Friday, 28 November 2014

Nominet being strange

[update: see Nominet reply in comments]

I know, silly title, especially related to Nominet address checking. Anyone that deals with Nominet will be used to them being a tad strange.

However, we had a somewhat surreal conversation with them yesterday over a domain we were registering.

To put it in to context, Nominet are now trying to ensure the registrant details for domains are "correct". This is part of the new .uk level domain registration process. However, checking details are "correct" is not simple! It kind of brings me back to my discussions on "legal entities", but more so.
  • A domain could be registered by someone anywhere in the world (though a UK service address is needed for .uk domains). The rules on "legal entities" and means to check those vary from country to country. It would be almost impossible for Nominet to check many of these.
  • Even just considering the UK, an individual does not have to be traceable. I.e. it is quite valid for a registrant to not be on the electoral role; not have any utility bills in their name,; not have a driving licence; and not have a passport, especially if young and living with parents. Even so, they still are a perfectly "valid" person with a perfectly "valid" UK address. The only real way to check such details is to post something to the address and check it arrived. I have no idea if Nominet do that.
  • There are, of course, various other types of legal entity that could be more complex, but most come back to the issue with an "Individual" who is responsible, so the same problem as above.
  • However, there is one type of registrant for which it is very very simple: UK registered companies. A UK company has a name, company number, and service address that are all public record and available to be checked from companies house on their web site. Checking the basic details for a UK registered company is very simple.
What happened is that we created a new company and registered three domains (.co.uk, .org.uk, and .uk). Opening up .uk just means paying for yet one more domain when you make a company. However, they were flagged by Nominet as invalid!

Alex called Nominet. They confirmed on the phone that he was the contact (checked name and email used), and he checked and confirmed that he had not mistyped the company number, name or address and that Nominet had all of the right details. The guy on the phone was happy to sort this out whilst on the phone, yay!

He did explain that Nominet do not have a direct link for checking companies and as it was a new company then that is why it was flagged as invalid. That, in itself, seems odd as I am sure companies house have such services. Indeed, register a company, and you have spam post the next day from people that use such services. Why don't Nominet have a proper link in to companies house?

Anyway, this is then where it got a tad odd. Having confirmed that this is, indeed, as per the registration details recorded, a UK limited company; and that the company name, number, and address were right, you would think that would be the end of it. It means Nominet can check the details independently at companies house - something that takes seconds.

But no...

First off he asked Alex to email a reply, while on the phone, with a link to the details on companies house. This seems odd - and time consuming - compared to just typing an 8 digit number in to their web site. It is also slightly open to abuse as Alex could have sent a link that looked like companies house but was not. However, if you have ever used the companies house web site then you will know that the details for a company are not on a simple link / URL.

At this point, if it was me, I would have emailed http://companieshouse.gov.uk/ to him and said click company information and type the company number... But Alex carefully explained the inability to do a direct URL.

So the guy from Nominet then insisted that what Alex does is take a screen shot, put it in a pdf and email it.

WHAT?!?!?! [a phrase I am having to type rather a lot on my blog lately]

What exactly would he do with this screen shot? Surely the only possibly thing he could do is check it. The only way to check it is to go to the companies house web site, type the company number, and see that it looks the same, having checked the screen shot matches the registered details for the domain. Surely it would save time and effort for all to just do that in the first place. Of course, if he is not going to do that, then Alex could, very easily, fake the screen shot.

Alex explained all of this, but to no avail. A screen shot had to be emailed!

It does remind me of RIPE who have the same problem, and wanted a copy of the company certificate for something. They eventually accepted a screen shot of companies house (which could have easily been faked, just like a certificate). At least RIPE have the excuse of being in a different country and so perhaps not knowing how UK companies work.

Well done Nominet - you have unlocked the achievement [Pointless extra bureaucracy]

Thursday, 27 November 2014

Ed Vaizey says that once you are 70 you don't have to pay your bills?

Well, that seems to be what has been said in relation to a case mentioned in parliament. The actual case seems rather odd, and clearly we don't have all of the details, but it involved a dispute between an ISP and a customer which was resolved by the Ombudsman in favour of the ISP. The issue was raised by an MP at the request of the customer, his constituent. This is good of the MP, I agree.

We really don't have all of the details to comment on the case itself - what was mentioned in parliament seems like a clear cut case of an ISP mis-selling, but my experience of the Ombudsman service is that they would always favour the customer so the case must have been pretty clear to favour the ISP in this case.

Ed Vaizey is reported as confirming this: “In most cases, the ombudsman proves to be a powerful and effective piece of consumer protection. It does work, and figures show that it often works to the consumer’s benefit"

However, the next comment really does puzzle me, as he is reported as saying:

It seems astonishing that a telecoms company would pursue a man in his 70s … Having won its war with Mr Jones through the ombudsman, it should recognise that its corporate social responsibility should dictate that it should waive this bill.

WHAT?!?!?!?

For a start it seems odd to say "having won its war with Mr Jones". It is not a war to expect a customer to pay their bill. Also, it was Mr Jones that pursued a case against the ISP via ADR and the ISP has has to pay for that even though they won!

But surely, having won the case, it is perfectly sensible, normal, and even responsible to the shareholders as required by the Companies Act for the ISP to expect the customer to then pay up.

It seems that Ed Vaizey is saying that even when a third party has confirmed that the money is owed, because someone is in his 70s it is some corporate social responsibility to waive the bill?

Does this mean that when I get to 70 I can simply choose not to pay bills, and even if taken to court, or some other third party arbitration, I should still not have to pay them?

What exactly is Ed Vaizey saying here?

Wednesday, 26 November 2014

CTSB

The Counter-Terrrorism and Security Bill was published today.

There are also explanatory notes and impact assessment that give some clue to the plans of the Home Secretary, but at this stage, with the bill as it is, all it does is change a definition in the Data Retention and Investigatory Powers Act so as to allow a wider scope for secondary legislation on data retention to be made by the Home Secretary. The change of scope is to add some additional data such as port numbers to IP addresses in what is logged.

The underlying intention is not entirely clear - it seems to be an attempt to match IP addresses to individuals or devices.

This falls down for several reasons.

For a start, an IP address (and timestamp) is simply not going to be enough, and that is often all you have from the likes of web logs on a web site or some such. You need the source port at least, and in some cases the destination IP and port as well because some address translation systems use the full set of IPs and ports both ends to make a connection. Even logging all this in the ISP would not help if all you have is an IP and date/time.

But then it is not clear how they could go further than just identifying a subscriber. Getting to a device or user is pretty much impossible. There are two things in the way...

End user NAT router

It is commonly the case that the end user has a router that does network address translation (NAT) which makes all of the devices in a home or office appear to be one external IP address. This translation is not normally logged by such devices, and even if it was - the device is outside the ISP. The ISP would only have to log if they generate or process the data, so any data outside their network does not have to be logged. Maybe some large ISPs that provide the router and manage it for the end user could have some sort of back door to log this, but it seems unlikely and not something any ISP really wants the hassle of doing. All they have to do is say that the kit belongs to their customer and bingo: not in their network; not data generated or processed by them; not logged.

Carrier grade NAT (CGNAT)

There is another type of translation that is starting to happen. This is where an end user does not have a public IP of their own but is sharing it with other unrelated users by some means in the ISP network. There are a lot of ways this can work, but some include a big box that does the translation. This assigns a new port to each session at the TCP or UDP level so that the shared IP can be identified to the original customer. It may even assign different IPs to the same customer quite quickly. It could "overload" the IPs it uses where the same source IP and port is used to different target IPs and ports meaning you need all four bits of data (and the protocol and timestamp) to undo that translation.

Again, logging all of the CGNAT sessions is a massive job compared to now. At present ISPs subject to a retention notice (not A&A) need to keep their RADIUS logs where there assign an IP to a connection when it is made. That allows the IP and date/time to be traced to a subscriber. Having to log CGNAT sessions is millions of times more work. It makes CGNAT way more expensive.

Impact on IPv6

Increased cost for CGNAT should drive IPv6 deployment so as to get as little as possible running through the expensive CGNAT. That is sort of good news.

But even though IPv6 does not have the CGNAT or end user NAT router, it has privacy addressing which is not logged anywhere. So back to the issue that an end device or user cannot be traced.

Responsibility for use of you internet connection?

One thing that is definitely not being stated is that people have any responsibility for others using their Internet link. This is about tracing the IP to them, but it is still 100% legal to run an open WiFi. It is still 100% legal to run a TOR exit node or a VPN endpoint. You are not responsible for what others do with your network. Indeed, having an open WiFi or TOR exit node is a great way to create plausible deniability. In some ways this new legislation is encouraging that!

Totally pointless

There is still no tracing to end user as a person or a device with this, and it is hard to see how their ever could be. Being still legal to run a TOR exit node, and to use TOR or VPNs means that anyone can easily bypass all of this themselves, as well as having good excuses why traffic is leaving their network. The widespread use of TOR and VPNs encouraged by the default ban on porn makes this even more common and something of which terrorists will be well aware.

Illegal?

I am shocked that Theresa May has the audacity to make the statement on page 1 of the bill stating it complies with human rights. The ECJ said the EU data retention directive did not, and this legislation takes that an extends it. How can she say that a blanket surveillance of innocent users of the Internet in the UK is compliant with the right to privacy?

Bear in mind that in some cases CGNAT logs have to have details of what IPs you accessed to be useful, and so will basically log what web sites you visited and when. Well, "you", or someone using your Internet connection. That is a huge invasion of privacy. Notably the legislation seems to try and exclude that data, but without it many CGNAT systems are not logging enough to trace a connection back to a subscriber.

Impact on A&A?

  • We have not had a data retention notice so do not log anything for law enforcement!
  • Obviously, as now, if served with a suitable notice under RIPA to give out details of a subscriber from an IP we can do so, but that is targeted and with due legal process. We assign a fixed IP to all customers. We would always stress in such responses that the IP does not in any way identify a person that sent traffic and explain TOR and VPNs and open WiFi. I do not think we have had any valid requests for such data yet.
  • If served with a retention notice we can claim costs, and they will not be small! We can also make a few minor reorganisations which will minimise the level of logging. Quite what would happen will depend on exact wording of the new Data Retention Directive itself enabled by this if it becomes law.
  • Obviously we encourage IPv6 and are happy with people using privacy addressing which is default on so much kit these days.
  • Obviously we will clarify in our terms and conditions that we do not "run" the end user router so do not have any logs to make from that.
  • Obviously we encourage using https and TLS and your own mail servers to avoid logging.
  • If we had a retention notice, our only big NAT box which runs a public service experimental NAT64 gateway may have to change hands so not belonging to an ISP, i.e. I may personally own it and so not have to log anything. No way we are keeping CGNAT logs. Actually, Thrall Horde is a legal entity, he can own it :-)
  • In essence, nothing much changes for us, phew!
  • Though, maybe, I have to be careful if I ever leave the country :-(
  • Oh, and our voice SIMs do have a NAT unfiltered Internet connection, but the NAT is done outside the UK, so the legislation does not apply!

To DLM or not to DLM?

[see BT reply at end]

Having recently posted on the small differences between BT and TT (TalkTalk) back-haul for us as an ISP, it is interesting news that apparently BT are stopping their DLM (Dynamic Line Management) according to a story in The Register.

We are awaiting comment from our BT account manager to confirm this.

If true this creates an interesting difference. For us, DLM is usually a pain - we see the major issues that it can create when it is not working as intended. This is why we like TalkTalk where we have no DLM but direct control of the profiles.

On TalkTalk our end users can log in to our control pages and adjust their line, with immediate effect, and can make changes as needed. Interestingly, TT are talking of offering DLM as a feature soon which may have uses on some lines, or for an initial period on a line as an option.

However, if BT stop their DLM, then we have a problem as the controls on BT lines are much harder. There is an option to set some of the settings, but they have a very annoying lock out when used meaning you cannot make another change for 10 days. This makes it impossible to tweak a line without the risk of breaking it totally. At present, if you set it wrong the DLM will kick in, usually within hours and at least make it work, but with no DLM, a 10 day lock out makes the controls almost useless.

BT will have to provide the same level of instant direct control as we have with TalkTalk and used to have with BE, or there will be major problems with BT lines.

Let's see what BT say...

Update: No word from BT yet, but ispreview confirm that BT think this will not have any impact, so DLM will continue.

Update from BT:

"BT has been defending a claim brought by ASSIA since November 2011. They had asserted three patents against BT but during the proceedings, they had to narrow their allegations and withdraw one of these patents entirely.

"In January 2014, the High Court found BT was infringing on only a minor part of one patent, and the Court of Appeal, whilst invalidating the majority of the claims of ASSIA's other patent, ruled that BT's network infringes what remains of the other patent.

"Although BT was disappointed with the ruling, we have made minor changes to our programming which means these two decisions have no material effect on the operation or performance of our networks. "

Privacy IP addressing

Privacy addressing is a system for making it harder to track an IP address to a device.

Without privacy addresses

Without privacy addressing the normal way a device gets an IP address (with the current version of IP, which is IP version 6) is that it uses 64 bits of network address and 64 bits based on its MAC address.

The MAC address is a unique address tied to the devices interface hardware. However, it is important to realise that this is for the protocol to make Ethernet work, and is not intended as an identification. MAC addresses can be spoofed or changed.

This may sound somewhat technical, but the upshot of this, in simple terms, is that if I use my iPhone at home and access a web site, and then later use it in a coffee shop in Bracknell and access the same web site, and then later use it in my mate's house in Gloucester and access the same web site - then the web site logs will show that the same device was used (from the MAC address in my IP) and be able to profile where I am going and when.

What is a privacy address

A privacy address is where the device assigns an extra address in the same network but with a random part rather than using the device MAC address. It then uses that address when you access things on the Internet, like web sites.

This means that the web site logs show a totally different address for each place the device is used.

It also can change the address over time, so even using the same device from the same place, it may appear from a different IP address 10 minutes later.

Why do they exist?

The old way of working (IPv4) would often use NAT (Network Address Translation) which meant that the IP address seen by a web site was the same for everyone on a network (e.g. in a home or an office, etc). There was no part of the IP address that related to the device or that could be tracked from one place to another.

With IPv6 people wanted to retain this same level of obscurity and anonymity. NAT was always a bodge and against the basic design of IP, but this obscurity feature was a hurdle for people adopting IPv6, hence privacy addressing (another bodge).

The old system also meant that it was hard to tell how many devices were on a network as they all appeared with one IP. With IPv6 and no privacy addressing, an ISP could easily see how many separate apple devices you have, and so on.

What is wrong with privacy addresses?

The are several problems. One of which is a false sense of security. A web site can track a device by cookies, or browser fingerprinting. But if you are talking about a common web site you use like FaceBook or Twitter they probably even have some sort of login and even location services telling them where you are exactly anyway.

There are however various problems for system administrators. Even in our small company it is useful for devices to have a consistent IP address. That can then be given a name in reverse DNS and show in logs. These can be spoofed, just like MAC addresses, so I am not talking about security (not on its own), but for logging and so on. Basically it is handy to be able to track things to a device - the same as what the government what to do, but in an office and with the agreement of the users.

There are also some rather technical issues that have happened on large networks where the constantly changing addresses and use of multicast actually cause serious problems with the network.

The RFC says you should be able to turn the feature off, but many devices don't let you!

What did FireBrick do?

We added a feature a little while ago to undo privacy addressing by mapping the IP address used back to one based on the MAC.

Why? For a start, for the convenience of my devices having a consistent IP address. But we also did this as an experiment, and to highlight the false sense of security that privacy addresses offers. After all, the coffee shop you are using could be doing this!

Anyway, the experiment is over and the feature is being removed from the next release.

What about the future of privacy?

Well, I expect there to be calls now to have devices randomise their MAC addresses. It is technically possible, and if done right it could just work. It would help maintain some level of privacy that cannot be thwarted by features such as the one we put in the FireBrick. I will be surprised if Android can't do this already, and it will be interesting if Apple follow. Apple already do this for probe packets on WiFi to avoid the tracking of apple devices, so I expect they will soon for normal traffic. That will also have the advantage of thwarting any device level tracking for the old IP protocol (IPv4).

Only IPv6?

Some will say this is irrelevant as it is only IPv6, and mostly people still use IPv4 - but bear in mind that if you are accessing FaceBook, and you have IPv6, that is what will be used. It is only a matter of time before IPv6 finally hits the mainstream ISPs and at that point the very traffic that the government would like to track will be IPv6.

Tuesday, 25 November 2014

FaceBook is not an ISP

Again, journalists and the government, not understanding the basics.

Me, trying to add some sanity [youtube]
These are the people making the laws, and they cannot tell the difference. They want to compel a foreign company, one that works under some sensible freedom of speech and privacy laws, to comply with our "big brother" requests, and then they wrap it all up saying "ISPs must do something" and even consider UK laws on the matter.

In some ways it is good that it came out as being FaceBook, as, for some time, FaceBook use https to ensure all posts and access to FaceBook are encrypted.

This means that no UK ISP could read your FaceBook posts by snooping on the connection, and no law could compel them to perform that impossible action either. No changes in UK law or changes to UK ISPs would have revealed what had been posted to FaceBook in this case.

Please, politicians, get this through your thick heads!

Confusing Google, FaceBook, and ISPs, is one of the big problems.

P.S. A huge call out for Julian Huppert as one of the few MPs that "get it". If only I lived in Cambridge... Anyone there needs to vote for him as he has some clue - regardless of what party he is with. Vote for the person!

How to prevent murder?

As reported in the Guardian with headline: "Lee Rigby murder could have been prevented if online exchange revealed"

"The brutal murder of Fusilier Lee Rigby could have been prevented if an internet company had passed on an online exchange in which one of the killers expressed “in the most graphic terms” his intention to carry out an Islamist jihad attack."

Really, what are the Guardian saying here?

Yes, if every communication is scrutinized, and every letter that is sent opened and checked, I am sure lots and lots of crimes could be prevented. Heck, if everyone was kept under house arrest, or locking in a prison for their own safety, we'd make this a much safer place.

This report is nonsense. Why would an ISP be looking at the exchange in question?

“There is then a significant possibility that MI5 would have been able to prevent the attack,” the report says.

Lets reword that:

If MI5 had somehow had the clairvoyance to know that this was going to happen (and evidence of reasonable suspicion) they could have used existing laws under RIPA to request monitoring of this suspect and seen the exchange in question - MI5 did not do that, what a surprise. Hindsight is a wonderful thing.

Indeed, they say that, which rather defeats the headline suggesting that "it could have been prevented":

By contrast, Michael Adebowale was never more than a low level SoI and the Agencies took appropriate action based on the rigorous threshold set down in law: they had not received any intelligence that Adebowale was planning an attack and, based on that evidence, more intrusive action would not have been justified.

So the only way that this would have been handed over by the ISP is if everything was monitored. Who wants to live in a police state where everything we do is monitored?

I am at a loss for words.

Then we have phrases like:

We also found that none of them [US based ISP] regard themselves as compelled to comply with UK warrants obtained under the Regulation of Investigatory Powers Act 2000."

Why would any non UK company feel they are compelled to comply with a UK warrant when obviously, they are not compelled to as they are not in the UK! Duh!

Let's reword that headline for the Guardian shall we...

"Murder could have been prevented if we knew who was going to do it and when and where, in advance"

Look out for terrorists!

Just heard on the radio that people are being urged to: look out for terrorists - to watch for any extremist activity on public transport.

Arrrrrrg! WHY?!?!?!?

Terrorists are criminals, and one of the worst kinds of criminals, but look at the facts. Ever the worst terrorist attack in memory killed way fewer people in one day than died of malaria that day. The next day the terrorists killed nobody but malaria still killed thousands, and every day after and before that. I am not trying to belittle the tragedy for those that died from either, but trying to put in to context. Even if it you look closer to home, to just deaths from preventable events to people in the west, which is a somewhat racist view, you still need to look at making cars safer or tackling heart disease as priorities that are massively higher that tackling terrorists.

Don't ignore terrorists, but why the hell are they even mentioned. Why are we helping them spread terror and fear for them by having these warnings on the radio?

We would be far better urging the public to watch out for people showing symptoms of a heart attack or stroke than to look out for terrorists and extremist activity. It would save more lives.

The obvious answer is that governments want ways to control people. Even though their job is to work for the people, what they want is to control people. Fear is one way to control people. Fear is a way to get people to accept more and more police state legislation.

Let's be rational and not live in fear and terror shall we?

Monday, 24 November 2014

BT giving us access to their network?

The idea of third parties having direct access to BTs last mile (wiring from exchange to premises) is something that BT have, of course, resisted. Access even to just BT ducts is complex and costly.

But it seems BT want us to take control of the aluminium wiring that is affecting an FTTC service and get it fixed! It is pretty clear in this call with BT today.

This can only be BT giving us access to its wiring network - yay!

Recording of part of the call: wav

On a serious note, this is the sort of crap up with which we have to put on a daily basis. We're working with our account manager, as always, to get things improved, but it is an ongoing battle.

Update: It gets worse. We asked to escalate the fault. The reply is crazy, given that it was already a "Team Manager" in that call that we are complaining about, and we have never had a Andy Hartley or Sean Kemp working here, and as director I have never been asked to provide any "approved list".

We are really sorry that we are not able to accept your case as a high level escalation at the moment. Looking at our records the escalation path has not been exhausted

The escalation path is:

• Team Member 
• Team Leader
• Team Manager

This escalation shows as being with Team leader so will need to have gone to Team Manager.

Also the person escalating  has to be on the directors approved list for sending in escalations.  The only people on this list for Andrews & Arnold Ltd are Andy Hartley and Sean Kemp.  

Theresa May loses the plot again?

Once again we are seeing more crap about snooping on Internet users. The BBC article is as vague as the rest, with comments like "A law forcing firms to hand details to police identifying who was using a computer or mobile phone at a given time is to be outlined by Theresa May."

Firstly, that is impossible. You cannot tell who is using a computer or mobile from an IP address. At best you can tell subscriber details, if they exist, and maybe a location where the IP is initially routed (but it may then go on to anywhere in the world). So what is being asked is impossible.

But what is also odd is that there are already laws such as DRIPA requiring logging of IP when people connect to be held for a year; and allowing the authorities to get subscriber details under RIPA. If we are to assume they mean "subscriber" then that already exists, so what new laws are being suggested?

As I said on Sky News, this is pointless. Because of blocks on legal porn, everybody now knows how to access a VPN or use a TOR browser. This used to be a bit obscure, and not something most people would know or use, but now it is mainstream stuff. People have legitimate legal reasons to use these tools. If someone wanting to watch legal porn can find a TOR browser you can bet that every terrorist will be able to.

Now, bear in mind, that the EU have already said that the sort of blanket surveillance in DRIPA is not legal, so adding more cannot be legal. We should not have to live in a police state! There is a price for freedom, we all know, and lest we forget that we have had to pay a price for that freedom in the past - so lets not give it away now.

So please, Theresa May, give it a rest.
  • It is not legal or moral to blanket snoop on citizens
  • It does not show who is actually using an IP
  • It is simple for anyone doing anything dodgy to bypass
  • It can only impact innocent people and increase costs for everyone

Sunday, 23 November 2014

Blizzard IPv6 broken

Blizzard are one of the more forward looking games companies and have been doing IPv6 for some time.

In World of Warcraft there is an option to use IPv6 when available, under "System" and "Advanced"


Sadly this is still not ticked by default. I really think it should be now.

Unfortunately I found it was not working. SYNs going out and no reply. This adds some delay to connecting as it tries IPv6 first. A trace shows that we are getting in to Telia, who prove Blizzard with their connectivity.


So, it looks like some sort of firewalling issue to me - otherwise you'd expect ICMPv6 errors for network or host, or a RST for the connection. Indeed, if there was some sort of error response, as their should be, the client could immediately fall back to IPv4 with no delay.

What is worse is there seems to be no way to get this sorted. I did, of course, raise a ticket. In fact I raised two - one for the impossibility of logging in at all when busy (just hangs) and one for the lack of IPv6. They promptly assumed the two were related, which they were not, and I spent an hour or so talking to a GM on the subject.

He was, to my surprise, quite knowledgable. Unfortunately both tickets are sort of going nowhere. The load issue may be a bug as well, as I worked out that I can work around by logging in to a character that is not parked in a garrison, and then logging out and logging in as the one I want. We discussed the way garrison instances work. I see why they can't do the garrison on the client - as apparently you can visit a friends garrison. That is something I did not know :-)

However, the IPv6 issue he basically can't help with, and has no way to escalate to someone that can.

I have offered to help in any way I can, checking route announcements are right, tracing from various places, etc. I am sure if their IPv4 connectivity was broken in this way then they would fix it damn quick, so why not treat the current version of IP in the same way?

So, Blizzard:

  • Please fix the broken IPv6 - ask me if you want any info, ticket EU47550106
  • Fix your firewall so that if IPv6 is not working the correct ICMPv6 responses are sent
  • Please change the client to default to IPv6 enabled

Friday, 21 November 2014

Worst kind of spam?

OK, technically, I am on the Blizzard mailing list, so not spam as such, but an advert.

An advert for something I am already paying for and they know it.

An advert for something that doesn't fucking work yet.

Really Blizzard, why rub salt in to the wound? Why?


P.S. the most obvious problem is the garrison instance. As I understand it that is a single player instance, it is your garrison/fort/town. So why the hell is that not run on the client and not an instance server which clearly cannot cope?!

Thursday, 20 November 2014

To BT or not to BT?

We have backhaul via BT (BT plc) and via TT (TalkTalk) now at A&A, and have had for some time.

We have told them both that in the long term we want a pretty even mix of providers between them, and in general we have most customers that can get either TT or BT backhaul. At present it is way more BT than TT.

But what is the difference and why would we, or one of our customers, choose one or the other?

Firstly it is worth explaining that the copper pair, in either case, is BT plc t/a Openreach copper. So either way we have to get a "supplier" to work with BT to install the service, and maintain the service, and fix faults. Some times dealing with the devil you know (i.e. BT) can be easier. For us that is a huge part of the game here - but it is only the few lines with faults that we are looking at day in and day out - for most customers lines work and it is not issue who is fixing lines. If all else fails we can move a line between carriers to get the line fixed.

The technical difference is kit in the exchange and back-haul through the country to interconnect with us. That is where BT and TT are different, but less so than they used to be. They both offer backhaul on a 95th percentile basis now and in spite of surprisingly complex pricing systems by one of them (guess?) they are very similar in price for back-haul. This is why we price both the same to customers. It is, none the less, expensive, and over an order of magnitude more than transit costs for data. Overall the back-haul works, but we have to be on our toes to identify faults and congestion and get them both to sort issues. Both TT and BT can have back-haul issues, and we are good at getting both sorted.

In general, for Home::1 and Office::1 we make a choice of carrier, but you can ask us to change it. For Office::1 we try and make it one of each for redundancy in the back-haul network. For units based the customer chooses.

So what is the difference if not cost?

For a start we can only (currently) do normal FTTC via BT. That will change some time soon, and that is a bit of a game changer as it will allow choice of BT or TT for both ADSL and FTTC services. For FTTC, not only is the copper BT plc, but the DSLAM (the VDSL modem in a cabinet) is also BT plc, so the services really are very much the same in almost all technical aspects.

But for ADSL, there are differences. For a start TT don't have 20CN (ADSL1 only) kit. So where we can do both, if the BT side is 20CN, it is a no-brainer to change to TT. We do this and email customers about the upgrade routinely, just as we do for 20CN to 21CN upgrades using BT kit when they upgrade an exchange. The 21CN (ADSL2+) modems are better and faster, simple as that.

So what else is there on ADSL?

BT have similar kit to TT, but TT allow us to control the profiles directly, and we pass that on to customers. This means you get to choose the margins and settings for the line, and stick with them. For stability, and your choice of "speed vs reliability" you have total control. That is a big plus for TT. On the BT side they have Dynamic Line Management which is impossible to disable in most cases. That will try and get the best from the line, but can make matters worse. This extra control on TT is clearly an advantage for our customers.

Are things changing?

There are several changes in the pipeline, and none look too good for BT...
  • At some point we will get normal FTTC broadband from Talk Talk, and I expect the pricing to be competitive and compatible with BT. This means we can offer an identical service technically from two carriers. This is excellent for dual line services like Office::1 where one can be BT and one can be TT.
  • At some point TT may offer some DLM (Dynamic Line Management) options, which would be an option and not mandatory like BT. If this happens then this can be a sensible default for lines to get more from the line, but with a manual override for the lines that do not work well with DLM. Best of both worlds, and a reason to use TT not BT.
  • At present BT can do a low 3dB margin which TT cannot do on ADSL lines. For a few very clean and stable lines this can mean more speed on BT. We hope TT will offer this soon. That will make the ADSL offerings much more comparible.
  • We may be able to do the "line" via TT instead of BT for the "phone" side when using TT ADSL or FTTC, which has no calls, and that may allow a lower cost for the supporting copper pair.
  • Playing the game! A big thing for us is playing BT and TT off against each other. This means that, to get the best deal, and ultimately the best service and prices we can offer, we may want to move lines between BT and TT one way or the other. Having FTTC on TT will help a lot, as well as 3dB margins on ADSL. Having equivalent services on both makes that easier.
Both back-haul providers have no filtering in place and provide clean 1500 MTU PPP to us.

So we may ask people if they are happy for us to move their line (at no cost to them) between back-haul providers. The impact is a minute or so downtime while re-jumpered. We need to work out the plan - have an opt-out for people, and even, in some cases, a permanent "opt-out" for us tinkering like this. We are happy to respect that some people make a choice and want to stick with it for whatever reasons. Having the flexibility to move most lines ultimately helps all of our customers, but transparency on how we do this, why we do this, and so on is crucial.

We plan to have some BT/TT options on the control pages soon, and notice of changes and opt-out links. If this goes to plan we can get better deals from both carriers, and eventually do more per unit and more base usage on packages for the same money.

Who do you work for?

Given the apparent cluelessness of call centre workers, I did wonder if there are lots of people who have no clue who they work for.

For a start, it seems clear that many people have no clue at all about the basic concept of "legal entity".

There are several legally recognised types of entity, or thing in the UK. Basically, this is an entity that can own property, make contracts, have a bank account, etc. That obviously includes "people", but there are many other types of entity. A Limited Company (which is a legal person distinct from the people that work for it or that own it); A person (sole trader) or group of people (partnership); A government department; A charity or a friendly society. One issue is that, whoever it is, they could be using a trading name that is different, though in most cases the original entity has to be named on letterheads and adverts and stuff. It is well worth reading up on the basics, and understanding who you do work for, and who you sell to, and who you make contacts with.

But then I got thinking, especially with people with such little clue themselves, what would it take to make a fake company or better still a fake government department? What about a fake secret government department? A small office, perhaps in London, and some suitable letterheads and stuff. You could have someone in charge, with a title like commander that takes you through, and makes you sign, The Official Secrets Act, and so on. It could even be pushed as a rather underfunded secret government department, so a lack of budget.

You'd end up with gullible people doing work for you - things that might normally be quite illegal - thinking that it was all legit, and taking care to keep quiet about it all. Done right, you may be able to work the whole operation from afar, just in case it all unravels.

I mean, if you got a proper M.I.B. or Torchwood type job, how would you check it was legit?

Tuesday, 18 November 2014

National Advice Clinic?

Anyone know who these bozos are?

Their staff have no clue.

AKA The Industrial Hearing Clinic, but claiming not to be Industrial Hearing Clinic Ltd!

Why the hell do people work in call centres without a clue who they actually work for. Don't they teach this stuff at school. I guess not. I get the impression that they genuinely have no clue rather than being deliberately evasive, though apparently asking who they are makes me an arse!

020 3519 0692

http://www.me.uk/2014111812360200000.wav

Update: Result! http://www.bbc.co.uk/news/uk-england-lancashire-34984695 …

Going nuts

For a couple of weeks now I have been woken in the night by some sort of tapping and scratching noises.

It is only for a few seconds at a time and sounded like it was from above me.

I wondered if somehow it was the cat & dog downstairs chasing each other around maybe and I was just not managing to work out where the sound was from.

I wondered if it was birds stomping around on the roof - but at 3am?!?

At one point I was starting to wonder if I was hearing things - as it always seemed to be a matter of waking up having just heard the sound, but then not hearing anything when properly awake - so did I dream it?

I think my family thought I was going nuts! Nobody else had heard this, but it was driving me round the bend. They had looked in the loft and there was no sign of any droppings or anything. We wondered if we had rats, or squirrels, or some sort of birds, or who knows what... We had no idea how something was getting in to the loft or why.

I was now waking up when I heard the noises and was definitely hearing them when awake. They definitely were from above the room somewhere. But still very brief, and still nobody else had heard them.

At this point I was getting up and going in to the loft in the middle of the night, even standing there for 10 minutes listening carefully, but nothing!

Well, I have a cheap 4 camera CCTV system that is going up around the garage and the house later (as part of my "man cave" project). It has night vision cameras. I unboxed it all, and set up at various vantage points in the loft. I can view on the iPhone and it records.

It was starting to get a bit like an episode of Most Haunted, or something.

This morning at 02:47 I was awoken by the noise, grabbed the phone, and saw something moving. Finally proof that I was not going nuts.

A little playback and still frame capture, and I found the culprit. A squirrel.

All we have to do now is work out how to discourage him...

Friday, 14 November 2014

Fibre data SIMs?

Once again the ASA have ruled that BT can sell its FTTC service as "Fibre optic". See ispreview article.

The basic argument is that it makes no difference to the end user, and is fibre optic most of the way to the end user.

They are, as ever, missing the point, so here are a few reminders for the ASA and those continuing to fight the ruling.
  • It is a simple matter of fact - we don't allow green toilet paper to be sold as pink toilet paper even though "it makes no difference". We don't allow battery hen's eggs to be sold as "free range". The adverts should not tell lies even if the end user could not tell them apart.
  • It is anti competitive as there are companies selling "fibre optic" Internet access and they find it harder to differentiate when BT adverts (and virgin adverts) are misleading the public like this.
  • There are lots of intangible differences which the "basic service" does not cover. Fibre is more able to be upgraded later; it is immune to RF interference; It is immune to nearby lightning strikes; it is immune to the typical contact corrosion from which copper can suffer. It is likely to be way more reliable.
  • Even "FTTC" is potentially misleading as some "FTTC cabinets" are microwave back-haul in rural areas. This is a great idea, and for normal working is equivalent to FTTC, but it is not "fibre optic" even by ASA rules!
  • It is not the same from the end user viewpoint. BT do have some "equivalent" 80/20 FTTC and FTTP services (i.e. 80Mb/s down and 20Mb/s up), but there is a huge practical difference. For FTTC that is "might be 80Mb/s down, depending on the line length, could be much lower, even as low as 5Mb/s", and also "the speed you get may get lower over time and could drop 25% without being considered a fault by BT". Yet for FTTP it is "80Mb/s down, 20Mb/s up and won't change". That is a difference an end user can see, and one they may seriously consider when choosing a product.
However, in light of the ASA ruling, which basically means that as long as "most of the way" it is fibre, we should, perhaps, sell "Fibre data SIMs". After all most of the Internet connect is fibre and the last bit is radio. [we do let you print any image you like on them :-)]


Thursday, 13 November 2014

Transfer aborted: Instance not found

I appreciate it is not easy, I really do. It is not easy having so many users, and not easy launching any sort of software or service.

But Blizzard are not new to this - they have launched upgrades many times, and WoW has been going 10 years. They should know how to make it work properly.

They have run public beta servers. They have multiple realms/servers so that the whole system should scale well. Not so many users on each server at once, etc.

The vast majority of the "work" is in the client - the server has to manage the NPCs and interactions, and quests and stuff, but the client does all the fancy graphics.

They collect a lot of money from subscriptions and so really should be able to cope, in my humble opinion.

To explain the picture here to those that don't play, or have not tried the expansion yet. This location is my garrison. It is a new feature where each player has their own "home town" almost, with a separate garrison hearthstone. The garrison is an "instance" that is for that player. Instances are not new - they are used for dungeons where a group of players play together and independently from other players to complete a quest.

Here, lots of people have come to their garrison - it is key to progression of many of the quests and some of the new features with garrison "followers". Everyone expects to find a very quite place with a few NPCs and some buildings they have constructed, and the next "quest giver" that will move them on to the next stage.

However, the system is broken, and not for the first time today (we are talking working hours in UK and much of EU, so should not be busy, yet!). Yes, I was off because of air-con install, so have been playing! So what has happened is that everyone is in one generic prototype garrison which does not have what they need, just lots of people.

It has also gone buggy where people cannot even dismount, or mount, or even logout properly.

The chaos is kind of special, as there are constantly new people arriving, wondering why the place is full. Most assume the quest giver is there but surrounded by so many people that they cannot see it, and hence are calling people idiots and asking people to dismount so that they are not in the way.

Earlier today this happened, and the effect was that after some waiting, suddenly, I moved to my own garrison and for me everyone vanished. This time, it is basically broken, so more and more people arrive, unable to progress a chain of quests and kind of stuck waiting, and yelling at each other!

This is what we pay for :-)

P.S. Game just exited as I type.
P.P.S I guess they rebooted it - did not help - everyone re-appearing one by one in same state!

Update: It worked, I was able to progress at the garrison, only to hit this saying the same!!


19:00 And still a picture of chaos, with basic game play screwed as well in some places


Wednesday, 12 November 2014

The only way to watch the news

I do rather love the idea of watching a live news event, via comic strip!


Well done Randall. xkcd

Sunday, 9 November 2014

Daft idea

Make a server.

Have it accept a "registration" packet which includes a geographic location and a channel number. Until a later "logout", it gets sent a constant stream of live audio (maybe RTP based).

It can, at any time, send to the server an audio stream.

The audio it gets is a mix of all incoming audio on the same channel where the level (amplitude) of the audio included is based on the relative proximity of the geographic location from which the incoming audio streams arrive and the listener.

What have you got?

CB/Ham AM radio simulator over IP!

Anyone want to make an RFC?

Could this be the new twitter? Imagine the phone app, push to talk, always streaming audio, location update as you move...

Friday, 7 November 2014

Turning to the shiny side...

I now have a iMac desktop. There, I said it! I feel like I am at an A[&]A meeting...

It is still something I am getting used to, and has been a complicated decision to make.

Perhaps I need to elaborate on some history of what I mean by my "desktop" and what I have used as a desktop in the past.

For many years my "desktop" or "main machine" was pretty much my only machine. I started with a TRS-80 at home and used an RML 380Z at school.  I do recall, in sixth form, taking a black and white TV set and TRS-80 on the back of my bicycle, to school, more than once.

I progressed to BBC micro, and even did some commercial work on a ZX Spectrum, but never used that as my "desktop", more of a doorstop (literally). I went through every feature of BBC micros, even 2nd processors. I then moved on the Acorn Archimedes. I still have BBC micros and Archimedes in the loft!

But ever since then, and that is around two decades ago, I have used linux in one form or other. I have used linux since the days that the install was a small number of floppy disks, and "X" was somewhat newfangled.

That is a very long time to use the same basic desktop. Times have changed massively. Machines have changed, monitors have changed, desktops have changed, even vim has changed, and oh! how hard disks have changed. These days, well, until this month, I use a Debian distro and a nice 30" Apple monitor. But the theft in the office caused some changes (nicked my monitor!). I tried a 4k TV at work, keeping the 30" at home. That is not as good as I would like - size and resolution are OK, but quality of pixels on some colours, no.

For many years I have used laptops. I have used some windows laptops, briefly. I have even used linux laptops, but they did not work well. I think they are somewhat better now. However, Apple make some damn good laptops. So I am used to those.

For some time I have used a nice Apple MacBook Pro on my desk in the front room, and when away from home/office, but my main machine in my study is still a linux desktop. I am only properly working when in the study, and use the laptop to ssh to that machine for much of my work. The laptop is the "front end", doing browser, email, and terminals to ssh.

But I have now taken the plunge, and switched over to the shiny side. My "main machine", my "desktop" in the study is now a 5k iMac. It is nice! I am keeping the linux machine too, to which I ssh and use vim and the dev tools for "real" work, but my day to day usage of email, web, and all sorts of graphical tools is now on the iMac. I have one on order for the office in order to complete the illusion.

I was impressed to find SyncThing to allow me to have shared (well, synced) files on all machines. That is important, and used to be done using an NFS mounted home directory under linux. My tech staff hated my use of nfs as it caused them issues, but I think it worked well for my needs.

I am using safari as the browser. I did trial MacMail and ended up going back to Thunderbird as it allows multiple identities on a login and also, importantly, GPG encryption.

It seems that more and more open source stuff is built for Mac now. You used to have to do an X server thing but more and more is native OS X.

So far it is working really well, and I have to say the 27" 5k screen is damn impressive.

But there is one other usage, a gaming machine. The idea is that, occasionally, I may relax and head off to Azeroth or some such as a game. Really I have little time. I have a windows machine with 3D monitor, but really, shutter 3D glasses are a pain. More on that when garage finally sorted with new 3D TV. But for now - can the new "desktop" machine manage World or Warcraft?

Well, the answer is yes, but with a caveat. You end up setting low end graphics settings. I found setting hi-res textures was OK but more settings and it slowed massively. So the second iMac is going to have the higher grade graphics card. I'll report on how that goes.

That said, playing on a 5k screen is, well, wow! You can set anti-aliasing, but on a retina display you just don't need to!

So, in conclusion, I have changed my "desktop". The graphics aspect of all of my day to day work is now Apple. I still use "real" machines (linux) for actual dev work, but the graphics is all iMac now. Given that iMac is unix, it may be that we move some of the real work over in time. At the end of the day, linux is a good desktop but Apple have always been that bit more polished - it is almost its trademark.

I'll report back on difference for extra CPU, memory and graphics card when the second one arrives, and I'll, no doubt, blog when something is not working as I need. Interesting times!

This is a good thing, yes?

Just got from BT:

"latest update states the job is fluid in taskforce for gully sucking to be work done which will be issue will be issued asap"

I did a google image search for "gully sucking" (and I don't have safe search on) and I was pleased to see that all the images were indeed large vehicles with hoses plugged in to drains and things. With a phrase like that, you never know :-)

Wednesday, 5 November 2014

Bluetooth tracker things

Anyone that has used FaceBook will have seen adverts for the "Tile". It seems like they have been advertising forever (maybe it is a year) and it may have been some sort of kickstarter type thing as they are finally only shipping now. I have actually seen a real "Tile" just last week. Even so, their web site says "reserve one today".

What I did not realise is that this sort of thing is not new, and not unique. I assumed that they had patented or something, but clearly not. It is just one of many almost identical devices, some of which have been around for ages.

Even on FaceBook I now see adverts for some other trackr thing that a different style and also some sort of crowd funded thing.

So, I thought I would have a play with one of these devices, and the one I got (based on a recommendation) was a "Stick'n'Find". It is a small device with adhesive sticker on the back, but comes with a keyring type thing to stick it to if you need. Was £50 for two from firebox.

So what do they do?

It seems, from description of the Tile and the like, that they do much the same. You need a phone app, and they work with iPhone and Android. They are themselves a small long life battery powered bluetooth device. They have four basic functions (based on the Stick'n'Find) :-

1. You can range find to try and track them down in the same room. Ideal for keys lost in sofa, that sort of thing. The app give a signal strength indication so you can walk around and get closer to the device.

2. You can make it beep and flash - so it is a modern version of the old whistling keyring (remember them!).

3. You can set alarms, e.g. a simple "leash" which alarms when out of range. The Stick'N'Find can make one or other end (the gadget or the phone), or both, beep when it loses connection.

4. You can report it lost, making it so that if it comes in to range of any phone running the same app, anywhere, then you can be notified. Not tried this yet, but it has the issue that there seems to be no central registry for all of the different makes, so this feature only works if there is a big community of people using the same make of gadgets.

The Stick'n'Find is the one I have tried myself, and it also reports the device battery level and temperature. I would assume it will alert when battery low, but these are meant to last for ages.

Now the challenge is finding uses for them! I always have my keys and wallet, though an alarm for being pick-pocketed would be cool. The only device regularly lost is the sky remote (and it is not me that loses that, it gets "borrowed"), so that is stickered. I did think that an alarm as my suitcase comes round the carousel at an airport arrivals hall would be rather cool. Other ideas welcome.

Tuesday, 4 November 2014

I am a scammer?

This is a call recording of a call made by someone in response to my standard email offering to settle for junk mailing me...

Recording (wavMP3) - several seconds of silence at start of recording, sorry... Unedited.

This guy is adamant that I am a scammer, that it is "all over the internet" and that he is going to tell 400 people (as well as Simon, who he is calling) that I am a scammer. Maybe I now have a case for defamation too?

So, a bit of background...
  • I, as a private individual, have a number of private email addresses, including one from my mate Simon that owns titanic.co.uk. I pay his company (albeit only £1) for that email address and service as an individual. His company provides communications services to the public, including me. So that means, for that email address, I meet all the rules to make me an "individual subscriber" under the PECR.
  • Sending an unsolicited commercial email to that address is a breach of the regulations, and those regulations allow me to claim damages when someone does that (i.e. to sue).
  • When I get emails I send a standard response. It is actually a full "notice before action" quoting the details of the breach, referencing the regulations, and the part that says I can claim, and so on. It meets all the rules for such a notice. I have pursued several cases but none to a hearing yet (i.e. people settle).
  • The civil procedure pre-action conduct rules for court cases say that I should try and resolve the matter without court, and one such option is discussion and negotiation. So my email offers that, and suggests a starting point for a settlement to resolve this without court. I suggest £200 as a start for negotiation. I based that on googling similar cases.
  • So offering to settle for a fee is not a scam, or extortion - it is what I am required to negotiate before proceeding to the court claim. I am not a scammer, I am a victim!
Now, the big issue with these regulations is the level of damages - what damages can one junk email cause. Clearly hundreds of junk emails are damaging but what is one? Well, considering it I know they wind me up - I have gone in to work after a junk email and ended up wasting time of not just myself by colleagues because of a junk email, especially when the sender has the audacity to reply trying to justify their spam! This is time wasted when I could be working, and when colleagues should be working, so costing the company money. However, it is my company, so that costs me! If I delay a feature on the new FireBrick code a day that could lose a £10,000 sale. There is also the very real risk of junk emails cluttering my inbox such that I miss, and accidentally delete, a real email. That happens! That can also cost me, or the company (and so me). So £200 is not an unreasonable proposal for costs for one email on balance, I think.

What we need is the regulations to change, for junk emails and junk calls, in section 30, to have something like "Where the amount claimed is £50, or less, the claimant does not have to justify the amount claimed, only that they are a party inconvenienced by the breach". That would simplify the matter massively and allow a lot of claims for junk emails and junk calls. The courts would not be flooded by these as all cases would be settled out of court because the case is so clear cut.

There is a consultation on junk calls now, the same regulations. Please reply and suggest this simple change.

P.S. by popular demand, this is the current wording of my email:-

NOTICE BEFORE ACTION

You have transmitted, or instigated the transmission of, an unsolicited communication for the purpose of direct marketing by means of electronic mail to an individual subscriber contrary to section 22 of The Privacy and Electronic Communications (EC Directive) Regulations 2003.

I, as the recipient and individual subscriber, have never given you consent to send me unsolicited marketing emails and I have never provided my email address to you as part of a negotiations or sale by you to me in the past.

Although I am not in a position to offer you legal advice, this is clearly a criminal offence. The Information Commissioner's Office have clearly stated "I would confirm that your understanding of Regulation 22 is correct; that is, if a company sends an unsolicited marketing email to an individual subscriber without their prior consent and/or without satisfying the conditions of the soft opt-in, then they will be breaching the Privacy and Electronic Communications Regulations"

There is a defence for having taken all reasonable steps to comply, but as you have no way to know that any target email address is that of an individual subscriber, the only step you could have taken is not to send unsolicited marketing emails at all.

For the avoidance of doubt here - this is not a Data Protection Act issue, or one where you have the option of relying on an "unsubscribe" link - sending just one email, as you have, is a breach of the regulations.

Section 30 of the regulations permit me to take civil action to recover damages suffered as a result of your breach of the regulations. It is difficult to access damages exactly but your email has used resources on my computers and my Internet connection, wasted some of my time, causes distress and annoyance which has interrupted my chain of thought and concentration, and so disrupted s/w development work I am doing. Looking in to similar cases for such damages it is clear that claims range from £270 to £750. In this instance I feel that a mere £200 would constitute a reasonable level of damages for the hassle you have caused me by your breach of the regulations.

In accordance with section 8.2(1) of the Pre-Action Conduct Directions of the Civil Procedure Rules, I would like you to consider Alternative Dispute Resolution to this matter by means of discussion and negotiation. I therefore invite your comments and any offer of settlement or other negotiation.

However, if I do not receive a reply within 14 days I reserve my right to issue a claim on the small claims track of the county court without further notice.

Should this matter go to court I will rely on the email you have sent and associated headers, whois data and other resources identifying the sender. If you believe you have evidence that shows I did give consent to the sending of this unsolicited email I ask that you forward this to me by reply.

I look forward to your prompt reply.

-- Name&address