Friday, 30 August 2013

Bread

The problem with a nice fresh Salt & Pepper or Tiger loaf from Tesco is cutting it. It is so fresh and light that the bread knife squashes it flat. The pre-cut loaves are OK, but I prefer cutting my own fresh loaf of bread.

So I got a new bread knife today. Went in to Bentall's in what is left of Bracknell Town Centre.


OK, this is like a hot knife through butter - serious bread knife. Even a fresh loaf does not get flattened by it. Well worth every penny of the £34 it cost.


P.S. Toasted, with real butter, and, of course, marmite... Silly question

Thursday, 29 August 2013

Helpscout: Data Protection questions

There are a lot of aspects of the Data Protection Act, or more specifically the way it gets used, with which I disagree. It is very much like the Health & Safety laws, conceived to tackle factory accidents, and turned in to a crazy industry protecting you from paper cuts in offices. The DPA was there to tackle the new usage of computer based databases of people's details which were being collected and sold - mainly around credit reference agencies. Now the DPA gets applied to all sorts of things, and get used as an excuse for much more.

On one of my mailing lists I came across a slightly worrying story which is where DPA usage and ICO views may make sense, perhaps. So, all of this post is based on what I have seen reported on the mailing list and not first hand. However, it does raise a few questions.

The issue is around a product called Helpscout. It appears to be a customer support system for handling incoming emails to a support desk and tracking them properly. As with many such system there are a lot of features and a lot of bloat, as I understand it. One of the clever features is that it looks up email addresses on various social networks, e.g. facebook, twitter, and so on, and collects publicly available personal information and associates it with the ticket. It means people handling the ticket get a wealth of information about the originator automatically. You can see how they think it is a good idea. For some people it could be very useful, I am sure.

There are, immediately, some issues. It means users of this system are collecting and processing a load of data which they don't actually need. That goes against one of the Data Protection Principles. In this particular case the user did not want the data either. So first question revolves around the collection and use of such data which is public information (published on the likes of facebook). Is that valid? To be honest, I don't know, after all, at any time, you could go and look up details on facebook yourself, so how is copying it to your own database any different? From a DPA point of view it may be valid or may not be, no idea. The suppliers of the system are adamant that it is valid to do this in the UK. They even said "In the end, neither you, nor I, nor the IC's office (probably not the person you talked to) would be considered legally qualified to make a judgement on the matter."

But the far bigger issue is that, in checking with facebook, etc, the system sends the end user's email address for the search. So it means facebook, etc, are told a new email address, one they may not even have seen before.

So this raises the issue of whether an email address, on its own, is personal information. I believe this is one of those grey areas even for the ICO. Of course, the very fact that it can be used to extract all of this useful data from social media kind of proves it is! I think the general view is an email address like adrian.kennard@whatever is personal information, because it has my name, but as Paul in my office points out, if he was to use adrian.kennard@hisdomain then that would not be personal information as it is not his name!

The problem, as ever, is that one bit of information is often not personal information on its own, as it is not able to identify an individual. E.g. "Eyes: blue" on its own is not personal information. But associate it with an name and address and now it is. It is all about linking things together that makes the collection of information and associations in to personal information. So protecting something which, on its own, is not personal information may be important.

Of course it is not that simple, in this case it could become sensitive personal data if the social media sites work out where the requests are coming from. It sounds like the system pipes the request through yet another third party so they don't, but all that means is that another third party can tell instead of facebook. The particular support system is being run for a gay website. Now, associating an email address with visiting a gay web site surely must count as personal information? It could easily lead to targeted adverts to friends of the person. I know many people are quite open about their sexual preferences, but they have the right not to be if they want.

Sadly the providers of Helpscout seem oblivious to this issue. They refuse to allow the feature to be turned off and are adamant that it is 100% legal in the UK. Apparently lots of other companies use it.

It seems the site will be dropping them because of this, and their intransigent attitude.

Tuesday, 27 August 2013

Fun with numbers

Well, OFCOM are fun at the best of times, and one of those is the way numbers are allocated.

OFCOM require communications providers to use numbers in the National Numbering Plan in accordance with restrictions defined in that plan.

One of the restrictions is the use of 071 to 075 inclusive and 077 to 079 inclusive as Mobile Service which is defined: ‘Mobile Service’ means a service consisting in the conveyance of Signals, by means of an Electronic Communications Network, where every Signal that is conveyed thereby has been, or is to be, conveyed through the agency of Wireless Telegraphy to or from Apparatus designed or adapted to be capable of being used while in motion;

Now, OFCOM have made it clear they mean every signal in that. The idea that any call could terminate on a VoIP service was not acceptable. We did eventually get 07 mobile numbers, but they were very fussy. We did have mobile SIMs via Three which was on the 07 numbers.

But when we lost the mobile SIMs for voice, we asked OFCOM to confirm our plans were acceptable. We said we would only use 07 mobile numbers where the call was diverted to another operators 07 mobile number (who would also be compliant) and as such we complied. We also suggested we would route to SIP devices using DECT or other Wireless Telegraphy. OFCOM were not convinced and wanted to take away our 07 mobile block.

We then said "what about SIP devices on mobile phones via 3G data and SIP", that definitely meets the rules. No reply yet.

We know that all mobile operators break the National Numbering Plan, and hence General Condition 17.4 and hence the law (Communications Act). They provide call forwarding to a land line, and voicemail, and some even have call centres on their 07 mobile number range. All such uses are outlawed.

The latest O2 advert for "Tu go" is interesting. It appears to talk of VoIP services using 07 mobile numbers for SMS and voice on devices connected via WiFi, and even PCs not even connected via WiFi. This is almost identical to some of the ways we propose using 07 mobile numbers.


We have written to OFCOM to confirm they have relaxed their rules. We await reply.

Just to add to the fun, the latest breach we have found is Psychic Living, selling psychic readings on 0300 466 0000. AFAIK they are not a charity or non profit, but OFCOM rules for 030 are: Non-Geographic Numbers charged at a geographic rate: to be used by public sector bodies and not-for- profit bodies, calls charged at up to the same rate the customer would pay to call a UK Geographic Number, with calls to 030 numbers counting towards inclusive call minutes if the customer has remaining inclusive minutes to UK Geographic Numbers, and included in any discount structures that apply to UK Geographic Numbers

So, waiting for an answer from OFCOM on that too.

Update: "It is always helpful when we hear that numbers have been misallocated, and we will ensure that action is taken to ensure that 0300 numbers are used in line with the National Telephone Numbering Plan." so they do take it seriously.

Update: Within hours of the complaint, that web site is using an 033 number! Go OFCOM Go!

All good fun.

As for the new number tax, well, I'll blog on that later. We have, of course, deployed the obvious loophole for the number tax which means it is actually in our interests to have more customers using numbers in conservation areas so we (A&A) may do an offer on that shortly. What a wonderful scheme OFCOM have created for that.

Who can't get broadband?

ISP review just did an article on BT scrapping dialup. One of the concerns is that there are people relying on dialup as they cannot get broadband.

There is a quote on that article: "the CLA estimates that 15-20% of people who live in rural areas do not have access to fixed line broadband". I am not sure who the CLA are, or how they define a "rural area". I find the stat of 15-20% not being able to get broadband to be implausible, so I am curious to find out more.

It does depend how you define "rural area": e.g. defining it as "anywhere so remote that you can't get broadband" would mean 100% of such people can't get broadband. So that 15-20% stat is somewhat meaningless without more information.

We have customers who are really in the middle of nowhere on lines over 10km long that get broadband. I have not been able to find if there are any exchanges without even 20CN, or what lines exist that are over 10km long, but can there really be that many?

If you know someone that cannot get broadband, let me know, and we'll see what we can do. Bear in mind, that article is about dial-up being withdrawn. If someone can get even 250kb/s with 16ms of interleaving, that is probably 10 times faster than any dialup they could get.

Fibre to the field?
Update: Apparently there are 86 exchanges, almost all in Scotland, too remote/small to even get 20CN. No idea on number of people served, but I suspect hundreds at most per exchange. Other stats suggest over 80% of people in rural areas can get 2Mb/s. No data yet on how many can get just 160Kb/s which would exceed dialup massively.

Saturday, 24 August 2013

Insomnia 49

See updates at the end - not as bad as it first sounded!

Whilst I may be old enough to have actually written video games on things like a TRS-80, back in the day, I have never been to one of the LAN gaming events. I do occasionally play WoW, but nothing like LOL. However, my son had gone to I49 in Telford, and even got me to sponsor their team with A&A T-shirts and all sorts.


It looks mental.

Now, my understanding is that you often have tournament/event game servers on-site for these things and so they are played on the LAN, but it seems that is not the case for all games. James is playing LOL there, competitively, but the game is played over an Internet connection provided as part of the event.

He is not amused though - and is nagging the hell out of me for A&A to do Internet at a future event. Apparently they have disconnected the Internet several times, with as little as 5 minutes notice when people are in the middle of games. The connectivity is apparently really bad. Now, I know gamers are the first to blame an nanosecond of extra latency for missing a kill, but this does indeed sound pretty bad. It is so bad that he has tethered his mobile in order to play, and has won games on that basis!

Of course, to be fair to the people who are doing the Internet, it is a challenge, and it may be that the budget does not allow any better. If they do ask A&A, it will be a challenge, and to do it properly it will be expensive. We'll have to see. James is giving out leaflets though.

Update: The people running the network have advised me that they had some issues yesterday which was fixed (and that is why the Internet was disconnected briefly), and also that they have a gig but the demand is way higher! There have also been DDoS and all sorts. Not sure I would want to take that on myself!

Update: The person running the network is an A&A customer (what a surprise!) and on our irc channel, so able to talk directly to James to discuss any issues. LOL!

Update: OK, the network is pretty complex, but the guy running it knows what he is doing and taking issues seriously. James is off his mobile now and things seem to be going well.

Old picture from exhibition centre

Wednesday, 21 August 2013

Seriously now - apple are pissing me off

I cannot use iMessage or FaceTime on any of my Mac devices apart from (so far) my phone. One by one they have refused to work. WTF...

This will end up with a genius appointment in the Reading store. I am getting fed up now.

I my macbook pro will not iMessage or Facetime, I want a refund, simple as that. County court is just down the road from the apple store. We'll see how it goes.

Update: Devices have registered and activated again, but people can't iMessage me still - arrrg!

Changing the guard

Not my door key
Thanks to the guys at Lock & Key for their help on this. They are being especially helpful given that I seem unable to measure my locks correctly.

I have upgraded from my new Yale Superior locks to ABS locks.

Why?

Well the Yale locks are a massive step up from my old euro profile locks. There is a really scary video on ABSs web site. It shows how the old locks could be broken within a few seconds using no more than a pair of grips. The Yale locks are way better, pretty much impossible to pick, and they have the snap off bits to make it hard to snap the lock.

BS and 3 star rating
5mm shallow
What is surprising is that the Yale locks can be defeated by using a screw (see that ABS video). You use a screw to pull the whole front of the lock out in a few seconds more, including the snap off part.

So, on the advice of Mat from Lock & Key, I have gone for the ABS locks instead. They have some clever locking cam to jam the lock if snapped off.

An important step, though, is getting the measurements right. And I was out by 5mm. D'Oh.

So, more postage costs, and more messing them about, but they are really very good about it all. Definitely to be recommended.

Apart from meeting a somewhat dated British Standard (BS/kite mark), locks also have a star rating. The ABS locks being 3 star rated. It's related to how long it takes to break the lock. This all means a potential burglar knows not to even bother!

The ABS keys are also almost impossible to pick, and even include a magnet, but importantly they are considered to be more security keys so ordering replacements is a lot harder. Looking at the keys, one of the 5 positions is a magnet and the other 4 have multiple levels and a separate inner and outer level which are not always the same (I have the advantage of looking at two different keys here). All clever stuff.

Tuesday, 20 August 2013

Free services are a problem

So, there are a lot of free services which are taken for granted. I know why they do it, but it is a problem.

iMessage is free

FaceTime is free

So when I get a stupid error, who the hell do I complain to? Who do I refuse to pay ? Who do I sue?

But these are essential services now. This is not good. I would rather be paying £1/month than have them free - then I have a contract and I can sue for damages. They have an incentive for it to work.

Arrrrg!

PoE has its day

Power over Ethernet has been around quite a while, and there are now numerous devices that can be powered by PoE. This means powering the device over the Ethernet cable and not needing a separate power adapter for the device.

Notably this is very useful for VoIP phones, like the SNOM 300, and for access points for WiFi. Both of these can end up being put in places where power is a pain to arrange. Phones because of yet another power socket and lead on a desk, and APs because they end up high up and above false ceilings and so on. You want to be able to put an AP where it works best, not where it is in range of a power lead. PoE works over 100m cat5 cable.

Up until now we have used very little PoE stuff, largely because PoE switches are expensive. At home I want fanless switches to keep noise down.

I was quite pleased to see that you can now get an 8 port gigabit unmanaged fanless switch with 4 ports PoE for under £100! It seems netgear, dlink and tplink do them. These are not necessarily the best names in switches, but for home use and for such a low price, they are well worth considering.

The fact you can power 4 devices of one of these switches also saves having power adapters and extension leads. Reduced mess and leads always goes down well with the wife :-)

It has allowed me to place the home AP in a sensible place, high up on ground floor, where I happened to have network already, but no power.

This is why you need a proper email address

According to an ISP review article, BE customers will be losing their BE email addresses. Can't say I am surprised.

It saddens me when I see companies with big sign writing on the side of a van with an @btinternet.com email address on it, not because it is BT, but because they are tying themselves to that ISP by the email address.

It is worse when you see a van with a proper domain name for their web site, and then an @someisp.co.uk email address on it, when clearly they could use their proper domain for email.

The Oatmeal have a good cartoon on this.

I suppose that these days using hotmail or gmail is probably fairly safe as a personal email address. At least you can change ISP when you like.

But the best thing to do is get your own domain. It is not hard to get one for the whole family, though common surnames have often gone. Domain names can be moved between ISPs/email providers if needed.

When my son was at school, he used things like hotmail, which was, to be honest, embarrassing. It is a bit like the "cobbler's children are the worst shod", running an ISP I could give him email on any new domain that he wanted. He was not interested. It was not until I finally got the domain fuck.me.uk that he decided to use a "proper" email address. He took great delight in ensuring that the school had his correct email address on record. Apparently they even called my wife to confirm he was not taking the piss.

Saturday, 17 August 2013

punycode

Proper rant this time.

I have been tinkering with EPP and domain registration this week - as Nominet had changed their EPP schemas and broken our tools a little while back and so I had to update things. It is not that bad a system, using XML, but heavily in to use of namespaces (which is always fun with XML). For my next trick I have to try and use EPP for the com/net/org and other TLDs - which is different yet again.

But this did get me, once again, annoyed at punycode.

So, a bit of basic background here first.

For a long time computers used very basic western characters. There were a number of character sets and encoding systems. In early computers there were 5 bit bytes, and 6 bit bytes, and all sorts. It is interesting to see some of the stuff in the National Museum of Computing where they have 5 hole paper tape running through the first computers even created. The basic trick is to map letters and numbers and symbols on to binary codes (which are usually written as numbers in decimal or octal or hexadecimal).

A standard did emerge, ASCII, the American Standard Code for Information Interchange. This was 7 bits (so 128 combinations) and mixed up the concept of simple coding for characters with controls for things like a teletype - so ASCII includes carriage return and line feed and even characters like bell which rings the bell of the teletype. It also included symbols for start and end of blocks and records which was used on mag tape and the like. But the main body of ASCII is the coding for letters and numbers and symbols commonly used in America.

This, of course, ran in to problems quite quickly as we are not all American. Some characters caused constant confusion including the UK currency £ symbol. We would call it a pound symbol, but the word pound in American was used for the # symbol, what we call hash. That alone caused confusion when simply discussing characters by name.

We also have the problem with all these EU countries which use a mostly American character set but have accents on their characters. And then you get the Greeks thrown in to the mix.

The fact that computers were, by then, commonly using 8 bit bytes meant that one could use ASCII for half of the character space, and something else for the rest. This led to a whole range of ISO character sets and many non standard character sets, which used the top 128 codes for different purposes, including various EU accented characters, and, of course, symbols so you can draw boxes and basic graphics.

Thankfully we now have a more universal system for numbering the symbols and letters and characters we us, UNICODE. It does not try and fit characters in to 8 bits. In fact it allows a lot more, but most characters fit in under 16 bits. UNICODE does not just do the accented EU characters, and Greek, but Chinese, Japanese, lots of graphics and symbols, and even Klingon, though these do not all fit in 16 bits. The problem then is how you represent these on a computer. Some went for 16 bit bytes, or wide characters which was common on Windows. Another approach, which is much more common on unix based systems, and standard for coding things like XML, is UTF-8.

UTF-8 uses a very simple trick which makes it compatible with a lot of systems which are not expecting anything special in terms of characters. The first 128 characters are normal ASCII, but the next 128 codes are used as a sequence of bytes to represent UNICODE characters. The lower numbered codes fit in two bytes, and higher fit in three bytes, and so on. There are some nice properties of UTF-8, for example, a normal byte by byte comparison will still compare two strings correctly as higher or lower alphabetically based on the UNICODE characters (i.e. the same order as using 16 or 32 bit bytes for the same UNICODE characters). Also, by ignoring a specific block of 64 bytes one can count how many characters are in a string. There is no use of NULL in the special coding, so strings can still end with a NULL (as used in C and some other languages). Indeed, the special coding never clashes with ASCII, so searching for an ASCII character will always find the character you are looking for and not part of a special character coding. UTF-8 is nice. I like UTF-8. It should be the standard for all character coding. It is the default for many systems now (like XML).

Then we get to punycode. It just annoys the hell out of me, and I have yet to see a good reason for it.

Basically the idea is to allow international domain names, i.e. using some of these nice UNICODE characters in domains. This is, in principle, a great idea, as domain names are even more restricted than ASCII, only using letters, numbers and selected use of a hyphen.

But think how most systems use a domain name - they may possibly parse out the domain name, e.g. what is between an @ and end of line, or > character in an email address, or what is between http:// and / on a URL. Typically the parsing is looking for a standard ASCII delimiter and not really taking much notice of the characters in the domain part. When used as a command line argument the delimiter may be simply a space. The application then passes this to the machines DNS resolution libraries.

It is really useful that the applications are not looking for anything within the domain/host name as application writers are notoriously bad at making their own syntax checks match the RFCs or keeping them up to date. The number of times my valid email addresses are rejected by some system is just crazy.

So the DNS library may do some checks on the domain passed - for a start, telling if it is an IP address literal or a domain name. But it will then, typically, just look for the dot delimiters and code a request using the DNS protocol. The protocol has no problem with any characters at all within the parts of a domain name, and even allows NULL, and even a dot, within the parts of a domain! It certainly has no issue whatsoever with UTF-8 coding.

So, most applications would parse out a domain name, pass to a library, which sends to a name server. There are very few name servers in use - bind is perhaps one of the most common - and these could easily be made to handle UTF-8 coding if necessary (by simplifying or removing sanity checks they have in place now). In practice, old versions of these resolvers were quite happy with unexpected characters, and already have to cope with characters outside the normal domain set such as underscore used for SRV records.

So with very little tweaking, and in fact no tweaking at all in many cases, most applications, libraries and resolvers could handle UTF-8.

I actually tested some older browsers and applications and they did just this - parsing out the domain with unicode in it, passing to the library which passed to the caching resolver which passed to the authoritative resolver. It just worked.

But no, this was not to be. Instead, someone, decided this was a bad idea. They decided that we should force UNICODE in to the letters/number/hyphen format for domains. Resolvers actually got updated to add extra checks. And we have this crazy system where special characters in domains are coded as a string starting xn-- and using only letters/numbers and hyphens as per normal domain names.

This means every application has to be updated to handle punycode. It is not just done at the resolver library, it is done at the application layer, both parsing and coding of strings in protocol messages, and displaying these domains to the end user. It is horrid and messy and there really is no good reason for it.

At the end of the day the decision was (a) minor change to a very limited number of libraries and resolvers, or (b) change every single application that uses domains, as well as the libraries and resolvers. It seems we went for the latter. Arrrg!

Just to tackle the obvious comment I will get - there is good reason for registries to limit the combinations of characters they allow to be registered for UNICODE based domain names. There are lots of symbols which look identical to normal western characters and can create domains that look identical to trusted companies domains and can be used for fraud and scams. But that make sense whether the system used UTF-8 or punycode to do it.

Anyway, I should have http://☺.aa.net.uk/ working now... But your browser has to convert ☺ in to xn--74h

Friday, 16 August 2013

I think the ICO are a tad confused

In the ongoing case against Deane Computer Solutions (which is going to court, by the way), the ICO are also involved as I have made a formal complaint to them.

However, the ICO seem a tad confused.

They wrote asking me to confirm I am an individual subscriber, but also stated "It would appear that you work for a Limited Company — Andrews & Arnold Limited who are the registrar for Titanic.co.uk. If Andrews & Arnold own this domain then, then[sic] your email address would belong to a corporate subscriber."

This is plainly wrong for several reasons.

1. The registrar is not the owner, and no relevance. The registrant is the "owner" in so much as anyone "owns" a domain. They do say "if" they own it though, so maybe they have some clue there.

2. They seem to think that the "owner" of a domain has any relevance to the "owner" of an email address, or more importantly to the "subscriber" for the email service on that address. This is plainly not true. I know many people with email addresses ending @btinternet.co.uk, even some with shares in BT and who work for BT, but that does not mean they are "corporate subscribers".

3. That the idea that being shareholder, employee, or director of a limited company somehow stops me being able to have a contract with that company is wrong. I have an employment contract, for a start. Andrews & Arnold Ltd is a separate legal entity to me, and can have a contract with me for email services and could provide that for email addresses under a domain "owned" by Andrews & Arnold Ltd just as it could to someone who is not an employee, shareholder or director of Andrews & Arnold Ltd.

I have, of course, asked them to clarify these issues and will post any reply.

Thankfully, in this case, there is no such confusion as titanic.co.uk is not owned by Andrews & Arnold Ltd. It just happens that the owner uses A&A as a registrar. So we will see how that goes in court. The only defence filed appears to be the continual assertion that adrian@titanic.co.uk is not an address of an individual subscriber. Well, I have proof. I have a letter, and invoice, from the email service provider (who is owner of the domain) confirming we have a contract for email services where I act as an individual. If both parties (me and them) agree that we have an agreement, then, pretty much by definition, we have an agreement.

Monday, 12 August 2013

Court ordered web blocks - a tool to break the Internet

It was obvious. It had to happen. As reported on isp review it is happening.

When there is a court order for an ISP to block a web site, like pirate bay, the ISP cannot simply block the DNS or block the IP of the web site. The web site owner can have many servers and different IP addresses and move to new IPs in seconds. End users can bypass the ISP DNS servers and even make host files. This is a whack-a-mole game for anyone trying to do the blocking.

This is the simple case, blocking a handful of specific web sites. It is not like the proposed porn blocks that may be blocking tens of thousands of web sites and images or videos within otherwise non-blocked web sites.

But there is another side effect - if the ISP is following the IPs of the site they are blocking automatically, which they have to in order to keep up, then the blocked site can poison the system by providing IP addresses of other sites that are not meant to be blocked, like facebook or the bbc.

The blocking system then includes these IPs in the block. If it blocks the whole IP then these other sites fall off the Internet for that ISPs customers, at least until some manual intervention. If they block specific URLs then directing traffic for a popular site via the filtering system can overload it and have other side effects (as wikipedia found with an IWF block).

Now, if a large and well funded industry decide to rebel at the default blocking of their services, well, who knows what could happen. I am sure that the blocking can be broken and abused as above. I am also sure that they can stay ahead of the game and continue to provide content, just as the piratebay does.

By the way, anyone that has not seem this excellent video should think carefully about where this censorship will end up...


Friday, 9 August 2013

Changing locks (euro profile)

Euro profile lock
Many modern doors use Euro profile locks (see picture on right).

It is actually surprisingly easy to change the locks. They are held in with one screw, but obviously you have to have the door open to remove the screw, and you have to have the key in order to turn the lock slightly to align it to remove from the door. You may have to remove the door handles as well.

I only changed the lock as we managed to get a key break off in the old lock, but I also noticed my locks were old which means they are vulnerable to a number of types of attack - not just lock picking, which is not that hard on older locks, but also tricks to break the lock at the weak point and remove it.

Retaining screw
To change the lock you need to remove the screw, which is aligned with the bottom of the lock.

Then you need to turn the lock (though one of our locks was very old and could be removed without doing so). When you have it right (slightly anti-clockwise from the external side) you can push or pull the lock out of the door.

Fitting the lock is the same in reverse. I did find I had to remove the handles to get the lock to slide in and out more easily.

To buy a new lock you do need to know the size. There are lots of sizes. You need to measure the old lock, in mm. This lock is 90mm, and is 55m external and 35mm internal, which is measure to centre of the part that turns in the middle. You should get the internal and external the right way around. You may find you can have 5mm more than you need as that just means the lock sticks out (as show top right). You should try and avoid the external side sticking out if possible to make it harder to attack. (Thanks to Mat for pointing this out). There are different types of lock - you can have keys both sides or a thumb turn (as shown here).

90mm long, 55mm external, 35mm internal.
Old and new keys
You can, of course, get much better locks these days. Compare to my old keys they are way more complex.

There are different levels of security. I went for a Yale Superior Series. It does not have cuts in from the edge, creating the weak points that allow keys to so easily bend or break, but parts milled in to it. These seem to be two different angles on one part and a groove (so a 3rd axis) on the other part. Clearly this makes it a hell of a lot harder to pick such locks.

The company I bought from (Lock & Key) were very good. They can cut new keys as needed (using the 13 digits of code provided).

What is quite nice is that they can make all the locks the same key if you want. When we moved in and then had double glazing fitted, and then a conservatory, the end result was five separate locks on this house. Now we have just one key for all it is much simpler. Now we have somewhat better locks, we should be more secure. The objective is that we are harder to break in to than next door, so better locks is one step in the right direction (as is security cameras and the alarm system).

Three different axis of coding
There is one big security risk though, even with these keys. Whilst your average key cutting stall may not be able to cut these, you can get them cut by ordering from a web site very easily. You simply need to know the coding for the key (13 digits). It is pretty easy to read the codes from a key or a picture as above, which is why THAT IS NOT MY DOOR KEY (before you even ask).

The coding is broken in to three parts, A (5 digits), B (4 digits) and C (4 digits). A and B are interleaved dimples milled in to the top (as seen on the above picture) were 1 is not milled, 2 is milled a bit and 3 is milled a lot. You can tell from the above the sequence 2 2 1 3 2 2, in fact there is 1 1 1 on the front (not milled) making a sequence 1 1 1 2 2 1 3 2 2. Interleaved (i.e. ABABABABA) it gives codes as A=11232 and B=1212. The C code is 4 digits for the milled groove, with 1 top, 2 middle, 3 bottom, returning to top between each digit. That is C=1312. With practice, a quick look at one of these keys gets you the digits you need to order on-line next day. A tad worrying, so keep the keys safe and keep pictures of them off the Internet :-)

To be fair, the same is true for the old style keys, but even simpler. The only real way to avoid this is with electronic keys, and even then you need active keys with challenge./response coding. That is possible in higher security locks. But as I say, you just need to be more secure than your neighbours.

Thursday, 8 August 2013

Up to

Another article on "up to" speeds, and this is not the first time I have had a rant on this. It really annoys the hell out of me.

The problem!

The problem is that some end users do not quite understand what is being offered by ISPs, and feel aggrieved that the service they get is somehow not what was advertised, so they complain to ASA and/or OFCOM.

Lets take a simple case of ADSL2+, which can sync at 24Mb/s ATM rate. ISPs used to advertised as "Up to 24Mb/s".

The solution to this problem, as dictated by the likes of the ASA, is ISPs advertising "Up to 16Mb/s" or "Up to 14Mb/s" instead.

What you are measuring?

It is, perhaps, more useful to say "Up to 21Mb/s" simply because the line is typically used for IP not ATM, and the overheads of ATM and IP mean an "IP data throughput of around 21Mb/s for an ATM sync of 24Mb/s". Even 21Mb/s is not necessarily the same as the stats on a TCP file transfer or web based speed test. That said, comms lines have traditionally (and therefore useful for comparison) been quoted at the bit rate. A 56k modem could do "Up to 56kb/s" at a raw bit rate - which was different to the IP rate. An ISDN channel is quoted as 64kb/s, not the IP rate. It is perhaps sensible to use a rate that is more closely related to the speed the end user will see when doing a file transfer though to avoid disappointment. You also have confusion of Mega (1000000) and Mebi (1048576) to add to the fun, but at least we have SI units well defined.

What do you mean "Up to"?

Even so, the issue here is clearly a simple misunderstanding.

I think the issue is that "Internet" is an "Up to" thing anyway - you may download no data some of the time, a bit of data slowly some times, or a big file quickly (depends on the other end). However, the "Limit" if your line sync speed. So people think an "Up to 21Mb/s" line is one that can actually do 21Mb/s and they can use any speed they like all the way up to that speed.

It is like selling a car that can go "Up to 100mph" - it will be able to achieve that speed if you have a suitable road on which to try it. If you bought a car that does "Up to 100mph" you would not expect it to be that some of the cars only do "Up to 50mph" and some do "Up to 100mph". You expect all of the cars to be able to do "Up to 100mph". So you expect all the ADSL2+ lines to be able to do "Up to 24Mb/s" in the same way.

The problem is some people somehow do not understand that the limit of their line will be what it is depending on the line quality and length. Their service may end up being what they might consider "Up to 5Mb/s" of data transfer possible, even though sold an "Up to 21Mb/s" service.

ISPs do try to make that clear, but the message is not clear to some.

I have had people, face to face, say that the line from some ISP was not the "Up to 21Mb/s" they advertised. They did not understand my objection to their statement. As far as they were concerned the line should be able to get 21Mb/s, at least some times, if sold as an "Up to 21Mb/s" line.

The solution?

First you have to decide if you need a solution - if a few people are confused by something that is very clearly stated, and those people have not lost out (i.e. that any provider selling ADSL2+ will get roughly the same speeds), well, is there actually a problem to solve?

Assuming there is a problem to solve - it is about getting some industry consistent message / wording for this. Something like "Up to a limit that may be up to 21Mb/s depending on where you live". Or just "Up to 21Mb depending on where you live", or something simple. Maybe "Up to a speed between 250kb/s and 24Mb/s". I don't know the actual answer on how to explain it to people. It seems that this should not be beyond the wit of a marketing person to find.

If we could find a good wording, that would help remove some of the disappointment and complaints.

The wrong solution?

What does not make sense is lowering the figure. The ASA rule that the figure has to be one 10% can get is just silly. It does not change the message, and does not aid comparison between ISPs. If one ISP does ADSL2+ and so does another, on the same BT copper pair, the speeds will be basically the same (there are some tweaks some ISPs can do better than others, but that is not easy for comparison).

All this solution does is reduce complains by exactly 10%. It means that 10% of customers will no longer feel they did not get what the were sold. The rest will still feel cheated somehow. Ironically, some of the 10% would (and have, AFAIK) complain that the ISP lied to them as they are clearly getting more than the "Up to" speed quoted.

In many ways it would be better if we went back to comparing ATM sync rates. That way every ADSL2+ service would be quoted as "Up to 24Mb/s" and every ADSL1 service as "Up to 8Mb/s". It would allow people to compare numbers between ISPs as that is easier than comparing "Is VDSL better than ADSL" or some such.

Right now we have a confusing mix of numbers, and someone may indeed think an ADSL2+ sold as "Up to 16Mb/s" is going to be better than and ADSL2+ sold as "Up to 14Mb/s". Is it really helpful for the ASA and OFCOM and consumers for people to make a decision based on how far an ISPs marketing department feel they can push things and get away with it?

What I fail to understand is why this wrong solution was proposed. Was there not one rational person in the discussions and meetings to say "This obviously does not address the problem". As director I am facing a marketplace where I have to work within rules made by people that cannot see the problem with this solution, or even with calling coax cable "fibre", and it makes my job somewhat difficult!

Sync is not everything

Ironically, one of the big differences between ISPs is not the advertised line sync rate. Yes, that allows one to see ADSL1, ADSL2+, FTTC, and so on as a key difference, but there are other factors. Some ISPs are good (and this is not just small or just big or just A&A even). Some ISPs make sure they run uncongested links, and monitor for faults and issues. This means the overall "experience" is much better. The problem is that this is very difficult to market as a feature, or to guarantee, or to have clear metrics to quote and compare. If there was a way to see these sorts of stats, loss, latency, congestion, and so on, then that would be a far more important and relevant factor in choosing an ISP, typically along side cost and terms and so on. A&A publish a report here.

Wednesday, 7 August 2013

Nostalgia is not what it used to be (modems)

So, I have been listening to some of this today :-

WAV: 38 seconds of modem negotiate and chatter

Why? you may ask. Well years ago, not having any copper phone lines in the house, I set up a sipura as an analogue phone line for the Sky boxes. After much tinkering it would work maybe 1 on 5 times to phone home. This was just about good enough as it would keep trying until it got through.

Modem sync with old SPA112 firmware
A couple of tips if you find yourself in the same predicament - for some reason Sky like it if all your multi-room boxes call from the same number. We used to have one ISDN line (an ISDN2e with DDIs) in the house, and the sky boxes all had separate numbers and sky complained (wrote to me). I pointed out that the terms said they had to connect to one line (they did, we only had one ISDN line) but did not say anything about having to present only one number. Anyway, eventually, I set them to the same number and they were happy. The other thing I found is that they won't take a call from anything but an 01 or 02 number. Sending from an 03 did not work at all. Both of these facts may be a couple of years out of date though.

Now, having changed IPs at home since, and forgetting the password, and so on, I decided that rather than try and work out how to reset the old sipura I would buy a new one. An SPA112, 2 port TA. They are branded cisco now, and I am not entirely sure about having a cisco of any sort anywhere near my network, but it is useful.

Obviously, technically, they are A&A equipment as A&A, as a teclo, are providing an analogue phone line to me using this equipment, and I am connecting that to my Sky boxes.

The main reason for looking at this at all is that I am getting some of the sky boxes upgraded, and the engineers try and get them to phone home as part of the install, as I recall. So a 1 in 5 pot luck was not going to be ideal.

The new SPA112 worked about as well, after I set it up without echo cancellation, a-law only, no fax detect, no jitter adjust (set to high), UK line impedance, zero gain, etc.

So I was a tad disappointed, but it would have to do.

Then, just for the hell of it, I upgraded the firmware. The version that came with it was Oct 2010. New code is July 2013!

To my surprise the sky boxes now seem to work first time every time. They negotiate differently too. Before it sounded like a conventional modem sync as you might get for 33k or lower. Now, and correct me if I am wrong, but the WAV included here sounds more like the 56k style negotiation. I can only assume some changes in the firmware have improved the operation somewhat. Obviously there is no reason why it should not work - what I am doing is the same as what is done in the telephone exchange but with a much shorter wire involved.

Modem sync using new SPA112 firmware
So now it should just work when the sky man arrives... We'll see.

Of course, what they should be doing these days, is ask for the boxes to be on one LAN, now they have, and use, network ports. They can then phone home via the Internet and check other boxes at a MAC/Ethernet level. It is crazy that modems are still in use. Even so, not a sound I have heard in a long time.

Tuesday, 6 August 2013

They need to protect us from this!

From http://www.actionfraud.police.uk/ we see:-

Unsolicited pornographic DVDs in the post

Well, obviously the Royal Mail need a default opt-in adult content filtering in place for this - it is just not good enough - my kids could open the post unsupervised and play these DVDs. They should open every parcel and letter and check it is not porn in there. Why is the Royal Mail allowing this? I did not opt-in for the porn version of post did I? The government need to force all postal carriers to filter the mail NOW!!!!

OK, Daily Mail mode off now...

I wonder why this is happening - perhaps someone is trying to make a point. It wasn't me, honest!

Monday, 5 August 2013

Think of the children!

Just reading the Thinkbroadband blog they make an interesting suggestion.

The simple idea of an http header flagging the user as a child. Perhaps it should flag within some age bands.

There are, of course, two ways to do this, and both would need web server and browser support, but they are not rocket science, and they are working at the right level and in the right place.

One side is for web sites to have a header indicating an age rating for the content. The browser could have an admin level account setting indicating the user's age, and so block any age inappropriate content.

The other side is the client could send a header with an age band, pre-set in the browser user settings at an admin level, and the server could refuse to serve age inappropriate content. This does mean giving some personal information on every web request.

Either way, but ends need to know something. The server needs to know it has some 18+ content, and the browser needs to know it has a 15 year old in front of it.

The client side is relatively simple for this, and I am sure windows, and apple, and firefox, and chrome could easily start to handle any standard that comes along - especially if it is a really simple standard. If there is a standard, I doubt there would be much opposition to this.

The server side is slightly more complex as it does mean "adult websites" owning up to being adult websites. Bear in mind that this covers a lot more than porn. Alcohol manufacturers ask web users if they are over 18, for example.

Well, they might. If porn sites are facing the prospect of countries doing default-on blocking, then they may be interested in, at least seeming to, co-operate.

In practice these sites are there to make money. They are not going to make money from minors. Showing porn to minors is wasting their resources and upsetting governments!

So they may well be happy to either mark their sites as 18+, or check "Child-Age-Band" headers sent by clients.

I think there are actually standards for this though already - for servers stating the type of content - so is this debate moot anyway.

The idea of a browser header saying an age band would be useful for more than just filtering though - sites selling goods could not offer to sell to minors.

Friday, 2 August 2013

SThree have the cheek to junk call us too!

So they junk call, don't check the TPS, don't know of the TPS, and offer to junk email people for you... What fun.

5:31 WAV Recording

Good job I never signed that settlement agreement isn't it.

Update: I am going to send them a bill for Alex's time taking the call. Should be fun.

10 hour voicemail


What the hell is this?
648 minutes, constantly repeating.

Quite a distinctive audio pattern.

Any clues?

I really dread calling Sky TV

I just wanted a new Sky box, one with 2TB on it. Nothing complicated. One of the boxes we have is playing up so seems like a perfect time to buy a new box, why not?

But every time I end up talking to Sky they annoy the hell out of me.

So I went on their site, logged in, and looked at the new 2TB boxes - loads on how to "upgrade my sky package to HD" and all sorts. They even do free boxes if I was upgrading. Maybe I should have downgraded to not HD, and then upgraded to get a new free box. Anyway, the price was not really the issue, I just want a new box, simple. I could not see where to just order a Sky box though - it was all "upgrades".

I was just about gave up on that web page and the on-line chat box pops up - yay! Saves me trying to call them. They give me a link to my existing packages after I logged in, and that has an option to replace an existing box with a new one. It lists the boxes I have with no identification or which is which but the adviser says it does not matter which I ask to be upgraded.

The advisor gives one price and the order page does another, very confusing, and the order page insists on a £60 TV set up (engineer visit). The adviser says I can select "self install" and "skip the £60 charge" but the order form has no way to do that. In the end I just order with it, someone will be in when they come. Pain in the arse but I really cannot spend all day on this.

Then I get an email:-
We have successfully received your Sky order, reference 0802 SAIU 990 11676. 

We urgently need to confirm some details with you before we can proceed with your order. Please call us on 08442 411 423 as soon as possible so we can complete your order. 

Failure to contact us may result in your order being cancelled.

We look forward to receiving your call. 

The Sky Online Team
 

Great! I try the on-line chat but they insist I have to call the expensive 0844 number. Clearly "The Sky Online Team" can't copy with doing things on-line.

I call and get told that I did not need to call, and there are no details they need to urgently confirm. Basically it appears that Sky LIED TO ME to make me call an expensive number.

I am really not impressed.

Call recording

Update: So I called to check what time the engineer was coming tomorrow, and it turns out they not processed the order. Now I have to go through hoops proving who I am, again, and they have not taken payment, not booked an engineer, and just messed up. I really wonder why I bother some times.

Thursday, 1 August 2013

I have no idea on Swedish law

I suspect this comes under EU and/or international civil aviation rules.

My not-yet-daughter-in-law got a ticket (paid for by her mum in Sweden to a Swedish travel agent) from Heathrow to Copenhagen, went to airport, and there was a fire and all flights cancelled. She gave up and came back here. Missed the funeral.

So, claim for it...

Company calls and leaves voicemail saying she cannot have money back as ticket was used for Stanstead to Copenhagen flight. WTF?!?!

Company calls again and leaves voicemail saying she cannot have money back as ticket was used for Heathrow to Stockholm flight. WTF?!?!

So how the hell do we sort this - are the rules the same all over EU on this. You pay for a flight, and it is cancelled, at the very very least you get money back, and ideally compensation for the round trip to the airport.

Anyone know how it works in Sweden?

#PornGate: What could a determined small ISP do?

They want filtering to be offered even by small ISPs, so some thoughts, off the top of my head - just some ideas...

1. If they don't make legislation?

No problem - stay as we are - easy.

2. They legislate that we have to offer a choice of filtering, even default on?

So fine, we offer filtering on the order form, but at present, like almost any other business, we do not have to actually accept an order from a new customer. We can choose our customers, so we simply choose not to accept any orders where filtering is requested. As long as our choice is not discrimination on race or sex (neither of which we know or ask) then that should be fine.

Forcing someone to take all customers would be a huge step in any legislation. At present there are very few cases that force that on anyone (BT universal service obligation, for example).

3. They legislate that existing customers have to have the option?

Again, at present, we have the choice to stop providing services to anyone. So simple - ask for filtering and we stop supply. May be a slight issue with min term services.

4. They don't say the filtering is free?

Fine, filtering available at £1,000,000 a month - please do choose it.

5. They somehow legislate that we cannot discriminate based on filtering choice and have to take the order and not cancel it for this reason?

OK, so the filtering is "no packets pass", after all it is the only way to be sure. We have that system in place now (for credit control). Pick the option if you like.

6. Somehow they define that we have to access some of the Internet in the filtered service?

That would be harder - but we'd be able to block the Daily Mail, right? Could the service only be to Clare Perry's web site (yes, I know that has a risk of seeing porn, but probably OK now). It would not be hard to comply with a very slim set of IP addresses to whitelisted endpoints, and be useless so nobody picks the option.

7. Somehow they insist that the filtered service accesses all legal content not on the filtering list?

That would be interesting, as lots of ISPs do not allow access to www.loopsofzen.co.uk at present as it is IPv6 only - that would be a fun law to force all ISPs to provide access.

But suppose we had to filter - does the law apply to us?

8. Really somehow forced to do a filtered service

One really simple answer is we sign up as a BT Retail or TT Retail reseller. Anyone asking us for filtered broadband gets put on one of their retail services with the filtering with us as the reseller. This keeping A&A service unfiltered. This is the same as the choice people have now - picking a filtering service from one ISP or picking an ISP with no filtering. Forcing us to filter does not really mean we have to, just means we get to make a mark-up on someone else's service. Totally daft and pointless.

9. Not apply to business lines?

I think that is the case, so we could be "business only" ISP, or maybe we include the creation of a Ltd Company in the price for non business customers. After all a Limited Company can be created on-line and have annual return and simple accounts all filed by a script. Could be a new business opportunity for us, and is only a few pounds more a year in cost.

10. Not apply to staff lines?

So what if it is not applicable to a business providing Internet for employees. Oddly enough the changes recently for HMRC and RTI and BACS mean we could automate having lots of employees. We could make every customer an employee - only working for us for a few minutes a month on so on a salary of a few pence. It would not actually cost us anything to do this as we would automate it all.

Legislating that companies have to filter for employees would have a huge impact.

11. What about a private club?

We have considered this before, and even asked OFCOM (who were very non committal). We could create a friendly society, non profit, members owned, and provide Internet only to members. Obviously get the existing customers to join.

With suitable membership rules (perhaps simply a membership veto on new members) it would be the case that a member of the public cannot automatically get service just because they order. In practice, almost all people would, I am sure, but there would be no guarantee.

That takes us out of most of the rules and legislation as we would not be a public communications provider. Covering every private club would be hard.

12. Other ideas

What if we only provide L2TP handover (like BT wholesale) and the ISP is off shore?

What if transit providers forced to filter (really?) and we have to run transit via a tunnel to off shore?

What if BTW start filtering in the L2TP (really?) and we have to start running encrypted PPP links?

What if we just start selling off shore tunnel endpoint services direct to end use routers. Some small broadband routers can do IPsec these days. That would be an interesting business model.