Saturday, 31 July 2010

WoW irc

Sorry, but LOL...

09:03 [HRH_H_Crab] if you want support from aaisp employees just use the name of the classic wizards rpg weapon in your query.
09:04 [HRH_H_Crab] (i havent got the heart to set their highlights off so early on a saturday morning)

Thursday, 29 July 2010

WoW BT

I know I do not use the "BT" word often and you have to guess if I mean BT or not when I say "favourite telco"...

But well chuffed with BT today, rather indirectly, and I am sure not officially BT, of course.

After all my BT CRM (Customer Relationshop Mangaer) was on a conf call on "bribery and corruption" only the other day. I am not sure if WoW gold is covered by that :-)

But as a level 8 Blood Elf Warlock in Silvermoon City (Chamber of Aspects) - when someone drops you 1000 gold and some nice frostweave bags you say "thanks". BT CRM is an uber level 80 with a nice gnomigan motorcycle...

He has offered to strip naked and dual with me. How many people can say that any supplier representative has ever offered that. (I am asking for a female CRM next time, ooops, not PC?).

I suspect that even then I stand no chance. I'll post screen shots. He'll melt me I am sure.

Sorry about the mess on your screen/keyboard. I know SFI is not a "quest", honest... :-)
Doing a good job as a CRM!

iPassed

Well, Jacqueline ("iSat") has passed her driving test, first time. What can I say? I am actually quite impressed as I did not manage that myself. Well done.

Only one small snag... When her brother passed I bought him a brand new car. I knew there would be a down side to having 5 kids somewhere along the line... Sounds like bank loan time :-)

Eye-Fi and Mi-Fi just work

OK, impressed. The Eye-fi cards just work! They start at £50, see www.eye.fi
It's an SD card that goes in the camera and uploads the pictures over wifi.

How the hell do they do that?
(Yes, I am involved in technology and electronics and I am shocked by the size of the thing)

But the good news is that it just works with my EOS 1Ds MkIII and my access points. It also just works with my MiFi so I can take pictures and have them on my web site automatically over cellular 3G just like that.

Down sides are :-
1. It seems to send the pictures via their server. I suspect this can be hacked around.
2. As the camera is unaware of what is happening you don't see any progress/status.
(Though if using the mifi it has a transfer counter on screen that shows it is working)

Clever bits:-
1. Skyhooks geotagging which seems pretty good so far
2. Auto handling of common public hotspots
3. Can configure from a Mac!
4. Endless memory - deleting old uploaded images at a configurable threshold.
5. Fucking small - its an SD card!!!!!!!

So, the fact James managed to break and lose respectively the two Canon WFT-E2's I used to use is less of a problem now. The damn things cost me £700 each and had such a broken IP stack that we had to configure proxy ARP responses on the LAN here to use them. Canon won't be selling any more of them ever again I imagine.

Wednesday, 28 July 2010

iCracked

It seems leaving an iPad on the car roof and driving off, throwing it on block paving - no problem. (James)

It seems that having the bike fall over throwing the iPad out of the basket on to block paving - no problem. (Me).

However, it seems that Jacqueline sitting on her iPad - not good. Poor thing never stood a chance. Jacqueline did fess up - saying "iSat".

What is amazing is that it still works even though it has a crack right across the front.

Way to look like scammers? (warehouseexpress.com)

It seems warehouseexpress.com won't sell me an eye.fi card unless I send them a copy of a bank statement or driving licence or utility bill. (For some reason council tax bills and water bills are not acceptable either!)

WTF! I am not asking for credit. I am paying by debit card with the verified-by-visa crap so they have no risk (as I understand it) and shipping to card holder address. How hard can it be?

The only people that ask me for such details are scammers and fraudsters (which is probably why their email tripped the spam score and was not read).

In my opinion, either they are scammers or they are really bad at business and like to make life difficult for customers.

Madness.

P.S. They would not tell my PA (AKA my daughter) what the email was about or anything about why the order was delayed as she was not me - but they are happy to take cancellation of order from her? What kind messed up idea of security do these people have?

Monday, 26 July 2010

Stupid alarm systems

I suppose there may be some rules, and regulations and even logic, but it escapes me...

If I was making an alarm system* and someone tried to set the alarm and a fire escape was ajar, what would I do?

1. Beep in some cryptic way then set the alarm anyway so the bells go off and the idiot setting it (my son in this instance) realizes they have an issue.

2. Beep in some cryptic way then set the alarm ignoring the fire exit, so if someone does wander in the PIRs will pick them up and cause the alarm to go off.

3. Beep in some cryptic way and not set the bloody alarm at all.

To be honest I would probably do a bit of the first two. Set off the alarm but only long enough to make a point, and then go to a mode where set but ignoring the fire exit. Maybe if fire exit closes within a few minutes assume the problem was fixed and include it (and stop the bells).

What I would not do is option 3, not setting the alarm at all!

The alarm system in that case knows someone has tried setting the alarm and buggered off. It knows they have not canceled the setting and knows they have not gone back in the building. It basically knows they have not understood the cryptic beeps and have buggered off assuming all is well. So why on earth leave the building with an open door and alarm not set at all. That has to be the worst scenario of all.

As you can imagine, we have a nice high-end alarm system on the office and this is what the bloody thing does. Thankfuly I have extra monitoring on it and I get a text to say someone failed to set the alarm. So I had to go down there and sort it. Without that extra precaution we would have had an un-locked and un-alarmed office. At least the surveillance cameras are 24/7, but still!

* I say "if I was making an alarm system". Obviously I did, 20 years ago. I made a door entry and alarm system for my house in Newcastle. It was designed and built by hand using leaded components, wire wrap sockets and a bare breadboard. It used a lot of wire wrap. 6502 based. The door entry was mag card (credit card) using a head from an old cassette tape player. Obviously all my own software - I even wrote my own assembler. It worked well for many years until I re-made it from a PIC 16C84. Sadly, these days, double glazed uPVC doors mean I have to use a key at home.

Friday, 23 July 2010

Delete the photo?

Thankfully, in spite of having a nice camera, and taking pictures of random stuff, and doing so in London, I have never been stopped. Yet...

But my camera has wifi, and thanks to a new mifi it seems I can have the camera upload the pictures as I take them. Obviously set to "small" mode. 21Mpix of raw would be both slow and expensive :-)

Now all I need is some arsehole to try and s.44 stop me and ask me to delete a picture!

Wednesday, 21 July 2010

How to make progress?

I know we are known for "battling" with our favourite telco. Indeed, that reputation seems to be getting us more and more business.

But it should not be a battle. No company wants to "battle" it's suppliers or customers. At best it is hard work, and at worst it is a broken business model.

Once again we hold out the offer of yet more free consultancy to try and help them. We know other ISPs struggle as we do, but have better sarcasm filters on their public statements (and emails to favourite telco directors, I bet).

Lets talk - lets try and fix these huge issues in something so simple as making sure broadband lines actually works properly...

Sunday, 18 July 2010

Lets blame the customer

So, our favourite telco operate a downstream traffic shaper at the BRAS (for reasons that are not clear). They generally track the line sync rate, but in discrete steps.

On FTTC the line will normally between 15Mb/s and 40Mb/s sync.

Our favourite telco have started to clamp lines at 1.75Mb/s. We have 15 so far, but they seem to being changed one by one. Other ISPs have the same issue.

OK, that is bad enough - but what really pisses me off is the systematic lies that we get. It is sadly typical of them. I have reported 15 faults and every one of them is coming back "Customer Equipment, error or misoperation".

It's their router and their BRAS - so that response can never be right for the fault report. But sending back faults over and over again asking what they are playing at and explaining the customer does not own the BRAS just gets the same response. I have manually rejected some more than 10 times now.

So the policy seems to be "Lets pretend the fault is customer equipment and totally ignore everything the ISP says?".

Arrrrrrrrrrrrrrrg!!!!!!

Thursday, 15 July 2010

Premium rate SMS

This actually an old issue which pre-dates my blog, and sadly did not go to court (orange settled). But they really did not understand the issue it seems. The topic came up on irc recently so ... to explain....

I had an orange account and one of the phones on the account was used by my daughter which was (still is) a minor. Orange knew there was a user for the phone. They also knew the user was not authorised to act on my behalf contractually (i.e. she could not call up and change tariff, etc).

She sent a text to a ring tone provider number. The provider then sent numerous texts with ring tones or whatever over a period of time, and these were charged for as incoming texts.

I asked orange where the contract was on this? I have no contract with the ring tone provider. My contract with orange said I had to pay charges on my bill, but nothing in the contract allowed for such charges being put on the bill in the first place. Orange suggested it was a separate contract with the ring tone provider which allowed these. But I am not a party to that contract and my daughter is not authorised to create contracts on my behalf. They tried saying the contract was formed when the initial text was sent. They totally failed to understand that a minor is limited in what contracts they can enter in to.

Basically, I could not see any way contractually that the charges could stand.

If my daughter was older she could have entered in to a contract with a ring tone provider, and so she would be liable to pay them, not me. This is no different to using my phone to order a pizza. The pizza company cannot put the cost on my phone bill just because my phone was used to establish the contract. Being a minor that did not apply anyway as she was too young to enter in to that contract.

I think at one point they said the terms of the contract with the ring tone provider had things like "must be over 18". As I pointed out, that does not help - it just means that the ring tone provider also understands that the contract could not exist as their own terms do not allow it to exist.

Anyway, issued a county court claim and they settled in the end.

It strickes me that the whole premium SMS business is dodgy.

PRS gone mad?

http://www.zeropaid.com/news/89911/uk-royalty-group-wants-piracy-cap-and-trade-isp-levy/

It seems the PRS want to fine ISPs for allowing copyright infringing material to go over their network!

This is just plain crazy, but trying to explain that to them may be tricky.

1. An ISP is a mere conduit - like the postal service. We do not control what passes through our network and do not want editorial control over it either. Allowing packets to flow freely is what we do, and providing that unimpeded communications channel is key for the growth of the internet and UK commerce generally.

2. Even if an ISP was to try and track and stop copyright infringing material traveling over the network, it will simple go underground and start being encrypted. Surely we can't be fined for sending encrypted data over our network as we have no way to know what it is. So it would be ineffective anyway.

3. If any such law was drafted as badly as the DEA, where the definitions means our customers are clearly communications providers (not internet providers or subscribers) meaning we are not an internet provider under the Act, the fine would be ineffective anyway.

4. Even if you thought such a fine could be effective and morally right some how, then who do you fine? After all, the infringing material will typically traverse a hosting company, a transit provider, an ISP, a broadband carrier network, etc. As an ISP we are responsible for a couple of meters of cable and equipment that routes traffic - all the rest is transit providers, other ISPs, peering networks, or our favorite telco. The infringing traffic travels over the tiniest part of it's way over our network...

5. Lets look at it another way - the media industry make money from on-line sales. Just look at iTunes. But as an ISP, I am not paid by iTunes for sending non-infringing material over my network. They are making money at my expense using my network for free. If the media industry want to fine ISPs, then all ISPs need to charge the media industry for this, as well as access to their web sites from our customers too. If we are forced to find a way to monitor infringing traffic I am sure metering legitimate traffic will be a doddle. And if they won't pay for that, then we just block access to their web sites and iTunes and so on.

OK, for the avoidance of doubt, we are not planning to block access to iTunes, it is just an example of how they need us too and how they should not bite the hand that feeds them...

Wednesday, 14 July 2010

Est 1620?

Ok, no way? Something on TV ended "Pilgrim film and television, est 1620"

Unless they mean they were established at twenty past four this afternoon, I do not believe it.

Even the Uk did not have "companies" that old.

How to write XML?

So, you make a convoluted XML spec which is way OTT and uses SOAP and https and god else knows what.

And then you try your hardest to fool people trying to work with it... Lets say you have part of the headers contain some IDs, e.g. a "Requester" and "Responder". For a start, they cannot be simple attributes they have to be a RequesterParty with a Party in that and a PartyIdentification in that and an ID in that and two different name spaces involved...

Finally this "ID" field has a value in the content which is a DUNS number (Dunn and Bradstreet, a unique entity ID). But to know this, the ID has an attribute identificationSchemeName="DUNS". Fair enough it seems.

Except, the RequesterParty/Party/PartyIdentification/ID has identificationSchemeAgencyName="DUNS"
and the ResponderParty/Party/PartyIdentification/ID has identificationSchemeName="DUNS"

Yes, different attributes to mean the same thing on the same field in the same field in a different parent field in the same message.

Then lets make the published schema allow both and have no front end checking. Bury some clues in a huge automatically generated word document as well.

Then lets make it so some requests work fine if both are identificationSchemeName="DUNS" but one specific type of request goes in to a black hole if the Requester side it not identificationSchemeAgencyName. No error, just an Acknowledgement of receipt...

Yep, you guessed it - our favourite telco. Took a week for then to work out what we did wrong.

We aim to learn from this and make the XML interface we plan to publish :-
  • Simple - not unnecessary nesting of nesting of nesting of fields - where the value can only ooccur once make it an attribute with a meaningful name.
  • Easy - one top level name space for it all
  • Helpful - errors that say what we did not like in the message
We'll see how we do...

Monday, 12 July 2010

Geek Radar

OK, so, just for fun, I spend 59p on the tricorder app for iPhone and put it on my iPad...

After all, iPads are just star trek gadgets made real FFS.

It is, of course, a simulation of a fictitious device, so just fun, but it has a mode to track other tricoder users?!?

Good, but what is a concern is that it shows up three other tricoder uses within 3km of my house FFS.

And I thought I was the only geek in the village :-)

Premier Inn useless web site

So, I get to the credit card bit, fill in my details, and get
"There is invalid data in one of the fields. Please check and fill all required fields."

WTF? Which field? If they know a field is not valid FFS why not say which field and in what way invalid. Arrrrg.

(needless to say there is nothing invalid in anything I input, having completed all of the fields and tried several cards)

Hmm, no junk calls

Well, we must have done something as they are not calling *any* of our office numbers today. This is a massive change to usual, but the block is pretty obvious.

We'll have to see what happens when we open up millions of numbers.

... Nope - finally got one http://www.me.uk/2010-07-12T15:09:41.mp3
Ah, it is our friends "pure solutions" http://www.me.uk/2010-07-12T17:16:46.mp3

It seems w have managed to stop the "Free unlimited calls for life" people, but the "pure solutions" bunch are not the same. They still get caught out though...
http://www.me.uk/2010-07-12T17:44:57.mp3



Sunday, 11 July 2010

Universally hated

From time to time I do something, or say something on my blog, which is controversial or generates a lot of comments. Usually there are some dissenting voices. This is not a huge surprise - if was always able to say things that everyone agreed with I'd be prime minister by now...

But the tele-marketers do seem to be universally hated. This is quite amazing. I know I hate them, but wow - people all over the world have commented. Nobody likes them.

Now, there is some sympathy for the hard working, low paid legitimate tele-marketers. I.e the people that actually follow the rules and the law and call people trying desperately to sell some useful service. Sadly these seem few and far between.

But the illegal tele-marketers seem to be hated so much they are almost up there with burglars and rapists (OK, maybe not that bad). Yet the laws we have for protecting us from them are weak. There are laws, yes, but they are not very effective. They require (in the UK) people like the ICO to take action - AFAIK you cannot get the police involved.

For a business practice that really is so hated why do we not have better and more effective laws? Something that means we can actually stop the serious large scale illegal tele-marketing. But how?

A good start would be that anyone who was sold a service by one of these illegal tele-marketers can get out of the contract free and clear. That would be a simple step. Then we could all sign up for cheap calls and debt relief and simply not pay them. Reclaim direct debit payments and be free and clear. Perhaps laws arranged like that would be more effective as it could retrospectively (i.e. after the victim has signed up) allow them to reclaim money and the business model would fall apart.

Sadly one of the very junk calls we get are people helping you claim back mis-sold insurance. If we had a system for mis-sold services by illegal tele-sales we would have junk calls offering to help us reclaim what we spent!!!

So what is the answer I wonder?

Thanks everyone for the many comments, even the one that says you love me and want to bear my children (I did wonder if maybe you wanted to just borrow for them for a while :-) ). If we do set this up for the 4 million numbers we have going live I'll post more on the blog. It is tempting to make a web site and have a competition for the best one-sided conversation...

In the mean time we have many office numbers on the honey pot and I'll see how many I get on Monday. The set of recordings has increased to three and I may add more. I'll see about posting them for others to use...

By the way, we did send the first hour's recording to the ICO. No reply. What a surprise.

Odeon making you pay for 3D glasses

Why is it not part of the cost of the film.

Also, all though times I have been there and been given 3D glasses, and asked if I would recycle them at the end. Well, I would not have handed them back if I knew I was going to have to pay one day. We'd have hundreds here if they had been up-front about this. Maybe should ask them to give me back all the ones I was misled in to putting in their recycling box.

Grrr.

(I wonder if you can get prescription 3D glasses now?)

Saturday, 10 July 2010

Junk calls and legality

Having been on the register and slashdot I see interesting comments, including a few questioning the legality of what I am doing to wind up the junk callers. I appreciate the concern people are showing and I think we are OK...

Just to start, it is very clear that the callers are breaking the law. Marketing calls to TPS listed numbers is illegal as are marketing calls using auto-diallers that have recorded message rather than live voice. So illegal on two counts. They also typically refuse to properly identify themselves which is (I believe) breach of Companies Act.

The law is not that daft. For a start, it is EU wide, which covers a lot of off-shore call centres. But the law covers the party instigating the call as well as the party making the call and the party allowing their "line" to be used to make the call. So even if it is an off-shore marketing company making calls, the UK company contracting them (or maybe even just encouraging them by offering commission) is liable. These calls are all UK specific covering: UK cheap calls, UK legislation on debt relief, and UK legislation covering mis-sold insurance. So UK companies are involved. UK companies are committing an offense. It is not 100% clear to me if the individual call centre staff (if in UK) are breaking the law, but I would hope so. After all, if you are employed to break in to someone's house that does not mean it is not you breaking the law.

Unfortunately, just because they are criminals does not quite mean we can do what we like.

1. Can we record the calls? The law used to be pretty simple - if one party knew the call was recorded then that was OK. It is more complex now, but from various guidance I have read a company can record calls for various reasons (including detecting and preventing crime) and an individual can record their calls anyway.

2. Do we need consent to record calls. I don't believe so - we are entitled to record the call. Various guidance suggests we should state the call is recorded at the start, which we do (their choice not to listen to that). Whilst their recording cannot give "consent" to be recorded we don't actually need consent as far as I am aware. We also publicly state on our web site that such calls are recorded.

Bear in mind that if recording the call is a problem some how, we can play them at their game, routing the call to some other country and recording it where there is no law against it. Isn't voice over IP magic :-)

3. Can we publish the recording? Well it is our copyright as we made it. But there are data protection implications, maybe. The DPA only applies to personal data, which means the data (call recording) relates to an identifiable living individual. I, as data controller, cannot identify the individual and think it very unlikely I ever will. As such, I am pretty sure they are not DPA material (well, apart from my voice in the call, and I give my consent to publication). Now, if someone can identify the individual and cares to impart that information to me as data controller then maybe the call recording becomes personal data at that point. If that happens I will, of course, comply with the Act and (if they ask) remove the recording from the web site. I will, of course sue them for civil damages for their criminal act and report them to the authorities and also try to get a court order requiring them to disclose their employer details. So please, someone complain about the recording and provide details that allow me to identify the individual :-)

4. Can we wind them up and waste their time? I don't think that is against any law. They control the time they choose to spend on the call, not us, anyway.

5. Can we TPS register our new number blocks? I am happy for the company to assign 4 million numbers to be as an individual subscriber if necessary (and for me to hand back as the company "sells" them to other subscribers). That would allow them all to be TPS registered legitimately.

If anyone thinks any law makes what I am doing illegal or even a civil wrong in some way, please do let me know (and cite references). If there is anything wrong we can probably work around it.

So, thanks all for your concern.

Friday, 9 July 2010

What a moron...

Update: April 2013 ePetition to make it easier to get compensation for junk calls. Please sign.

OK, I have this person tied up in a "conversation" with a recorded message for over 3 minutes, and she is still talking to me when I have said it is a recorded message several times and finally call her a moron. Maybe the name fits, what can I say.

[Some things not playing these mp3's right, sorry]

http://www.me.uk/2010-07-09T12:54:01.mp3

By the way, just in case you are wondering, it does say at the start that the call is recorded, and records that fact. They clearly have been calling them manually to see why their system thinks we have pressed 2. And they have spotted that the calls are recorded as one says "Oh see, shit, he's changed it, it says this call is recorded".

http://www.me.uk/2010-07-09T12:39:24.mp3

Just to clarify - this is currently only on our office DDI block. We have set up some numbers to go to a honey pot to trap junk callers, and only when we don't get a calling number. In 8 hours on Friday we recorded 66 calls to our offices. Thursday, before the honey pot was set up, in 8 hours we had 331 call attempts from withheld or unavailable to unused office numbers. It shows how much of a problem these junk calls are.

A&A customers can opt for normal ACR (anonymous call reject), more aggressive ACR (unavailable numbers too and a longer chargeable message), and honey pot mode (has a go at junk callers) on any A&A numbers. We believe A&A are the first and only mobile operator complying with the 2003 legal requirement to offer ACR to mobile users, and the service is included free of charge.

The 4 million numbers is the full UK geographic roll out we have going live shortly to sell to customers as our VoIP service. Only unallocated numbers that get calls from withheld/unavailable will go to the honey pot, and only then after a non-charged warning that it is an unallocated number. We don't want to inconvenience anyone that has genuinely mis-dialled.

P.S. To see for your self, call withheld or unavailable to 01344 400 606, international +44 1344 400 606. I'll not count calls to that number in my stats. It is a normal geographic number and is answered. There are random number of rings. Yes it does just start "Hello" as if I have answered the phone. There are two different messages at present.

Thursday, 8 July 2010

Something has to be done

In the last 7 hours we have had over 330 call attempts to numbers in our office DDI block alone from junk callers. This is approaching 1 call attempt per minute.

It is not legal - but WTF can we do? Suggestions?

Wednesday, 7 July 2010

How not to make a fault management system

Well, it is getting worse. We're trying to give them a chance to change/fix things. We keep pointing out the issues but the system gets worse not better. Another call today to discuss, and maybe we can make some progress.

This is an example of the sort of thing we have to put up with...
What we sent to them:-
Has Andrews & Arnold Ltd or the end user authorised any chargeable work?
No
Is this a favorite-telco core network fault?
RED2-GI-B RASs
Is there any point changing line settings, flexing the circuit, sending an engineer to site or doing a TPM?
No, this is a core network fault
How many lines are faulty with exactly the same symptoms?
94
Fault description
No Connection to RAS, favorite-telco core network fault
What they send back, after an an hour and a half :-
Please book an appointment with your End User.


And that is it!

Well, they did not send the fault back they just updated the notes with that so it is not in a state that allows us to book an appointment if we wanted to. But that is the end of it. The only option now is to book an engineer visit at possible a cost of £141+VAT. In practice, if we did that, the engineer would not be able to visit until next day. The core fault would be fixed by then, so when the engineer visits all is working so that will be £141+VAT. Or we could cancel the engineer, for a cost of £141+VAT.

No option to get the core network issue looked at instead. No option to even reply saying that this is a core issue.

Even closing the fault can take days, so closing and re-opening is not an option.

What a system!

Saturday, 3 July 2010

Crazy lady's house

Well well well... Good job the place got cleaned up.

Four police cars, and a dog, within about 60 seconds of us calling...
Looks like three uninvited youfs escorted away...

iPhone with normal size SIM?

Why did they make the SIM carrier about 0.5mm narrower than the normal mini-SIM?

I small amount of whittling on a mini-SIM and it will actually fit in an iPhone (no carrier) and then still go back in the normal mini-SIM phone :-)



James got an iPhone 4 and a new micro SIM from 0range, but the SIM was dead. Old SIM had been deactivated. Lots of hassle - 24 hours before they can issue new SIM, then 4 working days, and crap. This is why people will buy our service. No crap!

Anyway, he got old SIM activated (much hassle), and we actually cut it to micro-SIM size and it works a treat. Job done.

Rights

We live in a world where, if I spend a few minutes or even many hours creating a tune, or a bit of software, or artwork, then I have rights over that. I can take a photograph in 1/1000th of a second and I have rights over that photograph. Those rights are enshrined in law.

Indeed, many things I do that take time and effort mean I either get paid for what I do or I own what I end up with in some way.

But there are exceptions, and it is hard to see how they could ever find their way in to a legal framework. What if I spend years of my life working hard to make, say, a World of Warcraft character. That is a lot of work. A lot of effort. And you accumulate gold and goods and armour and so on. Sorry, armor, it's American isn't it.

Well, WoW currency (gold, etc) is not real currency is it? But then what is real currency. Real money is just tokens, numbers, that are limited supply and are the result of your work. They show you worked to get it and so have value to others. Real currency is only valid because people believe it is valid. It is not intrinsically more worthy than WoW gold! There are millions of people for which WoW gold has value in their lives.

A friend just had his account hacked and all of his hard earned propetry deleted and his WoW gold and salable goods stolen. He is understandably devistated. WoW is something he spends a lot of time on and part of his social life. He will not be able to go on a raid this evening - i.e. his plans have been ruined.

There is no legal right to WoW gold or to the character. All that work has no legal worth. I doubt any legal framework could protect it. I can understand the otehr side - if I made some on-line game I would not want to find I was tied in to all sorts of property rights of the players all of a sudden.

The Computer Misuse Act covers it to some extent, except the hackers are probably from Korea where the action is not illegal (as I undertstand it), and the victim would be Blizzard not my friend anyway.

Just makes you think.

NAT is evil (still), NAT & SIP

I say it enough, but the latest adventures in SIP make me even more convinced at the evilness of NAT. I thought it may be worth trying briefly to explain what the hell I am on about. It is a tad tricky without getting technical, but I'll have a bash.

Computers send messages to each other - that is how networks work. The internet is a damn big network and has been around a while so the messages use a protocol which is just a well defined set of rules that everyone follows. Part of that protocol is addressing. It is how one computer says, in the message, where the message is to get to in the end. It also says where the reply is to go (a return address).

There are many ways to do an addressing system. You will know some of these already - telephone numbers are a sort of address as are postal addresses. Postal addresses are not too bad an example of how this works in the internet world.

The internet protocol uses an addressing scheme designed around the fundamental principle that every end-point has a globally unique address. Each of the messages that are sent has this as the address and it stays the same all the way as it passed from computer to computer. The same is true with a letter. You put the address on it, and maybe put a return address on the back, and you send it. That address does not change as it travels around the postal system.

At each stage the job of whoever has that letter is to send it to the right place to get it logically closer to the destination address on the letter. My local sorting office put it on a truck or a train or whatever to get to another sorting office. They ensure it goes on a van, and gets to a postman, and finally the postman sees that same full address on the envelope and ensures he puts it through the right letter box.

This type of system is very sensible. It makes things relatively easy as the address does not change. It means if you look up my address, it is always the same address regardless of where you send the letter from (pretty much).

You can have other schemes. You could put on the envelope to send to the local sorting office, where they open it and find another envelope saying to send to another sorting office. They open it and find another that says which van to put it on. The postman opens it to find which road to take it to. Etc. This is complicated and means the way you address things changes as the message goes through the system. It also means that it changes depending on where you are starting.

So, where does NAT come in?

Imagine that you are in an office, and in the office you have decided that all addresses are "Wonderland". And your room is "No. 5 Mad-Hatters corridor, Wonderland.". You can send letters freely to other places in Wonderland no problem, and you can put your return address on the letter and they can reply, no problem. Lots of different offices do the same thing, so there are actually lots of "No. 5 Mad-Hatters corridor, Wonderland" in the country. This is fine as long as letters do not leave your offices.

But if you want to send a letter to someone in the real world, e.g. "10 Downing Street, London" the post room cross out your return address and put the real address of the office on, e.g. "A&A, Enterprise Court, Bracknell". Then when people in the real world get the letter they can reply. Obviously the reply gets to the post room, and they somehow have to remember who was sending letters to "10 Downing Street, London", cross out the address and put "No. 5 Mad-Hatters corridor, Wonderland" on it, and send it on in the internal post.

As a system it sounds sensible...

Except it is not. It is broken. Imagine my letter to "10 Downing Street, London", had in it, "Please can you send a letter to by friend at No. 7 Alice's Gardens, Wonderland" in it. This is inside the envelope. It is not the return address on the outside. This means the post room did not know about it. When the recipient gets the letter they try replying to the Wonderland address and it does not work as the post office have no idea where Wonderland is. Even if they know it is one of those magical addresses a lot of offices use, they would not know which office.

Well, some protocols that use IP (internet protocol) work on the basis of replies coming back to the sender address on the envelope. That means they work via NAT as the post room changed the reply address, and made a note for the reply.

Some protocols do this, but expect to be able to send replies much later and the post room have forgotten who was writing to "10 Downing Street, London" by the time these replies come back and don't know where to send the letter internally. SIP does this, so you can get a case where the phones work for seconds or minutes after they have been turned on or made a call, but later incoming calls don't work.

Some protocols send other addresses in the letter. SIP does this, a lot! SIP says where to send replies to the initial letter. Where to send things later (may be different) and where to send the actual call audio itself (different again).

Now, if you have a really smart post room, they don't just change the return address, they look in the letters and change the addresses quoted in the letter. But they have to understand hundreds of different ways people write letters. SIP is just one.

SIP is a specially complex because it includes addresses in the message in lost of ways. Getting SIP to work with NAT is specially complex too.

1. Some SIP phones are clever and they manage to get and quote "outside" addresses. There are various complex ways to do this depending on the router and firewalls involved.
2. Many NAT devices will rewrite the SIP messages and handle the SIP setup and registration and even call set up.
3. Some SIP phones can handle the audio using something called a STUN server to work out what sort of NAT is done.
4. Some SIP call servers (proxies) also break the normal SIP protocol and ignore the addresses quoted but instead reply to the return address they see which then works.

Sadly it is very hard for our call server to work properly with NAT without a lot of messing about. One of the problems is that the audio can be connected to the far end directly over internet protocol. This is best for reliability and performance reasons. Our call server only has to handle the actual call setup and not the stream of packets that are the call itself as they go direct. This means that to work with some types of NAT, every possible audio (RTP) endpoint would have to play the game to work with NAT. This is impractical.

The other problem is that the work arounds are dependant on several bits all working together. Our new call server works fine with NAT where the NAT router does all of the necessary header changes. But some that do not do all of the header changes and some cases with some phones, do not work. The work arounds depends on so many bits not following the normal design rules of internet protocol and bodging things. So change one bit and you have a different set of working and not working cases.

The end result is, for now, that we maintain some customers on the old call server. It has several bodges and also relays the media as well. This is one of the reasons it is not as scalable and why we wanted the new call server in the first place.

Longer term, we don't support NAT, but we do support IPv6. We plan to test as many phones on IPv6 as possible, and have our firewall boxes that handle IPv6 so that NAT is not needed.

For the non technical it is worth explaining one of the reasons people do NAT. It is because they only get one address. A whole office with one address (for the post room, effectively). So they have no choice. In fact what you need is every endpoint, even within an office or home, to have its own globally unique address (as per the original design of IP) and then no NAT would ever be necessary. IPv6 is a new system that allows every atom to have its own address so NAT should never be needed. Sadly some people will still find convoluted reasons to use NAT with IPv6 and they should be properly shunned by everyone else. Shun the NAT user. NAT is evil... etc.

Friday, 2 July 2010

The missing iPad sensor

OK, it is cool. Using the compass, GPS and accelerometers to tell how you are holding the iPad at the sky for the planetarium app is just awesome.

One thing they need (apart from a camera) is a cunning way to measure blood alcohol. Something that tests the sweat on your finger tips on the touch screen or something. Then you could have it automatically tag blog posts with BA level so people can tell how seriously to take them. Maybe something that won't let you post above a certain level and you have to approve when sober.

Would be a killer app IMHO :-)

Sorry

Well, it seems my rants on the status page have caused some high level "shit hitting fan" at our favourite telco. It was not done as a PR stunt in any way - it is out of sheer frustration to get things done right. The XML change to stop us sending faults back was really the last straw and had me swearing over the phone at them!

We are prepared to work with them at all levels - heck, we could sell them some of our kit even. At the end of the day we just want a working reliable network so we can give our customers the best service. Fighting them is not helpful for us or them.

So, I do feel sorry for my poor account team there. They work hard, and they try hard. They face the corporate giant on our behalf and a lot of the time they get the attention you might expect for a small ISP that is a thorn in their side - i.e. not a lot. Sadly it takes media attention, as has happened a few times now, to get anyone to take notice of us. We have to lead the way and other ISPs chip in. We have to go out on a limb and say what is going on in a public way.

The good news is that, in the aftermath, things do get sorted. We usually see some slow but significant changes in policy and attitude and things do get fixed.

At the moment we are seeing senior people in that company getting people involved to understand the issue and address it. To understand if the design is right or wrong or needs adjusting. To understand customer expectation. It's the focus we wanted, and it will take a few days to show any progress I am sure.

So sorry and thanks to Andy and Ian. Keep up the good work. Next time we moan, remind them of this and suggest that maybe it is worth listening. I hope we are giving you ammunition not grief. Have a good weekend.

Thursday, 1 July 2010

"Pure Solutions" are one of the phone spammers

This guy is amazing - he seems quite happy that he is breaking the law!

http://www.me.uk/2010-07-01-puresolutions.mp3

[Apparently plays badly in chrome or something - I'll try and clean up.]

Just to explain - the relevant law is The Privacy and Electronic Communications (EC Directive) Regulations 2003 (No. 2426) It makes marketing calls that start with a recorded message illegal without express prior permission. It makes marketing calls to TPS listed numbers illegal.

Link to this article please rather than direct to the MP3. Thanks.

Legal crap:-

Anyway, I cannot identify the guy and he would not give his name and it seems to be unlikely to me, as data controller, that I will ever find his name or personal details, and as such I do not consider this call recording to be personal information under the Data Protection Act in respect of the other party. I record my calls personally as I am entitled to do. It is my copyright and as is my right I give permission for people to copy this file, and laugh at this guy as much as you like - spread the word.

P.S. one exception to the above - any person acting or planning to act in any connection with any party wishing to pursue any sort of criminal or civil action against me is expressly prohibited from copying, downloading, storing, broadcasting, or any other action I can restrict, in relation to that audio file. Any such action is only agreed upon pre-payment of a £5000 licence fee per instance (which I may choose not to grant) and any breach of these terms is considered to be a loss of such licence fee by myself and so will be pursued through the courts or as a counter claim against any actions.

How not to fix a problem

Lets say you have a nice fault reporting system using XML.

And there is a problem - when notes are added by the reporter the people working on the fault can't see them. It means you get these strange "talking to a brick wall" exchanges where we reject a fault and add lots of notes but get replies which make no sense. The poor fault engineers have no idea why it is rejected and cannot see the detailed notes. It drives both sides round the bend.

Any sane person faced with this would fix the problem - make the notes visible. Simples.

But no! Big company answer is to change the system so you can no longer send notes - you now get an error telling you the notes have not been added!!!

OK, so you have to work around - send the fault back and email someone to tell them to add the notes manually. Ironically this works as the notes are in fact added, but it ties up people doing it and is rather silly.

Oh, and when you did the fix you also stopped the initial fault report notes coming through and also the "reason" for rejecting a fault coming through. We think that worked before.

So lets fix that - again sane answer is fix the actual problem, but no. The big company decides fix it by not allowing you to even reject faults any more.

So again, emailing a separate department not only to add notes but to clear the fault.

Dilbert is so true on the workings of large companies.