Main menu:

Site search


May 2018
« Apr    



The 28 day problem

The past five weeks have had some interesting learning code wise 🙂

Normally, smime messages are signed with the public key signature embedded in the message.  It allows quick and simple verification of who has sent the message and whether that signature is valid against a root certificate.  The root certificate is typically held in a certificate store, an encoded file indexed by certain attributes of the certificate.

This practice is commonly found throughout the internet.  In fact the code I inherited on the 1st April which was tested and working, was doing exactly that same, cut and pasted, formula.  The author may have been the one who initially posted – that has been lost in time.  A reasonably clear example is given here: Explore a bouncy castle store object.

If the certificates are not held in a file based certstore and the public keys are not held in the sent message, these techniques fail.  The case I am displaying here is against an Active Directory certificate service.

Instead, you end up with this: extract the signature from the message into a SignatureInformationStore, for each signature get the information regarding the certificate used, use that to query the active directory certificate store and then verify the signature against that relevant certificate.  The certificates may be proven against the associated root certificates and any certificate revocation lists.

LDAPCertStore certStore = new LDAPCertStore (new LDAPCertStoreParameters (host, port));

SignerInformationStore signers = smimeSignedMessage.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
//in our case there is only one signature

SignerInformation signer = (SignerInformation);
X509CertSelector xcs = new LDAPCertSelector();
xcs.setIssuer (signer.getIssuerDn());
xcs.setSerialNumber (signer.getSerialNumber);

Collection <X509Certificates> certCollection = certStore.engineGetCertificates (xcs);
//as there is only one cert!
Iterator thisCert = certCollection.iterator();
boolean verified = (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(“BC”).build(;

At this point you can then verify the certificates using standard methods.

The big thing here is the use of the X509CertSelector.  You cannot use signer.getSID() as the LDAPCertStore is not an extension of CertStore which has the ability to select the certificate based on the getSID values from the signature.

Instead you need to understand what is available from the signature that you can use to select the unique certificate.

Here endeth the lesson.

Actually… This does not have any error handling and you are going to need that for the cases where it doesn’t work.

Coming of age

One of the things you forget as you get older is when certain things not only kick in (legal sex. cigarette smoking and drinking) but also that you not only have the means to prove your identity easily (credit cards are always my fav. as legally you cannot have a credit card in your name under the age of 18 although it establishes nothing else about you).

On Friday I got a letter from HMRC asking if my son’s name was what we registered it as at birth ready for his national insurance card (for the non-UK residents, that’s his social security number).

At 16, he can legally work and receive recompense for it which will be subject to tax and national insurance.

Of course, noone in the family is carrying this document as we head to the local cinema to see Suicide Squad (pretty romp), BBFC 15.

Which means when an over officious usher asks to see my son’s proof of id to say he is over 15, we don’t have anything on us.

Apparently, we can have a refund of his adult charged cinema ticket, but because he is not carrying id he cannot go into the film.

They would accept a photo of an out of date passport so long as it did still look like him: does not that make you feel that this cinema is holding up there end of the bargain and trust afforded them?

After all, cinema ticket costs £9.40, a passport costs £46.

At least the rich 15 year olds can go and see an over 15 film!

It’s been a while

Life with the Leaf becomes the norm pretty quickly and you do just take it for granted.  Since we bought the Leaf in Jan 2014, I cannot imagine using an internal combustion engine for my daily commute.  In fact, my beautiful motorbike is failing to rack up miles as a result.

A rhythm is established on when you charge, when you take it easy and when you enjoy the smoothness and the power available just as in any other car with an electric motor.

You get used to having the information at your fingertips about how you are driving and how you are making the most of the cheap fuel powering your car.   You get very used to not having the judder and delay from an internal combustion engine.

You get used to the economy, which is predictably yours.

Sounds ideal…?

To the most part it is.  If I don’t want the hassle of taking a risk in my normal weekly commute, I charge the car when I get home during the summer.  The beauty of this is the sun is providing the electrons being stored in the battery.  It makes the most of what we’re not using.

Over the summer, I have been reliably achieving 4.50 miles/kWh this month (in fact, more than 4miles/kWh since March).  This is pretty impressive compared to the winter and makes my journey to work (and back of course), at a price of 12.21p per kWh, means I have a journey of 15miles (to the nearest whole mile), costing 40p to the nearest whole penny.

The costs for 2016 so far are £68.83 to cover 2,293 miles.  Which is 33p a mile.

The cost, if I buy the electricity from my energy provider rather than use what is being generated by the PV cells, per week of travelling the 74 miles (not rounded) is £2.01 (to the nearest penny).

The journeys I have made to London for work, cost a little more than that, although you could argue that I do charge the car overnight at 12.12p per unit to the tune of 20 kWh or £2.42 at least once.

We’ve been through this before!

We have.  Things, they are a changing.  On the 1st July (I know that is twenty days ago, I have been a little busy with one thing and another), Ecotricity is changing how their Electric Highway works as per

Instead of being free, the price for a 30 minute charge is going to be £6 :o.

Unless you are an Ecotricity customer.  In which case it will be free.

Where’s that web page again?

Looking forward to having a break and the joys of Java programming

Doesn’t sound like you!?

Mid-March, I  found myself in the position of taking on a team which was considered failing (doing amazingly clever stuff, but not delivering to time scales).  Great people and coders but not measuring up to expectations.  Which wouldn’t have been so bad, but I was heading out on leave for 3 weeks in a bare two weeks time.

The team over the previous three weeks had lost a key member who really wasn’t happy in post either.  When asked, the incumbent team felt they were being asked to do the impossible.  The environment was dated (as were some of the approaches) and the team got together once a week to say they hadn’t been able to progress things.

In the two weeks before I disappeared, I assessed what was being asked and whether it was indeed impossible (burn charts are your friends here).  Having the proof, I was able to secure more resources.  The team leader I was replacing was not a happy bunny, to put it mildly.  I re-factored the plan with the new team members and took the lowest priority (in terms of time of delivery) out of the immediate time frame.  (The team may have got enough time back to bring that back in, it has all gone that well).

I started daily stand up meetings and disappeared skiing, like you do.

Standard project management stuff… so what?

Mmm, if only things were that simple.  I have brought in continuous integration and published test plans (got caught out when told things were working when they weren’t, so we have formal, shared test plans now).  We have software signing mechanism across the piece too against very standard mechanisms away from a home brew solution.

I like the wider team and their approach, but it’s felt difficult to progress when the incumbent members of the team still believe it’s impossible and are openly grumbling about the changes.  Emotionally it is quite draining.

I have moved the project dramatically from a best efforts part time project to a fully focused software engineering standard one.

Mostly it has worked: in fact the person paying for the project is happy with the changes – more transparent, good progress and good interlock.  It’s not perfect, but every step seems to be in the right direction.

The team themselves have stated they like the framework and find they have focus and the information at their fingertips so they have control over their work load.  They have flexibility and the space to deliver.  The plan is reviewed often and communicated out to the wider group.  Which has allowed everything to progress.

Still not finding the issue?Java logo

Java – my fundamental issue is Java.

I first picked up Java in 1996 at university and thought, OK, quirky, not as portable as promised, but if I ever need to, I have a string to my bow.

In 2005, I moved in to the Research teams in BT and was looking at Java.  Eclipse and Netbeans to be honest, producing graphical maps to enable heterogeneous data types to be accurately mapped and produce the transformations between the two data types.  I became the expert pretty quickly.

The great thing about it, was I was starting the objects (Java is an object orientated language) from scratch and therefore able to control the entire environment from the ground up.

I am a test driven programmer, so I build a test harness (with the tests applicable to prove the result) and then get on with it.

Only, it was never quite that simple, and I quickly progressed to using Java beans in a Tomcat environment.  I am still a big fan, 65% of my website is still programmed in JSP containers.  Deployment is simple, what is coded in one environment may be proven there and run any where there is a compatible server.

It has to be said, I do very little out of choice in the command line with Java.

Let me guess, you’re programming in Java this time?tomcat

Only without any of the niceties.  (This was the project I was told was working and basically didn’t.  I got it built (yeah, small miracle) but found in Java 1.8 it had a VERIFY.ERROR against the JVM.  Great, had to re-factor against the JCE provider, there’s best part of a week there.)

I have inherited some code built on JCE running from the command line.  It was written in a couple of hours – not exactly ground breaking code, but standard protocols being used in the right place.  It builds, it looks great but I cannot seem to set the security provider explicitly to ensure the right libraries and bindings are used each time.  Not good.

So I went back to the drawing board and instead of using JCE, I tried a JNDI interface.  Which worked beautifully and very reliably but I cannot bind the objects I want to use to talk to AD 2008.

I was missing a setting in my (this is what I mean about containers, none of this is documented anywhere for the project!).  When that was in place, it worked.  Once.

I have even done a line by line comparison of everything I have done.  No changes of consequence between when it worked and when it is not.

It’s annoying and a problem and I know I have the answer in my reach.  But I look blind and stupid and I am really not.

Out of the whole team, I am the one holding everything up.  [Except I am not: because I have worked closely with the test and delivery teams and made absolutely sure I haven’t].

I miss Tomcat too.  Everyday.  When I build something in Tomcat, it just works.

Right this moment, I am going away to get my mind off the problem.  I have two weeks holiday to think about anything else.  Must stop thinking: C# anyone?

Have a great evening 🙂

What a mess?!

Not many people know this, but I am an European first, British second and English third.

As someone living in the UK, that doesn’t come close to describing me, but it is at least a start.  I believe in free speech, the politeness of an orderly queue and in driving on the left hand side of the road.

I share a common history with the entire world and love when diplomacy is the first port of call instead of a gun.  “Jaw, jaw is better than war, war”.

I don’t believe in petitioning for a 2nd referendum vote even though the side I voted for lost.  I believe we have a duty to make this work, for not just the people in the UK today but those who come after and a leading light for the world.

I do believe our voice in the world will be quieter and more difficult to hear as we no longer have access to the democratically elected seats that form the European Union.

That just means we talk louder for freedom, justice and love of our beautiful world and all who live in it, man, woman, child, mammal, reptile, bird, fish, etc.

Happy Friday x.

Thank you

As a working engineer, may I say a big thank you to the recession.  (Slightly tongue in cheek).

No longer will managers have doubts that women on their return to work from maternity leave need to be there.  The house price boom, university fees and the multitude of other direct incentives to holding down a job while your partner does so is no longer a matter of straight choice of simple wants.

If you can, you do.  The woman does need to not only make it work but make it succeed.  They are far more likely to have backing at home too.  Everyone is invested.

The guys are now much more invested in their partners having successful careers, there is no doubt in a woman’s decision to follow an actual career rather than coast and struggle.

Businesses can no longer afford to squander such talent either.

Of course, it isn’t perfect but it’s a big start.

I’ve got the day off…

Not interesting, so what?

I’ve had a couple of interesting conversations.  As a graduate, when I left university, I did’t expect to be having great conversations as a 43 year old.  I was very wrong.

ActivitiesPlease find the chase!

Sorry.  My endocrinologist was a young lady which in 39 years was the first time (at this point, I realise I may be old), as the long term partner, it was great to meet someone knowledgeable and new.  Of course there’s the usual thing: sensation tests of the feet (I have a couple of blisters from some walking in inappropriate footwear  – Compeed is your friend in these cases), blood pressure (124/82) showing a stressed Sam and the all important Hb1Ac.

We discussed re-stabilisation, target areas, changes in that high blood sugar now makes me feel really hungry, food, bolusing types, sanity checks (sometimes, I do take a few hours or days off), weight, lipomas, insulin kinetics, transplants, stem cells, Celiac’s, early menopause, HRT, coming off HRT, research directions, helping train inpatients and staff on pump use, timing of adoption of new treatment types and motivation.  There was no mention of statins 🙂

It was great, I really enjoyed it.  It doesn’t stop me being completely stressed out the night before.  I know it’s unlikely in my case, but finding out I’ve missed the fact I’ve lost all sensation in my extremities or my kidneys are failing (or worse) is the stuff of childhood nightmares.  Hence the blood pressure result.  I know it looks normal, but I have been measured at 101/50, which completely freaked out the person taking the measurement on the day.

Since getting back from holiday, I am keen to maintain the level of fitness I got while skiing for 10 days, as after day 1 I seriously thought my body just wasn’t going to take the strain.  I don’t want to be there again.

I am exercising at the gym 4 days a week (all before 8am, during the week and 10am over the weekend  :o).    I am watching what I eat and all the usual stuff.  I am no longer collapsing on the exercise days when I return from work, so things are getting better.  I am looking to develop a non-gym class habit too.  (I work at a desk and that’s been a little harder to bed in.  I am looking for opportunities, like taking the stairs.  Much is missed from my phone’s log as I try to wander round the office not carrying my personal phone).

I have taken a week off, from the gym.  I am starting up again on Saturday.

Much like any changes to my basal rate, these things take time.  It’s good to appreciate them.

Go vote!

I mean it.  If you live in the UK, you have 2 hours 49 minutes left to exercise your democratic right.

I don’t have time?

We walked the half mile to the voting station, there and back, registered, filled in the ballot paper and posted it in the box.  37 minutes including going and getting a lottery ticket.  Get exercise, go for a drive.  See what’s going on outside the four walls of your house, office or work.

Ballot stations are open until 10pm.

It’s only the local elections

Yes, you know, the people who decide on schools, road and pavement repairs, police funding, school funding, care in the community funding, housing policies and loads of other stuff.

Even if there is no-one you want to vote for, go and make that statement.  Bet there’s someone you may want to vote against.

If you don’t, you’re silently saying everything is OK.

Same with the Police and Crime Commissioners.  May not be who you’d vote for, but supporting someone stands against someone who don’t think can do the job.  Not a great reason for voting but better than not bothering.

That’s the one: I can’t be bothered

Our ancestors helped get everyone a vote.  Even prisoners now get to vote.  Why wouldn’t you be bothered about making sure you made your voice count?

At 1am this morning, something changed

Actually that’s a little unfair, I have been considering this for a while but the resolution harden at 1:04am this morning.

In 2002, I bought my first insulin pump and it was nearly perfect.  Unfortunately, its design based around an insulin pen cartridge is not a profitable one for any manufacturer, so I now cannot buy a replacement for it.

One of the reasons I bought it was that it was based on a pump design I had come up with in 1993 (albeit that was based on a 1.5ml pen cartridge rather than a 3ml one).  The consequence was that was much cheaper to run as there were fewer consumables to buy each month.

Yeah, that may have been the other consideration as I was self-funding.

OK, where is this going, cut to the chase?

This is my design for the perfect insulin pump and why it won’t be made by an existing manufacturer

Consumables or single use components

  • standard Insulin pen cartridge (lasting approx 5 days) – there are four of these, ranging in size and fixing mechanism
    The insulins in use are Humalog (lispro) and Novarapid (aspart).
    These are all 100iu/ml so dosing programmes are identical but the cartridge bay may be different.
  • Adapter one for each cartridge use, specific to the cartridge type in use

Not supplied by the company

  • The infusion set: Cannulas and Tubes
  • 1xAA battery replaced as required

Tubes come interfaced, typically, with a common luer adapter.  So the users can source these anywhere.

Because of this, there is no guaranteed recurring revenue.  This makes it highly unlikely this type of pump can make money for a manufacturer.

The pump itself

Operating features

  1. Four basal rates each defining a 30 minute period in the day and up to 0.005 units.
  2. Four button all on front
  3. Either B&W LCD or paper white screen
  4. 2 bolus types, each with records showing insulin on board and the potential to take blood glucose readings.  If taking a longer bolus the user should be able to perform a fast one on top
    1. one fast bolus
    2. one “pizza” bolus
  5. Past weeks records visible on screen
  6. Programmable by computer – infra red connection only accessible if the pump is off
    This can set the unusual things like priming amounts, blood sugar levels for insulin on board calculations, insulin duration, insulin type.
    The programme should be available for the cheap computers like the machines defined here: .
    The pump comes with this kit for no added cost.
  7. Records received locally on the diabetics computer – infra red connection only accessible if the pump is off
  8. Simple limited screw face plates for batteries and the insulin adapter
  9. No wireless control (for security)
  10. Boluses can be performed underclothing, so vibrating bolus and alarms.
  11. Two modes:
    1. running (allowing boluses and basals to be delivered)
    2. ceased: (allowing computer connections, priming and withdrawing the cartridge)
  12. When the battery runs out, it remembers where the cartridge is so the user doesn’t have to reprime
  13. Alarms are loud and vibrate the pump

    1. empty cartridge (limit set by user)
    2. empty battery
    3. automatic off (set by user)
    4. occlusion
    5. mechanical error
    6. electronic error
  14. Warnings are either soft or silent but do vibrate the pump

    1. low cartridge
    2. low battery
    3. pump not set up to run
    4. cartridge/adapter alert
    5. temporary basal rate cancelled
    6. temporary basal rate completed
    7. bolus cancelled
  15. Checks are made regularly (when insulin delivery is made, either for basal or bolus amounts) on whether the pump is functioning
  16. A light for the screen to allow use in the dark (cinema or bedroom for example)
  17. A pre-set limit for hands free priming but also a stop function to allow the user to change tubing lengths easily.
    Priming the cannula can be achieved in run mode with a fixed bolus.
  18. No promise on more than IPX 7 although the insulin components and pump electronics should be protected as much as possible.

These are based on my experiences of what works best and more buttons (especially on the side and top) do not help.

I want a flat bottom, so the pump can be easily stood up up while trying to establish the infra red connection to the computer (again, this is for sanity).

The user interface on the pump is driven by four raised buttons in either running or stop mode:

  • Menu button: for scrolling through the menus
  • Select button: for selecting a menu to drill into or signal a choice has been made
  • Up arrow: for increasing choice through the menu or while setting a value
  • Down arrow: for decreasing choice through the menu or setting a value

The buttons need to be on one face of the pump and raised so they can be differentiated under clothing or for a blind user.  A differentiated t configuration works well and you can make it obvious from the pump shape which button set is which.

Menus should be navigable in both directions from any point in the menu (rotating menus).

That’s pretty specific

Along with the cartridge design, these are things that make life easier for the pump user.  Most of these have come from my beloved DTron pump although the paradigms are pretty common throughout the pump world.

Security wise, NFC and blue tooth extra are all complexities you very rarely need, even as a woman who wears the occasion evening dress.  I tend to locate the pump in a garter belt – hides it well and you can programme boluses under the table, remember the vibrations which allow me to “feel” the dose even if heavy rock is happening all around you.  You check the record by going to the log if you are not 100% sure.

But this also allows use on a conference call without having to explain away the beeps.

I’m a grown up – many of the features I see in newer pumps are not that useful – like remote bolusing.  If you are an adult looking after a toddler or first few years of primary school diabetic or a disabled older person, this is important to you.  By the time the diabetic gets to their second decade of age, they will be wanting that control themselves not having their parents do it for them.

I like to wear my pump outside my clothes, so a belt clip that can be repositioned so that I can read the screen easily is a must.  On a belt, the pump is situated so I can read it!  See above about remote control.

Cloud based records are the only ones available on my current pump and that is great so long as you are on grid.  There is no ability to programme the four basals anywhere but on the device.  That is really painful.

Sounds great – so why won’t someone sell this?

There is a limited amount of revenue creation here and pump manufacturers are, after all, trying to make money.

The only revenue generation is on the cartridge adapters, approx. 4/5 are used a month.  You cannot fund an organisation with that.

Then there’s medical approval and testing.  The pump would need to be sold for a significant mark up to cover those costs.

It would need to be a non-profit organisation.  How could I find funding for that?

As my friend Phil Ashby stated, could you go open source pump and let people build their own using 3D printers?

What’s in a name? A rose as sweet…

Being a type 1 diabetic puts me in a reasonably unique position as far as NHS prescriptions matter.

If my insulin was re-branded tomorrow, my prescription with the old name would still be valid as it is describing a medicine.  In fact, under UK and European law, we now order medicines via their generic names rather than their brand names for exactly that reason.

I use Lispro for example as my analogue insulin, sold by Lily as Humalog.  If Lily renamed this Insulog, my prescription for Lispro would still be valid.

This is genius.

So brand names are not important…

Ah, the other side of the coin, in terms of my life, are medical devices.  You know, the pump, syringes, pen nibs (seriously insulin pen needles are called nibs!), insulin pens, isopropyl alcohol (for sterilising things so I don’t get infections from sticking a needle in to me), lancets and testing strips are medical devices and in this case names matter, even when they shouldn’t.

Please spot the difference apart from colour of box and name.

Please spot the difference apart from colour of box and the products name.


In 1980 my mum bought me a Autoclix (brand name) which is a type A lancing device taking, you guessed it, type A lancets.

This is the form factor of the lancets is actually the one that won the tech battle (much more fiercely fought than beta-max versus VHS, see the Autolet here).  All lancing devices use this type of lancet now.

But that wasn’t always the way and several devices used type B lancets.  The important thing therefore was to get the right type.

Or that was the case in 1980.

Times have moved on…

Apparently!  Now there are five manufactures and if your prescription doesn’t have the brand name of the lancet, not the manufacturers name or the lancet type, you don’t get the prescription filled (that’s supplied to you and me).

Which makes re-branding a nightmare.

My Abbott Laboratories Thin Lancets are now called Abbott Laboratories Freestyle Lancets (nothing else has changed, not one thing, not even the price or the colour they are supplied in, just the name on the box).  So my prescription asking for Abbott Laboratories Thin Lancets are not valid because this item does not exist.

In all other terms though, they are the same thing.

Abbott Laboratories is a North American company and have contacted all health care professionals in the countries they supply to the details of the re-marketing so that they can provide the prescriptions so that type 1 diabetics can make informed decisions about how much insulin they need.

This may work well in America, but I use a large Pharmaceutical change in the UK and my GPs practice were apparently unaware of this change or that in fact, it was important.

Abbott are sending me this months supply free of charge and without the need for a prescription.  Being a loyal customer since 1991 does have its advantages.