Tuesday 23 November 2004

A lightweight 100% Java RDBMS


Introduction



IBM have a 100% pure Java relational database management system which  has been called at various stages in its history SQL/J, Cloudscape and Derby. IBM are now eagerly pushing the system to open source developers under the 'Cloudscape' label. I downloaded it to evaluate for use with PRES and other Jacquard applications.

License



I'm used to using (and creating) things which are open source. IBM claims Cloudscape is now 'open source', but if so it's some bizarre new definition of open source which is opaque to me. If you download Cloudscape from IBM you in fact have to click through (and it comes with) a software license file which looks as intimidating and onerous as any conventional software license. In fact what is going on here is that IBM have given a snapshot of the Cloudscape codebase to the Apache foundation, from which you may download it here. The Apache license is much more straightforward and less onerous than the IBM one.  The version of Cloudbase you can get from IBM appears to be based on the Apache version, but if you download from Apache you don't get the nice installer. To avoid confusion, I shall refer to the RDBMS throughout this review as 'Cloudscape'. I did not, this morning, find any significant difference in use between the IBM ('Cloudscape') and the Apache ('Derby') versions of the system.

First impressions



You can download Cloudscape from IBM in three different packages: a Linux installer which is huge and includes IBM's Java 1.4.2 for Linux; a Windows version which is similarly huge and includes IBM's Java 1.4.2 for Windows; and a 100% pure Java installer, which is sensibly small (9Mb) and sensibly assumes you wouldn't be interested if you didn't already have a JVM. This was the version I tried.

The pure Java installer (InstallShield) worked very nicely on Linux, offering sensible defaults. By contrast to so many open source projects, it looked very polished. Similarly, the PDF documentation looked very polished, very IBM. However - and this is a common gripe - the page numbering in the PDF was off, because the topmatter of the paper document uses a different numbering schema to the body and this different schema is not reflected in the PDF. So, for example, page 132 in the PDF maps onto page 120 of the document, which makes consulting the index or table of contents pretty frustrating. Hey, IBM, this is a small point but very easy to get right. Also of course you can't search the PDFs. What on earth is the point of distributing documentation in a digital format if it can't be searched? And a final gripe on documentation; the documentation index page has a link to online documentation, which I followed in the hope it would lead to searchable documentation. Unfortunately that was '404 not found'. And that, IBM, is simply incompetent.

Fortunately the documentation is available online at Apache: http://incubator.apache.org/derby/manuals/.

Following the instructions in the documentation, I then tried to start the Cloudscape executive, a program called 'ij'. The startup scripts had been automatically created and set up for me with the paths I had chosen for the installation.

But they didn't work.

Well, OK, that needs a bit of amplification. AIX, IBM's own UNIX, uses as its default shell the Korn shell, ksh. Debian Linux, which I use, uses as its default shell the Bourne Again shell, bash. Generally the syntax used by the two shells is so similar that that isn't a problem, but when I tried to invoke the ij script I got a class not found exception:

-[simon]-> /opt/ibm/Cloudscape_10.0/frameworks/NetworkServer/bin/ij.ksh
java.lang.ClassNotFoundException: com.ibm.db2.jcc.DB2Driver

Bizarrely, when I manually executed each of the commands in the scripts in turn, the ij executive started without problem. Clearly there is something in the scripts that bash does not like, but I haven't yet investigated what.

Features



Because of problems with the documentation discussed above, I can't be very definite about missing features; the features I sought may be present but I simply failed to find them in the documentation.

Users, groups and roles



Cloudscape clearly has the concept of a 'user', since it's possible to request the value of the current user; however you don't seem to be able to grant privileges to users, nor to revoke them:

ij> create user simon with password 'xyzzy';
ERROR 42X01: Syntax error: Encountered "user" at line 1, column 8.
ij> grant select on foo to app;
ERROR 42X01: Syntax error: Encountered "grant" at line 1, column 1.

You can pass in a username token and a password in the database URL. User validation is not performed by cloudscape, but cloudscape can be configured to co-operate with external validators. In practice, all using a different username appears to do is to select a different default schema.

The system appears to have no concept of a group or role.

Views



Cloudscape has views but not, it appears, view ordering:

ij> create view froboz as select ban from foo;
0 rows inserted/updated/deleted
ij> select * from froboz;
BAN
------------
froboz

ij> drop view froboz;
0 rows inserted/updated/deleted
ij> create view froboz as select ban from foo order by ban;
ERROR 42X01: Syntax error: Encountered "order" at line 1, column 43.
ij> select ban from foo order by ban;
BAN
------------
froboz

1 row selected

Constraints and Integrity



Cloudscape appears to have a remarkably full constraint syntax. I haven't verified that the constraints actually work. Provided they do, we can work with these data constraints

ij> alter table word
        add constraint word_head foreign key (head)
        references word
        on delete set null;
0 rows inserted/updated/deleted

Datatypes



There appears to be no BOOLEAN data type or equivalent, but we can work round this using CHAR(1) and the values 't' and 'f'; there is no MEMO or TEXT datatype, but there is a CLOB. There is a full set of DATE, TIME and TIMESTAMP datatypes; date format is 'yyyy-mm-dd'.

Conclusions



Cloudscape's big weakness from my point of view was security. There appears no way of setting different access permissions for different users. This means that all security must be in the application layer. Generally Jacquard applications are not built that way; instead, they're built on a database layer security model. Of course, security isn't always critical, and for many users of a PRES system, for example, HTTP authentication of the admin directory would be sufficient.

On the positive side, the system is very easy to install, reasonably easy to set up, and consumes relatively little in the way of machine resources.

The IBM version (Cloudscape) offered no benefit over the Apache version (Derby). Although Cloudscape comes with a slick and polished installer, what it installed did not actually work out-of-the-box; the documentation was in an inconvenient format which was hard to work with and the license terms were onerous. By contrast the Apache version (Derby) was a smaller download, in practice just as easy to set up and get running, and the Apache documentation although apparently based on the same source was constructed in HTML and much easier to use.

There appeared to be little functional difference between the two versions.

Saturday 20 November 2004

Using, not losing, your head




Cycle helmets are a good thing, aren't they? It's obvious. They protect your head. They must be a good thing: it's common sense. Why then is the cycling community, in the face of proposed mandatory helmet legislation, fighting internecine helmet wars?

Don't panic



Before going into the details of this argument, let's start by putting this into perspective. Cycling is actually a very safe activity. Nothing, of course, is absolutely safe. Last year, in Britain, 114 cyclists were killed. Of those, 95 (83%) died as a result of collisions with motor vehicles. But that's out of millions of cyclists, covering billions of miles. In fact, according to the National Statistics Office, there is on average one fatal accident for every twenty one and a half million miles cycled. Twenty one and a half million. If you were to cycle ten miles every single day, it would be nearly six thousand years before you had a fatal accident.

At the same time as those 114 cyclists died, over three thousand people died from accidents and mishaps in their own homes. Do you think your home is a dangerous place to be?


Of course, in the modern world, there are dangers other than accidents. We live highly stressed lives in which opportunities for exercise get fewer and fewer, and opportunities to eat and drink become more and more available. We get fat. We get unfit. And our health suffers in consequence, with the incidence of illnesses such as obesity, heart disease, osteoporosis and diabetes increasing rapidly. Cycling is a good general exercise both for the cardiovascular system and for the limbs. Unlike walking, jogging or running, the movement is smooth and so does not cause impact damage to the ankles, knees and hips. Yes, there is a finite risk of accident when cycling but it is nevertheless undoubted that if you cycle regularly not only are you likely to live longer but you're more likely to enjoy a fit, active and healthy old age.

Got that? Good. Now let's talk about helmets.

Use no hooks: or, A box for a computer



In the more tragic and more bloody wars of the Democratic Republic Congo, many warriors wear or carry lucky charms which they believe will protect them against bullets. We sophisticated westerners read stories of this and we think 'how quaint, and sad, and ignorant, are these uneducated child soldiers going into battle, believing superstitiously in the protection of lucky charms'. And then we cycle off into the traffic, wearing our cycle helmets.

This note was written as a web page. If you're reading it on a web page, you're reading it on a computer. I'd like you to stop for a moment and think about that computer. When it arrived from its maker - possibly when you bought it - it was packed in a strong cardboard box. Inside the strong cardboard box was almost certainly some polystyrene foam packaging material. Probably at least 40mm of it, surrounding and protecting your computer from the inevitable bumps it would incur in transit - bumps like being dropped from someone's hands onto the warehouse floor, or thumped up against another, similarly packaged computer.

By and large, for these sort of bumps, the packaging works, and your computer probably arrived home safe and sound.

Now think about your bicycle helmet. Like the packaging your computer came in, it is worn to protect a very valuable object - your brain. Like the packaging your computer came in, it is made of polystyrene foam - and typically it's a good bit less than 40mm thick.

Putting the boot in



I would like you to stop again, and think about the box your computer came in. I'd like you, as a thought experiment, to imagine taking your computer, putting it back it in its original box, and placing the box in the middle of the street. Now I want you to imagine getting into a car and driving into the box at just thirty miles an hour. You've imagined that? Good. Now do you think you would be able to use the computer afterwards?

Polystyrene foam is just polystyrene foam. Polystyrene foam is a light, weak, compressible solid which rapidly becomes brittle with age and is easily damaged by solvents. It doesn't become magically stronger just because it's formed into a cycle helmet. The same foam that didn't protect the computer in the thought experiment is equally not going to protect your head in similar circumstances.

Ticking the box



Nor do the manufacturers, nor the standards writers, believe it should. The European test for cycle helmets involves dropping the helmet, containing a dummy head weighing not more than 6Kg, onto a flat surface from a height of 1.5 metres. I don't know about you, but I'm 1.88 metres tall and I weigh 82Kg. If I just fall over from standing upright, I already exceed the impact which cycle helmets sold in Europe are tested to protect against - and exceed it by a very substantial margin. And that's before I've even got on my bicycle and started moving.

In practice, cycle helmets are expected to be helpful in accidents up to about 15mph (24Km/h). You might (common sense) expect a 30mph impact to be only twice as bad as a 15mph impact, and you might think that something which offered reasonable protection at 15mph would offer some degree of protection at 30mph. Unfortunately, it doesn't work like that. Firstly, the force of the impact scales with the square of the speed, so your 30mph impact is four times, not twice, as severe as your 15mph one. But secondly, and even more scarily, it is widely accepted that the probability of injury scales with the fourth power of the speed. So your 30mph impact is sixteen times as likely to cause injury than your 15mph impact.

And that's before you consider what happens to polystyrene foam when its design load is exceeded. It snaps. It suffers 'brittle failure'. You can do this experiment quite easily with the foam packing your computer came in. Take a piece of the foam about as long as your helmet, and about as thick as your helmet. Try to crush it between your finger and thumb. It's surprisingly strong, isn't it? You can squeeze it very hard and it doesn't deform a lot. Polystyrene foam is quite strong in compression, that's why it is used. Now take your piece of foam and snap it between your two hands. That's amazingly easy, isn't it? It takes far less force than crushing it does... which means it has absorbed far less force. When a helmet breaks, it offers no further protection. The more an impact exceeds the helmet's design parameters, the more likely it is to break, and the less likely it is to offer any protection.

You saw the whole of the moon



But let's step back a bit. Let's suppose, for the moment, a helmet provides 100% protection for the part of the body it covers. Because, let's face it, the part of the body a cycle helmet protects is the scalp. What happens to the rest of the body in a 30mph, or in a 60mph accident? Is it really going to be much comfort to your grieving relatives to learn that your hair-do survived OK? Do you believe that because your scalp is protected, your neck and your chest will be protected, too? Or, if not, that your magically preserved brain can be magically plugged into a new heart and lungs? Of course you don't. And of course you know that an impact which has enough force to do severe damage to your skull is likely to do severe damage to other vital systems too. In thinking about protection it is no use protecting one part. It's not enough to see the crescent: you have to look at the whole of the moon.

He's dead, Jim



But it's worse than that. Not only do helmets not provide adequate protection in road speed accidents: they may actually make things worse. In fact they must do so, because in whole populations, as helmet wearing rises, so does the rate of cyclist deaths. Yes, you read that right: the more cyclists wear helmets, the more get killed.
 I don't know why. No-one knows why. Two main mechanisms have been suggested: 'risk compensation', the willingness of people to do more risky things when they believe themselves protected, and rotational injury.

The fact that people do do riskier things when they think they're protected is to some extent obvious. Indeed, Bell cycle helmets have been sold with the slogan 'Courage for the Head'. Could cyclists really be using up all of the safety benefit that helmets provide by taking more risks? It's possible. Could drivers, thinking helmeted cyclists are protected, take more risks around them? That's possible too.

But the more worrying possibility is this: wearing a helmet makes your head bigger. It increases the diameter by about 50%, which means it increases the area by about 125%. Now, is it easier to hit a target if it's more than twice as big? You bet it is. Your head being effectively bigger means that it's more likely to get hit; but again it may be still worse than this. Because we have evolved over millions of years of falling to tuck our heads in. We have reflexes which know - without our thinking about it - just how far we need to tuck our heads in to avoid an impact. By making the head bigger we may possibly defeat that instinctive protection mechanism. And it gets worse: larger diameter means more leverage, more angular acceleration. It has been suggested - and so far this is no more than a suggestion - that helmet wearing may increase rotational injuries to the brain. Rotational acceleration tears brain tissue and causes much more severe brain damage than linear accelerations of the same magnitude.

So not only do helmets make you (very slightly) more likely to get injured; they may also - but this is not proven - significantly increase your risk of the most frightening sort of injury, brain damage.

So: it's junk, then?



Does all this mean you shouldn't wear a helmet? Not in my opinion, no. I have a helmet, a MET Parachute, and I do wear it. When I think it will do some good.

Accidents of the sort cycle helmets won't help with - high speed impacts with something solid - are, fortunately, incredibly rare. When people fall off bicycles, they mostly do so at low speed and very often on tricky, off-road tracks. On tricky, off-road tracks you're very rarely travelling at very high speed and what you hit usually isn't moving at all. Indeed, you mostly fall off in the trickiest sections (or at least, I do) and that's when you're going slowest. Of course, such a fall is unlikely to kill you, but it can leave you with nasty bruising, grazes or even concussion. And a cycle helmet will protect you from bruising and grazing on the part of the body it covers, and may help a bit with concussion, too. So I wear my helmet when I'm doing tricky off-road stuff, particularly if I haven't ridden the particular route before. I should say here that although I've fallen off mountain bikes by now literally thousands of times, I've never hit my head at all - it's almost always my hips and elbows that get it. So even on a mountain bike a helmet isn't essential, and I often don't wear one.

And I don't wear one on the road. Ever. There really isn't any point. I haven't fallen off a bike on the road since I was sixteen, and that's thirty-three years ago. I'm an experienced road rider, and I ride with good awareness of traffic; I know how to protect myself from many of the ways motorists can kill you. Of course I can't protect myself against a motorist who is driving too fast and genuinely doesn't see me, but in that case I do not believe a helmet offers any useful protection. Indeed, on the basis of the available statistics and the simple physics I've described above, I know it cannot.

So cycle helmets are not junk. They are genuinely useful under some circumstances. But pretending they can save your life in traffic accidents is at best mistaken and at worst dishonest. To be fair, helmet makers do not pretend this; but there are still ignorant or misguided people who do - indeed, the opinion that it isn't safe to cycle on the road without one is very common. This common misapprehension is what leads to occasional campaigns for the wearing
of cycle helmets to be made compulsory, by law. It's to counter this misapprehension that I've written this article.

Thursday 18 November 2004

Lies, damned lies, and cycle helmets


I've just been moved to write to the British Medical Association, a thing which doesn't often happen. The BMA had a critical role to play in the recent campaign to make cycle helmets compulsory in the United Kingdom; they have long had a well thought out policy on cycle helmets - on the whole favouring them, but aware of the ambiguous nature of the evidence in favour of them and siding against compulsion. Their position helped persuade MPs not to vote for compulsion. It seems the pro-compulsionists have seen the BMA as a key target to convert, and recent press releases have announced a policy change, apparently by fiat at the top. The papers the BMA have published in support of their new policies are masterpieces of dishonesty and sloppy thinking. So here is my first, brief, critique, as expressed in an email to parliamentaryunit@bma.org.uk, the address they cite for comments.



My attention has been drawn to your web pages published at
<URL:http://www.bma.org.uk/ap.nsf/Content/Cyclhelmet> and <URL:http://www.bma.org.uk/ap.nsf/Content/Cyclehealth>.

In the first you quote: "Each year over 50 people aged 15 years and under are killed by cycling  accidents, with 70-80 per cent of these resulting from traumatic brain  injury."

As I'm sure you are well aware, the figure recorded for the UK for 2002 as a whole is nineteen deaths, of which only ten involved head injury[1], so the figure you quote is a gross exaggeration. Indeed in no year in the past decade have 50 children died in the UK in cycling accidents, so you cannot even pretend that this figure is historically correct.

In the second you start with the statement: "Action should be taken to both reduce the high rate of fatal and  serious accidents suffered by cyclists..."

In fact, there is no 'high rate of fatal and serious accidents suffered by cyclists'. The fatal accident rate for cyclists is only 75% as high as that for pedestrians (29.5 per billion kilometers as opposed to 44.8 per billion kilometers), and less than a third of that for motorcyclists who do have to wear helmets[2]. Cycling is not only safer than walking, it is getting safer faster, with a steady and healthy downward trend in casualties[3].

Finally, of 114 cyclists of all ages killed in 2003, 61 were involved in collisions with cars, while 25 were involved in collisions with heavy goods vehicles; in total 95 deaths resulted from collisions with motor vehicles.[4] No-one pretends that a cycle helmet would make any useful difference in accidents of this kind.

In summary, these two documents taken together represent irresponsible scaremongering, composed of phoney data completely at variance with the facts. Scaremongering has the inevitable effect of reducing cycling, and reducing cycling has been shown to increase the risk per cyclist. So not only are these papers dishonest in their content, they are also misguided and counter productive in their intent. By reducing the number of people cycling the BMA will not only increase the number of people dying through illnesses related to obesity and lack of exercise, it will also increase the risk of injury and death to people who do cycle.

I am horrified that the BMA should express views on a public policy matter on the basis of such shoddy and dishonest research and without, I understand, bothering to consult its members.

Yours sincerely

Simon Brooke

Wednesday 3 November 2004

This United Satrapy


Sometimes some things make one more angry than it is easy to express. This morning I am faced with one of these.


The issue



First, a bit of background. There is an organisation called 'indymedia'; it is a journalists collective, which reports stories not generally covered by the mainstream press, specifically including reporting on the demonstrations at G8 summits and such things. On October 7th this year, officers of the United States of America's Federal Bureau of Investigations, acting on behalf of the Italian Government, entered RackSpace's supposedly secure colocation facility in London and removed two servers belonging to indymedia.

What?

Yes, just as I say. The servers have been returned, but that is rather beside the point; and in any case, who is to say what was copied off them (or loaded onto them) in the mean time?

An exchange of notes



So on the 14th October I wrote the following email to my MP:


On Thursday of last week, two computers belonging to an organisation called 'Indymedia' were removed from the premises of a London ISP, Rackspace, apparently by
 the United States Federal Bureau of Investigation, allegedly following a request by the Swiss government. Further detail of this action may be found here:
<URL:http://news.bbc.co.uk/1/hi/technology/3732718.stm>

I should be grateful if you could ask the Home Secretary:

  1. On what legal theory was it proper for the agents of one foreign power, whether or not acting at the behest of another foreign power, to seize property within the United Kingdom?


  • What UK court, or other UK legal authority, authorised this seizure?


  • If it is the case that the seizure was made under the 'Mutual Legal Assistance Treaty', what terrorist information was supposed to have been held on these computers?


  • What evidence of such supposed terrorist information was supplied to the UK authorities in order to justify this seizure?

  • What action is he taking to prevent such seizures or property by agents of foreign powers in future?


  • This action cuts to the very heart of civil society in Britain: to the right of
    free speech, of citizens to publish news and opinion. Without this, democratic governance is impossible. For foreign powers to thus interfere in the democratic
    process in the United Kingdom is utterly intolerable, and wholly undermines the theory of a sovereign UK government.



    My MP duly forwarded this to the Home Office and this morning I received via him a response from Caroline Flint MP, Parliamentary Under Secretary of State at the Home Office, doubtless dictated with a tongue still brown from licking American arses. I shall quote it in full:


    Thank you for your letter dated 18 October 2004  addressed to the Home Secretary, stating concerns expressed by one of your constituents regarding Indymedia. I have been asked to reply as the Minister responsible for international crime.

    Unfortunately, I am not in a position to comment on this particular matter, but I can provide general information. It is standard Home Office policy neither to confirm nor deny the existence or receipt of a mutual legal assistance request. I can also make the following observation to clarify the non-case specific issues raised.

    Mutual legal assistance treaties are not just restricted to cases of international terrorism, kidnapping and money laundering. They can cover all types of crime or be crime specific. For example many states have treaties that relate solely to the issue of combating drug trafficking. Others, have all crime treaties, which provides a basis for mutual legal assistance generally. The treaty between the UK and the US is an all crimes treaty.

    I hope you find this useful

    Yours, Caroline


    Why does this matter?



    Qui bono?




    I'd like you to just pause a minute, hold onto your anger, and consider the things the Minister did feel able to write. She wrote "The treaty between the UK and the US is an all crimes treaty". Well, it may be. Blair's poodles may feel that it is fine for US government agents to walk jackbooted into any home in the United Kingdom in order to sieze such property as they see fit. But - allegedly - the FBI were not acting on behalf of the US government.

    Initial reports say that the FBI was acting on behalf of the Swiss government; later reports said, on behalf of an Italian court in Bologna. It scarcely matters. The point is that the Americans were not acting on their own behalf, so a treaty between the US and the UK should be moot.

    If the request came from a fellow member of the EC, why did the Metropolitan Police not not make the raid? If it was not legal for the Metropolitan Police, how could it be legal for a foreign power? And if it was legal for a foreign power, how come it was the FBI and not the Polizia?

    The suspicion in my mind is that there is no treaty in place which allows the police forces of fellow EU states to force their way into premises in the UK in order to sieze property. It would be intolerable if there were. And, indeed, can you imagine the headlines in the Daily Mail if it were even suggested?

    What recourse?



    As you'll know, I host on my personal website mirrors of censored documents which I consider important or valuable. I am my own ISP, and the server which hosts those documents is behind me as I write this, in my home. The documents I serve are censored in various jurisdictions around the world but inevitably the majority of them are censored in the United States. Suppose, at 4am one dark morning, I get a knock on the door and find myself faced with half a dozen burly Americans claiming to be from the FBI, what am I expected to do? What recourse have I if they choose to sieze my property? Who do I call to resist the invasion of my home by foreign forces? To whom do I complain?

    Civil and uncivil society



    Britain is, at least in theory, a democracy. Citizens (yes, my passport explicitly states I'm a 'British Citizen', not a 'British Subject') in theory freely discuss matters of politics and freely elect representatives to our national parliaments. Indymedia and organisations like it are a vital part of that process; they provide an means for unpopular opinions to be expressed, for events the mainstream media chooses to ignore to be reported. They give a voice to sections of our body politic which otherwise might not have one.

    We don't know, of course, why Indymedia's servers were seized. Caroline Flint won't even confirm (or deny) that they were seized. We can't see the order which authorised their seizure, because it's secret.

    But allegedly Indymedia's offence was that it published a photograph of an Italian policeman taking photographs of protesters at a G8 summit.

    So this is a very clear story about press freedom and press harassment; about an attempt by a foreign power to suppress free speech within the United Kingdom. We cannot conduct a civil society if we cannot freely communicate.

    The myth of sovereignty



    Part of the popular myth of Britain is that Britain is a sovereign nation. We cannot, we are repeatedly told, surrender that sovereignty to Brussels. Well, no, we can't; not now. We don't have it to surrender. What possible use are the civil protections of Scottish (or English) law if an American agent acting on behalf of an Italian court, without any due process in any United Kingdom court, without any warrant issued by any United Kingdom authority, can simply walk into my home and sieze my property? What possible protection can a United Kingdom government offer its people if a Minister of the Crown is unable even to 'confirm or deny' that this has happened?

    The truth is that Blair's Britain is not a sovereign nation. Not when the US President can order a movement of the Black Watch - a regiment of the British army - in order to help with his election campaign. Not when FBI agents can kick down any door in Britain without authorisation from the British courts and without a murmer - without a whimper - of protest from the UK 'government'. The truth is that Blair's Britain is no more than a satrapy of the American Imperium. Not so much a poodle as a cur to be kicked when it won't behave. A cur to be kicked when it won't grovel.

    Creative Commons Licence
    The fool on the hill by Simon Brooke is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License