Thursday, 27 June 2013

4 million number tarpit for junk callers

So, we have lots of numbers that are available to call and not assigned. Last time I checked it was just over 4 million numbers. This is because we have numbers in every area code, and we bought a company that had lots of numbers.

I have set these so that calls from unknown calling numbers get a nice message to bog them down. Technically I have assigned them to myself as the subscriber, temporarily, so that I can answer the calls.

I am first playing a message that explains this, then sending a DTMF "5", and a "1" for good measure to get their system to connect to an operator. It does not string them along for very long, but enough to waste their time. Bear in mind these junk calls are completely illegal - not because of TPS, but because they are automated and start with a pre-recorded announcement without prior-agreement.

An example MP3

This may seem like a bit of fun, and in some ways it is, but actually it does have  more serious side.

Firstly, it is a good test of the new VoIP platform. It allowed me to find a number of interesting quirks that needed tidying up, and hence improve the system. It allows me to test a lot of calls of varying durations. Even little things like the fact we were getting a few seconds of silence at the end of every call, which I have now fixed.

Secondly, it was very interesting in terms of psychology of callers. We have had hundreds of calls that we have captured, and apart from the junk callers which have a pretty predictable reaction, we have had a lot of wrong numbers as well.

My message starts "hello..." and a nice pause, and that makes people think they have got a person, so they say something or ask for someone. Fair enough.

Then I state very clearly that they have called the wrong number, and that we are winding up junk callers. It's a recorded message, obviously.

For a start, pretty much everyone listens to the end of the sentence, even after it is very clear they have it wrong, and could hang up straight away. Maybe they are just being polite. Many hang up at that point.

Then you get people that try talking to me again, asking for a specific person, etc. They clearly have completely ignored every word I actually said and just waited for me to stop speaking. Very odd.

You also get people who hear me rattle on, and then the beep (DTMF 5) and then proceed as if it was an answering machine message - for the person they thought they were calling. They go on to leave a message. Again, totally ignoring what I actually said.

There are the odd few that say "fuck off" as well, of course.

P.S. Why not sign my ePetition to make it easier to get compensation from junk callers.

Wednesday, 26 June 2013

When is a beep not a beep?

I have voicemail on a number of lines, it is simply saying nobody is available to take the call, and then a beep.

However, we have started getting a new type of junk calls for debt management. Like many illegal pre-recording message calls they ask you to press a key to talk to them. That way they do not tie up operators with hang-ups and voicemails and so on. The key they ask you to press this time is 5.

So I changed the "beep" at the end of the message to be a DTMF 5. It's a beep, why not :-)

It worked. Not tying up much time, but better than nothing. I may have to see if I can light up a million numbers or so for a while to work like this just for fun.

MP3 Recording - best so far - well over a minute wasted

Update: The tar-pit is primed - I'll see if I get some nice calls to post indue course.

Sunday, 23 June 2013

Can "they" see what I am doing?

Can "they" snoop on my https (secure web traffic) ?

For many of us the details of how encryption works is a little over our heads. Whilst I understand the principles pretty well, some of the maths is still just out of my grasp. i.e. I know I have understood it several times when explained to me, and lost it a day later. It is strange being able to pinpoint one's limits quite so precisely...

So, I thought I'd try and tackle the tricky question I am sometimes asked, especially with the concerns over PRISM and GCHQ monitoring fibres and so on. If I am using https, can someone snoop on that? Can "they" see what I am doing?

The basic answer is no, but there are some caveats that are worth covering.

The concept of https is that you create a transport layer security link to carry your communications in a secure way. The whole concept of this is to stop anyone snooping.

End points see all

The first thing to be very aware of is that the two ends of the link see everything. This means that on your computer the communications are in the clear, and at the far end web server. This stands to reason, but is worth thinking more about.

For a start, this means that your communications may be logged on files on your computer. Importantly, if you have any sort of virus or spyware on your computer, that may have access to the communications. For the real paranoid, it means that the people that created your operating system, device drivers, possibly even hardware, could have planted ways to get at that data.

In practice, I suspect the biggest risk is some sort of virus on your machine. Keep the machine clean and you are fine. That said, why would a virus want to track you. Maybe it is a virus planted by "them"? I am sure if you are a "person of interest" then that is possible, but most of us are concerned about the general collection of everything we are doing rather than being specifically targeted.

Even so, do not forget that the web server sees all. You have to trust them. This means for things like social network sites, you may be using https to them but they see all, and could be telling "them" all. Do you trust the web site operator?

End points are trackable

The way https works is that the traffic still goes between you and the server. The hidden data is what is sent and received, not the addresses. So, any level of snooping on an Internet link can tell what servers you connect to. A server could have many web sites, so this may not be a big clue in itself, but see below on DNS...

DNS tells a lot

Before contacting a server, even by https, you need to do a DNS lookup. This gets the IP for the server.  If someone can log the DNS requests then they have a lot of clues about what web sites you are accessing, by name. This is more detail than simply the IP address, as above.

Diverting DNS used to be something that was vaguely possible by some clever attacks on ISP DNS servers. It was used mainly to try and target on-line banking. These tricks can be detected, and DNSSEC is already being deployed to stop that. Though, "they" may have access to DNS root signing certificates. This can be detected so any systematic tricks like this will be "outed" quickly.

Passive monitoring

There are two types of snooping to consider. What has been discussed in the press is passive snooping. This means obtaining a copy of the data as it passes by. It is called interception by the RIP Act. Legalities aside, passive monitoring cannot see what is going on with a transport layer security connection. I.e. they cannot see what is happening on an https connection.

Part of the reason for this is the initial key exchange done as part of the transport layer security. This is done in a way that means only the two ends can tell what the keys actually are.

There is, however, talk of "them" having root certificates. This is very likely to be true, and it allows active monitoring. But it does not help with passive monitoring.

Active monitoring

The rather more tricky way of snooping it active. This means that you are able not just to monitor things as they pass, but divert the traffic and change it on the way. This could mean actually diverting traffic, or simply diverting DNS in a way that means you think you are talking to some other server than you think you are.

If you have access to a root certificate it is possible to fake the signing and authentication that is used by a web server to convince you and your web browser that it is legit. Having done that, they can then connect to the real web server, pretending to be you. In between they can monitor the communications.

If they are very clever, they can do this without even making the IP addresses look wrong.

The trick with this type of monitoring is that it can be detected. It could be used for a specific "person of interest", and hope they do not notice, and have the legal orders to back it up if they do. It could not be done on a mass scale to monitor everyone - someone would notice. We are lucky that there are enough people "out there" that can see both ends of an https link and spot if the ends do not tie up.

Assuming the maths is good

We are making an assumption - that the maths is good. We can be pretty sure this is the case simply because of the sheer number of people that know the maths far better than I do. There is always a risk that someone finds a quick algorithm to crack factorisation, or one of the other basic "hard sums" that are involved, and there may be a small window of time where that trick is known to "them" and not public, but it is pretty unlikely to last long. We pretty much have to assume the maths is good.

The maths always has limits, and there are choices of algorithms. It is possible that what we consider secure today is not so much in 10 years. What we communicate now could be recorded and cracked with enough effort, maybe. All security has to be considered in terms of time and effort and not absolutes. But again, you are talking of the difference between trawling everything and searching for stuff, or "person of interest". At present we have no reason to think the encryption normally used on https can be cracked within years of concentrated effort, so pretty safe.

Conclusion

Basically, there is no way to tap in to what is sent and received on an https link, in the middle (without access to either end), in a way that cannot be detected.

Why worry? The best quote I have seen so far is: If you're doing nothing wrong, you have nothing to hide from the giant surveillance apparatus the government's been hiding.

Pharmacy advertising diabetic check ups?

I am puzzled by these adverts for a pharmacy advertising diabetic check-ups, apparently for existing diagnosed diabetics.

If you are a diagnosed diabetic, in the UK, you have regular check-ups with a diabetic nurse at your doctor's surgery. You get regular proper blood tests. You get free medication as needed. The NHS works well with this, from my experience.

I am not trying to knock the skills of the pharmacist here, but they seemed to be implying people may not be on the right medication in the advert. They seem to be having a go at the skill of the doctor and diabetic nurse. Why? Is there really a medical concern that people are on the wrong medication from their doctors?

It is not like someone with a cold or a some minor ailment where they pick their own medication, and so may well benefit from advice at a pharmacist - diabetes is much more managed than that and you get prescribed medication, and advice from a dietician, and so on.

If this was advertising for people concerned they may have diabetes then it may make sense - it will be a lot easier than going to the doctor and may catch people early (and recommend seeing a doctor as a result), but the advert seems to be for people who know they are diabetic and have concerns that they are not on the right medication. Very odd. If someone was concerned they can just ask their diabetic nurse or doctor. The pharmacist can't prescribe changes to their medication, so the only result of talking to the pharmacist is either a recommendation to go back to the doctor anyway, or to sell some extra medication that is not prescribed.

Is this just FUD (Fear, Uncertainty and Doubt) used to try and sell extra, paid for, treatments through the pharmacy. Next thing they will start selling placebos and homeopathy.

I am surprised that the advert is even allowed.

Saturday, 22 June 2013

Mistakes happen?

We can all make mistakes. Us, BT, or even our mutual customer can make one particular type of annoying mistake - causing a phone line to be ceased.

The usual mistake is that someone did not pay their BT phone line bill, causing the line to be disconnected, causing broadband to be disconnected. Of course, the story may be a tad different when we hear it, and we know of some genuine cases where, for example, BT start sending bills to an unmanned installation address and not the billing address. Of course, BT can also make a mistake, it happens. We even had a case this week where we made a mistake with the date of a cease (a system issue we are fixing to stop that happening again).

Now, when you make a mistake it is important to get it fixed quickly. For a PSTN cease the actual cease is mostly a paperwork exercise. Calls are stopped but the line stays put. This makes it quick and easy (and relatively inexpensive) to reconnect the line, reversing the cease. So whoever's mistake it is, the impact is relatively low.

The problem is that a broadband service relies on a working phone line, and the PSTN cease causes an immediate broadband cease. We do get told by BT, but we do not usually get any advance notice, so the first we know is the line stops working and the customer calls up.

A broadband cease is also mostly a paperwork exercise. The line and jumpering usually stay put, at least for a few days. So you would think it is also quick and cheap and easy to reverse that. Sadly not. For a start we have to wait for the cease to complete, then place an order. If we are lucky that can cause the line to reconnect within hours to a day. If we are not lucky we can pay for an expedite.

Unfortunately, there is a case where this is a tad worse. For FTTC (Fibre To The Cabinet) we cannot get the line reconnected. We are stuck with a 12 month minimum term on the ceased line, and have to pay the full install of a new line, with an engineer visit to the cabinet to rejumper to a new port, and to the premises to plug in a new modem and test. We then have a new 12 month term on the new line. It takes at least 5 working days, though an expedite may be possible to get to a couple of days at even more expense.

Of course, if the mistake really was down to BT, then the customer can expect BT to compensate them for the hassle and cost. To be fair to BT that is not usually the case. When it is, getting compensation is fun, as I understand it.

But we had an interesting one today where an FTTC was ceased. The customer, talking to BT, was told that BT can reconnect it all, including BT broadband. Customer seems to think it was some sort of mistake. If that is true, then this is a very devious way of poaching customers from other ISPs like us. Let's hope not.

More site blocking?

The BBC have an interesting article yesterday "Premier League seeks ISP site block in piracy swoop".

Basically, the Premier League has asked major UK ISPs (not A&A) to block FirstRow1.eu which operates from Sweden.

This is very different to the Pirate Bay blocks, from what I can see, though, as you know, I am not a lawyer. The Pirate Bay were (allegedly) encouraging / facilitating copyright violation by its users / visitors. The idea is that the files on The Pirate Bay provide means for people to download and upload and share illegal content, even though The Pirate Bay themselves don't host, upload, download, or distribute such content itself, as I understand it. The injunction was to get relief from the effects of the illegal activity of the users.

But what is happening here?

Are FirstRow1.eu breaking the law?

Well, reading their site they obviously think not. They are providing links to streamed videos. This is just linking. They have a published take-down notice procedure, of which I am sure the Premier League could make use. If they are breaking the law then it is a simple matter for the Swedish authorities to take down the site, surely, or at least for the Premier League to get an injunction against the hosting company in Sweden?

Are the ISPs breaking the law?

Well, no, they are mere conduit. As an ISP I am very concerned that ISPs are getting dragged in to these disputes. Sadly mere conduit, whilst protecting ISPs from liability for the communications content, does not protect against these court orders. Maybe it should. As ever, the fact that these ISPs have blocking systems in place makes court orders easier.

Are the end users breaking the law?

This is where it gets interesting and potentially very different to The Pirate Bay. Due to a recent ruling, simply accessing a web site is not within copyright law, even where content is stored transiently in memory or hard disk as part of that process. So, clearly, viewing a streaming video is not breach of copyright by the party doing the viewing, just as reading an illegal copy of a book is not breach of copyright by the person doing the reading.

So what is this?

This is a company asking the courts to order some UK ISPs to block a web site they don't like. A web site that simply has links to other sites which they don't like. Surely all of the links in question will also be on google? If the courts can block FirstRow1.eu, surely they can also block google? When does it end?

Or, perhaps, as the article suggests, the ISPs in question have a conflict of interest and would like to block the site, making the court order a perfect excuse. I don't know.

From reading the article, the order has not been made yet, but the ISPs have (apparently) said they will not challenge it. Surely this breaks any concept of net neutrality, something the EU seems quite keen on right now. And how long before people don't actually bother with the court order, they just ask ISPs to add sites to the blocked list with no checks and balances at all?

We said slippery slope when all this started back when it was just IWF blocking. I think the slope has become more of high speed water slide.


Friday, 21 June 2013

Challenging spammers - and winning!

OK, I do not know what to say... This is the email exchange, slightly edited and top/bottom post mix, but you get the idea... I am flabbergasted, I really am.

Good Morning Adrian
 
Please accept my most sincere apologies for the email below, I was trying to use some initiative in my workplace.
 
I was not aware of this clause and I am grateful you have brought this to my attention.
 
I will send you the £10 as per your email.
 
I hope you accept my apology.
 
Healthy Regards
 
Chantelle *****
 
-----Original Message-----
From: Adrian Kennard [mailto:****]
Sent: 18 June 2013 17:01
To: Chantelle ****/Sales/****
Subject: Re: newly incorporated data

On 18/06/13 16:50, Chantelle ****/Sales/**** wrote:
> Good Afternoon
>
> What would you say if I said I can provide you with a data list for
> your company to build your business back up in the current difficult times?
> Anything from brand new companies to established companies.

I would say that you have just transmitted an unsolicited communications for the purpose of direct marketing by means of electronic mail to an individual subscriber contrary to section 22 of The Privacy and Electronic Communications (EC Directive) Regulations 2003, and that you now owe me damages as per section 30 of those regulations.

I look forward to payment of £10 to cover my damages within 14 days or I will issue a county court claim against you without further notice.

Send payment to 20-16-99 ******** reference PECN00042

Thursday, 20 June 2013

Dealing with Leodis Sports Management Ltd

Update: See the end of this post, and extra comments added in [brackets]
Further update: The tickets did arrive and we had a fun day
Further update: They refuse to refund the full booking fee now

It is not often I am caught out, but this is one occasion that I was, and I have to say that I would suggest, in my opinion, that you never ever deal with a company called LSM (Leodis Sports Management Limited).

We have arranged, what I hope will be a fun event, for staff. A trip to an F1 race.

We agreed the price and details on the phone, there was some "urgency" implied (limited availability, etc) and a discount agreed.

The paperwork comes through, for signing. I made the fatal mistake of not reading it all. Always read the small print - ALWAYS! We had, after all, agreed the price, and we knew what we are getting. We have the invoice with the total as agreed on it. We were only being asked to pay what was on the invoice. The invoice did not say "deposit" or any such to indicate it was not the full amount.

They have a term buried in the second page of the small print that a ten percent "booking fee", on top of the agreed price, will be invoiced separately four weeks before the event. [By small print, I don't just mean the print was actually small on the paper copy I signed (it was) but that it is in with a long list of other detailed terms, known as "small print".]

Hiding something as important as a 10% price hike in the small print, not including it in the original quote or invoice or payment request or phone call, but waiting to get paid the bulk, non refundable, amount before then telling you, and before handing over the tickets. That is seriously underhand, in my opinion.

What worries me now is whether the whole thing turns in to a scam somehow. [It was not]

At this stage we have no choice but to pay. Then we start digging out the call recordings and emails. If this was sold on a misrepresentation it may be worth suing. In any case, I am really kicking myself.

[Update: We queried this and were told that it is as per the contract terms. Then I said I had listened to the call recording and confirmed that I had agreed the total price "all in". Now they have replied offering a refund of the extra charge. They have now gone back on their word and are refusing to refund the booking fee in full. I still think the way this was done in the contract terms is underhand, and an important lesson of read the small print but the other lesson here is keep the call recordings :-) So if you choose to deal with these people make sure you are very very clear on the terms. I'll report back on the event itself.]


Monday, 17 June 2013

As seen on TV


So, we got a call on Friday afternoon from a researcher at Sky News. "Would I like to come in for an interview on Sunday?" Well, why not! It would give me a chance to make some of the points I have been making here.

It is my first time being interviewed on live TV. It is on a slightly tricky topic - how to explain that ISPs should not be filtering content without (a) sounding like a nutter, (b) sounding like I support terrorists or child abusers.

I was not really nervous as such, but keen to ensure I was prepared, running through every argument in my head and making sure I had good answers. I had no brief apart from the fact it was about the culture secretary calling ISPs to a meeting. I did not know I was to be there with someone else. I could not even be sure the interview would happen - after all, in live TV news I am sure plans change quite quickly.

I have to say the whole process at Sky was very efficient. The taxi messed up, twice, but they got me there for around 6 minutes before we were on air, got me a glass of water and a few seconds in make up, walked on to the studio in a commercial, mic'd up, and ready.

I got maybe 10 seconds of chat before. It was clear that the interviewer also did not really know what the agenda of this meeting would be, unsurprisingly, so we all agreed that terrorism was the most likely.

I was pleased that she was not really adversarial, though I think she was hoping I would me more controversial than I was. None the less, I think I was treated well and I'll be happy to do this again.

It was a bit strange though afterwards, as I really was not sure how well I had done. I had run through questions so many times in my head that morning I was not really sure which points I'd managed to make - nowhere near as many as I had hoped, obviously. Watching it when I got home I think I did OK.

What was rather nice was all of the tweets, texts, facebook messages, and emails, from friends and colleagues. My phone was beeping like mad on the way home. I'd like to thank everyone for their feedback.

So that was my 7 minutes and 33 seconds of fame. I guess I have 7:27 left :-)

[youtube]

Sunday, 16 June 2013

Should ISPs be doing more to block harmful content

"Maria Miller has blasted the UK’s top ISPs for taking a soft approach on censoring pornography and terrorist content. The culture secretary has reportedly called a meeting with representatives of BT, Sky, Facebook and Twitter in bid to force the companies to be more proactive in their blocking of harmful content."

Think of the children?

It is not clear exactly what the agenda is here. If this is just a matter of "think of the children" then clearly, as said by the culture secretary in September "keeping children safe online should be the responsibility of parents, not ISPs". There are already ways for parents to configure parental controls on their computers as well as free and paid applications and services that offer lots of control for parents. There is no problem to solve. ISPs are there to provide communications, to shift packets, not look at the content.

Nanny knows best?

So, we have to assume that the agenda is more "nanny state". The government thinking that British citizens are not mature enough to make their own decisions, and that the state has to protect us. I find that attitude somewhat insulting, personally.

I am assuming here that we are talking about legal content that is expressing extreme views somehow, as if it was actually illegal it should be taken down at source.

Let's burn books

What is "harmful content"? Information is information, and is not itself harmful. It is what you do with it that could make it harmful. Just because you do not like the information or the views of others, not matter how extreme, is really not a reason to start burning books.

There is also the question of what to block - what if this harmful content is expressing a religious view? Are we happy to ban religious or even political views being expressed?

Standing up to bullies

There are a lot of problems with all of this, but how exactly could the government force filtering on the major ISPs? It could be done using legislation or by bullying the larger players with the threat of legislation. I was always told to stand up to bullies.

No controls

If ISPs are bullied in to providing filtering themselves then we end up with a system that is totally uncontrolled. There is no recourse when a site is incorrectly blocked. There is no review, or oversight. This is bad.

The only good thing about not using legislation is that AAISP can continue to offer unfiltered Internet access to those that want it.

Changing the rules

For this to work at all, it has to be acceptable for someone to intercept the communications between two other parties without their consent. That is meant to be illegal. You also have to throw away the ideas of net neutrality if you allow ISPs to treat different information on The Internet differently, blocking some and allowing others, especially if this is not done by legislation.

Over-blocking

The other problem is that blocking has side effects. It is one more complexity and one more thing to go wrong within an ISP network - there was a case where wikipedia access was seriously affected because of child abuse image blocking. But a far more serious issue is the mis-classification of web sites. This is something we already see with mobile operators that block "adult content" by default. Web site owners do not even know they are blocked, and when they work out what is happening they have no way to address the issue, get correctly classified, and get the block removed.

Blocking is ineffective

The other problem is that blocking is ineffective. This can easily be seen by the court ordered blocks on The Pirate Bay. There are web sites dedicated to listing the hundreds and hundreds of alternative names, proxies, and mirrors that exist to allow access to The Pirate Bay bypassing the blocks.

Blocking harmful content will not work - if someone wants content to be seen then it will be seen, and adding the tag of "what the government does not want you to know" just makes it more appealing.

Thin end of the wedge

Getting all ISPs to block any content, even content everyone agrees is bad, is the thin end of the wedge. It is easy to see how the blocks can extend to extreme political views, or just wrong thinking and how any government can get to that by small justifiable steps. But even without this level of paranoia, there is the risk that corporations can ask courts to add blocks as seen by The Pirate Bay orders.

Free speech

This biggest issue here is that we are considering another step to kill free speech. Free speech is a cornerstone of a free and democratic society, and the first to go in oppressive regimes. If we are considering state mandated censorship of The Internet then we are taking a big step and letting the terrorists win.

Have terrorists won already?

I wonder sometimes if they have already won. I was shocked to realise recently that when I go in to London, and take my big camera with me, I am not at all worried about being a victim of a terrorist attack, no, I am worried that I will have to argue with some policeman about my right to take pictures in a public place. Who is causing concern in that case? Who is causing terror? Who is the terrorist?

Doing the right thing

We should stand up for the freedoms we have fought hard to win and not change our ways at the whim of terrorists. Free speech means we see the good and the bad - we see the extremists but we also see the majority with the sane view and sensible counter arguments. I think we grown up enough to tell the difference without a nanny state watching our backs.

Saturday, 15 June 2013

Nice

A bit early for Father's day, but nice.


Thursday, 13 June 2013

Late payment penalties

The concept is simple - if you pay late you pay penalties / interest.

With BT the application is simple too - it is just interest, and based on how much and how late. Simple. Well, it should be.

The issue is that they make lots of mistakes, and the terms allow us to withhold payment of disputed amounts, so we do.

Lets invent an example...

Lets say our January bill is £1100. But £100 of that is wrong, and disputed, so we pay £1000 and dispute £100.

Months later BT finally agree the dispute, and give a credit, lets say on July's bill. So the July bill normally £1000, is less the £100 credit so is only £900.

But as the dispute is finally resolved we need to pay the full £1000 for the July bill, as we have already taken the £100 off our January bill payment. Paying only £900 in July would be withholding the dispute twice.

The issue is that BT get the £1000 payment for July, but the bill is only £900. So they allocate £900 to July, and allocate £100 to the old "under paid" January bill.

Then they decide that £100 of the January bill was paid 6 months late and work out late payment for £100 for 6 months.

Of course, this creates a slight vicious circle, as we are now disputing the late payment charges, and, as per the contract, withholding payment for those charges. BT will take months to even understand the problem with these charges and so take ages to resolve that dispute before applying a credit. Rinse, repeat.

Arrrrrrg!

Drinking problem?


Well, they got a tad worried when I got a lighter. Then I got the bottle of meths...

But not to worry. There is method in my madness.

The trick with sealing wax is to melt it over a burner. Using the stuff with a wick is not bad, but you get soot in the wax and it takes ages to drip the right amount.

The other trick is something to stop the seal sticking. One method is a moisture barrier (breath on it), but that was not anywhere near as effective as a small amount of bike oil (some stuff called WHite Lighting Eipc Ride light lube!). It leaves the seal a tad shiny.

But yes, the A&A logo is now in brass, and wax!


The never ending hunt for CPE

So, we are trying the D-Link 320B.

It is a crap router - sorry - it is horrid. It seems to be really full of security holes, subject to DNS amplification attacks, all sorts. It tries to do lots of features (even URL blocking). So, we won't be using them as routers. They may be better with later s/w but I had to argue with my techies to even consider them, understandably.

However, some good news :-
  • Cheap
  • Annex A and M
  • Work in PPPoE bridged mode
  • Safe from external attack in PPPoE bridged mode, obviously
  • Allow 1508 PPPoE bridged, so 1500 byte MTU connections on BT, TT, and BE
  • Seem to sync better than the ZyXEL P660 which is what we used to use
So, as PPPoE bridges they are perfect. They sync well, just work, are interchangeable, and work with FireBrick routers perfectly.

So, how to solve the problem that someone could reset them in to their horridly broken mode somehow? Simple, a nice solid sticker with 3M adhesive on the back...

Longer term we'll try and get the GPL code and set them so they can only bridge.

P.S. just to clarify, what this does is handle "Ethernet Bridging" which uses LLC headers and bridges to a logical Ethernet segment on the far side where you can talk PPPoE to the BRAS.

Wednesday, 12 June 2013

Taking OFCOM out of the loop

I wonder if we need to take OFCOM and even the ITU out of the loop for telephony.

We can already make and receive calls in a variety of ways that have no OFCOM or BT or ITU involvement. Not just skype and FaceTime, but direct SIP URIs. I have added SIP URIs for my own telephony to my business card, and set up the office to handle sales, support, accounts and some direct staff calls via SIP URIs.

Such calls are made as a direct SIP call from one device to another which works just like any other IP based protocol like web pages and email. There is no telephony telco in the way to log the call or charge for it - it is just IP packets. So no Data Retention Directive logging of the call at all. That is good, yes?

The real trick is making a number range for this - using enum style DNS it is possible for a registrar to set up and sell or give numbers under a numbering block. I'd like OFCOM to allocate that, ideally UK block 04, to a registry which will hold SIP endpoint addresses and end user direct registration of numbers.

This eliminates all of the number porting issues as numbers are owned by the end user by contract with the registrar. No porting is needed! But telcos could manage that for users to make it easy.

This would be settlement free in that any caller can make a direct SIP call, but a telco could charge (lets say) same as 01/02/03 retail price to hand over calls and a legacy SSL7 interconnect could charge the same as 01/02/03. That would allow clean interworking as many telcos could offer to route 04 numbers for a tiny fee but clued up telcos can route directly and end users can bypass their telco and route directly. Those that pay are those using old fashioned analogue phone lines and ISDN and then just pay the same as normal geographic calls.

But lets assume for a moment that OFCOM won't play - what is to stop a consortium of VoIP providers from doing this anyway - making a simple registry for numbers within an existing space, such as UK numbers starting 04?

Well, as far as I can see, nothing. It would not link to BT and traditional carriers, but would work via any VoIP provider signed up to the scheme and would not cost them. If the scheme allows charging for calls the same as 01/02/03 at retail, then why would any VoIP carrier not go for that? No ongoing cost apart from IP transit, and paid for calls?

I think the first step is a meeting with OFCOM on this - it would be radical and forward thinking - both things OFCOM are not known for. If OFCOM did go for it then it could be officially under the e164 enum domain and maybe the likes of Nominet would be a good registry to manage it.

I think we need meetings of the stakeholders involved to make this happen.

Replacing A&A mobile service

The loss of A&A mobile phones was a bit of a wrench. I have been used to having a mobile that works with the phone system properly, busy lamp fields, call pickup, and so on.

So, I have been looking for a replacement. It is possible to use a data SIM in the iPhone, but with our data SIMs the texting does not work, so only iMessage. We use texting a lot for nagios, so I had to get some simple contract and there are some that allow lots (unlimited even!) data.

So, can you use SIP on an iPhone over 3G?

So far the answer is yes! There are a lot of SIP clients that seem tied to specific SIP providers. But this one "3CX" was the first when I searched for SIP and rather shockingly seems to just work.

I have turned off STUN, NAT helper, and echo cancellation, forced a-law audio (probably unnecessary), and registered to my FireBrick. The NAT helper and STUN has to be off so that the FireBrick sees it is NAT and does the needful, but then it does work.

The result is a phone that, well, works. The audio quality is perfect (only tested from my house where I have good coverage). Ironically there was some initial break up when using WiFi but on 3G it was faultless. The NAT keep alives work. The app switches WiFi and 3G cleanly, re-registering. Not tried taking a call on WiFi out of range, that would be a challenge I expect, though I may be able to do some sort of call park I expect. I can hold and call transfer cleanly. It means I can record calls (though the app offers that as well!).

I can arrange for incoming texts to relay to the phones "real" number, leaving me only with outgoing texts not using my normal number. Apparently if I had an android then there is an app for that too :-)

Of course, the nice thing is, I can set incoming calls to try SIP and fall back to calling the mobile number. That way I get the best of both worlds.

I'll see how it goes, but so far I am impressed.

Update: Some maths. If we used a data SIM which we charge 2p/MB+VAT for, an a-law call is 160 bytes a-law plus 12 bytes RTP plus 8 bytes UDP plus 20 bytes IP, so 200 bytes each way per 20ms, so 20KB/sec usage. That works out 1.2MB/min which is 2.4p/min for the mobile leg. That is not far off what we did before. Shame data SIMs can't handle text else this would be a very close solution.

Monday, 10 June 2013

Shouting at the TV

This has to be a sure sign of getting old - Sandra made the mistake of putting the news on TV. What can I say.

Contradictions and annoyances abound...

I love the quotes from parliament - accusations of using data on UK citizens gathered from US are unfounded, and any such data gathered is subject to strict oversight. Well, which is it? Are the accusations of gathering such data unfounded? Or have they gathering such data (subject to strict oversight)? Arrrrg!

They are saying they are claims that GCHQ acted illegally. I thought the claims were that they did this to bypass the law - i.e. acted legally in a way that allowed them to do what they are doing, but that what they are doing is bad.

Then some nutters jailed, and the judge blames "extremest" views available on the Internet. The butters shouted god is good or some such. It was religion that was itself the extremest views that caused them to do what they did (as well as being nutters), yet we routinely allow religion to indoctrinate people for millennia and even make it a protected right in EU law. I assume they mean that they don't want "other people's" religion to be available as they are extremest - right - that'll work. Arrrrg!

Clue bat

So, I took the clue bat round to one customer this morning. Explained that the telephones were doing exactly what they had in fact asked for :-)

I then felt rather guilty as they actually asked me to go over to give us a rather nice present.

The next AAISPISSUP we have, I may have to open it and share it around.

Aged 28 years, 58.4% ABV.

It is nice to know that some customers do appreciate the hard work. Thanks Daryl and Guy.

Sunday, 9 June 2013

Tesco Express

I was moderately impressed with the Tesco Express at the top of the hill by Savoy Place on Saturday. I was at ORGCON2013 at the IET, which is an nice venue, but they ran out of food. Yes, they got more later, but not before I went for a walk.

It is a small shop, and a sensible selection of Tesco goods, mostly centred on the snacks, as you may expect, but pretty good.

What impressed me was the checkout which was one whole wall of self service tills and one person supervising - yes, a shop with circa 8 tills and one person. It was efficient. No queue.

Except for a tiny detail. The tills were more compact that normal stores, as makes sense, and were a row of bagging/basket and till alternating. I did not read the big clear signs, and as I did not have a basket for three packets of crisps, I put them on the basket area, not the bagging area. D'Oh!

So, the till sensibly told me I was an idiot. It said, in text on screen "place item in bagging area" and spoke to me to say this, and even did an on-screen animation of a shopper placing items in the bagging area.

This is good, as the animation and text and audio covers blind, deaf, foreign, and stupid all in one go.

Except! The animation clearly showed the shopper placing the items low down on the right, as per the full size self service tills. This was confusing as I had placed low down on left. The design was such that it seemed "left" was the obvious side, but in fact the bagging area was higher up on left. I even tried falling for the animation putting on the right, low down. I was put right by the one supervising shopkeeper. I was not alone at that instant in my confusion - correcting numpties not reading the signs seemed his main job.

Why have wrong animation?

I can't help feeling the people making the tills have animation that works for this, and it is a simple config issue. Some software designed is cringing reading this, maybe. I bet the shopkeeper spends all day correcting people and either has no interest in reporting the error or no means to. As you go up layers of management or franchise you may find people uninterested in fixing this minor issue. It probably causes annoyance and wastes time every few minutes of every day in thousands of shops - but nobody cares enough to say so.

Amusingly, whilst looking for an image for this post I found one showing bagging on the left, albeit low down, which makes me even more confident they have animations for every physical configuration if only someone cared enough to fix it in this case.

Ultimately the world needs more OCD. Then stuff would be just right. Though I was told OCD should be CDO to be in alphabetic order, as it should be. Sorry if anyone if offended by that but it is my blog :-)

Saturday, 8 June 2013

ORGCON2013

Thanks for everyone who visited our stand at ORGCON 2013.


It was an honour to sponsor the event. I manned the stall the whole time so did not catch any of the talks, sadly, but I understand they were good, and we got the chance to ensure many of the staff heard the messages and understand the mission of ORG.

Thanks for the "I recognise you from The Internet" from one young lady, and the many comments of encouragement from all. We are determined to stick to our principles and challenge laws and courts that may try otherwise in anyway we can - and importantly we aim for transparency in what we do.

We hope you enjoy the free pint glass. If you did not managed to get one, do say when ordering service and we'll make sure we send you one. I am glad everyone like the "clue bat", but we have taken back to the office in case we need to apply it to BT or any other suppliers...

Friday, 7 June 2013

Now, that's a sign!


Same trick as yesterday - 1Dx with 24mm T&S, on tripod, almost level too :-)

Only they took longer. We left them to it. I came out and looked and said "you know that is not centred"... Well, that added another hour or so to take it all down and do it again, and meant well over 10,000 images before we ran out of a 32GB card. Got some final images after transferring a few hundred and deleting. I should have scripted image transfer and delete as well!

Now to find how we make over 18,000 images in total in to a time lapse video.

Still, I am well chuffed at the new sign.

SIP Arrrrrrrrg!

Well, we finally have the plan for handling SIP on multiple servers working. I think.

It is rather frustrating, as there are so many things in SIP that should work, and in practice they don't.

The latest was that we were using 302 redirects on registrations, and A, AAAA, and SRV records on DNS to steer SIP sessions and registrations to the currently active servers.

This mostly worked, but a few phones simply did not understand the 302 redirects on a register. So we created an alternative host name starting no302 for those as an exception. They would register pot-luck on any active server, and get an error if it was not currently active forcing them to re-check DNS.

Sadly we seem to have found a further stupidity where a phone does understand and follow the 302, but then will not accept calls from the IP of the target of the 302, only the IP it originally contacted. WTF?

So we have changed to not use 302s at all, except those same phones insist on registering on the previously advised temporary redirect now matter ho much we re-register, etc. Ended up power cycling the phones.

So we have :-
  • Phones that do not follow 302 redirects at all
  • Phones that do, but treat it as very permanent (until power cycle)
  • Phones that cannot be redirected back to the configured host name
  • Phones that hold DNS answers regardless of specified timeouts
What we have ended up doing is remove registration state from the call servers and put in the database. Now, a call to a registered phone is first directed to the call server on which it registered, and then from there sent to the phone. For multiple registered phones on the same number, we send calls as needed to other call servers as well, so allowing this to "just work".

At least we finally have a reasonably scalable solutions. Removing state from the call server means we can also do maintenance a lot more easily.

Thursday, 6 June 2013

It's a sign


We have been having a fun time with re-branding. The old "ANDREWS & ARNOLD" logo and the "aaisp.net" logo have been with us a long time, and for the first time we have gone for a new logo. It is not just for Internet services, it is for all "A&A" stuff. So time to put on the office itself.

This is the end of the office, there is another to go on the front of the office tomorrow. TTC signs seem quite good at this.

I used a Canon 1DX on a tripod with a T&S 24mm L lens, placed horizontally and shifted up to frame the building. It was set up with manual focus, ISO, aperture, exposure (+1), and white balance. I set the wifi module to WTF server, and used curl on that.

You can access the camera using http authentication (-u in curl, and -L to redirect), and a cookie-jar setting. Then you can do a simple GET on /api/cam/rmt to make it take a picture. A simple script took a picture every second on the second. We took 8701 images of the sign going up. I went for "S" size (4.5 Mpix) using best quality JPEG. The battery lasted, to my surprise, as did the CF card. We plan to combine them in to a time lapse movie which we'll post later.

Tomorrow we'll do the same for the sign on the front of the building.

I have to say that the end result looks look pretty professional. People will have no trouble finding us now.


Ah, the video is not all it seems...


Protecting free speech will never be completely free of risk

http://www.independent.co.uk/news/uk/politics/government-to-order-internet-firms-to-block-terror-sites-and-pornography-8646545.html

"Internet and telecom companies will be ordered by the Government to block “harmful” content such as extremist material and pornography in the wake of the Woolwich terrorist attack and killing of five-year-old April Jones."

That article cites two cases. Even if there are 10 times as many cases and even if they are all proved beyond a shadow of a doubt to be people that would have been totally sane if not for access to unsavoury material via the internet, as opposed to just "nutters", you probably have fewer deaths and injuries than result from vending machine accidents.

Can we not have governments that show some degree of proportion here?

The risk to free speech must outway some of the risks from the occasional nutter, surely.

We have already seen cases where the "think of the children" use of filtering, for child abuse images (IWF & Cleanfeed), has suffered feature creep to other areas, and can so easily extend to "wrong thinking". We have already seen this act as a "foot in the door" to force ISPs to block access to other web sites via the courts.

Before you know it the Internet is censored, and we are simply arguing about the level of censorship. Once you start down this road every incremental step can be justified, and none of it actually stops people communicating if they want to.

Tuesday, 4 June 2013

On-line Safety Bill, yet again...

Really, this is proper "Nanny state" stuff.

On-line Safety Bill

Creates some interesting crap. Lets hope that yet again it does not get through.

On the ISP we, we already ask customers to confirm they want an unfiltered service when they sign up, and we already ask customers to confirm they are 18 or over. So every customer has already opted out and already old enough to access an unfiltered service. That is good.

However this latest attempt talks of OFCOM accredited age verification process. Great! So we'd have to run all customers through that. What fun.

But it would allow us to continue to run the service we run, and not have to faff with filtering. Good!

I note, also, there is nothing on pricing. If something meant we had to offer a filtered service there is nothing to stop us saying that it is available for a £100,000 set up fee. I suspect nobody would opt for such a service at that price, but if they did we could set up their own BT WMBC link and filtering box just for them. It is probably not even an "unfair" price for that.

There is another problem though: “electronic device” means a device that is capable of connecting to an internet access service and downloading content;  and Manufacturers of electronic devices must provide customers with a means of filtering content at an age appropriate level from an internet access service at the time the device is purchased.

That is a problem. My SIP phone can download content. My alarm system can download content. Indeed, almost any IP/net connectable device can download content even if only its own s/w updates. And all of these devices have to have a means to filter content. Actually, oddly, the devices do not need to have such a means, just manufacturers have to provide customers with a means. I guess that could mean FireBrick Ltd providing customers with a voucher for some windows content filtering app to run on their PC. So maybe the wording is not too bad, just completely stupid. It is also stupid that devices have to have filtering and the ISPs must offer filtering. Why both?

Monday, 3 June 2013

Worth a try...


Spamming companies is not really covered, but my company email address is delivered to my personal email address, so I, as an individual subscriber get the email transmitted to me, at their instigation. So I think we are covered. Should be fun.

Saturday, 1 June 2013

What is "smart dual band"

Does anyone know what "smart dual band" is exactly?

BT say that *ONLY* the BT Home Hub uses it?

Is that true? If it is simply a matter of a dual band WiFi (e.g. 2.5GHz and 5GHz) then there are loads of wireless access points that do that.

But it would help to know what "smart dial band" actually is first.