2017-09-28

Sloppy 3D print designs

I was just asked to print this :-


It is a simple box and lid. How hard can it be...

Well, this brings me to some issues I have with some 3D print designs. Of course, these are FREE and so I do not really have any justification for complaining - do I?

The problem is people will put designs on public forums like thingiverse which are clearly not designed to be printed. Some are just designed in a way that could not be printed at all, and some are just sloppy.

Sadly there are some really nice designs which you would struggle to print on most 3D printers, but can be printed by professional services, like this one. I'd love to print this, and it is a nice design (not sloppy, just the way it is).


However, getting back to the simple box and lid...

This particular design has one immediately obvious flaw - the box is upside down for printing. To print on most 3D printers this would have horrid overhangs or need supports. Simply having the box the other way up would work perfectly with no issues. The lid, however, is the right way up to print. Both are in one file, rather than two separate files, just to make things harder...

Basically, most 3D printers will print one layer on top of another. At a pinch you can create a "top" to something, spanning from one side to the other in mid air, but ideally you want designs that avoid printing in thin air, overhands, and anything shallower than 30 degrees (and even that is not ideal, better is 45 degrees). One of the challenges of 3D design is making something that can be printed on  typical 3D printer. The box and lid in this case are both fine (mostly) for additive printing, if the box is flipped over.

Fortunately I can separate the two parts and print separately. I tried printing the lid. It took me three attempts to work out why it was not printing - it is about 0.42mm off the Z axis. WTF?

Yes, this meant that the printer was trying to print the whole thing in thin air, just above the print bed, and hence it simply did not work.

It is easy to fix, I can click one button and bring the lid down to the print bed, and if it had been way off in the air I would have spotted the issue and done so, but so close to the print bed, but not actually on it, is almost designed to be a nuisance. Why would anyone do that?!?!

OK, so the box... You would not believe this...


Yep, it is 1 degree off level. What kind of sick mind publishes a design that is 0.42mm off the bed and has one part upside down and 1 degree off level? I ask you!

Yes, I can correct, but this is almost designed to confuse and annoy.

Once again, I repeat, this is a FREE design, I have paid nothing for this. Can I really complain? I am not picking on this one design, there are a mixture on thingiverse, and other forums, with a lot of designs "just working" and a few that are "sloppy".

One of the other issues is something may be designed for one printer and material, and just work on that, but need some adjustment for other printers. That is not uncommon as the tolerances and capabilities of printers vary slightly. Obviously it helps when people specify the cases they have tested.

I have to wonder, in the case of this box and lid, if this is deliberate trolling, or just sloppy, though it is hard to see how one can accidentally rotate something by 1 degree.

I wonder if I'll print it and find the lid does not actually fit on the box :-)
P.S. it fits

2017-09-26

Amigo loans

This is a slightly tricky blog as it relates to someone I know.

I made the mistake (and it was a mistake) of guaranteeing an Amigo loan for someone I know. If you are asked to do this my advice, in my opinion, is DON'T DO IT!

The interest is stupid anyway, but that is not the issue.

I don't say this simply because you may have to repay some or all of their loan, but because of the hassle you suffer.

It should be simple, IMHO, in that you guarantee the payments, so if they do not pay then maybe a letter or an email to say I have to pay, charge me, and done.

But no - it is weeks of calls (sometimes several a day), letters (sometimes several a day) and emails hassling you. Why is this not simple?

The calls and letters and emails are not just that I have to pay the missed payment but they talk of court action and recovery and all manner of nasty things.

What is worse, they are calling my office - seriously! Whilst they say very little they do say they are calling from "Amigo" and their number, so clearly Amigo *LOANS* calling me. That is embarrassing to say the least.

IT IS NOT MY LOAN!!! I AM NOT REFUSING TO PAY!!!

I wonder how this is not a simple breach of Administration of Justice Act 1970 section 40.

After all, they have means and the contract in place to charge me, why not do that and be done with it? Why all the harassment? Why call my office?

I have emailed them :-

You have a contract in place with me to guarantee payments for XXXXXXXXX.
You have the means to collect those payments. I have the funds to cover
those collections.

However, if you continue to harass me, or if you EVER call my office
again I will have to consider you in breach of section 40 of The
Administration of Justice Act 1970 and report you to the POLICE for
consideration of CRIMINAL charges against you.

Is that clear?

P.S. The option of paying Amigo off and lending the money myself may well happen, so I checked! As well as owning me several hundred for missed payments, in 19 months of the loan it has gone down by £9.11 in total. Wow...

2017-09-20

Unicode SSIDs

I have tried many access points over the years, and some of them allow you to use unicode characters (outside the normal ASCII set) in SSIDs. i.e. the names of WiFi networks.

It seems many devices understand these and display them correctly, which is nice. However, annoyingly, a lot of access points seem to either disallow use of interesting characters, or at least make it difficult.

Why would you use these? Well, one rarely has to type an SSID, you pick from a list, so why not make them more fun - with emojis and the like?

So what have I found with the latest APs?

Aruba Instant IAP-305(RW)

I noted on the new Aruba APs that they have the useful option of SSID Encoding, either Default or UTF-8. This was encouraging. You have to select the advanced settings to see this though.


So I tried a pile of poo as an SSID... Sadly this does not work...


Some what annoying.

The config file...

The trick, of course, is to save the config, and take a look, and if possible tweak and upload. This works!


Yay, but in various tinkering I spotted that some parts of the config file saved back in a different way?!


Yes, the character in question had been percent/hex encoded. I found that I could type that in the ESSID box on the web based config. This is a lot less hassle than manually editing the config file!

What is strange is that some I cannot, seemingly those starting %F rather than %E, for example.

Seeing boxes

Some devices cannot show them, obviously... This is my camera. Note it sees one "box" so understands that the bytes are a single UTF-8 character which it cannot display (I also tested with two characters showing two boxes).


And finally, the magic changing SSID :-)

Using U+F8FF, which is a "private block" unicode character, on anything apple, you get the apple logo. For me I see that here: 


On other machines you don't. I was hoping for the windows logo at least, or even a Klingon symbol,  but my son's windows laptop just showed a box! Shame.


2017-09-19

iPhone roaming with IPv6

As you know, this has been a challenge!

In summary - using iPhones and roaming between WiFi access points on a network with IPv6 enabled does not work well! It breaks some times - the phone ends up in a state where it thinks it is connected to an AP but there is no traffic working at all (IPv4 or IPv6). Turning WiFi "off" then "on" on the phone fixes.

This has been reported by people using several different routers (which allocate IPv4 and IPv6 addresses) with ubiquiti APs. We did a lot of testing with ubiquiti to try and find the cause, but to no avail. There was suggestion it could be related to the FireBrick, but as the whole process of AP roaming does not involve the "router" device in any way, with no packets to or from it needed or seen, then it cannot be the "router" that is the cause of any problem. The fact it has been seen by others with other routers left it as either ubiquiti or iPhone.

The good news is that it is looking a lot like ubiquiti are off the hook on this one at last. It pretty much has to be an iPhone bug at this point. IPv6 is still not common enough for this have to been noticed a lot, and of course it is only noticed with routers that do IPv6, such as FireBrick.

Dumbing things down...

Having come to an impasse with ubiquiti I gave up, and got some other APs. I went for cheap(ish) xClaim ones. These are made by Ruckus with is a well known name in APs.

They do what they say on the tin, and are quite usable, and simple to set up (if prepared to use their cloud based config). But they do not do "roaming", you just have to trust the device to switch to a new AP when it wants to. This works 100% but means a gap in connectivity, it is far from seamless.

Stepping things up a bit...

Then I decided to then try some higher end ones, the Aruba APs from Hewlett Packard, another good name. I have some IAP-305(RW) APs. The config is web based, very flexible, controller based logic but one of the APs takes on that role so no separate controller needed. You can have a separate controller for larger installations. 255 associations per AP is a lot, and even 15 SSIDs per radio for fun. Lots of bells and whistles (even 3G/4G dongle fall back, PPPoE, VPN, all sorts).

I set them up, and bam, I got my iPhone playing up yet again in exactly the same way.

The good news is I can tinker and fine tune, and turn on and off specific roaming protocols on a per SSID basis. Turning off 802.11r fixed the roaming issue, which confirms it is the 802.11r that is the issue. I left 802.11k and 802.11v on as they seem to cause no issues. The iPhone does support 802.11k and 802.11v so having these enabled helps roaming anyway.

So sounds like we'll have to wait for iPhone to fix 802.11r support. I am raising on the Aruba support forum as well though in case they can help.

2017-09-17

Insulin pens and temperature

How hard is it to mess up your insulin?

The instructions with my insulin pens are pretty clear - store in fridge 2°C to 8°C. The in use pen should not be stored in the fridge but kept below 30°C (for a maximum 4 weeks).

Advice for flying is that you take the insulin in hand luggages as it could freeze in the hold. I have been on holiday before. I know the drill, or so I thought.

So what happened in Rhodes?

I am finally back from a week in Rhodes, a nice holiday with my wife this time. The villa was nice, and had lots of effective air-conditioning. The short excursions in to the outside where it was hot were OK. I actually got a bit if exercise even. The villa even had IPv6!

As normal I took two new pens in my hand luggage, put one in the fridge on arrival and one on the side (in an air-conditioned room, so well below 30°C) to have my daily dose.

I am lucky that at present I only need one dose of a slow acting insulin as my body does manage to make some still, with the help of some tablets. Indeed, a change of routine (i.e. my evening meal being late) will usually leave me hypo, and somewhat cranky!

However, in spite of the change of routine, and 2 hour time shift, I was not getting at all hypo. Indeed, I was not eating much at all. At the start of the week I felt mostly OK, but as the days went on I felt increasingly tired and even thirsty. What really gave it away was that I started getting spots, which is a sure sign I have high blood sugar.

Blood tests showed my blood sugar was indeed unusually high, even hours after eating. I was now taking the maximum dose of gliclazide to try and help matters. What was going on? I do not normally have to bother testing - I have a routine that works, but this week was not working.

I tried the other pen, but no better. It is a slow acting insulin, so I could not tell immediately if it was helping or not, could I?

By the time I concluded that it was also not working, we are on the last day, having slept a lot and thrown any hope of reading a book out of the window.

Finally home, gone 3am in the morning, having had one small sausage roll at the airport some 8 before, with a gliclazide, and nothing for about 4 hours before that, my blood sugar was still high. So I got a new pen from the fridge and had today's dose a few hours early before going to bed.

Well, I know now, that if there is a problem, then taking working insulin does indeed have quite a quick impact. This is useful for future reference I think. By 6:30 this morning, blood sugar low and shaking slightly (hypo), so time for some breakfast.

Now to get back into my usual routine again.

What did I do wrong?

The issue is that I don't think I did anything wrong. The plane was not hot, the taxi may have been a bit hot but that was like 25 minutes from airport. The rooms were not hot. I have a feeling the fridge may have been on the cold side, maybe too cold (i.e. below 2°C) so will have to take a thermometer next time maybe, but that does not explain the first insulin pen being broken. Maybe it was that short taxi ride in the hot Rhodes heat? Could that really be it?

Overall it seems something it a bit sensitive and the effect is not instantly obvious (well, not so much in my case, as I say I still make some insulin myself). It can have quite a nasty impact on an otherwise fairly enjoyable holiday.

What next?

There are cool bags you can get, but being a techie I am more interested in a tiny portable medication fridge - no moving parts or liquids so ideal for travelling. Yes, someone sells them! I think I will have to invest. I really do not want this happening again.

So, keep cool, and keep your insulin cool, especially when travelling.

P.S. An "eating bugger all as you have no insulin" diet did not help as I am exactly the same weight as when I left. I think it must be the "sleeping all day" side effect that thwarted it.

2017-09-15

Who could have predicted this and told the ASA?

As I previously blogged, there are proposals to make ISPs advertise broadband service speeds differently.

This is a complex topic - the speed of the line itself depends on technology and location, so in a general headline it is hard to explain. A headline explaining the best the technology can do is good for comparing ISPs, but changes to show 90th percentile muddied the waters and they are getting worse with latest changes. One suggestion was to advertising a minimum, for example...

Oddly enough I, and others, predicted it would not help... See this from Sky...

They are advertising a 55Mb/s minimum speed service.

Now, compare to normal FTTC which could be anything from 1Mb/s (maybe even lower, not sure) to 80Mb/s, if advertised as a guaranteed minimum side by side, you would go for Sky with the 55Mb/s minimum, obviously. Obviously a "guaranteed 1Mb/s minimum" is worse than a "guaranteed 55Mb/s minimum"... WRONG!

The speed you can get using a particular technology (presumably FTTC in this case) depends on your location and the line quality. You get what you get using that technology whether you go with Sky or BT or A&A.

The difference is that if you cannot get 55Mb/s then Sky will not sell you "that package", though I am sure they will then offer alternatives such as slower FTTC or ADSL package.

So all we have is misleading advertising making people think there is a better package when there is not.

Indeed, maybe we need an A&A headline: "79Mb MINIMUM SPEED GUARANTEE (available to X%). If you cannot get this we have an alternative 78Mb MINIMUM SPEED GUARANTEE (available to X%). If you cannot get that we have 77Mb MINIMUM SPEED GUARANTEE (available to X%)..." and so on.

The changes being proposed are absolutely not helping customers make informed choices.

Update: Someone has checked the Sky web site and put in various addresses and found that Sky are apparently guaranteeing the 55Mb/s based on the "minimum forecast speed (impacted)" not on the "handback threshold" and so are taking a small risk that some lines may sync between the two and they have to refund a customer without getting a refund from BT, so well done Sky - I stand corrected.

However, my point still stands, Sky will not make your line do 55Mb/s. If it can manage 55Mb/s, then it will for any ISP. If it cannot, then it will not for any ISP.

2017-09-14

Data Protection

So there is the new Data Protection Bill to put in place the rules under the General Data Protection Regulation, under EU law.

Well, there is a lot to this, so this is just a placeholder post really - to say there is a lot of shit going down, and with any luck I can post more about this in due course.

This, and the NIS directive, almost feel like exactly the sort of thing those Brexit voters were wanting to kill off!

OFCOM confirm BT lied to us

Recently, BT plc stated, several times :-

"Openreach is not a communications provider."

OFCOM have now confirmed (as if there was any doubt)...

"BT plc (of which Openreach is currently a division, and of which Openreach Limited will become a subsidiary when it is incorporated) is a communications provider subject to various regulatory obligations set by Ofcom."

Oh well, not surprising I suppose. Thanks to OFCOM for confirming.

2017-09-12

Quota Bonus

I have had an idea of a tweak to the way we do quotas that should help address some of the concerns people have.

Quotas are always tricky things - having some sort of roll over is more complex, and usually needs some sort of caps. We did this on the old units based system and it resulted in quite complex statements of usage and quota and roll over.

What we have now for Home::1 and SoHo::1 is quite simple - it is a monthly quota. You start each month with that quota. Simples!

Even so, there are complications, such as pre-using some of next month's quota (slowly) if you use all of this month's, and the top-up, which I have now made carry on until used. Even so, the "unused quota" that is "lost" at the end of each month is clearly a concern for some.

Quota Bonus

The proposal is relatively simple. You will start your month with your monthly quota as now, but as a bonus you will also get half of the "unused" quota from the previous month.

So if you started on 300G monthly quota but only used 200G in your first month, you start the next month with a new 300G, plus 50G bonus (half of 100G unused), making 350G.

If you only use 200G that month you will start the following month with your 300G monthly quota plus 75G bonus (half of the 150G unused), making 375G.

And so on. Any top-up remains separate and is not halved.

The nice thing is the system is self limiting in time and amount by the nature of geometric progression. It does not need any caps or time limits. It also makes it simple when you change your monthly quota and no change in caps - the same simple rule applies.

This should reduce some of the perceived "loss" of unused quota, and allow some balancing out of high and low months.

Obviously we need to make it clear on the control pages how your monthly quota was created, i.e. your monthly quota, and any bonus you have (and if you have any top-up carrying on), each month.

Comments

I am interested in comments on this specific idea. Is it easy enough to understand? Does it help address some of the concerns?

Background

Our costs depend on a lot of factors, like many services. We haves some fixed cost, some costs directly related to number of lines and types of lines, some costs related to usage of the service and the overall scale of our operation. Whilst a simple usage metric of "Gigabytes downloaded" does not relate directly to our costs, it is not a bad analogy.

So we could charge simply a monthly fee and a usage fee for what you used. Several people suggested we do this. Indeed, we do this for our mobile services, and get many calls for us to offer "call packages". At the other extreme we could do one "package", even an "unlimited*" one. But we have chosen a middle road, so that light users pay less than heavy users, but people can pick a package which means predictable charges.

This means quotas in tiers, and obviously some people will have some "unused" quota. When we start getting to the terabyte usage levels this will normally be quite a lot as these are meant to reflect a near "unlimited" usage level for most users. People feel they are losing something in such cases, and may even try and "use up" their quota at the end of the month. Others feel their usage being very variable they have some months high and some low, and that we should somehow balance usage. For lower tariffs, we allow change of quota every month.

No system will be 100% fair to everyone, and no system can meet everyone's requirements exactly. But we hope this addresses some of the issues.

This is not launched yet, I am just asking for comments at this stage.


P.S. yes, applicable to the terabyte quotas, and I am increasingly inclined to launch this now.

2017-09-10

NIS Directive and Internet companies in the UK…

This blog is about some upcoming legislation which could have a lot more impact than you might expect on smaller companies that provide internet related services.

Summary

The Network and Information Systems Directive is an EU Directive which will be implemented in to UK law next May. At this stage the UK implementing law is not drafted and we have a chance to influence how it is drafted by responding to a DCMS consultation. If you offer any sort of web hosting, or your are ISP, even a small one, you may find yourself in scope, and so should look in to this now. The penalties can be huge, much like GDPR penalties.

Key problems

Who should be in scope? It is not entirely clear on some aspects who should be in scope - who the directive is aiming at - we can guess some big players like LINX, Google, and Nominet, but when it comes to DNS and cloud services, it is very unclear.
Defining the scope. This is very important as defining the scope by describing the service and some measurable scale, can be very hard. I would struggle to define a DNS provider to include all of that they intend with no unintended consequences, even if I could understand the intended scope in the first place.

Both of these are areas where DCMS urgently need help so as to avoid some bad legislation — not only would it put an undue burden on smaller ISPs, it would actually be counterproductive and increase the risk.

What is the NIS directive?

If you have not heard of it before, the NIS directive is an attempt to increase the security and resiliency of network and information systems, primarily the Internet, to minimise disruption and downtime, and the ensuring impact on the economy. It builds on rules which are already in place covering electronic communications networks and services.

Essential Services

The main targets are those providing essential services. This covers Transport and Energy and so on but specifically covers internet related services provides by IXPs, DNS providers, and TLD registries. Whilst IXPs covered are likely to be LINX and perhaps a few others, and TLD providers are likely to be Nominet, the “DNS providers” is a concern as I will explain later.

Digital Service Providers

The directive also covers Digital Service Providers, which covers all sorts of people like on-line marketplaces, cloud computing, and search engines. Unlike “essential services”, there is a threshold test for digital service providers: a provider which employs fewer than 50 persons and whose annual turnover and/or annual balance sheet total does not exceed €10 million is out of scope.

Do we really need legislation

Sadly the time to tackle this has gone as this is an EU directive which the UK is bound to implement, though it will be reviewed from time to time. However, this is an important question as the UK has some discretion as to the way in which the directive is implemented, and it may be possible to limit the scope to the few larger providers that already have in place the measures that the directive requires. Considering if the legislation is actually needed could be a factor in this.

The reason I am unconvinced is that the industry, at all levels from low level protocol design, to network operations of companies like google and ebay, already take these issues seriously and are constantly working on improvements.

Just looking at DNS, it was designed to be robust in the first place, and improvements to resolvers (randomised ports) and changes like DNSSEC are tacking some of the ways the system can be “attacked”. Even at higher levels, things like https (secure web pages) are making DNS attacks less useful. You then have the reputation of these larger companies, and their experience - when was the last time you could not get to Google or Facebook which was their fault (i.e. not just a broadband outage)?

So if industry is constantly working on this, do we need legislation? Will legislation simply add additional burden? Can we limit that burden when putting this in to UK law?

Search engines

They presumably mean google and bing, but how in scope do these companies become if they shut down EU offices? Maybe they should just list them as being in scope? However the definition actually talks of a service that searches all web sites, which no search engine does or ever could do, so google could easily argue it is out of scope. I am not that fussed as we are not a search engine, phew, but it would help to get DCMS to understand and refine these definitions — and, to their credit, they really do appear to be willing to listen.

Cloud computing and on-line marketplaces

This gets more complex as it could cover simple web hosting. There are the turnover figures, but if a medium sized company was to do some web hosting it could find itself in scope. At the very least the thresholds need to be tied to “relevant turnover”, and I think the definitions need to pinned down somewhat. There is a danger we could be in scope one day, and many ISPs only slightly bigger than us are probably going to be in scope.

The scope of “cloud computing services” proposed to be in scope by DCMS seems to go way beyond what the UK is required to implement under the directive, and we are not sure why. The directive requires only providers of a “digital service that enables access to a scalable and elastic pool of shareable computing resources” to be in scope, but DCMS is seemingly proposing that anyone who provides online services to businesses must be in scope — email, IM, VoIP, web hosting, and so on. Since very few of these services are actually critical to the economy, their inclusion seems unnecessary.

DNS providers

This is a special can of worms, and hence the largest part of this blog post. The problem is that this comes under the onerous “essential services” category which includes some serious fines for non compliance, and does not have the same turnover / employee threshold as the "digital services" obligations.

The actual EU directive talks of DNS being a “hierarchical system” that “refers queries”. To me that is authoritative DNS servers only. Remember that TLD operators are covered as well. The proposed UK legislation seems to cover caching and recursive resolvers too. That is where it becomes a problem.

The two sides of DNS…

Authoritative servers: The DNS database is distributed and hierarchical. It is a target for attack. If you can change the DNS entries, or make them appear to be changed, for, say, a bank, or one of those digital service providers, you can disrupt services and defraud people as well. So DNS is important.

One problem here is that DNS can be, and is, in the hands of the companies with these important domains. It is unlikely they would rely on their local ISP to manage the DNS. The TLD provider like Nominet would refer (delegate) to the company’s own authoritative DNS servers. So it could be that the DNS servers in question are not covered by the legislation anyway in the cases where attacks would cause the most damage.

Where it could come in is where there are ISPs providing authoritative DNS as a service to others. We do that as a small ISP. But our customers can, and probably should, be using secondary servers from other providers.

The threats here are mainly that DNS records are changed, and this could be by some social engineering (phoning claiming to be customer, emailing, trojanning to get control page login details, etc), or technical (straight hacking). Obviously there is a risk of something simple like a power outage, but that should be covered by the the fact DNS has redundant servers. There is also a risk of DoS attacks on such servers. The issue here really is that small ISPs like us, that could well be in scope here, are not going to be used by big players like a bank, or someone important. As such we are a lower risk target anyway, and less of a disruption when attacked. Even so, we offer our customers two factor authentication to minimise risk of unauthorised changes being made.

There is one other threat, one of incompetence, and I worry we could be failing such legislation if it applies to us. What happens is a customer will go to some web developer. The web developer will say that they will need the DNS name servers for the domain changed over to them. Many web developers work like that, and have no clue about other uses of DNS, even email!. We try very hard to warn customers if they ask for DNS to be changed to new name servers, but even so, it is not uncommon to have the customer on the phone an hour later asking why email is not working any more.

At the end of the day, I am not sure which “larger players” in the authoritative DNS market (below the TLD such as Nominet) would sensibly be a target for this legislation. Are there “Authoritative DNS providers to the stars” out there, offering authoritative DNS to large companies? Who are they?

Caching and recursive resolvers: This is where it does get scary. As worded now by DCMS we come in to scope as an essential service provider because of the caching recursive DNS resolvers we provide to customers. That is crazy! We are a small ISP, with under 10,000 customers. DCMS has proposed that only providers who get more than 60 million queries in 24 hours would be in scope but, having measured these, we exceed this threshold by a factor of two on our customer facing resolvers right now, but it gets more complex.

Each of the customer routers typically has a DNS resolver or forwarder, some of these are owned by us, and for many ISPs the customer router is owned, or maintained, by the ISP. If they come in to scope (and I cannot see that they would not), then they will be getting an order of magnitude more queries. I think, in our case, most customer routers are not “ours”, thankfully, but even those that are, I am unsure how we would know how many queries they get. Of course one customer deliberately hitting their own router on its 100Mb/s LAN as fast as they can with queries would put that one router in scope, even if the requirement is billions of queries in 24 hours. That would put that customer, or us (if it is “ours”) in scope suddenly.

There are other issues with DNS resolvers. The industry has tacked threats as they have come along, and one was that older/simpler resolvers were vulnerable to being flooded with incorrect answers and then made to look something us - not that hard to do with code embedded in a web page. So what happens if a specific make of customer router has such a vulnerability - that could cause wide spread impact on services, spoofed DNS and fake web sites and fraud. Who is, or should be responsible for that? The manufacturer? The reseller? The end users? The legislation seems to ignore this risk completely, but it is also easy to see it being impossible to police for “made in china” routers anyway, and you really cannot make code 100% bug free.

The other issue is that this could easily “put all eggs in one basket”. At present ISPs will operate a lot of customer facing caching recursive DNS resolvers. Lots of redundancy. This makes attacks such as DoS harder. As a small ISP I doubt we can afford to find ourselves in the “essential services” scope, so what would we do? What would lots of small ISPs do? We would almost certainly (with suitable announcement) change DNS servers to use googles 8.8.8.8/8.8.4.4 service (and its IPv6). Alternatively we may subcontract some commercial DNS provider. That could get us below any thresholds and out of the essential services scope.

The problem with this is that you end up with a few large DNS resolver companies instead of every ISP operating lots of separate caching resolvers, giving end users choice and redundancy (they can always switch to use 8.8.8.8 if they want or even run their own resolver). These few large providers, even though in scope of the regulation (if they are in the EU) will then be a juicy target for attack, either as DoS or DNS poisoning or simple bribery. They become the sole gatekeepers of the underlying hierarchical DNS system, undermining its integrity. This undermines the reliability of DNS and goes head to head with the technical community that DCMS should be embracing, and not fighting.

Of course, we have the issue of published resolvers that will be hard coded. We could port map these to an external DNS resolver. But then the port mapper boxes become as important as the DNS resolvers they replace - so do they become in scope as “DNS resolvers” themselves? What if part of CGNAT boxes? What if a feature of customer routers?

Personally I cannot see any logic in including caching and recursive resolvers in scope at all. Is there a threat? Maybe if they specifically called out google’s public 8.8.8.8 service as in scope, perhaps that is all they intend?

Missing!

There also seem to be a few key services missing from the directive!

Data centres: Whilst technically a data centre is not different to someone else selling office space (they sell space, power, air-con and physical security basically), they are key to the operation of all of these digital services that are covered by the directive. Why are they not in scope?

Content Delivery Networks: These too are key to many services, and could have major impact if attacked, but again, it looks like they are not in scope.

Don’t just comment here!

Please, consider the directive and DMCS proposals and reply. We need people mitigating the impact, making sure it covers what needs to be covered, and making sure the definitions work.

The consultation document is here (https://www.gov.uk/government/consultations/consultation-on-the-security-of-network-and-information-systems-directive), and you have until 30th September to respond.

This is the A&A response, here.

(Thanks to Neil Brown for help with this blog post)

2017-09-07

On a scale of one to ten

Quite amusing to see my wife and one of my daughters all excited to see this arrive today.

It is a Marsden M-125 Column Scale, an entry level medical scale as you might see in a doctor's surgery.

We got a previous scale from them something like 10 years ago, maybe longer, and my wife, and four daughters, all used it. It finally died this week.

Apart from being accurate, it is also easy to use, and to see the display whilst using it. It lives in the hallway, and gets used all the time by weight conscious women in this household on a regular basis. It even gets used to weight suit cases before going on holiday.

Yes it is overkill, but they like it.

You do, however, have to convince Marsden's to ship one set up to allow units setting for Stone/Pounds, as normally medical scales are sensibly locked to kg only. At least you can choose the units you want though.

Slight side track - I started this "On a scale of one to ten", so I should really finish with "I give it a ten" or something. It is a good scale. But I know someone, who shall not be named, that says this on a frequent basis, starting a sentence with "on a scale of one to ten", then just describes something. There is no punch line. No "... I give it a 5", or anything like that. You are just left hanging like an unclosed bracket. Drives me nuts :-)

2017-09-05

Taking a break

Next week I am in Greece, Rhodes Old Town to be exact.

This will be a bit of a proper holiday as just myself and my wife. And before I have a load of people saying "don't post you are on holiday as you will be burgled", the house is not going to be empty, duh! It is, for a change, just myself and my wife going on holiday.

I am going to try and have more of an actual holiday. I am not going to be off line, obviously. I would never want the mountain of email and crap when I get back after a week of being off line. But I will be off line for many hours, much of the day, at a time.

It is warm in Greece, but a tad less so this time of year (I hope). The hotel where we are staying is nice, by the look of it, with air conditioning and internet if I need. A perfect place to read more of my Ada book.

My wife missed the cruise as she was not well, and the insurance for that is paying for us to have a nice little holiday now she is feeling better. One of the rare occasions I actually benefit from insurance.

I am actually going to try and relax a bit, but that means my staff, and even some of my customers, not hassling me for the week. We'll see how that goes!

It looks like it even has a piano - like being in cabin 14000 on the Jade all over again :-)


P.S. Only just spotted the picture of an ancient Roman torture/execution device over the piano. How odd.

P.P.S. Sandra says the weather forecast is 30°C all week, help me!

P.P.P.S. The flight was fine, the taxi was waiting, the villa is nice - see video

2017-09-04

Moving on...

The review of A&A tariffs is going well.

We have list of changes we can make that are not controversial or a big issue to do, and some are not dependant on something else. Sadly some are, and that means a delay in announcing them. I expect to have this all sorted by end of next month.

We have increased the standard non terabyte Home::1/SoHo::1 tariffs by 50GB (somehow I got sweet and sour sauce on my keyboard whilst typing that)... This is a change we have been planning for some time.

Even that hit a slight snag - previously we had 150GB, 250GB, and 350GB, now moved to 200GB, 300GB, and 400GB. But, unknown to many people we had a couple of "secret" tariffs, including one at 200GB, which was priced between 150GB and 250GB. And a customer on that asked what was happening...

Fortunately it is all sorted out now, but basically he stays on 200GB at a lower price, the old 150GB rate, so good news. But he was asking now for 250GB? The answer is simple - if usage justifies 250GB, then that would be the cost of the previous 250GB tariff and we are happy to do that for him but give him an extra 50GB making 300GB for that price now. Either he needs 50GB a month more or not. If so, he actually gets 100GB more for what he expected to pay for 50GB more, or not, and he gets the same 200GB for less money. Simples. A couple of interim low level "secret" tariffs have now gone, as that makes it a lot simpler for everyone.

I only mention it to try and explain how even the simplest of changes can be more complex than you realise.

However, the good news is some changes, partly inspired by the blog feedback, for which I have set up a page to track them...

http://aa.net.uk/news-2017-tariffs.html

As you can see, one change is for top-up not to expire. We have coded the change and all looks well to do a final live test on someone on lunar billing in two days. If it as expected we update the web site and officially launch that change...

The other one you will see, which I have not started on yet, is allowing tariff increases to be applied immediately, mid-month, for a pro-rata charge. This will provide an alternative to top-ups, increasing tariff right away when you realise you have higher usage. The logic is simple, pay an extra amount for remainder of the month and get an extra quota for the remainder of the month. You can still do it "on next bill" as now if you prefer.

I hope both of these are welcome changes, and we have a long list of other ideas we are working on. My plan is to roll these out as soon as we can and update that web page with details (as well as the main web site, obviously).

Thanks again for all the feedback.

P.S. Full moon happened, and code on live system did not work as expected (top up vanished), so back to testing. Looks like may be some other place in the "system" that zaps it. Humph. P.P.S. working now, so next step is updating web site.

2017-09-03

Don't be a dick

I am still getting grief for this on irc now. So I really want to put it to bed.
  • No, I am not saying that having bought 1TB you should not use it.
  • No, I am not saying that having music or netflix on in the background is a problem.
  • No, I am not saying that you find it easier to re-download all the patches to a game when you install a new computer rather than having made your own backup, is not on.
  • No, I am not saying we want to know what you are doing with the internet or why you are using it. We explicitly don't care, that is the point about privacy.
  • No, I am not saying that leaving big downloads you need to do to the last day just in case, is an issue.
  • No, I am not saying you must not download a linux torrent even!
  • [P.S] No, I am not even saying we see a peak in usage at the end of the month, that is not the issue here!
I hope that is clear.

Our acceptable use policy has had this forever, it is not something new: "Please also note that the service is a shared service. In fact the whole internet is a shared service. The internet is commercially viable becease links are shared. You are expected to make responsible use of the service in light of the fact that it is shared with other users and your actions affect others" [sic]

That can be reduced pretty much to "Don't be a dick".

All of this started with one person that seemed to be saying he would deliberately download stuff, and not even save it or watch it, just to make sure he uses up all of his 1TB allowance each month.

That is what I call "being a dick" and is simply something that does not work in society, especially with a shared resource, whether metered or "unlimited*" or whatever. Yes, one person doing it is just selfish and not a problem, but more people doing it and we have problems. Don't do that for internet, or water, or gas, or electricity, or roads, or even a buffet lunch. Be a part of society and play nice please, that is all I was asking.

I am sorry if that came across badly in some way, I hope it makes sense now.

Approaching the Unknown (2016)

I am watching netflix, as you do, and started watching Approaching the Unknown (2016).

As the review on IMDB says, nothing much happens, which is disappointing, but the plot falls to bits in so many ways technically it is just strange. It is almost worth watching for a laugh at the writers, if you are really bored or want to waste some bandwidth (!).

The entire premise of the film is that someone has invented a device (a "reactor") that can break down Martian "soil" to extract elemental hydrogen and oxygen so as to make water. I have not actually checked if Martian soil contains hydrogen and oxygen, but putting that aside, that is the premise of the movie. The idea being that manned Mars missions would need water, and this cracks that problem. As he explains in the film, sending lots of water to Mars is not practical. Interesting premise for a story, so a good start.

But right from the start it gets weird. He says that nobody believed he could do it (get water from dirt). OK, fair enough, so any sane person creates an experiment that shows it works, and someone else duplicates it, and the technology is proved and understood - simples. Obviously it would help to demonstrate using something identical to martian soil. But no! What he does it takes his "reactor" (which is small enough to carry) by foot in to the (Earth) desert to demonstrate he can survive off water from his "reactor". WTF? Why? That is not using Martian soil, and is in an environment where you can make a condenser to get water if you want. This is not about "can he survive?", it is about "does the damn machine work?" which you can (and should) demonstrate in a lab.

Anyway, after this rather odd demonstration technique, he gets the mission to Mars. Again, WTF? Why would the inventor of such a gadget be anything to do with a Mars mission or remotely ideal as the person to be on such a mission? It is technology, and (presumably) now well understood technology which can just be pre-shipped to Mars with all of the other resources ready for colonists to arrive.

So, now, he is on this mission to Mars, 270 days long, and, one manned? Again WTF? Like anyone in their right mind would have a one man mission in space, or anywhere for such a long mission? Heck, just driving to Scotland, my daughter and partner took turns driving, and that just took all day.

Interestingly he comments on the gravity from rotation and how his feet feel heavy and is head feels light, something I mentioned in another blog post, so that sounds plausible. Nice touch.

The comms to Earth are rather odd. They have the image and audio breaking up in messy ways, but magically have zero latency in conversations. In practice we can send really good quality signals using lots of error correction (we get lovely pictures from Saturn!), so the actual quality should be spot on (or not at all if interference is that bad) and there should be significant latency later on in the mission.

There is some bullshit with some gyro issue on the mission that is following him, where he basically says turn it off and on again and everyone is amazed it all started working and how clever he is.

But anyway, he is on this mission to Mars. He has (a bigger versions of) his "reactor" in the ship, not stored nicely in packaging cases, but set up in the ship in the middle, for some reason. It transpires this is his water supply for the mission. Now this is really odd - why the hell would he take dirt with him to convert to water - the dirt has to weigh more than the water anyway so why not just send water, but all of this ignores the big fact that a space craft is a closed system and water is all recycled - that is what they do on the ISS. All water, wherever it goes and however it comes out of him, ends up back as potable water, even if it goes via the air conditioning to get there. So water is not actually an issue on such a mission and no way he would need to use his "reactor" in the first place. What is even crazier is that, when he breaks his reactor messing with cables, he actually realises this is a closed system and tries to get some condensation using a plastic sheet (rather than just getting from the air conditioning). Somehow this process kills his plants! Has he been flushing his pee in to space all this time or something?

He manages to find some sort of hobo clothing and grow a beard then seems to fly in to some sort of nebula (between Earth and Mars), magically loses all rotational momentum and hence gravity, and well, at this point I have kind of stopped watching, it is that bad. ... Oh, he gets there, wanders around a bit and thinks he is immortal now?!?

Yes, sci-fi is about some degree of suspension of disbelief, but when the whole plot is this full of wholes in "normal" science that is not meant to be magically different for the story line, what is the point? The real killer is when he says the ship is a closed system and tries to get water from condensation - he has just poked a huge great whole in the plot of the whole film right there!

Thanks for the comments

Thank you all for your feedback - the tariff post is the most commented I have had, I think. So to save you reading all of the comments, here is a summary. It has been very interesting.

Tariff changes

Firstly I can announce we have today changed the sub terabyte Home::1 and SoHo::1 quotas, increasing by 50GB/month for the same price. I have also added to September's quota for existing customers.

However, there are a number of good ideas that have been put forward, and we expect to announce some more interesting changes in October. Some suggestions we can't do, but some we can. The feedback has been useful.

Waste

There has been some very interesting discussion on the matter of playing fair and waste in the tariff post and my subsequent post on water metering. This was all sparked off by someone that apparently felt he should deliberately download any renaming unused quota at the end of the month even if he had no need to - because he has paid for it. This was a surprise to me, and people seem a little divided on this point, which is interesting in itself - thank you.

Regardless of pricing, allowances, metered to unmetered, etc, the fact remains that the Internet is a shared resource, and much like gas, electric, and water, things really only work if people make reasonable use of that shared resource. In practice many services create a financial incentive not to waste the resource and for some there are legal requirements not to (e.g. water).

With all of these things your own usage impacts others. On that basis alone it is morally wrong to "waste" the resource. The impact is different for different things - in effect water is unlimited (in UK anyway) as it simply recycles in the weather (simple view, I know) but the infrastructure has limits and so do reservoirs. The Internet is a bit like that - there are an unlimited number of bits but the infrastructure is not able to meet the maximum demand everyone could make. It would be impractical and uneconomical to make such a system. So wasting bandwidth has an impact - either causing immediate slow down of other people's service because of congestion, or causing infrastructure to be upgraded increasing costs directly or indirectly for services.

This is not just about ISPs, and pipes - looks at someone like Netflix. They charge a fee, so more customers means more money to pay for more infrastructure - good. But they too have a model of expected usage and if every existing customer started streaming 4k on four TVs at once, 24 hours a day then they would not have the capacity. They would have much higher costs per customer to meet that demand and so would probably have to charge more.

One person makes no difference

One of the issues with a moral problem like this is that a single person not playing fair does not cause a problem. There is capacity to handle one person being selfish and deliberately wasting resources.

The issue is when lots of individuals think like that, that "one person makes no difference". Then it all starts to fall apart. It is a bit like littering - one empty can thrown out of a car window is not a big issue, but everyone doing it makes it a big issue.

This is why we have to self impose some restrictions in some cases for good moral reasons as part of a society. I know it is easy to be selfish, and I can be as well sometimes.

But I paid for 1TB!

This is where it gets more interesting, and where I have seen some interesting comments from people.

Yes, I agree, and fully understand that, if I pay for X then I should get X. Someone suggested ordering 1000l of bottled water from Tesco and expecting to get them even if I just use them to wash the car because they are sat there...

The problem is that I never saw the 1TB allowance as "selling 1TB". Sorry. I understand that is how people see it. But when we set that limit we were thinking: "what is the most a typical, or even heavy, user would use, let's set a limit well above that so people can buy a fixed price service that they don't have to worry about hitting a limit".

The reason for a limit is that there are a tiny number of people that, if unlimited, would do the 25TB a month they can on a fast FTTC line, and we basically want to discourage those people - they are not the sort of customers we are after.

Just to be clear, we do expect heavy users, and we know that we are the highest per user peak bandwidth on one of the major back-haul carriers - we know we have heavy users and that in itself is not the problem. We also know overall usage is increasing as more people stream TV. But, there is heavy and there is silly at a hundred times that level!

Usage does change over time, and the fact we are seeing a few people hitting 1TB makes me think we may want to make it higher, e.g 2TB, or 5TB, or something. We will be discussing this as part of our tariff review.

However, I am now in a slight dilemma in that people may then think "I have paid for 5TB, I will damn well find a way to use or rather than not get what I paid for".

I need a way to explain that the high limit we set is not a target. I do not want to go down the "unlimited*" route where 5TB is a "fair usage" limit - I want to be more up front than that.

So, we will think of ways to tackle this as part of our tariff review.

Thank you all for your comments.

2017-09-02

Metered Water

My recent posts on tariffs for A&A actually took an odd turn today.

We offer internet based on usage, and there are levels. We don't quite do "unlimited" but offer tariffs that should, for most home users, be the same, 1TB download a month.

I have equated this to water supply in some ways. One can buy water metered or unmetered.

So this raised a whole load of moral issues.

If I buy unmetered water, can I, morally, run the taps all day pissing water down the drain?

If I but metered water, paying for what I use, can I, morally, run the taps all day pissing water down the drain?

Do either of these relate to broadband usage? That is the question...

I do think water, electricity, gas, etc, are all very similar in many ways to internet access, but in some ways not. They all relate to shared resources, and to some extent only work because people share reasonably.

If everyone ran their taps, metered or unmetered, all day, then water supply would break. No way it has capacity for that even if charging for the water. The same is true of internet access. It only works because most people are "reasonable".

So should a supplier aim to curb the usage of metered and unmetered customers that have intent to piss water down the drain?

Internet is complicated. Usage is growing, and what may previously have been excessive is now normal. I think it is all down to intent.

So, if I have streaming TV on, "in the background", on my TV at home, is that abuse? Is it "pissing water down the drain"? I suspect not as no real intent to waste, just the way the technology is. Technology works like that now.

What if I have paid for 1TB a month, and used only 300GB. If I deliberately download 700GB to throw it away solely because it is "what I have paid for", is that abuse? My view is yes, sorry. Use what you want and need - do not use "just because" or out of spite somehow.

Just like water, if we get this wrong, it all falls apart.

Comments?

Missing unix/linux/posix file open option

What I would like is a file open option for "create replacement file". The idea is that this makes a new inode in the same mount p...