Saturday, 9 December 2017


Some more thoughts on warrant canaries... Thanks for the various comments.

We are the good guys, honest

First off, I want to be clear. The attitude I have, and therefore the company (A&A) has, to blanket surveillance is that it is wrong. It should not be allowed. We need to take all possible and practical steps against it. Targeted surveillance against know suspects with proper controls is another matter.

I hope that is clear, and the fact I have gone to the bother of speaking directly to parliamentary committees on this helps explain some of my resolve in this.

Am I a martyr ?

No, sorry. I will not go to jail over this. I have a family to support, and I have a lot of staff that have families to support. So there are limits.

But I am not beyond considering every possible loophole and edge case we, or my lawyers, can come up with to help defend these principles.

What can A&A do?

We can explain our principles, and we can try and help people understand how to circumvent all sorts of monitoring and snooping as much as possible to ensure people get respect for their basic human rights related to privacy.

We can, of course, try and appeal or defend any such orders if we get them, and we will.

What about the canary? Does it help?

The way the law is worded now, there are various parts with various gagging orders. Some parts are a tad tame, civil enforcement. No, I am not a martyr, but would I go for challenging it in civil courts, maybe. Hard to say, and at the end of the day that would not really help. This is the real point here, but we cannot risk criminal laws even for the "tame" parts of the IPA by invoking the Official Secrets Act. So even that may be a problem.

You cannot trust what anyone says with the law as it is. It is not really acceptable for a democratic society, in my view. It is not a matter that law "compels you to lie", but that by not lying you may be breaking the law. If you see what I mean. No, don't lie as that is fraud, and no, don't not lie as that is breaking a gagging order, catch 22. Pick your crime?!

What is important is that everyone assumes there is snooping and monitoring. I am sure that getting BT Wholesale or TalkTalk Business to deep packet inspect our PPP traffic is against the law, sorry. The Home Office do not agree. In a civilised society this would have a chance to be decided by a court, but in a world with secret orders and gagging requirements, it will never get tested.

So if you do trust us (and why not) you may already be snooped on in the back-haul network, so take measures to protect yourself.

If you take such measures, you don't need to trust us, and so we don't need to be on the spot with a canary!

What about the canary going forward?

I am formulating a plan here...

First off, I put anything canary related in one place, make one page with a clear signed and dated statement and link to that. It states what we do not have (any order under IPA) and is dated and signed, and ideally states when or if we plan to update the statement.

That fits well with what we have now, and puts in one place. It removes the "ask me on irc or in person" and so on.

Cunning plan?

My lawyer pondered this and may be regretting it now - but if the warrant canary covers many things nobody knows the discontinuation of the canary is because of reason X and as such that cannot be seen as disclosing reason X.

So a canary could say, for example :-
  1. I have a beard
  2. My dog, Lilly, is still alive
  3. We have never had an intercept capability order at A&A under IPA
  4. We have never had a data retention order at A&A under IPA
And when we stop making such statements, all you know is one of those things is no longer true.

By stopping, we are not breaching a gagging order, obviously, especially if I happen to have shaved.

Sadly, any "cunning plan" like this is almost certainly a bad idea, sorry.

Simpler plan?

A simpler plan is just set a date, e.g 2020, from which we no longer make any statement about IPA orders.


No, not the film, my feet, and other parts of me.

I am glad to be back home in the warm as I have spent all day from early hours at the office with no power (and hence no heat). The alarm system can only run on batteries for so long...

In spite of the cold, it was fascinating watching the guys from SSEN diagnose and work on the fault outside the A&A offices today. The power went off, well, mostly, last night. Actually all three phases (we only use one) went to around 40V, so some things still managed to blink the odd light.

They dug a hole by the road last night, and confirmed the power was fine there...

So this morning they dug a hole in our car park...

They took out one of the water mains...

Which caused a lot of delay as they had to stop the water and empty the hole full of water before exposing some of the electricity...

They also found our fibre connection, but managed to do so without breaking it, phew... (the grey pipe)

The dismantling of the cable was interesting, and they were slightly shocked to find the aluminium sheath was live :-) The rubber gloves came out quite quickly.

They checked the cable and found it was faulty, meaning the fault is between the two holes. However, this means they can isolate it and connect us to a big generator truck...

So now we have power, and they even fixed the water...

Yes, Sandra got them all coffee.

So we can look forward to them finding the fault next week, and then jointing us back on to mains power at some point, which I am guessing is going to take an hour or so. Time to order a UPS.

Obviously we set up calls to go to mobiles so staff could handle customer enquiries for normal hours of operation today.

Friday, 8 December 2017

More fun with SVG

I am working on some of our back end systems that create artwork.

They currently create it using postscript, which I really like as a language, and have used for years (decades) but it lacks any unicode support sadly.

This means some names that don't use latin1 alphabet don't work.

The fix, change back end to use SVG, and convert to postscript for printing using inkscape command line...

To my surprise it is working well, so I am playing with the router cards...

First up, the old system, if you add emojis to the SSID...

As you see, postscript does not do well.

So making in SVG...

Very nice, but we do have to actually print on a card, so what does inkscape do when we use it to make postscript and then image for the card printer?

Well, I have to say that is pretty good!

Needs work for all of the other fields on the card which I have blanked out in these examples, but at the end of the day, this is the way to handle unusual characters.

Thursday, 7 December 2017

Dismantling a canary?

Andrews & Arnold Ltd has a warrant canary, and for good ethical reasons.

We have stated, clearly, that we do not have any so called "black boxes" (of any colour), nor any orders for "data retention", nor "intercept capability".

This is still true, and I will be happy to state that in person to anyone that asks me, or even on irc, at least for now...

However, there is a problem...

The main possible problem is that we may, one day, receive an order to install something or do something, along with a gagging order so we could not tell someone. For example, see s95(2) Investigatory Powers Act 2016. This means we could not remove the canary at that point as we would be in breach of the gagging order, even if we did not reveal specifically what sort of notice we had. However, if we did have a notice, we couldn't state that we didn't have such things without some sort of fraud or misrepresentation. It seems like a good idea in principle, but basically means one day we may have the choice of breaking the law or breaking the law, and the end result is unlikely to help out customers whatever we decide.

The good news is that this is still very unlikely. The Home Office have said they do not want to go after people with fewer than 10,000 users and we think that is still true for us. I am happy to say we believe we have under 10,000 users as a simple matter of fact for as long as it is true.

I am also very happy to state, as it does not have the same issue, that A&A will always aim to challenge and appeal any unreasonable order to install surveillance or snooping or even logging.

So what can we do to help our customers?

Well, the first thing we can say is not to trust anyone not to have snooping! That includes us! We still aim to challenge any general monitoring or snooping as it is against human rights to do blanket surveillance. If we get an order we expect to challenge it, and maybe, if I can, find ways to announce it (unlikely). But we have to follow the law, though I am not above finding loopholes in that if I can.

We all have a basic human right (by more than one human rights declaration) to respect for our privacy and correspondence. What that means exactly is complicated, and open to interpretation, and has caveats, but at A&A we do take it seriously, and will continue to work with other groups, and even on our own, to challenge anyone or any government aiming to curb such rights.

I, myself, spoke to a parliamentary select committee over the issues in the Investigatory Powers Bill. This gives some clue as to how far we are prepared to go to respect these rights as a company!

We take this seriously, but ultimately we are one small step in the chain of "Internet connectivity" that our customers enjoy. You may be able to trust us, but you cannot trust peering, transit, the far end ISP, well, anyone!

You should be able to trust BT or TT back-haul that we use, as the Act makes it clear they (e.g. BT) cannot snoop on us (A&A). However, it seems the Home Office feel they can just ask BT to do such snooping (as far as I am aware) and we cannot have confidence that BT would challenge such an order, and we know that such an order would be secret and gagged so we (and you) would not know if it happened. Yes, some sort of encrypted PPP is not out of the question, but that still leaves everyone else involved in your Internet connection to be snooped on!

As it is we have some limited logging which we explain, and some CDRs, and they are already available if we get legal requests. We obviously aim to document these and minimise these. For the most part customers can use us for connectivity without such logs at all (e.g. run your own email systems).

So what can customers do?

There are many things, and we have a lot of details on our web site. We'll try to add more and more over time. You can run your own DNS, your own email, tor browsers, VPNs, use end to end encrypted apps, and email, and so on. There are many ways to preserve your human right to respect for your privacy and correspondence. Use them. Ask for help from us on how to use them!

So how do I dismantle a canary?

With a scalpel? This simple answer is a plan to announce we will be removing it in, say, 2020. Far enough ahead to not be the result of any sort of order now, and so clearly our choice and not an indication that the canary has died of noxious gasses.

Does that make sense?

Obviously, doing anything with a canary can lead to be people thinking it has been killed to signify a notice of some sort, despite what I say here. There is nothing we can do about this: basically, that is the canary doing its job! However, we do not feel that the risks of having a canary make it worth having, which is why we are looking at options here.

We have not announced that yet, but I wonder what people think?
  • Is this a sane way to dismantle a canary?
  • Will it work or cause even more concern?
  • Should we be dismantling the canary?
P.S. I nicked a picture (well linked to) for this blog as I felt making my own images (as I usually try to) of a canary and a scalpel would be very very politically incorrect and also somewhat messy...I

Update 1:

Thanks for the various comments explaining how a canary usually works - a signed dated statement. We could change to that format, obviously, but it does not change the underlying issue. Indeed, I may change the website to push all such statements in one place and in that format anyway.

I am pleased that you appreciate the canary being in place, thank you.

However, it would still put us in the position (if we did get such notices) of either breaking the gagging order by not updating it, or making a fraudulent statement by updating it. It also does not change the fact that it is not "useful" to customers for us to have the canary, for that reason, and because we are only one link in the chain so you have to assume there is intercept and snooping anyway. The most "useful" thing we can do is advise on our policy and attitude and the work we are doing to stop such laws in the first place, so you have some idea who you are dealing with as an ISP.

Wednesday, 6 December 2017


Oddly the prescriptions I collect all appear to be "paper". They even make me sign the back of the paper to say why I don't pay. They are far from "paperless", just the paper is printed at the pharmacy not the doctor's surgery. Also, I find a certain irony in that the icon/symbol for the "paperless" aspect is an "envelope", now seen much as an icon for (paperless) "email" but in fact a symbol of a paper envelope to contain a paper letter.

IPv6 World Leader 2017

I was at the IPv6 UK Council annual meeting yesterday, and (A&A) received an award from the IPv6 forum. The Jim Bound award. Thank you.

It was an interesting day, and quite long, but at the end of the day lots of people bought me pints of cider in the Paternoster pub, thank you.

IPv6 is not new, and it was interesting to hear how different companies have deployed IPv6 and are deploying it. The talk from Facebook was really interesting - IPv6 everywhere internally with just edge devices talking legacy IPv4 for those who are not up to date. They also report that IPv6 access has better performance.

One key point is that IPv4 is somewhat decaying, with more and more problems, especially with things like Carrier Grade NAT. IPv6 rescues you from that and keeps the Internet working.

Monday, 4 December 2017

Friends do not let friends share passwords!

I recently blogged on the hassle of moving from one iPhone to another, and quite rightly people commented on the fact that it should not actually be that easy to do for good security reasons. My blog was very much done as a "typical end user" type rant.

At the end of the day, these devices are becoming critical personal devices that are our companions and providing security in a way we have to trust. The security they offer is way more than we ever had before. It is tricky when the device we trust is written by some company in a foreign land, and we don't have all of the details of how it works. We have to sort of trust them to keep security principles. I think, in most cases, they do, and a lot better than the alternatives. Even then we have to be cautious.

My old iPhone held a number of security details locked by fingerprint or long PIN, and the new phone does the same but using "face recognition". Both are a massive convenience. Convenience is good for security as that is what people will "do".

Now the end result is some things, on my phone, can get access based on that authentication, and in theory I could be forced to smile for the camera now, or previously submit a finger even if unconscious. It would allow some access to some things.

Even then, the company systems use a lot of two factor stuff, so the "authenticator" on my phone only works with a username (easy to guess) and a password (harder) and the authenticator. So we have quite a few barriers in place. This is actually better than the online banking on my phone, which trusts the phone for many things - but even that wants extra steps to send money to random new people.

Obviously I would never share any of my passwords with anyone, unlike MPs.

I appreciate the comments on that blog post though - they are correct in that the security is important. But a key aspect of security is making it usable for the masses. It has to be "convenient" to be used at all.

This is where the MP tweets come in - we see over the last few days that many MPs are fucking idiots, allowing access to anyone on their staff (including interns and temps) to their computers which may hold personal information. They may even be criminal in their actions.

To say it is related to porn use is distracting and why the hell can they not use incognito mode?

This is where systems need to make it easy to actually be secure. Things like fingerprints and face recognition go a long way. They allow me to be secure, and then only select the specific cases of say "inbox sharing" for email to specific staff to check and filter my email, etc, not general access to my computer. TBH I do not share my inbox - one day I may have a PA to handle it. If I was an MP, some trusted permanent staff may be there to filter email and post.

So in the case of changing iPhone, what do I want? Well, a simple, safe, SECURE, way to transfer all of that personal information for everything from email to banking (and an authenticator app), via local encrypted means, as part of the new phone set up. No iCloud or even iTunes backup. That would have saved me a lot of hassle. They manage to transfer the apple ID login details in some way that involves pointing the camera of one phone to the screen of the other, so why not all of this sensitive stuff?

But, just in case anyone has any doubts, all my staff and all my family know that passwords are never shared.

Friends do not let friends share passwords!

MPs take note.

Sunday, 3 December 2017

Today's recipe: Crisps from Makro

No recipe today, my wife is madly baking Christmas cakes all day, and I cannot get near the kitchen.

What I have is a stock of various crisps we got from Makro.

Makro and Costco are odd places, and we have both in Reading, so quite close to us. Usually worth going to both.

They each have very different things. Costco have loads of stuff, but lack some basic things like a good selections of crisps or alcohol. They have some, but nothing like what Makro have. Makro also seem to have way more of the catering style supplies, like if you actually want to ever buy Schwartz Bacon Flavour Bits, or 1.5l bottles of Southern Comfort, they are in Makro.

On the other hand, if you want a stupidly big Nerf gun, or any sort of decent TV, go to Costco. Just oddly different places.

Note, there are Marmite crisps in there. In fact that selection includes Marmite crisps, Frazzles, Wheat Crunchies, Worcester[not shire] sauce french fries, and Salt'n'vinegar chipsticks. That will keep me going for a while, I am sure.

As for 1.5l bottles of Southern Comfort, I have found a design flaw in my shelving which means it does not quite fit on the shelf, and will not even fit on an optic. Oh well.

Fire place

We live in a house built in the '80s (1987 apparently).

It has gas central heating, and a fireplace (with, obviously, a chimney).

This seems odd, as why would you need both, but really, do they build any houses with a fireplace any more. Why did they do so even in the '80s?

Over the years there have been changes. We have had the boiler replaced, and the hot water system (mains pressure hot water is great), and we have installed air-con units in many rooms now. In my "man cave" which is formerly the garage, the only heating is the air-con, which is very efficient and effective.

However, a few rooms in the house are still only heated by the gas central heating, such as hallway, landing, utility room, dining room, living room, kitchen, and one bedroom. They all have radiators that are still used.

This year, for the first time in like a decade, we are actually considering lighting the fire. Some years ago we had the chimney checked out and cleaned out, so should be OK, well, we'll see.

This is purely for decorative reasons as a Christmassy sort of thing. I can imagine the "fond memory" of a "real log fire" is a long way from the reality, somehow.

I am, of course, wary that this will be a problem. We do have a good fire guard, and have had for all these years, mainly to try and stop the cat climbing the chimney to chase the sound of birds sitting at the top. Does not work. I also have a fire extinguisher on standby...

But then it occurred to me, the thermostat (which I replaced with a digital one some time ago) is positioned in the living room, where the fireplace is located. This seems to be a design flaw.

Once the living room is nice and toasty from a real log fire, the central heating is going to shutdown, making several rooms in the house damn cold.

Thankfully not my "man cave" nor my bedroom as I have air-con, but still, rather a daft design.

P.S. It is December, in what the news says is a really cold winter, and I have just had to switch my air-con to cool in the man-cave as it up to 23C in here (no, we have not lit a fire). What the hell?

Saturday, 2 December 2017

Today's recipe: Chicken Korma Pot Noodle

Not actually a recipe, more of a review...

So, starts off looking like about the right colour for a Chicken Korma...

Now, I will mash it down a bit anyway...

Add water to the line...

Stir, and leave for a couple of minutes...

So that is the instructions properly followed, and no chilli flakes or marmite in sight.

The end result? Well, it tastes a bit chicken korma. It is a bit runny, so filling right to the line was probably not ideal. To be honest, a bit bland - I mean, I know a korma is often really mild as curries go but this has no spice to it at all. It is OK, but probably would not bother having again.

In fact, I did not finish it. Maybe it just lacks marmite.

Friday, 1 December 2017

My Christmas present

The iPhone X is not my Christmas present, honest. It is OK, but to be honest not that "special", and the hassle getting it set up was a nightmare.

First off I had to iCloud backup, which meant sorting extra storage. Then it restored, good, but every single damn app knows the login but not the password. So setting up banking on Lloyds, and Barclays, and Monzo. Then setting up Twitter and Facebook, FFS, why is this not simple?!?!

My authenticator app has lost the details so I have yet to sort that, and Barclays deny me "pin sentry" for "up to 10 days" for no fucking good reason.

The FaceID works seamlessly but to be honest so did fingerprints.

Then Signal app no longer loads - not available on app store, WTF? That is a pain as we use that internally for out of band support and ops. Arrrrrg!

OK, so iPhone X, and I pronounce it "ex" as I selected "English" not "Roman", not the Christmas present.

The Christmas present, if it happens, is the new Mac Pro. It looks awesome. I do video editing from time to time, and it looks perfect for that. I want! Looks very not cheap...  Seriously, Apple, saying "available December" is not good in bloody "December"!

I am here, contemplating spending a shitload with you on my new toy, where is it?!?

/me goes back to a corner to cry.

P.S. In case it is not obvious, this is a little tongue in cheek and my being the average Apple consumer for a change. Though I do rather fancy the new Mac Pro :-)

Payment Services Regulations 2017

Some interesting changes on 18th Jan 2018...

All those pesky charges for making card payments are finally going away. You will not be allowed to charge a customer any extra for paying by card.

This will have some interesting effects, many little shops that charge 50p or whatever, or charge 50p if paying below £10, will no longer be allowed to do so. This means, if they now have fees, they may decide simply to not take cards when below £10 or some such. In some ways that is a backwards step.

That said, merchant agreements (which are simply a contract between merchant and card handling company) may not allow that. That is not so easy for a third party (you wanting to buy something for £3 on a card) to effectively "enforce" on them, unlike the law covering the extra fee.

Anyway, how will A&A be affected by this...


We accept cheques, and charge an admin fee. Cheques are outside these new rules, but for consumers we have very limited scope to charge for the extra time and hassle of staff taking a cheque to the bank. So the plan is no cheques from consumers. Businesses that insist on cheques (which is like half a dozen a month or something) will continue to be charged a £5 admin fee. Yes, we have people paying like £10 bill by cheque each month which means £5+VAT admin fee on top. I don't know what to say!

Given that no consumers actually pay by cheque, of have done for years, this will not be an issue, but does mean updating our terms.


We do take cards occasionally, as an emergency, and charge a fee.

The current plan is to stop taking cards at all.

This is not simply the cost of doing so. The fact we won't be able to charge those costs is just the last straw really. Card collections used to be really simple. We had it all automated. We rarely had any fraud. It worked well and we used for all our regular payments. Then PCI came along, and Barclays terminated our merchant account simply because I asked how "fines" for non compliance were valid in UK law. Not that we would not be compliant, but because I asked the question and they could not answer. Now we have a virtual card terminal (https) and merchant account via a different bank, and it is all manual, hence used rarely. There are costs, and the hassle of a stupid PCI compliance questionnaire that is technically impossible to complete honestly even if you wanted to. The advice from the bank is to just ignore the inconsistencies and stupidities in the questions! So yes, dropping cards is something I have been planning for a while.

But we need to replace that with something, and the plan is to find a way to get faster payments fed in to the accounts system in real time.

What I am trying to sort out is one of the newer banks, like Monzo (but they do not do business accounts) so we can get a live API for faster payments coming in. Yes, Starling is one we are looking at. Fingers crossed.

If we get that then we'll change the account to which people normally pay via BACS, and we'll record the exact date/time of payments on the accounts. At present we have terms avoiding the issue of people paying on a non banking day, but this will make the payment date/time clearer, and allow instant automatic clearing of account credit issues, even out of hours.

We may even be able to offer new services paid for on-line by faster payments and provided instantly.

Direct Debits

No change! We don't charge for paying us by DD. We do charge an admin fee for not paying us by DD (i.e. the payment bounces), which is allowed.


We accept BACS payments anyway, and do not charge extra for paying us. We charge an admin fee for incorrect payments (for us allocating payment if no reference), but that seems to be allowed, and wholly avoidable by using the right reference!

This could be interesting, and I'll keep you posted on developments.

Why? apple

A month ago we ordered an iPhone X with Apple business.

For the whole month, even yesterday, they were still saying they could not say when it would arrive.


But yesterday, if you try on-line on normal Apple Retail they offer to deliver in just over a week and have stores listed with stock you can collect?

So how can a month old order be behind that? What the hell is going on?

Well, Phil, at the office, gave the guy at apple some grief. It is ridiculous, and he went and found one from stock in the store. Thanks to Phil for popping to Reading to get it. Was the original order ever going to deliver? No idea, but this is a shambles Apple, a total shambles.

Today's recipe: Curry Pot Noodle

Well, I have done a cheese on toast that involves bread, a toaster and cheese. I have done chicken soup that involves "a can of chick soup" and a microwave. So today's main ingredient is, you guessed it, an original curry flavour pot noodle.

But pot noodles are not without some controversy I think. For a start there are those that consider them to be some sort of inedible concoction from the bowels of hell, or some such. Mostly I like them, not all of the flavours though.

Another controversy is when to have one. Well, any time, and now is breakfast! Well, I say breakfast, which I guess is technically true, I have been up for about 5 hours so far, so getting hungry.

But what else is controversial?

The issue here is whether you make it as above, adding water, and leaving the noodles whole as long noodles that need a fork or some such, much like spaghetti, or do you mash them down a bit so the noodles are broken up as below. I do the later.

Then, do you add anything? Well, a good start is a few bacon flavour bits...

And, especially for the curry flavour pot noodle, I like quite a few chilli flakes...

Of course, you guessed it, a small amount of marmite...

And the original sauce...

Then hot water, but this is where again things may be a bit controversial...

There is a "fill line" and that works quite well, but some people like way less water making the final result extremely thick - i.e. you could turn it upside down and nothing fall out. My grandson likes pot noodles like this, and not just because he can easily knock them over. Make them "properly" and he'll look at you like you have lost the plot and don't know how to "cook".

On the other hand some people like way more water and it ends up more like a soup.

I like it just below the line...

Stir, and leave for a minute.