In fact, he admitted, the only real constraint was the existence of an audit trail that could catch people out. Of course audit trails only work if people are actually reviewing them and are in a position to spot discrepancies and investigate them – in a system the size of the NHS care records system I imagine this will be a task of mammoth proportions and the actual risk of any individual being caught will be negligible.

As it happens this is an issue of some personal relevance because I recently received a letter notifying me that my SCR would shortly be created and uploaded to the central database and offering me the chance to opt-out. In fact the leaflet enclosed with that letter alluded to the current lack of security by starting the discussion of who would be able to access records (at the top of page 7) with the words “When the new system is fully up and running…” thereby revealing to anybody paying close attention that proper security is not yet in place.

In particular although your records are only supposed to be accessed by people involved in your care there is nothing to actually enforce that other than the audit trail, as the CfH representative was eventually forced to admit in the radio interview. Even when proper security controls are in place certain people, such as emergency department staff, will probably need to have fairly broad rights to access anybody’s records so the audit trails will still be important as the main constraint on at least some users.

One other feature of the SCR system is something called HealthSpace which is a web portal where people can view their own records and it occurred to me that this provided an interesting opportunity for crowdsourcing the problem of monitoring the audit trail in an effective way.

The idea is that, first of all, in addition to providing access to your records the portal would also provide access to the audit trail showing exactly who had accessed your records. On top of that you could add email alerts that would inform you whenever your records were accessed, or perhaps just when a new person who had not accessed them before accessed them for the first time.

The advantages of such a system should be obvious – firstly there would be far more people monitoring the audit trail than the NHS could ever afford to employ to do it. Secondly each person would only be monitoring a small piece of audit trail – a piece that they would be familiar with (so they would know who they would expect to be accessing those records) and in which they would have a direct interest in detecting and reporting any misuse which it revealed.

Interestingly I note that the NHS Care Record Guarantee does say (commitment 11 on page 9) that “You will be able to ask for a list of everyone who has accessed records that identify you, and when they did so” although it doesn’t sound from that like they will be automatically available through HealthSpace or that any sort of alert mechanism is envisaged at the moment.

In any case I have personally decided not to allow my records to be uploaded until the current security regime is improved – if you want to do the same then information on how to do so, including the form you need to give to your GP can be downloaded from the care records web site.

That said, I wasn’t (as I made clear, maybe a little too forcefully, in a comment on his post) particularly impressed by the unilateral way he went about it, or the approach he used to the redesign, or the result.

That all sounds (and is) rather negative so I thought that I would, in the cold (and more sober) light of day try and write something more positive explaining what I see as the current problems, how I think we should go about fixing them, and what I think a solution might look like.

Current Problems

As the person that usually winds up making decisions about whether to add things to the home page, and where to put them, there is often pressure on me to add particular things to the home page or to give them more prominence, all of which is very difficult when 90% or so of the page is taken up with the map. Common complaints I hear are:

• The search box is too small and/or not prominent enough.
• Item X (often the search box) is too far down the sidebar and falls off the bottom of my screen – especially common when we have extra items in the side bar to promote important events, votes, funding drives, etc.
• Can we add Y (for almost any value of Y) to the home page.

Another obvious (to my mind anyway) problem with the home page is that for a newcomer to the project it gives little information about what the project is and why it is more than just another “internet maps site” like Google, Bing or Yahoo. There are two short paragraphs of quite small text on the left hand side but they are not exactly prominent. One issue here is that there are essentially two entirely separate classes of user that the home page needs to address – newcomers who need to be introduced to the project, and existing users who quite likely just want to see the map.

From a pure style and design point of view there are many, many places where the site is horribly inconsistent and this is something that should certainly be tided up as part of any redesign. The sort of things I have in mind are:

• Inconsistent layout of forms – do labels have trailing colons? does the submit button align to left or right?
• Inconsistent capitalisation – basically do we use capital letters or not.

The use of tabs is also a problematic area of the site and the current site almost certainly has too many – the basic problem is that tabs (at least as currently implemented) don’t scale well as the width of the window reduces. This problem is obviously worst on smaller screens, and also in more verbose languages where the tab names can be significantly longer.

Approaching a Redesign

What I have been suggesting for some time is that we have a hack weekend, with the relevant technical people present as at previous hack weekends, but also with some people experienced in design and UI issues. The problem of course is finding such people and persuading them to attend.

More recently I have started to think that, in order to get maximum benefit from any access to design experts, a first stage should probably be to sit down as a group (at a hack weekend or similar) and brainstorm exactly what the problems are with the current site. This would then lead into the creation of some sort of design brief describing what we wish to achieve in any redesign.

Such a brief would (a) give us something we could give to designers to consider and (b) provide a means by which to evaluate the results of any design exercise. It also opens up the possibility of not needing the designers in the same room as the domain experts and implementers which may make getting access to design expertise easier.

Possible Solutions

I realise that, by offering some possible solutions, I am now jumping the gun a little as my own view is that we should be enumerating the problems first, but hopefully a few broad brush ideas may be helpful without expending too much energy ahead of having established the goals.

One possibility for the front page is something along the lines of the “three panel” design that was once proposed, where the map takes up much less space on the page and there is much more space for introducing people to the project. Such a design should probably be combined with a quick way to jump to a full page map view, and a means for logged in users to have that as their default view.

Another option might be some sort of translucent overlay, or a Stack Overflow style “tip bar” that is displayed to new visitors although such a design has some problems of it’s own – being displayed too often to users with cookies disabled, and possibly not often enough to new users who may need to see it more than once.

As far as minor style issues go the solution is really fairly simple – we just need to document what our style is and then stick to it.

Tabs are a harder problem – we really need less I think which means finding some alternative UI mechanism to expose some of the things which are currently on tabs to the user. The export tab is certainly a prime candidate for change here as it really belongs with other things like the key, search, etc which open a sidebar while keeping the map displayed.

Other Issues

There are couple of major features that are often asked for, and which we should probably have, but which are not strictly linked to the question of redesigning the site. The things I’m thinking of here are:

• A means to allow people to report problems with the map data – something like OpenStreetBugs but properly integrated in the main site.
• A routing engine – not because we want to be a full service end user map site but because it helps find (and fix) topology and turn restriction errors in the data.

These are things which are independent of a redesign in as much as that they could perfectly well be added to the current site if we wanted, or added to the site after the basic redesign – they don’t have to (but could be) added at the same time as any redesign.

My main wish in respect of either of the above things is that they be properly integrated in to the main site and running entirely on servers maintained and operated by the project. Obviously they also need to be able to handle the load generated by being on the main site.

Summary

I hope that this post has provided a rather calmer and more measured description of where I think we are, how we should go about moving forward, and what the future might look like and that we can now move forward in a calmer and more measured way than some of the rhetoric of the last twelve hours might suggest.

I few weeks later I got a letter from BT Complaints Managment saying that my complaint had been passed on to them and they had been unable to find any record of the call to me (hint – try looking in the logs of all those Indian subcontractors you hired) but that I had been added to their suppression list so should not receive any more calls.

Well today they went for the win by calling me again – this time to try and sell me Broadband. This time round I have a recording of the call so it will be interesting to see if they try and deny it again.

What’s more as their previous letter acknowledges that they are aware of my wish not to be called they are now in violation of regulation 21(1)(a) of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as well as regulation 21(1)(b) which they breached last time.

A second complaint has been filed with the TPS and a letter will be winging it’s way to BT later on…

1. I was wondering if [project] has gone under any major restructuring/redesign initiative in its history. Restructuring/redesign initiative can be defined as a concerted effort during a time period in which major changes were applied to the code base to improve software architecture/design while little or no functional enhancement was made.

2. If the project has gone under such an initiative, then would it be possible for you to give the dates or revision/release numbers that are “right before” and “right after” this structuring effort? I would like to checkout the source code from the repository to compare structural measurements that belong to “before” and “after” snapshots. Note that the dates and revision/release numbers should be right before and right after the initiative because I would like to be able to isolate and observe the effects of this effort.

Both these questions, and the second one in particular, would call for a considerable amount of work to be done in order to answer them even if it were possible to get past the wooliness of the first question and decide which changes counted.

The real issue however, is that surely the point of being a research student is to do research to answer whatever question you have set yourself? Not just to email lots of other people and ask them to do the work for you…

In this case the originator in fact implied in a subsequent email (after he decided that my lack of reply meant he should ignore the fact that I had unsubscribed from his list and email me again and I had told him exactly what I thought of this) that he emailed somewhere in the region of 3000 people with this request.

At work we have four ADSL lines and to handle the load outgoing balancing we use a set of four ordinary DSL routers connected by ethernet to a four port D-Link ethernet card in a linux server which then does per-packet load balancing for outgoing traffic using the teql traffic scheduler. This post describes how we configure the load balancing.

The first step is to give each of the routers (we use Zyxel P660 routers) two different LAN addresses – one is in the 172.16 private address range and is unique to each router and used to address specific routers for management and configuration purposes; and the other is a common address from the block allocated to use by our ISP and is shared by all the routers.

The ability to configure multiple addresses for the LAN side interface is a requirement for this technique to work, and not all routers may support it…

Once that is done, we start the linux configuration (this is a RedHat/Fedora style system) by defining the bonded interface, teql0, by creating a teql.conf file in /etc/modprobe.d which defines an appropriate alias:

alias teql0 sch-teql

We then have to define the configuration for each interface in the normal way, with ifcfg files in /etc/sysconfig/network-scripts, starting with an ifcfg-ethN file for each of the bonded ethernet interfaces that looks something like:

DEVICE=eth{2,3,4,5}
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.16.8.{1,5,9,13}
NETMASK=255.255.255.252
HWADDR=...

This places each ethernet interface on a local /30 network that is simply used for management purposes to allow each router to be connected to for configuration. An ifcfg-teql0 file is then created to define the bonded interface:

DEVICE=teql0
BOOTPROTO=static
IPADDR=...
NETMASK=...
ONBOOT=yes

The network details here are those for the IP range allocated by the ISP to us as this is the public interface where traffic sent to and from the ISP will be handled.

In order to bond the individual ethernet interfaces into the traffic equalizer we first create an ifup-pre-local script in /sbin which makes sure the teql0 interface is created before the ethernet interfaces are configured:

#!/bin/sh

case "$1" in
 ifcfg-eth2|ifcfg-eth3|ifcfg-eth4|ifcfg-eth5) modprobe teql0;;
esac

We then create an ifup-local script which adds the ethernet interfaces to the traffic equalizer:

#!/bin/sh

case "$1" in
 eth2|eth3|eth4|eth5) tc qdisc add dev $1 root teql0;;
esac

For good measure, an ifdown-local script removes the interfaces again:

#!/bin/sh

case "$1" in
 eth2|eth3|eth4|eth5) tc qdisc del dev $1 root;;
esac

A default route that uses the new bonded interface can be added in the normal by adding a line to /etc/sysconfig/network:

GATEWAY=...

The gateway address here is the common IP address allocated to each router.

For firewalling and packet tracing purposes, you should note that outgoing packets will be seen going into teql0 rather than the individual interfaces, but incoming packets will appear from each of the four ethernet interfaces, depending on which line they arrive from the ISP over.

That’s really about all there is to it – we do also have a small daemon process that monitors the lines and removes them from the traffic equalizer if they go down and adds them back when they come up again.

The really shocking news however is that they seem to have figured out time travel – the Sunday timetable looks like this:

Proof that NXEA trains really can time travel

Pay close attention to what happens to the 22:22 from Liverpool Street when it reaches Broxbourne, and more importantly while it is there…

The basic editing of roads and such doesn’t seem to be much improved from the (fairly dire) interface we saw in the previous alpha builds – trying to move nodes in a way is still way harder than it should be, working out how to start a new way is even harder, and it still seems to be impossible to end a way unless you remember that you want to do so before you add the last node. As to extending a way well I’d forget it if I were you as I’ve never found a way to do it, or to join a new way onto an existing one (which would be a workaround for not being able to extend a way).

Presumably there is some help somewhere, but there is no effort to promote it as far as I can see – no “you might want to read this before you start” type prompts. There is a “help” link but it just goes to a CloudMade wiki page showing how to connect Mapzen to your OpenStreetMap account.

One word of caution by the way – there doesn’t seem to be any indication whether or not you have any outstanding edits that need to be saved, and the “Close and Exit” button does exactly that, without any sort of warning if you have unsaved edits which will be lost.

Perhaps the most worrying thing however is the so called “Mapzen Dashboard” which provides the entry point to the editor. That isn’t the problem however – the problem is that it provides it’s own, CloudMade hosted, social environment with “friending”, “messaging” and “home locations”. Anybody familiar with OpenStreetMap will know that the core site already provides all those things (though not as slickly) so the obvious question is what exactly CloudMade are doing duplicating this? Is this an attempt to create some sort of parallel community to the main OpenStreetMap community?

Overall I think we have to class the editor as a fail for now, and the dashboard as something that needs more explanation.

Yes, that’s right, this site has invented a whole new idea – the secure username that has to contain both letters and numbers!

It’s latest massive fail in the “I know what you want better than you do” department is to decide that just because I already have an instance of OpenOffice running on my desktop what I really want when I type “oocalc foo.ods” is for it to open the document using the existing instance and, more problematically, on the same X display.

The only problem with which is that I’m now on my laptop and want this spreadsheet to appear there where I can actually edit it!

For Pete’s sake people – either launch it in a new process when the X display is different or teach it to support multiple X displays with different documents displayed on different X displays from the single process!

At the very least could you please do what Firefox does and provide a switch to force a new process to be started..