Tuesday, 12 December 2017

It's official, ADSL works over wet string

Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (usually, copper, sometimes aluminium). One of the key aspects of the technology is its ability to adapt to the length and characteristics of the line on which it is deployed.

We have seen faults on broadband circuits that manifest as the system adapting to much lower speeds, this is a key factor as a service can work, but unusually slowly, over very bad lines.

It has always been said that ADSL will work over a bit of wet string.

Well one of our techies (www.aa.net.uk) took it upon himself to try it today at the office, and well done.

He got some proper string, and made it wet...


It turns out he needed salty water to get anywhere.

A 2m length...


And the result - it works!!! Not even that slow (3½Mb/s down) though slow uplink. Don't dare touch the string though...


So, there you go, ADSL over 2m of literal "wet string". Well done all for testing this. It shows the importance of handling faults that seem to just be "low speed".

As a bonus, fit tin cans to both ends and you get voice as well as broadband on the same wet string!

Saturday, 9 December 2017

Canaries

Some more thoughts on warrant canaries... Thanks for the various comments.

We are the good guys, honest

First off, I want to be clear. The attitude I have, and therefore the company (A&A) has, to blanket surveillance is that it is wrong. It should not be allowed. We need to take all possible and practical steps against it. Targeted surveillance against know suspects with proper controls is another matter.

I hope that is clear, and the fact I have gone to the bother of speaking directly to parliamentary committees on this helps explain some of my resolve in this.

Am I a martyr ?

No, sorry. I will not go to jail over this. I have a family to support, and I have a lot of staff that have families to support. So there are limits.

But I am not beyond considering every possible loophole and edge case we, or my lawyers, can come up with to help defend these principles.

What can A&A do?

We can explain our principles, and we can try and help people understand how to circumvent all sorts of monitoring and snooping as much as possible to ensure people get respect for their basic human rights related to privacy.

We can, of course, try and appeal or defend any such orders if we get them, and we will.

What about the canary? Does it help?

The way the law is worded now, there are various parts with various gagging orders. Some parts are a tad tame, civil enforcement. No, I am not a martyr, but would I go for challenging it in civil courts, maybe. Hard to say, and at the end of the day that would not really help. This is the real point here, but we cannot risk criminal laws even for the "tame" parts of the IPA by invoking the Official Secrets Act. So even that may be a problem.

You cannot trust what anyone says with the law as it is. It is not really acceptable for a democratic society, in my view. It is not a matter that law "compels you to lie", but that by not lying you may be breaking the law. If you see what I mean. No, don't lie as that is fraud, and no, don't not lie as that is breaking a gagging order, catch 22. Pick your crime?!

What is important is that everyone assumes there is snooping and monitoring. I am sure that getting BT Wholesale or TalkTalk Business to deep packet inspect our PPP traffic is against the law, sorry. The Home Office do not agree. In a civilised society this would have a chance to be decided by a court, but in a world with secret orders and gagging requirements, it will never get tested.

So if you do trust us (and why not) you may already be snooped on in the back-haul network, so take measures to protect yourself.

If you take such measures, you don't need to trust us, and so we don't need to be on the spot with a canary!

What about the canary going forward?

I am formulating a plan here...

First off, I put anything canary related in one place, make one page with a clear signed and dated statement and link to that. It states what we do not have (any order under IPA) and is dated and signed, and ideally states when or if we plan to update the statement.

That fits well with what we have now, and puts in one place. It removes the "ask me on irc or in person" and so on.

Cunning plan?

My lawyer pondered this and may be regretting it now - but if the warrant canary covers many things nobody knows the discontinuation of the canary is because of reason X and as such that cannot be seen as disclosing reason X.

So a canary could say, for example :-
  1. I have a beard
  2. My dog, Lilly, is still alive
  3. We have never had an intercept capability order at A&A under IPA
  4. We have never had a data retention order at A&A under IPA
And when we stop making such statements, all you know is one of those things is no longer true.

By stopping, we are not breaching a gagging order, obviously, especially if I happen to have shaved.

Sadly, any "cunning plan" like this is almost certainly a bad idea, sorry.

Simpler plan?

A simpler plan is just set a date, e.g 2020, from which we no longer make any statement about IPA orders.

Frozen!

No, not the film, my feet, and other parts of me.

I am glad to be back home in the warm as I have spent all day from early hours at the office with no power (and hence no heat). The alarm system can only run on batteries for so long...

In spite of the cold, it was fascinating watching the guys from SSEN diagnose and work on the fault outside the A&A offices today. The power went off, well, mostly, last night. Actually all three phases (we only use one) went to around 40V, so some things still managed to blink the odd light.

They dug a hole by the road last night, and confirmed the power was fine there...


So this morning they dug a hole in our car park...


They took out one of the water mains...


Which caused a lot of delay as they had to stop the water and empty the hole full of water before exposing some of the electricity...

They also found our fibre connection, but managed to do so without breaking it, phew... (the grey pipe)



The dismantling of the cable was interesting, and they were slightly shocked to find the aluminium sheath was live :-) The rubber gloves came out quite quickly.


They checked the cable and found it was faulty, meaning the fault is between the two holes. However, this means they can isolate it and connect us to a big generator truck...


So now we have power, and they even fixed the water...


Yes, Sandra got them all coffee.

So we can look forward to them finding the fault next week, and then jointing us back on to mains power at some point, which I am guessing is going to take an hour or so. Time to order a UPS.

Obviously we set up calls to go to mobiles so staff could handle customer enquiries for normal hours of operation today.

Friday, 8 December 2017

More fun with SVG

I am working on some of our back end systems that create artwork.

They currently create it using postscript, which I really like as a language, and have used for years (decades) but it lacks any unicode support sadly.

This means some names that don't use latin1 alphabet don't work.

The fix, change back end to use SVG, and convert to postscript for printing using inkscape command line...

To my surprise it is working well, so I am playing with the router cards...

First up, the old system, if you add emojis to the SSID...


As you see, postscript does not do well.

So making in SVG...


Very nice, but we do have to actually print on a card, so what does inkscape do when we use it to make postscript and then image for the card printer?


Well, I have to say that is pretty good!

Needs work for all of the other fields on the card which I have blanked out in these examples, but at the end of the day, this is the way to handle unusual characters.

Thursday, 7 December 2017

Dismantling a canary?

Andrews & Arnold Ltd has a warrant canary, and for good ethical reasons.

We have stated, clearly, that we do not have any so called "black boxes" (of any colour), nor any orders for "data retention", nor "intercept capability".

This is still true, and I will be happy to state that in person to anyone that asks me, or even on irc, at least for now...


However, there is a problem...

The main possible problem is that we may, one day, receive an order to install something or do something, along with a gagging order so we could not tell someone. For example, see s95(2) Investigatory Powers Act 2016. This means we could not remove the canary at that point as we would be in breach of the gagging order, even if we did not reveal specifically what sort of notice we had. However, if we did have a notice, we couldn't state that we didn't have such things without some sort of fraud or misrepresentation. It seems like a good idea in principle, but basically means one day we may have the choice of breaking the law or breaking the law, and the end result is unlikely to help out customers whatever we decide.

The good news is that this is still very unlikely. The Home Office have said they do not want to go after people with fewer than 10,000 users and we think that is still true for us. I am happy to say we believe we have under 10,000 users as a simple matter of fact for as long as it is true.

I am also very happy to state, as it does not have the same issue, that A&A will always aim to challenge and appeal any unreasonable order to install surveillance or snooping or even logging.

So what can we do to help our customers?

Well, the first thing we can say is not to trust anyone not to have snooping! That includes us! We still aim to challenge any general monitoring or snooping as it is against human rights to do blanket surveillance. If we get an order we expect to challenge it, and maybe, if I can, find ways to announce it (unlikely). But we have to follow the law, though I am not above finding loopholes in that if I can.

We all have a basic human right (by more than one human rights declaration) to respect for our privacy and correspondence. What that means exactly is complicated, and open to interpretation, and has caveats, but at A&A we do take it seriously, and will continue to work with other groups, and even on our own, to challenge anyone or any government aiming to curb such rights.

I, myself, spoke to a parliamentary select committee over the issues in the Investigatory Powers Bill. This gives some clue as to how far we are prepared to go to respect these rights as a company!


We take this seriously, but ultimately we are one small step in the chain of "Internet connectivity" that our customers enjoy. You may be able to trust us, but you cannot trust peering, transit, the far end ISP, well, anyone!

You should be able to trust BT or TT back-haul that we use, as the Act makes it clear they (e.g. BT) cannot snoop on us (A&A). However, it seems the Home Office feel they can just ask BT to do such snooping (as far as I am aware) and we cannot have confidence that BT would challenge such an order, and we know that such an order would be secret and gagged so we (and you) would not know if it happened. Yes, some sort of encrypted PPP is not out of the question, but that still leaves everyone else involved in your Internet connection to be snooped on!

As it is we have some limited logging which we explain, and some CDRs, and they are already available if we get legal requests. We obviously aim to document these and minimise these. For the most part customers can use us for connectivity without such logs at all (e.g. run your own email systems).

So what can customers do?

There are many things, and we have a lot of details on our web site. We'll try to add more and more over time. You can run your own DNS, your own email, tor browsers, VPNs, use end to end encrypted apps, and email, and so on. There are many ways to preserve your human right to respect for your privacy and correspondence. Use them. Ask for help from us on how to use them!

So how do I dismantle a canary?

With a scalpel? This simple answer is a plan to announce we will be removing it in, say, 2020. Far enough ahead to not be the result of any sort of order now, and so clearly our choice and not an indication that the canary has died of noxious gasses.

Does that make sense?

Obviously, doing anything with a canary can lead to be people thinking it has been killed to signify a notice of some sort, despite what I say here. There is nothing we can do about this: basically, that is the canary doing its job! However, we do not feel that the risks of having a canary make it worth having, which is why we are looking at options here.

We have not announced that yet, but I wonder what people think?
  • Is this a sane way to dismantle a canary?
  • Will it work or cause even more concern?
  • Should we be dismantling the canary?
P.S. I nicked a picture (well linked to) for this blog as I felt making my own images (as I usually try to) of a canary and a scalpel would be very very politically incorrect and also somewhat messy...I

Update 1:

Thanks for the various comments explaining how a canary usually works - a signed dated statement. We could change to that format, obviously, but it does not change the underlying issue. Indeed, I may change the website to push all such statements in one place and in that format anyway.

I am pleased that you appreciate the canary being in place, thank you.

However, it would still put us in the position (if we did get such notices) of either breaking the gagging order by not updating it, or making a fraudulent statement by updating it. It also does not change the fact that it is not "useful" to customers for us to have the canary, for that reason, and because we are only one link in the chain so you have to assume there is intercept and snooping anyway. The most "useful" thing we can do is advise on our policy and attitude and the work we are doing to stop such laws in the first place, so you have some idea who you are dealing with as an ISP.

Wednesday, 6 December 2017

Paperless

Oddly the prescriptions I collect all appear to be "paper". They even make me sign the back of the paper to say why I don't pay. They are far from "paperless", just the paper is printed at the pharmacy not the doctor's surgery. Also, I find a certain irony in that the icon/symbol for the "paperless" aspect is an "envelope", now seen much as an icon for (paperless) "email" but in fact a symbol of a paper envelope to contain a paper letter.


IPv6 World Leader 2017

I was at the IPv6 UK Council annual meeting yesterday, and (A&A) received an award from the IPv6 forum. The Jim Bound award. Thank you.


It was an interesting day, and quite long, but at the end of the day lots of people bought me pints of cider in the Paternoster pub, thank you.

IPv6 is not new, and it was interesting to hear how different companies have deployed IPv6 and are deploying it. The talk from Facebook was really interesting - IPv6 everywhere internally with just edge devices talking legacy IPv4 for those who are not up to date. They also report that IPv6 access has better performance.

One key point is that IPv4 is somewhat decaying, with more and more problems, especially with things like Carrier Grade NAT. IPv6 rescues you from that and keeps the Internet working.