Friday, 27 February 2015

Unintentional DoS attacks?

We have had some issues today, both last night, and for a few of hours during the day today on and off. It looked a bit like a denial of service (DoS) attack via LINX, but it seems was not actually intentional!

Basically, somehow, a major content provider with which we peer suddenly thought we were a transit route for a chunk of their traffic and flooded our peering and hammering some of our transit to get the traffic to its actual destination (another country even!).

We've been working with them to try and understand and fix this. We are very sure we are not announcing someone else's blocks by mistake to them. They confirmed they could not see any layer 3 route to us for the traffic. So nothing looks wrong! But they are sending the traffic and it was enough to cause packet loss on LINX for us. Best guess is a hardware issue on their router.

I'll update more on here when we get to the bottom of it - we have had to shut down the peering, meaning no diagnostics can really be done to find the underlying cause, which is a nuisance. At some point we have to re-establish peering and do testing to confirm if fixed.

Even with peering down, we are still seeing bursts of traffic, but dropping the peering has helped, oddly. With peering down, this means it is some sort of layer 2 (Ethernet) issue. At least, when there is traffic, we stand a chance of diagnosing the problem.

Whilst packet loss on a major external link is a problem, it does not usually have that much of an issue on normal access to web pages, email, etc. For a start, it is only the one link, and we have many. But it does have quite an impact on VoIP services which mostly go over peering links. We immediately redirected some of our VoIP routing to try and avoid this, but some calls were still via LINX and suffering break up in audio.

Obviously we need to have a serious look at ways we can cater for this sort of issue in future - ultimately we have very little control of things going wrong "in the Internet", and it is almost impossible to pre-plan every possible contingency. None the less, we will try and learn from this.

I picked a good day to be off sick!

Update: I would like to thank my engineering team (Paul, Andrew, Jimi) for working on this all day and on in to the evening in their own time, and the guys form LINX as well. It seems the exchange itself (LINX) is not at fault in any way, which is good news. Some additional steps with the route server do seem to have stopped the bursts of traffic as of around 5pm Friday, and we intend to leave things like this until the peer can investigate further.

Update: When another LINX peer suffering the same issue contacted the offending peer this morning (Saturday), they immediately reset the card facing LINX and fixed it. One wonders why they would not do that when we reported it yesterday, shame. It does however confirm this was not "just A&A" being affected.

Thursday, 26 February 2015

Knowing your customer

Obviously, as a business, we have to know our customer. To be more specific we have to know some particular details about our customer.

This is not always true - a shop selling a mars bar does not have to know anything of their customer, and neither does someone running a vending machine.

However, we have to know some details, though in theory we could provide some services where we do not need to.

For a start we have to know what that customer's legal entity is, e.g. a limited company, or a sole trader, or so on. We also have to know a service address. The reason for these, apart from anything else, is so that we are able to enforce the contract (to take someone to court if necessary) for things like non-payment of bills. This is the same for  pretty much any businesses offering any sort of ongoing service.

But we also have to know a few other things, and we do ask some of these when people order. Here are just a few examples of what and why...

Under 18

If someone is under 18 they are a minor, and there are a whole load of things that impact the contract we can make with a minor and the extent that we can enforce such a contract. We have actually made a decision for the services we offer not to deal with minors (sorry). We do ask though, as lying about that would be fraud. If we did not ask, it would be tough luck on us.

Consumer

The rules on contracts, in terms of what is allowed, and some of the steps we have take in giving notice of contract terms and getting agreement, are impacted by whether someone is a consumer or a business. Consumers have extra rights for cancelling contracts that have not yet been provided. There are also differences in terms of late payment penalties that can be applied. Of course it is possible for someone to be an individual, but buying as a sole trader in a business and so not be a consumer!

Small business (10 or fewer individuals work for the business, paid or volunteer)

This is a complicated one, as any small business can change to have greater or fewer staff over time. This one impacts a couple of things - one is the ability to make use of ADR (Alternative Dispute Resolution). Someone with more than 10 people doing work for them cannot use ADR.

This is also part of the new GC22 migration. Anyone with more that 10 people cannot expect to be able to migrate broadband or fixed line telephone services (though in practice they may be able to).

Communications provider

This is complicated!

For Digital Economy Act, being a Communications Provider means you are exempt from copyright notices. It is possible to be a Communications Provider and not be an Internet Service Provider, even, so avoiding other obligations of the Digital Economy Act. However, for this, the definition of Communications Provider comes from the Communications Act, and seems to me to cover anyone with a network switch or router at home would meet the definition.

For ADR, a Communications Provider cannot use ADR, and that definition is from the Communications Act too.

For GC22 migrations of broadband or fixed line, the definition is different! It is someone providing DSL (including FTTC) or fixed line telephone services, so someone with a switch at home is not a Communications Provider under that definition.

This makes "Knowing your customer" slightly more complex as someone could (a) be a Communications Provider under the Communications Act (and so for DEA and ADR) reasons, but could be (b) a Communications Provider under OFCOM GC22, quite independently (one, or the other or both). You then have that for DEA one has to be "buying service as a Communications Provider" so it is not simply whether you are one, but if you are buying as one!

At the moment we ask if someone is a Communications Provider under the Communications Act, but we may have to refine that question slightly!

Wednesday, 25 February 2015

OFCOM confirm...

GC22 - the new migration rules that replace MAC codes for broadband, simply do not apply to lines for customers with more than 10 people working for them or which are communications providers.

They suggest such migrations are best managed by a cease of old services and re-provide of new services with some overlap (and notable cost).

In some ways this is sensible, in some it is not.

They do not confirm who is responsible for determining that an end user has more than 10 people working for it, and who is liable if a telco acts on statements made by the customer on such things or what happens if number of staff changes over time.

They do not confirm the reason code to give when a losing ISP refuses a migration because its customer is more than 10 staff and hence "GC22 does not apply".

I have to feel that OFCOM have not thought this through.

P.S. - this is not just broadband, but fixed line telephone services as well!

Training is hard work

I run a couple of regular courses, one of them is the FireBrick course (two day), and one is a crash course on IP (one day).

Both are hard work - they mean a lot of standing up in front of a room of people with a projector and a whiteboard marker and a lot of talking.

I hope I do a good job - I get a lot of good feedback on this - but it really is a hard day's work from which I always feel knackered. The course this week was even more so as I am still recovering from being ill, and I appreciate the help from Alex on several parts of the course.

The IP course is perhaps the easier one. It is a crash course on IP done over one day - from the basics of ethernet packets, MAC addresses, ARP and ND, and building up from there all the way to how TCP works and email and web browsers. It is basically working through in a logical order layer by layer. It makes sense as each layer builds on the knowledge we have built up the layer before. It is a lot for one day, but the material has not had to change for a long time.

The FireBrick course is a lot more of a challenge! For a start it is always changing - every time we have new features and the course grows.

But even then, every time we run it we find ways to make things better. One of the issues is there is no logical order for the material - it is not like IP which is layer on layer - it has so many features, and whilst some are more fundamental (profiles, logging), so many others are independent for each other and so have no meaningful order. Every time we add a new feature we have to work out where to slot that in to the course.

I think we have a pretty good formulae now, but it is tricky to fit in two days and I can see this becoming a three day course soon. Right now we have to be selective about which areas we do with a practical and more detail and which we explain and continue on to next topic.

This week was harder as we had a mix of ISPs and end-user or IT company types and had to try and cover both areas. I think we managed a good mix.

Even so, we are considering whether some sort of SME IPv6 course is worth running - but I suspect we have to cover a lot more "windows" than I would wish to go near.

In short - I have even more respect for professional teachers in schools - this really is hard work!

Building a new community

I ran a FireBrick course today and met some very nice chaps from a small ISP who deal with the likes of BT and Talk Talk just like we do. (Freudian slip, I initially typed "lies" not "likes" in that!).

They were very interested in our efforts to start a Wholesale Broadband Buyers Forum  (wbbf.uk). They have even considered doing the same themselves. I was really pleased at how much common ground we had.

There are a lot of small (and even larger) ISPs that face issues with carriers on a daily basis, and we all want to work together and with carriers to solve these problems so that we can provide the best possible service to our customers. We really do not want to be fighting BT or anyone - but we need a way of working together that means we do not have to fight, and that is not how it is right now.

One of the biggest issues which has plagued all ISPs for over a decade now is BT SFI (Special Faults Investigation). It is a problem in the first place, as it was created on broken foundations so solve a problem that should not have existed. BT, in classic big company style, do not fix the underlying issues but pile on top new layers of bureaucracy and incompetence. The latest is that SFI disputes are such an issue with ISPs that they have a new process for management of disputes (rather than fix the reason for the disputes in the first place).

I had a meeting many years ago face to face with people that dreamed up SFIs, and in that meeting they said something along the lines that an engineer visit that did not find a fault was chargeable anyway so making an SFI added extra value by being able to check end user wiring and stuff as well for that fee. I pointed out that this was in fact untrue - there was never any charge for such a failed engineer visit - I even challenged him to show me where in the contract and price list (and indeed any bill we had ever had) where there was such a charge. He failed to do so - so the fundamental premise of SFI as adding benefit to customers who already paid for the failed visit was actually flawed. Even so, they did not change their ways. This is typical and key here - they created SFI because not checking user equipment was a waste of the customers money on a pointless engineer visit, when in fact the customer was not charged for such visits - the whole logic for creating the concept of an SFI visit was totally flawed and they refused to admit it.

Over the years they have changed the "service" of SFI one step at a time as we find ways to counter it. First it was "charge for work beyond NTE" and we said "do no work beyond NTE". Then it was "work beyond NTE includes visual inspection of end user equipment" so we had people hide their kit when engineers visited - they still tried to charge for a visual inspection, but of what?! Then it was "Fault not in BT so has to be end user equipment at fault" so we sent end users BT branded modem/routers purchased from BT and within warranty as the only equipment on site, making them liable for the line being faulty or liable for saying their supplied equipment was faulty.

The battle goes on to this day with each new stage being a new battle.

The latest two crazy steps are: (1) That a series of engineer visits where the last one finds and fixes a fault in BT requires payment for the previous (presumably incompetent) engineer visits that did not find or fix the fault, and (2) that all visits where the line tests to an analogue phone spec on arrival shall be chargeable even where they expect us to book an engineer for a PPP fault, or a BRAS fault or a BT modem profile fault all of which happen on a line that is good at a copper test level.

With Talk Talk they create another level of indirection and similar stupidity. At least TT are only at the stage of "SFI" being a product and us saying no thanks, we do not wish to buy that product, now fix the broadband we have already bought. This is a stage we had with BT many years ago.

Somehow we need to find a way to solve this - to get BT and carriers to actually work with us to fix faults, and not create a machine for creating and disputing charges. We also need to work on other things like the cost of backhaul bandwidth, the stupidity of wires only FTTC (leading to yet more SFI issues), issues over backhaul congestion within the network, and stupidities of ordering and faults systems not working properly. We even have to consider OFCOM related stupidities like the latest broadband line migration systems.

So the idea of WBBF is to allow this - to bring together ISPs using BT and TT, and solve these issues. We are gathering momentum now.

The next step may have to be a physical event - in London (pretty much has to be, sorry), and with as much chance to talk as possible (so no pub/restaurant with music or entertainers). Something with food and drink - beers with peers sort of thing - and a couple of presentations and question sessions. Mostly about drinking, eating, and talking.

The trick is very much not to be another LINX, LONAP, UKNOF type of thing (all of which are good, but not what we are aiming for) - but a place to allow as much networking and talking as possible. I did wonder if there is any venue with a big anechoic chamber (with booze and food) - I'd pay to use that!

The IT crowd: The next big challenge for IPv6

IPv6 (Internet Protocol version 6) is the current version of Internet Protocol - whoopty doo! What does that mean?

It means that the way computers talk to each other is changing slightly. From the point of view of people using computers it makes no difference. Most people have no interest in how computers communicate.

The problem is that some times, some people, need to do something about it, and those people do not always realise this.

Basically, what this is about, is upgrading the Internet to a new version, and that means all of the bits of the Internet changing as a result. People are used to upgrades on their computers and laptops and phones and even TV sets these days, it is pretty routine and seems simple enough - but sadly it is not quite that simple...

In order for the Internet to be properly upgraded it means everything on the Internet using the new system. But while we are getting there -  everything has to use both the new and old system at the same time. Only once everything is caught up can we stop using the old system (called IPv4).

The issue is that, even now, the old system (IPv4) pretty much works well enough. But we can't wait for it to stop working properly before we act. Long before that point we have to have everything using the new version as well, and it takes a lot of time to change things. So lots of people, just like me, are pushing and nagging for this to happen before it is too late.

So where are we at now?
  • Pretty much all of the home computer systems that matter are already upgraded or can be with an automatic upgrade some time. There will be a few things that don't get upgraded but we can generally work around them. The main things are devices that you use to communicate with the Internet, so computer/PC, laptop, iPad, phone, that sort of thing. They all work with the new version, which is good news.
  • Some Internet providers (like A&A) are already making sure that your Internet connection is upgraded already, and have done for many years, but the big players like Sky, BT, Virgin, and so on will start upgrading people's Internet connection soon (probably this year). That will mean that most homes will be using the new version where they can, which is good news.
  • The big companies that use the Internet to provide services, like FaceBook, Google, Netflix, and so on, have already upgraded - this means that people at home, with an upgraded Internet provider, accessing these services, are using the new version of Internet.
This is all very good news, and it is finally happening. Finally the old version can be seen as the poor man's, old fashioned, Internet and pressure applied for the last remnants to finally start to die out, one hopes.

But there is one stumbling block - SME (Small//Medium businesses).

The larger businesses have generally had a plan for many years and been upgrading their systems, but smaller businesses have not. It is not surprising in many ways - shit still works - if it aint broke, don't fix it - and this costs money to even think about or plan let alone make happen.

The problem is that small businesses are not using Internet like home users. For a home user, typically, you have some magic box from your Internet provider, and you have stuff like an iPad or PC, and they just work somehow - you do not have to think about it. That is good news, and a real endorsement of the hard work put in by a lot of people to make this work so well.

With a smaller business you actually think about how Internet addresses work in your company. Which devices have what addresses, and how multiple sites link together. How computers log access. How visitors get restricted access. Things like firewalls and address allocation policies. All of this works because people in a small business - the IT crowd - understand how the old version of Internet works, and do not necessarily understand how the new system works.

Without some mandate from above they have no interest in making their life difficult by taking on such a complex project - not while things still work properly the old way.

So here lies the challenge - how do we get SMEs, and their IT departments, to embrace the new system - to realise the power of IPv6, or at the very least realise the limited lifetime of IPv4 and everything still working properly the old way?

Tuesday, 24 February 2015

Talk Talk at it now

I am really annoyed at BT trying to charge for SFI (Special Fault Investigation) visits where the engineer has either been incompetent and not found the fault (shown to exist by a subsequent engineer), or has found and fixed a fault within the BT network (shown by engineers notes saying he did work, and the fault going away as a result).

We are pretty much at the stage of going to court over it - we have solicitors involved, and the next step if they do not back down is we take them to court.

But now Talk Talk at at it - they simply send the SFI disputes to BT who send them back saying "The initial test passed and the engineer carried out all the required checks for a base module, therefore the charge is valid. Thank you for your enquiry."

Talk Talk even list SFI as a "product" they sell. Obviously we have no interest in buying such a product from them. We buy broadband, and if that is not working we require it to be fixed at no extra cost. We have made this clear to them, so we await details of how they plan to fix faults without using this "SFI product".

We'll see how it goes, but it may end up in court with Talk Talk at this rate.

Why is it so damn hard for BT and TT to understand that they have to fix faults in the services they sell.

Thursday, 19 February 2015

The outskirts of Communicado

For a change, a very rare change, I am going for a short holiday on my own!

I am actually going to visit friends in the middle of nowhere for a weekend (i.e. where the Internet is four very long bonded 20CN lines to get about 6M total). There are fields. I think there is even a donkey! We sort of say that it is not quite as prestigious as the middle of nowhere, more on the outskirts... :-)

I have a selection of Scottish Malt Whisky Society bottles to take with me, and a laptop.

Nothing is actually planned, that I know of.

Thanks for all the birthday wishes today - they keep happening.

Update: A few of the pics. Fun weekend, thanks Simon and Mike.

One way to keep warm...

Nice weather!

We cannot allow secret communications?

Learning python?

Wednesday, 18 February 2015

No clue

We really are hitting a problem with the "Powers that be" having no clue about the way any technology works.

I have commented as to how the "Snooper's charter" is so out of date already, but it gets worse.

I was chatting to someone at LINX who has been at some of the ICANN/IANA type meetings covering the top level operation of "the Internet". It is a complex and worrying arrangement where ultimately everything, including domain names and IP addresses, ultimately gets authority from IANA which is part of ICANN which has a contract from the US government (which is all changing, maybe).

We already see some crazy steps in verification of domain owner details, and the anecdote I was told was positively scary. Apparently, at such meetings, there are people from law enforcement like Interpol. They want things like "the ability to take an IP address off the Internet" or even remove whole ranges.

But one of the scariest and amusing comments was that they apparently were confused over verifying a phone number against an address. Surely one can check the phone book? A comment was made that "well, you can take your phone number with you when you move" and apparently the Interpol person was "No you can't?!". They seemingly had no idea that a phone number was not physically tied to an address for ever,

Even 50 years ago when phone lines and numbers were more physically associated using elect-mechanical exchanges, one could move house within a town and take a phone number or arrange an out-of-area line. These days you can do it and move to anywhere (in the world) if you want. Many phone numbers have no physical presence in the first place (as with all of our VoIP numbers). They are just an over-the-top logical service to convey voice. Why would they have "an address"?

What is worrying is that people in power to influence policy that could affect us all are so totally and utterly clueless. And for a change I am not even picking on David Cameron.

But just considering UK law, and EU law, there needs to be a massive shake up. The whole concept of communications and communications providers needs redefining to fit with reality now, and in the future. The current definitions simply don't work, and it is only going to get more complex.

There is a need for some laws and regulations, I am sure, but the current laws do not fit and do not work.

The one RIPA request we had that was actually related to some mis-use of something by a customer was one where we sent a member of staff to court for his trial, an he ended up spending most of his time explaining how things worked to both prosecution and defence. Neither of them had any clue that you could route a geographic phone number to a mobile phone and/or a SIP phone or PABX and even a landline or have them go to them all at once or have calls from somewhere present any number you like. In the end the case, of someone making stupid bomb threats (allegedly) ,was thrown out. We got bugger all for his time, and in future will "offer" consultancy services at commercial rates and not offer to be an witness. Lesson learned.

The endless possibilities of layers on layers of communications with levels of encryption and different means of addressing are just beyond anything anyone in parliament or the EU has any clue.

How do we fix this?

Saturday, 14 February 2015

Democracy

The basic notion of a democratic society is that "the people" make a decision on who shall govern them.

Unfortunately democracy has a heck of a lot of flaws. Not least of which is that, even with only two choices, and even if everyone votes, and all votes counted, you could still have 49.999% of people disagreeing with the elected government. But democracy has far greater flaws than that.

The alternative idea here is not really to propose an answer but perhaps start a discussion...

This came out of a discussion last night at a Conservative Party Dinner, to which I was invited as a guest of one of the people with a table. I have many issues with some conservative policies, but it was an interesting evening.

A simple concept was discussed at the table - the idea that everyone gets a vote, but that those votes are weighted somehow. Of course, before you even get to such a concept you have to have a way to make every vote count, by some sort of proportional representation - and even that is complex.

One of the reasons to even consider this is the basic concept that people are not created equal, and that even people who are in fact equally intelligent may not care to spend the time to consider the issues and make a rational decision or have the necessary knowledge or experience to do so, when voting. The vast majority of people are essentially sheep, following friends, relatives, and media in the way they vote, and not considering the actual issues.

I am not trying to be unfair here - for the most part politics is not a useful way for anyone to spend their time, and I too lack the experience or motivation to have a rational viewpoint on a huge number of political issues. There are many issues of government that 99% of people will simply not have to consider.

But the idea of a weighted vote would create interesting problems - the criteria for deciding the weighting would be both tricky and exploitable. If one made it that those with a degree had higher weighting, then there would be a million scams to get people a degree if they will vote the right way.

So, sadly, whilst an interesting idea I wonder if it could every be workable.

There is one idea I did have though - a simple one - allow people to vote with a weighting of their choice. i.e people that actually feel strongly to vote for one party or candidate can say so, and their vote count for more than those that don't really mind either way.

In a way we have that now - you can vote with a weighting of 0 or 1 by whether you bother to vote - so how about having a system where you can say your vote, and state a weighting 0 to 1 (or 1% to 100%). Indeed, knowing you can cross out the default 10% weighting on the form may be an intelligence test in itself.

Could that work?

Update: I did ponder another daft idea: What if it was 1st and 2nd past the post in each constituency (you'd have to make constituencies bigger to have same number of MPs), but the MP's vote in parliament counted based on number of votes they got. If you combine that with a single transferrable vote in the constituencies (so least popular candidates votes transfer to 2nd choice and so on until only 2 remain) you end up with the vast majority of people having someone local that represents them in parliament and is also someone they voted for, but a degree of proportional representation and every vote counting.

Wednesday, 11 February 2015

TPS actually respond

I asked for my SIP URIs to be included in the TPS...

The first time I got a response of "we can't but we'll ask OFCOM", and OFCOM answered very much "TPS can only do digits".

But to my surprise, having written again (from work this time) I actually got a more comprehensive reply. This may be because I complained to the ICO, not sure.


Basically he is saying the definition of "Number" (as in "Telephone number") in the Communications Act 2003 is not carried across to the Privacy and Electronic Communications (EC Directive) Regulations 2003. So they only accept "numbers" in the traditional sense.

I may write back, as, indeed, he is right, there is no definition of "number" in the PECR, so one would indeed expect it to be "number" in the traditional sense... But "registration number", "vehicle identification number", "national insurance number", "serial number", all of which allow things other than just digits, so there is not really much "tradition" in numbers only being digits, certainly not in law.

It also seems to me that the TPS has to list numbers "allocated to a line", and "line" covers things that perform the function of a line. My SIP phone here clearly does that and the "number" allocated by my telco to that line is my SIP URI - i.e. it is my telco that has allocated the SIP URI as a "number", so it counts.

He does say that he will ensure the proper regulatory treatment of SIP addresses is brought to the attention of the relevant authorities in the future. It seems mean having a go now - as he has tried, but I'll give it a go anyway...

Update: I have replied to him :-


Update: The TPS site won't accept my Iridium mobile number, so I am writing to them to add that. That is only digits, so they should accept it. Of course, I know that no junk caller would be mad enough to ever call it, but I am entitled to have it included in the register I believe.

OFCOM drop the ball?

OFCOM have created a new system for migrating broadband lines, harmonising it with phone lines. The system is called Gaining Provider Led (GPL) because you simply order service with a new provider - no need for a Migration Code (MAC).

Dangerous!

Many of us think this is a bad idea. Broadband is not like electricity or gas, where an incorrect migration does not disrupt the actual service, it simply creates billing differences which can always be sorted later. With broadband you could find you inter office leased line that works using Ethernet over FTTC circuits suddenly changes to some generic residential broadband service, taking 10 days to fix, simply because someone put a wrong digit on their order with an ISP and somehow your organisation missed the "Notice" that was sent to the account department in another office. There are real danger of some ADR or suing if this were to happen. There is also the fact that it will now take 10 days, not 5, to migrate services, which seems a backwards step.

Details

However, looking at this in practical terms, as it all kicks off in June, we did consider that it should be relatively easy:-
  • Orders to BT are the same, except we don't send a MAC, simple enough
  • Notices from BT are the same, as we get them for migrate-out using a MAC, some fields will be a tad different, but we already get these notices, we just need to email the customer
  • Cancelling a migrate-out is something we could do already, but don't have to as a MAC is used. We'd have to integrate it a bit more in to our systems and make it easy for customer to cancel.
Of course we expected a few other changes:-
  • Update details of how to migrate on web site
  • Change order form not to ask for a MAC
  • No longer offer people option of getting a MAC
Not so simple!

Unfortunately, now we are working on some of the details, it is far from simple.

For a start, we have a couple of places where we have to send letters which then have a detailed list of things we have to say. Most are simple, but not all. For example, our billing system (priceless) can work out what to charge people for a minimum term when it picks up that a line has ceased and raises a bill - easy. However, the broadband management system which deals with these messages (clueless) does not have billing/pricing data, so for it to tell people the exact amount they will pay for the remainder of a minimum term (Early Termination Charge) means it needs to somehow ask the billing system, but not actually raise a bill (not something the billing system usually does). So not as simple as it sounds, so that will be fun.

Also, these letters need to go by post unless the customer has agreed we contact by email. Well, all of our customers have agreed this. It is in our terms and very clear, and we email invoices and DD notices and so on. But OFCOM are saying that being in our terms is not good enough, we have to have explicit consent from the customer for this. Well, that is easy for new orders, but are we going to have to contact all existing customers to get this explicit consent - that will be a pain for us and them. We're asking OFCOM to confirm.

We also can't talk to the customer to even ask why they are leaving as that could be seen as a reactive save (retentions call).

Anyway, obviously. we are working hard to ensure we follow all these crazy rules to the letter by the time the new process starts in a few months...


But what of OFCOM dropping the ball?

Well, this is where it gets interesting, and we hopefully get reaction from BT and OFCOM today on this. These rules are imposed by OFCOM General Conditions. GC22 covers the migration. 22.30(s) defines "End-User" such that it excludes large businesses (those with more than 10 people doing work for them). 22.30(n) defines "Customer" as an "End-User", so that excludes large businesses. 22.30(j) defines "Communications Provider Migration" as an "End-User" or "Customer" changing provider, so that excludes large businesses. Even 22.30(gg) defining "Migration" as a word, excludes large businesses by use of "End-User" or "Customer". Pretty much all of GC22 uses these terms which exclude large businesses. Even 22.25 which is a catch all for cases not using BT, etc, and basically says ISPs have to work together to facilitate a migration fairly/quickly uses the "Migrate" definition which excludes large businesses.

The whole of the migration process does not apply to large businesses!

This is new. This is different. This is a surprise. I am happy that such a dangerous system does not apply to large businesses, but there is no alternative. The old MAC based system is stopping, so that does not apply either.

Large businesses may simply not be able to migrate phone line or broadband services now. Obviously there will be cases where providers co-operate and do this, using the underlying BT/carrier mechanisms, the same as small businesses, but they don't have to. If a large business asks us to take over a line, the losing provider could just cancel the migration as it is not covered by the migration process at all.

Obviously if I have missed a step here I hope someone will tell me, but I can't see it.

Is this what you meant OFCOM? If not, please let us know when you consult on a new version of GC22 to fix this as we'll be happy to comment.

I'll update if I get responses from BT and OFCOM on this.

Update: No word from OFCOM yet. BT have a relatively easy job of the various messages and process changes, but are not sure of the "point of no return" and cancellations at the last minute. They also get the impression that OFCOM are being a tad wooly on several points. They were interested in the large businesses issue and they too have asked OFCOM for comment.

Update: OFCOM have apparently confirmed to BT that the new migration process does nt cover larger businesses.

Tuesday, 10 February 2015

OFCOM think they are above the law?

OFCOM have admitted they did not send a written reminder of our corporate TPS numbers (and neither did TPS) as required by section 26(2A) The Privacy and Electronic Communications (EC Directive) Regulations 2003 as modified by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2004... phew that is a long sentence.

So they have acted unlawfully, and section 30 allows anyone suffering damages from a breach by anyone under the regulations to claim damages.

Well, having had TPS drop our numbers silently before, obviously, I had to find out if we were still listed having not had the reminder. This involved recordered delivery letters to TPS and OFCOM, which apart from my time, also cost in paper, ink, envelope and postage to the tune of several pounds.

OFCOM are adamant that they do not have to pay any damages.

Are OFCOM really claiming that they are above the law? We will see. I have formally requested that the ICO exercise their enforcement action against OFCOM, and I have sent OFCOM a notice before action.

Saturday, 7 February 2015

Congestion case study

The BT kind, not the sudafed kind...

I have not really needed to talk of backhaul congestion for some time. Many years ago, when BT first had congestion in their network they did not appear to have proper means to plan and manage the capacity. Thanks to our work constantly identifying congested links, they do now have departments to handle this. We've worked closely with BT on these issues over the years in a genuine effort to help them solve their problems and provide a quality service to all ISPs. Over the years this has been a bit of a roller coaster, and occasionally there have been problems for many months (such as when BT's BRAS back haul links had to be upgraded to 10G). Generally things have been OK for quite a while until a few months ago. Oddly we are seeing quite a few issues at the moment that are taking some time to get fixed, but BT are working on it.

The main way we can see congestion is because we have very good monitoring - an LCP echo every second on every line allows us to see packet loss and latency clearly. We then correlate trends over exchanges and BRASs and carriers to identify congestion before customers even need to contact us.

However, there is still the old 20CN ATM based network in BT and many 20CN only exchanges. These are still growing with more demand for bandwidth from existing lines, and more lines being added. This can also result in congestion. Obviously, over time, these are being upgraded to either 21CN ADSL or FTTC (or both).

Over the last two weeks I have done a bit of a case study on one customer on the SOUTH RAUCEBY exchange. Here are my findings...

Seeing the congestion

The first concern is that we cannot see the congestion any more! The LCP echo are not showing loss or latency even when the exchange has a lot of congestion. We think this is a change BT made many years ago to prioritise the LCP echo. This may have been to ensure routers do not drop the link due to a lost LCP echo/reply, but it could also be to make our graphs "look good" I suppose. Thankfully 20CN is a minority now, but we do have to rely on customers telling us 20CN congestion issues.

Overloaded link

This particular customer contacted us some time ago advising that there was congestion, and we contacted BT. As it happens, BT said they had just set up another DSLAM (or another shelf in a DSLAM, I am not sure), and they would move this customer over to that. This solved the problem for our customer, great. However, some months later, he once again has congestion. This does rather suggest they have issues with monitoring the links, upgrading links, and planning rules, one way or another.

This is an example :-


This shows the upload (red) and download (green). This is an attempt to fill the line, which should be able to get close to 7Mb/s of IP throughput but is in fact only getting 1Mb/s at best.

What can be done?

Sadly, we have still not managed to get BT to do anything to fix this yet - it is often an uphill struggle and they may even deny there is an issue. So we considered some alternatives. There are two things we considered. One thing to try is to order "premium" on the 20CN service. This offers a higher upload speed and also elevated weighting in the network.

However, we also had another cunning plan. We lent the customer a FireBrick FB2700. We then told our end to mark all of the IP packets as if they were LCP. This is a feature in the FireBrick which was added to work around problems with a faulty DSLAM that refused to allow IPv6 PPP packets, but we had a hunch it may help here. The fact that our LCP echo always seemed fine seems to suggest that BT prioritise LCP traffic. So we gave it a try.

This is the result :-


As you can see, the download is close to the line (which shows the BRAS rate that should be possible). It is not 100% perfect (the line is a bit wobbly), but very close, and massively better than before.

Does "premium" help?

We also added premium to see if that would help, and it does (as expected). This is an example of premium, with and without the IP over LCP being used.


Just before 20:00 is premium using normal PPP coding for IP packets. After 20:00 is premium and LCP coding for IP packets. As you can see, after 20:00 there is a solid line at the limit - the best performance yet. The graph is a log scale, so it may not be obvious, but without LCP marking the line is achieving approximately half the full speed.

Conclusion

Premium improved from under 1Mb/s to around 3.5Mb/s. However marking IP as LCP improved both premium and non premium to full line speed (with premium is slightly better).

Will BT fix the problem?

We hope so - we will, of course, continue to pursue BT over this congestion. However, our customer has three lines, and all of them can now hit the full line rate over around 7Mb/s at once when he is downloading. He has done speed tests showing nearly 20Mb/s over the three lines. Considering how poor the performance was previously, it seems likely that when our customer is downloading, everyone else on the same VP backhaul in SOUTH RAUCEBY will probably have totally unusable Internet. With any luck they will complain to their ISP (probably BT retail) and help get the backhaul fixed properly.

I'd like to thank domb for all his help on this.

Tech note: The customer is considering patching pppd. What we actually do is simply mark an IPv4 or IPv6 packet as LCP providing the packet starts 4X for IPv4 and 6X for IPv6. At the receiving end an LCP packet starting 4X or 6X is assumed to be IPv4 or IPv6 respectively, so no extra overhead. Genuine LCP codes do not get anywhere near as high as 40. Maybe we should do an RFC :-)

Friday, 6 February 2015

When is junk mail not junk mail?

As I reported recently, a company selling training courses on email marketing emailed my titanic email address (for which I am an individual subscriber). Yes, ironic isn't it. What is interesting is that he has engaged in some lengthy debate on the matter during this week (something to do whilst I'm off sick). We have finally agreed on a £75 settlement. But some of the points that have been raised are interesting.

Even though a UK business, he had not provided the details of his legal entity on the web site or emails (as required by the Companies Act 2006). This is a pain as it makes suing him somewhat harder. He also uses a correspondance address in London, not a real office. I was expecting to hear nothing and hence be able to do nothing. To my surprise he did reply. Even so, I have reported this to Trading Standards, and they are in fact investigating. It seems that they are a partnership, and the best I got was an initial and surname for each of the two partners and no other address, which, sadly, seems to comply with the rules. The difficulty with actually suing and enforcing a judgement is one reason I ended up agreeing a settlement. Fortunately most spam like this is from UK limited companies providing a proper company number in the initial email.

Another interesting issue is that he had emailed 7 times before. He claims not to have received any of the email replies I had sent, and suggests that my IP is on some sort of black list. Needless to say no emails bounced. He initially offered £25, and I said fine, and £25 for each of the other 7 makes £200. But he wanted to offer £25 for all emails. I pointed out my letter before action clearly related to just one email and that is all I would be taking to court this time. Depending on the outcome I could take action for the other 7 at a later date. Maybe, in hindsight, I should have got settlement of the £25 for this one email first and then gone after him for the other 7.

At every stage he disputes any liability, and keeps saying that he complies with all regulations. I have tried pointing out that this is factually wrong. There is no doubt he sent an unsolicited marketing email to an individual subscriber, which means he did not comply - matter of fact. Interestingly he claims that "subject to certain requirements they do permit us to legally email what we reasonably understand to be business email addresses". When I asked him to back that up, he referenced an ICO guideline which did not actually say that at all. It seems to me he genuinely thought that he was within the regulations if he believed the email address was not an individual subscriber, and if he removed the email address when told otherwise. Reading the regulations I am very much of the opinion that this is not the case, and that even one such email, regardless of intent, is a breach of the regulations.

He also said that they are trying to get clarification from the ICO on the "ambiguity" over individual subscribers and corporate subscribers. I guess, if in the business of email marketing he might like to clarify that. I don't think it is ambiguous, just something the sender cannot know. Even so he raises one interesting point, which I was a tad unclear of. Is the subscriber in "individual subscriber" the person that contacts for the "email service", or the person that contracts for the "line" over which the email is delivered? However, I think I have worked it out now...

The PECR states: “subscriber” means a person who is a party to a contract with a provider of public electronic communications services for the supply of such services; “electronic communications service” has the meaning given by section 32 of the Communications Act 2003;

Now, looking at the section 32 of the comms act: “electronic communications service” means a service consisting in, or having as its principal feature, the conveyance by means of an electronic communications network of signals, except in so far as it is a content service.

Now, an "electronic communications network" is a transmission system for the conveyance, by the use of electrical, magnetic or electro-magnetic energy, of signals of any description

A signal is (a) anything comprising speech, music, sounds, visual images or communications or data of any description; and (b) signals serving for the impartation of anything between persons, between a person and a thing or between things, or for the actuation or control of apparatus.

An email service does indeed use such a network, and I think signal covers an email. So it seems to me that the subscriber in relation to an unsolicited marketing email is the subscriber to the email service.

Anyway, once again, this means no case in front of an actual judge. We'll get there eventually.

Update: Interesting point from the comments, I missed the "public" part in the above, which is: “public electronic communications service” means any electronic communications service that is provided so as to be available for use by members of the public; 

What is interesting is the "use" part. If you run a mail server for a domain, you are allowing members of the public to "use" that service by allowing members of the public to send you email. It does not say you have to allow members of the public to "subscribe" to the service. It uses the word "use". So to my mind, pretty much any mail server is a "public" electronic communications service.

Tax avoidance

If a company is paying what they are legally required to pay in tax and no more, and that seems unfair, then the target of your anger must be at the laws that allow that, and not the company.

We all want to pay only as much tax as we are obliged to pay.

I was surprised by the headline 'Accountancy firm PricewaterhouseCoopers (PwC) has been accused of promoting tax avoidance "on an industrial scale", in a report by MPs.' on this BBC article.

THAT'S THEIR JOB!

Even the smallest of businesses will have an accountant. One of the jobs of that accountant is to ensure the business does not have to pay any more tax than it is legally required to do. For small companies the effort and cost of setting up something in Luxembourg is not viable, but even so, the business will aim to pay only the tax that is has to, and the accountant will help ensure that is the case.

What really pisses me off here is the way people have a go at companies and accounting firms doing exactly what they are meant to do. Companies are expected (legally required, even) to act in the best interests of their shareholders.

Bear in mind, for many large companies, those shareholders may be your pension funds. If your pension fund invested in companies that did not act in the best interests of the shareholder, your pension would not perform as well as it could. So all this whinging about not paying a fair amount of tax potentially impacts ordinary people with a pension.

I challenge every one of those people complaining to contact HMRC and ask to pay more income tax this year - go on - ask for a "K" (negative) tax code as a gift to the government. No? Then why expect anyone else to pay more tax than the law says they have to.

Don't get me wrong - if someone is not actually obeying the law, then they should be punished accordingly, but if they are legally paying less tax, then that is what you should expect.

The other thing that annoys me is the complaints about some companies paying no tax in UK. This is crazy, those companies pay a fortune in VAT, employers national insurance, road tax, fuel tax, and loads of other taxes. Anyone employing people in the UK is contributing a lot to the UK tax system. They don't pay nothing!

So, yes, it is unfair that some large companies manage to pay a lot less tax than one might fairly expect - so change the laws. But for a start, consider how much they really are paying in tax (there is a lot more than just corporation tax to consider).

Indeed, one fix would be to reduce or cap corporation tax. Stick to taxes that relate to actual business done in this country, such as VAT and all that income tax from employees.

Tuesday, 3 February 2015

I hate being fucking ill

Getting old is bad enough with things going wrong, like diabetes and now high blood pressure, but getting ill is such a total pain in the arse, and seems to get worse as you get older.

I am, of course, no stranger to the odd cold. A few days of not feeling well, headache, fever, cough, congestion, and then fine. The main thing is that the average cold responds well to some proper sudofed and paracetamol, and mostly I would not even take time off work, just be "dosed up" as needed.

But just occasionally you get a real bugger like the one going round now. Taking max doses of sudofed, paracetamol and ibuprofen just to reduce symptoms and they are still a real pain. Trouble sleeping, bunged up head, blocked ears, tired.

It has been about two weeks now, was OK for a few days and worse again now. I'm actually taking time off work, and not just "at home, but working anyway" as more usual, this is actually not doing anything, sleeping some during the day and otherwise watching TV and drinking soup.

To top it all I got an ear infection as well, which was agony. Thankfully an antibiotic+steroid spray fixed that up right away. But the cold is a virus and not something I can do anything with. I am doing all that can be done. The nurse even suggested steam, and I pointed out my shower unit has a steam room feature which I was already using twice a day to clear my head (it works quite well).

You feel so bloody helpless, nothing that can be done. Counting the hours until you can take the next set of tablets to feel a tad better. The occasional half hour of "this is not too bad now, maybe it is going away" only to be plummeted in to coughs and headaches again.

Thankfully I am able to keep tabs on email a couple of times a day so I do not have the dread of many days worth of work when I get back, and my staff are coping well (though many of them are down with the same problem). Well done everyone for coping.

How long before one can run DNA analysis on a virus you have caught? It cannot be that far off. And what then? It is not just a "same bug as you had", but could deduce the sequence of infection and work out who to blame? At what point in the future will people need public liability insurance incase of passing on an infection? That would be scary.

Anyway, this cannot clear up fast enough - just hoping for reversion to the mean and being well again.

Update: Friday - starting to feel like some progress is being made at last. Fingers crossed that I'll be back to work and well by Monday. We'll see.