is exactly the sort of long-term, grand vision project that we need right now. For it to be delayed or even dashed because we broke our pretend money system is, frankly, gutting. But let's hope not, and let's hope our children's children will have a little piece of the sun's core powering their lives.

Big thanks to Culham Centre for Fusion Energy for putting on the tour, and everyone who gave up their evenings to let us wander around asking stupid questions.

The rest of the photos on are Flickr.

Week 48 seems a very far away place. It started with a couple of days on El Morro with BERG, wrapping up bits and pieces and turning hacky prototype code into something a little more solid. I can't wait to see what they've produced whilst I've been away.

And then into the SXSW accelerator. Fantastic company, lots of laughter, and great to put some faces to names. A handful of good panels (Design Fiction, and Maps, Books, Spimes and Paper) made up for the social media dross. And we made a newspaper, which people seemed to like.

I remember something Matt Biddulph mentioned to me when we were talking about Dopplr once. That scaling and growing a service/site/thing isn't a smooth curve upwards - there are inflection points where things jump forward and which force you adjust to a new state. This seems sort of obvious thinking about it, but I think Newspaper Club just experienced the first one of those.

But now I'm in San Francisco, and this is holiday. Everything is sunny and new and fresh and beautiful. F arrives in a few hours and I've missed her greatly. We could be here for longer I think. It would be good.

First impressions: It smells like the desert.

I'm in Austin, for SXSWi, and you might be too; come and say hello. (I look something like this.) I recommend this panel, and there might even be a special Newspaper Club surprise for attendees.

After that, San Francisco, and a long Amtrak ride to New York. Enforced downtime.