Tuesday, 20 February 2018

Let the juice flow

Well, the nice man from British Gas came round and did a very neat job, and we are all 100A now. Cool.

Unfortunately there was another side effect of having everything re done that has added a lot to the cost! A new washing machine.

Turns out the old one had an earth leakage issue but was not tripping the old circuits (may have been one of the non RCD circuits), and so as soon as we put in RCBOs, we find it is duff.

All good fun.

P.S. the geek in me that passed A-level physics can't help feeling there should be something more fun and youtube worthy to do with a 100A power feed than just charge a car and run a tumble dryer at the same time. Shame.

Sunday, 18 February 2018

Clawing back a DD

I have covered this before, and slightly on my recent blog, but I think I have had a few more angles on it now...

Suppose I buy services from BigTelco and agree to pay by DD. I run up a bill of £100. They take £100 by DD, simple.

How it works..
  • I agree to pay by DD and provide an instruction to my bank allowing BigTelco to request them to send money from my account to BigTelco.
  • The bank, in return, agree to provide me with the Direct Debut Guarantee. It is pretty simple - if a mistake is made I am entitled to an immediate refund.
  • BigTelco tell me they are going to take £100, let's say the pick 10th of month
  • They tell my bank to pay them, but make a mistake, saying 9th, and the money goes on the 9th
  • For sake of simplicity let's say I have the money, the account does not even pay interest, I don't even notice the error, no inconvenience or costs at all.
At this point I have paid my £100, simple. Everyone is happy.

Then, later, I get my bank statement and realise it went on 9th not 10th. So I tell my bank. For the sake of argument, let's assume bank not being arses, and in a case like this I could literally show them the advance notice saying 10th and the bank statement saying 9th, so no question, no argument, no doubt.
  • My bank give me £100 immediate refund.
  • The bank, having now lost out, make an insurance (Direct Debit Indemnity Claim) from BigTelco
  • BigTelco pay out on the claim sending £100 to my bank.
[update] It is worth explaining a bit about this complicated system. Obviously the scheme could have been that the originator (BigTelco) had to give an immediate refund if a mistake is made. Had that been the case it would be clear the money was sent back by them, but one assumes people did not trust the administration of the guarantee to be in the hands of the party that made the mistake in the first place, and so the guarantee is made by the banks and not the originator, hence this complex process of an indemnity (insurance) to the banks.

Now, at this point I am £100 better off, and BigTelco is £100 worse off.

The question, and the whole point of the blog post, is do I still owe BigTelco £100?

I can think of three reasons why...

1. BigTelco were forced to send me £100, so obviously I do.
[update] AKA, the payment was "reversed" so obviously I do.

This is probably the most obvious and what most people and companies would assume. Obviously if I only owed £100 but they took £110 and I got a £110 refund, I would in fact only owe the initial £100 not £110 that was a mistake, but clearly, having been forced to send money back to me, I now owe whatever balance is now due after adding that refund. Obviously there could be something in BigTelco's T&Cs to cover this case, but that does not seem to be the case generally as everyone assumes this scenario is BigTelco returning the money to the customer.

I think not!

[update] This is not a case of the payment being reversed (see above for the complicated way this happens).

BigTelco are £100 worse off, but not because they were forced to send me £100. They sent my bankers £100 and that was because they agreed to insure my bankers. The £100 was not "for me" it was for my bankers that have lost out to the tune of £100 and made that insurance claim from BigTelco.

I am £100 better off, but not because BigTelco were forced to send me £100, no. The £100 was from my bankers not from BigTelco, and was because my bankers agreed a guarantee with me.

To illustrate, consider, after taking the £100, BigTelco went bust and by the time I told my bank of the mistake they no longer existed. In that case my bankers still have a guarantee agreement with me and still have to pay me the £100. In that case my bankers are £100 worse off and have nobody to make an insurance claim from. I get to keep my £100 in that case, clearly. This demonstrates my £100 did not come from BigTelco.

2. Insurance companies can pursue losses as if the insured

Another principle is that if you pay out on insurance, you can then pursue someone for damages. E.g. if you were to break my phone, I could pursue you for damages. If, however, I claim on my insurance, then my insurers can pursue you for damages.

So BigTelco insured the bank, but they can pursue me for the £100 they had to pay out.

I think not!

The insured risk was "a mistake in the Direct Debit payment". The mistake was made by BigTelco, not me. So if they have anyone to pursue, it is themselves. I am not the cause of the insured event.

3. Unjust enrichment.

There is a principle of unjust enrichment which may apply, and I am not a lawyer.

However, I am £100 better off, and BigTelco are £100 worse off, I am "unjustly enriched" and so should pay them the £100.

I think not!

Again, this was not £100 from BigTelco. If I am "unjustly enriched" I should pay the money back to the person that paid it to me, my bankers. However, I do not think this is "unjust", this is money from a guarantee the bank offered me and on which I validly claimed.

Consider Pizza Hut. If they take more than 40 minutes to deliver my pizza I get £10. This is not to cover losses or damages in any way - I don't really have any losses for a pizza a few minutes late. It is a guarantee they offer. It would not matter if it was £10 or £1000 they pay, if they agree to pay it if the guaranteed event does not happen, then I justly receiving that payment.

I don't see how my bankers offer of a guarantee is any different. In this case they agreed to refund me if a mistake is made, and they did what they agreed when a mistake was made. My gain is justly from the guarantee the bank offered me.

Also, what of the example above where BigTelco no longer exists. Surely my getting a refund would be 100% just in such case, even though it is my bankers and not BigTelco that have lost out.

I am not a lawyer

One thing, obviously, is a judge is going to do the whole "walks like a duck" thing, and clearly say that the money came bank from BigTelco to me in that case, and so I still owe it. But really, that is not how it works and not what happened. I wonder if there has been any case law on this.

Imagine the chaos if there were - every clawed back DD ever would suddenly be something you could keep. People would be suing suppliers like mad if there was a case the way I think this should work.

On that bases, I must be wrong, surely. But... think of PPI, that was rock solid logic until the day it was not. This could be another PPI fiasco if it ever happened!

Just a though :-)

Saturday, 17 February 2018

Startgate Origins - Indeed!

Hmmm...

Stargate is one of the TV series I quite liked, and the films, and I have watched them all several times. So when I saw there was something new, Stargate Origins, I was quite looking forward to it.

Initially I thought it was a new film, a prequel to the initial films, set in the 40s or so "Young Catherine Langford embarks on an unexpected adventure to unlock the mystery of what lies beyond the Stargate in order to save the Earth from darkness." - it's MGM so I expected it should be good.

Even so, it grates with the initial film and start of the series where Catherine Langford did not know it could open and access other worlds or that there was ever more than one place it could go. The plot is at odds with it all, and could have been done better. If only the plot did not involve Catherine, it could have worked as an unknown site track in the gate's history, maybe.

But putting that aside, I thought this could be good, and actually the trailer looked good. Release 15th Feb, yay!

Then I realise it is a new series, and actually that is way better than just a film. Cool.

But no, and WTF?

I am used to two main formats, a film which is like 1.5 to 2.5 hours, or a series which is a dozen or more episodes which are distinct stories (sometimes double episodes) of maybe 45 mins to an hour each.

But this is crazy, so far released is three episodes with streaming via an app. The first is 10 minutes, including credits, titles, and a long scene from the original movie. The second is 8 minutes, including credits and titles. The third is 13 minutes including credits and titles. These are not "episodes". You are stretching to call them parts between advert breaks in the UK even! They are little more than "scenes" at best.

Each is in fact just the steps of a longer story, not distinct "episodes". I would not normally give away "spoilers" but seriously, at this stage, there is nothing to "spoil"...
  • Stargate unearthed (clips from original film)
  • 10 years later, Prof and Catherine Langford made no progress, losing any funding
  • Nazis turn up, with old parchment and notes and open the gate using car batteries
  • Take a few people inc Prof Langford through, meet female G'ould that kills one of them
  • Catherine, left behind escapes and gets British army chap and his mate
  • They dial, using car batteries, and go through
That is it! All 31 minutes in total. It may make like the first third of a story/episode, perhaps. If this was SG-1 we'd maybe be at the first advert break by now.

Vaguely redeeming feature, it has Connor Trinneer (who played Michael in Atlantis, and Trip on Enterprise) as Prof Langford. Even then, the make-up is not that good.

I mean, I have no idea, if, when finished (IMdb says 10 episodes) it may actually be possible to stitch together to make like one episode, or even something that could be called a film, but at this point I am less than impressed. I only paid £19.99 for this (with streaming of all existing movies and series), and I think I was ripped off!

Only IMdb review: "NO...JUST NO complete and utter drivel ,If MGM want to destroy a franchise this is the way to do it production values very poor scripts and concept worse, sets just not worth the effort ,totally ignores not only the movie, and series universe but craps all over it. who ever wrote this and decided it was a good idea needs taken out and shot. very very disappointing" - well, I agree!

What is this crap?

Friday, 16 February 2018

Barclays incompetence

I asked Barclays to refund a Direct Debit in accordance with the Direct Debit Guarantee. This should be a simple and routine thing for any bank involved in the DD scheme. Sadly not, and this is the exchange with Barclays lasting a week! I have redacted some details obviously...

First message, via secure on-line banking messaging...

Fri 09/02/2018 20:19 A direct debit from my account today appears to not have had the required advance notice. Please provide an IMMEDIATE refund as per the Direct Debit Guarantee. The payment is for £271.38 today to BUPA CENTRAL A/C from my account number XX-XX-XX XXXXXXXX. Don't cancel the Direct Debit instruction, just refund that specific payment. Thanks. 

Concise and to the point and all of the details they need.

Well, I get (at every stage) a standard reply saying they aim to respond within 48 hours (clearly bullshit), so I'll omit those... But I did reply to the first one, just to be clear...

Fri 09/02/2018 20:22 Sorry but a reply in 48 hours is not acceptable, the Direct Debit Guarantee you offer is an IMMEDIATE refund, and not a 48 hour delay, please rethink this and reply IMMEDIATELY with a REFUND as per your GUARANTEE.

So, how long to wait I wonder... After 4 days...

Tue 13/02/2018 07:29 It has now been substantially more than 48 hours. This is meant to be an IMMEDIATE REFUND under the DD guarantee. This does not feel very IMMEDIATE to me. Please act on my request today or I will have to take this matter further.

Finally a reply...

Tue 13/02/2018 13:47 Hi Mr Adrian, 

Thank you for sending us a message and I apologise for the delay of response. 

I understand that you would like your direct debit payment to BUPA for £271.38 on 09-Feb-2018 to be returned because you were not given an  
advance notice for it. We can progress this as an indemnity claim for you. Most customers receive a refund which will be visible in their  
account immediately, however on occasions we may require further information regarding your claim to establish the error before a refund can be  
provided. If we do require further information from you, I will advise you of the outcome once your claim has been logged. Whilst the bank can  
provide a refund, you may be required to pay back the amount refunded if an error has not occurred. In this situation, the originator that  
collected the DDR is likely to seek payment from you, which may include legal action. Are you happy to proceed on this basis? 

I look forward for your response, Mr Adrian. 

Regards, 
Rodante Jericho Araullo 

Customer Support Manager 
Barclays Bank PLC

This is what prompted my recent rant. "We can progress this as an indemnity claim for you" is just wrong. I am requesting a refund under the Direct Debit Guarantee, not any sort of "indemnity claim". I respond, promptly...

I have to say the scare tactics of possible "legal action" are over the top. There may even be some major flaws in the logic here. I request a refund as part of a guarantee the bank offers me. The bank claim from originator as part of an indemnity they have with the bank. That indemnity is to cover losses due to the originator failing to follow DD rules (such as giving notice). I see nothing in either of those to processes that impacts the fact I did pay the originator by Direct Debit as per the contract I have with them. Even after my bank (not the originator) refunded me for an error, I still paid the originator as per their contract terms. The fact they paid on an insurance policy they have with the bank because of an error they made (not my error), does not mean they can reclaim that insurance pay out from me in some way, does it? So actually I feel the law and the contracts and guarantees in Direct Debits have a huge hole in them.

In practice all originators consider such a refund and indemnity claim to be "un-paying" the money you owed, but I am not sure that actually holds legally (before anyone asks, A&A T&Cs do make it so for our DDs).

There is a new clause on the DD guarantee that if you get a refund to which you are not entitled, then you will have to repay it if/when the originator asks, but in this case I am entitled to it as they made a mistake, so even that clause does not kick in.

Anyway, in spite of scaremongering I try to explain I do want this!

Tue 13/02/2018 14:02 I am making a claim against you under the direct debit guarantee. So refund the payment immediately as per the guarantee. Don't cancel the ongoing instruction. 

The error is simple, I have not seen the agreed advance notice for this collection. Obviously I cannot prove that as one cannot prove a negative. 

As for an indemnity claim, that is entirely a matter between you and the originator and nothing to do with me, so I'll leave you to do whatever you wish in that regard. My dealing with you relates only to the Direct Debit Guarantee which you as a bank offer to me. 

Please confirm when you have made the refund. Thank you.

Note, I state things like "So refund the payment immediately" and "Please confirm when you have made the refund" so there can be no doubt I want them to go ahead...

But, oddly, nothing, no reply... I did say they need to action "today" or I would take further, so next day...

Wed 14/02/2018 07:10 I requested this on Friday. It is now Wednesday and it has not happened. 

I remind you the guarantee is an IMMEDIATE REFUND. 

This is not IMMEDIATE. 

I did say in my last message that if not done yesterday I will have to take this further. 

As such, please advise the process to refer this matter to the banking ombudsman as Barclays have failed to response to communication within their 48 hour target and failed to provide an immediate refund in accordance with the Direct Debit Guarantee.

So this really is making it crystal clear I am expecting this to have been done by now. I mean how clear can I make it?!

So I give up and contact them on twitter, and end up talking to the social media team on the secure messaging system... Even so this is next day.

Thu 15/02/2018 16:00 Hello Adrian, 

I can see that my colleague has replied to you about this on the 13th of February, asking you to confirm if you're happy to proceed with the  
indemnity claim to recall your direct debit. As you haven't specifically said you're happy to proceed with this the claim hasn't been actioned.  

In regards to the timescale, we aim to reply within 24 hours however it can take up to 5 working days to get a reply. If you need something to  
be actioned urgently I'd recommend that you ring us directly on 03457 345 345 (24 hours a day, 7 days a week). 

Let me know if you're happy to proceed with the indemnity and I will get this set up for you to recall the direct debit payment for you. 

Kind regards, 
Ramona Oprea 

Barclays Bank PLC. 

I mean, really, all of my messages were somehow not I "specifically said you're happy to proceed" how the hell is that a sensible reply in any way?!

Thu 15/02/2018 16:06 I replied at Tue 13/02/2018 14:02 

I stated "So refund the payment immediately as per the guarantee." 
I also stated "Please confirm when you have made the refund. Thank you." 

How clear do I have to be on this. As per my original message nearly a week ago and that reply. 

REFUND THAT DIRECT DEBIT AS PER THE DIRECT DEBIT GUARANTEE IMMEDIATELY. 

Is that clear enough for you?

So hopefully now it makes sense...

Thu 15/02/2018 16:53 I am sorry for the confusion created earlier with my colleague, I think he got confused when you've mentioned that this is not an indemnity but  
a refund.  

However I have now raised this for you and the details have been sent to our processing team who normally action by the next working day,  
however on occasions we may require further information regarding your claim to establish the error before a refund is to be made. If you have  
not received the refund, it is likely we need to obtain further details from yourself.  

Once this has been actioned you should see the refund coming back into your account.  

Kind regards, 
Ramona Oprea 

Barclays Bank PLC. 

And finally the refund happened on Friday... A week after I demanded it.

Barclays, this is not how you handle an immediate refund!

Apple iMac Pro 10G Ethernet buggy?

I would be interested in anyone else able to test this on their iMac Pro to confirm as it seems highly unlikely to be anything but a simple driver bug. Sadly to test you need to craft broken TCP/IP packets.

Myself and a colleague have wasted a lot of time trying to track an issue over the last few days, it seemed to be that a simple TCP stream could have corrupted data in it.

Basically, we would do a test of a web page served from a device (the FireBrick as it happens, with test s/w on it), and the page would be all nulls and spaces, or should be, but random corruption would appear.



To be 100% frank we have not tracked it down yet, but we initially assumed it had to be an issue in the new FireBrick code. We are just launching the FB2900, so any issue in testing is somewhat serious.

Now, if you know anything about networking, TCP as a stream will only work if you get proper packets at both the TCP level and lower levels like Ethernet, with good checksums/CRCs. Whilst Ethernet is generated on each link. The TCP checksum is end to end (no NAT involved here).

So, you have a visible, albeit slightly intermittent problem - basically view a specific web page from a specific device and see gibberish in the page. You naturally assume it has to be within the TCP stack / processing of each end as that is where data could be corrupted without breaking the TCP checksum logic. There are two ends, one is my nice shiny new iMac Pro and the other is a FireBrick somewhere on the end of a DSL line. It has to be one of those two ends with the issue, and well, obviously not the iMac, so look at the newest code, and latest hardware, at the FireBrick end. Anywhere in between would cause a TCP checksum error and so we would not see in the final TCP stream.

A lot of time wasted, and a clue pops up - cannot make it happen from the iMac (not the Pro) at the office. Hmmm. Sadly it is a tad intermittent, so not conclusive. I could not make it happen locally either, but assumed the slower uplink and more buffering may be a factor.

Then it gets really really weird, and I can imagine some network engineers would pull their hair out at this point. On my home iMac Pro I did lots of the same test. I tested on wired Ethernet (running only at 1Gb/s), and on WiFi. Every time on wired it got corruption. Every time on WiFi it did not. A dozen tests. Pretty conclusive. WTF?

Seriously how can that be - clearly the iMac Pro is not randomly corrupting TCP streams, as I would notice in web pages, images, etc. Even, as it seems, levels like 1 in 1000 packets, you'd notice. So why only the stream from the FireBrick. It cannot just be an iMac bug...

So I used wireshark to pcap on the iMac Pro, and yes, it saw the corrupted content. Odd. Then it occurred to me - tell wireshark to check checksums. Bingo, the TCP checksum is bad. Yet the iMac Pro has accepted the packet and fed the corrupted data in to the TCP stream!

This changes the game massively. It means this is a raw data corruption somewhere on the route from the FireBrick to me. It could be ANYTHING now, as not in the TCP realm as the TCP checksum is wrong. We were (probably) looking in totally the wrong place for this issue. Thanks Apple!

It seems that the iMac Pro wired Ethernet is not checking TCP checksums. The WiFi is fine. Likely cause is that they use h/w TCP checksum logic on the MAC (not Mac, I mean Media Access Control, the Ethernet hardware) and there is either a h/w or s/w bug meaning the checksum check is not being checked! It is an easy bug to exist and one you will not notice generally as almost all packets have no TCP level corruption!

Reported to Apple but also said that I am not spending ages doing logs and crap for them unless I am paid my hourly rate.

When debugging you really do not expect two unrelated bugs to be in play at once. This is hard work.

Sadly, at this point, we confirmed the corruption is definitely upstream of my Mac (dumps on router in-between), but the bug has vanished for now - Heisenbugs we call them. If/when we manage to reproduce it, we can then trace at each step along to way to find if an issue in our network, BT, the modem, switches, and so on, or, as is seemingly increasingly unlikely, the FireBrick at the far end. As this happened on old FB2700 and new FB2900 on this DSL line, but not anywhere else, the chance of this being in the FireBrick is getting vanishingly small.

Chasing bugs can be hard!


Thursday, 15 February 2018

Power to the people: Stage 1

Upgrading the power in the house is not something I really expected, but seems like a good idea.

The main driver is the fact my son has a Tesla, and now has a 32A Tesla charger on the wall. It is quite nice technically, can take one or three phase, and can be configured to tell the car how much current it is allowed to draw. Mostly James uses the free supercharger on his way to/from work, but he tops up over night at the house. It makes it very cheap to run (for him, at any rate).

So, having installed the Tesla charger, we can be using 32A extra. That is a lot for a domestic installation, even for a large(ish) house like this one. The first time it was charging at the same time as the tumble dryer it tripped the 80A RCB on one half of the consumer unit. Now, we were not up to 80A, I can be pretty sure of that, and it is an RCB, so it is likely just all of that load from various sources led to just enough leakage current somewhere. Hard to be sure to be honest. Moving off the RCB worked.

There are therefore a couple of concerns. One is the nuisance caused by an RCB that trips half the house. We have computers with disks, a wax printer with melted wax in it, sudden power losses are a nuisance. To be fair, computers are way better at this these days (journalling file systems, etc), but if you are in the middle of something time consuming you can end up starting again. And then there is the possibility that you are playing some on-line game, which, by total fluke, my son and I were doing at the time (I rarely play anything, this was AoE on steam!).

The other concern is the overall current usage, with one device that can draw 32A, and a "commercial" tumble dryer on a 30A circuit, and five air-con units on 16A circuits. One can see this adding up.

So, yesterday was stage 1.

I have had the consumer unit replaced. As per that picture it is all RCBOs. This means each individual breaker is an RCB, rather than a breaker for each half. They are on 100A switches on each half. This is not cheap, and took many hours to do. But now, each circuit will trip independently of the others, which is much cleaner. I also isolated my "Internet" stuff (connection, switches, PoE for WiFi, and security cameras) on to their own circuit. The alarm is already battery backed up. So this means less chance of tripping something taking out the Internet as well.

Also, the tails to the meter were upgraded from 16mm to 25mm to allow for 100A feed.

Also, a separate meter was installed on the Tesla circuit so I know how much James is costing exactly.

Stage 2: The next stage is upgrading the tails from fuse to meter - next week. They are also adding an isolation switch, which is nice. All that for £44 from British Gas.

Stage 3: We checked the fuse, and it is marked 100A on the carrier, but is in fact only 60A. Wow, we are way closer to hitting that than we realised. So we need that upgraded. That cannot happen until the tails are upgraded, and they checked the meter is 100A, which it is. So we are good to go for 100A installation...

What a "dick head" (his words): NRG Installs Ltd

Wow, I get some dodgy sales calls, but this takes the piss.

It took me ages to find he was calling from NRG Installs Ltd.

  • He could not say who he was calling from, just "NRG Installations"
  • He did not know the company number, and thought his phone number was the "company number" no matter how hard I tried
  • He did know his web site, but thought that the web site/domain was actually the "company name"
So then we have the fact he called a number on the TPS...
  • He told me the number he called, which I presumed was one of my numbers, I have a few. It is a number on the TPS!
  • It turns out he made the number up (i.e. lied), but then rants at me for lying about it being one of my numbers!
  • He refuses to say which number he actually called - to be a "dick head" (his words)!
  • He has no idea how to say a phone number, i.e. area code, pause, number
  • When I did track down which number he did call, from the incoming call logs from our PSTN gateway, he is adamant that is not the number he called. Now, in theory it could be some sort of re-direct but that is unlikely (I don't recall setting one up and would not have to that specific number), but we normally see redirection headers on the incoming logs in that case.
  • The number he actually called is in the TPS and has been for a long time.
But it gets worse, I mean really bad!
  • He says the TPS gives them numbers and they call them
  • He actually has no idea who the TPS are even
  • He thinks we should sue the TPS and not NRG Installs Ltd for the PECR breach
  • "I thought we were meant to call the numbers that the TPS give us"
I have muted the number he called from the recording here... It is well worth listening to...



Sadly there is little point in talking to the ICO on this, they don't care.

Banks trying to change the rules by bad use of wording.

As you probably know I have a gripe with banks over their use of the term "fraud". When someone pretends to be me and fools the bank in to paying out money which the bank then debits from my account with them - the person who has been defrauded is the bank, and not me. The person lied to was the bank, not me. So I really hate that when that happens ALL of the wording and communication from the bank is worded as if I have been defrauded and the bank is helping me sort it out and reclaim the money. In actual fact the bank has been defrauded, and so has no right to have debited my account and so must credit it, and then I am helping them with their fraud by providing information. They twist the wording and most people fall for it.

However, today, I see another case of mis-wording things to somehow "take the bank out of the loop". This is the same principle as the fraud thing - by making me the one defrauded they sort of take themselves out of responsibility, which is bullshit.

I refer to the Direct Debit Guarantee.

I am trying to claim a refund under the guarantee from Barclays, and for some reason they have taken nearly a week to provide the immediate refund that they guarantee, and at each step they refer to "my indemnity claim".

So, it is worth explaining to people how this works so that you know.

  • I authorise the bank to debit my account at the request of someone else (the "originator") - this is the Direct Debit Instruction.
  • In return the bank offers me a guarantee that if a mistake is made the bank will give me an immediate refund.
  • Quite separately, the originator offers all banks in the scheme an insurance (an "indemnity" agreement) that if the bank loses out because of the DD guarantee, they will pay the bank.
  • This means the bank make an "indemnity claim" against the originator after they lose out because they had to refund me.
This means there are two distinct and, in principle, unrelated things that happen here. I claim my refund. The bank make an indemnity claim.

This is quite important as, in theory, things could go wrong with the indemnity claim - e.g. what if the originator no longer existed (e.g. a refund on an old DD after originator has gone bust)? Well, in that case the bank is still obliged to refund me under the Direct Debit Guarantee that they provide to me. However the bank will have nobody to claim from, and so the bank loses out. Not me!

There are other cases. The originator can make a "counter claim", claiming from the bank that the bank should not have made the refund as "there had been no mistake". In that case, the counter claim provides the bank with the evidence necessary to reverse the refund on the basis that they should not have paid out on the DD guarantee, and they refund the originator as part of that counter claim. The bank can then use that evidence to reverse the refund.

So why are the bank messing about calling it "my" indemnity claim? I can only assume they are trying to extricate themselves from the process. I.e. if for some reason the claim does not work, they would try and reclaim the refund, because it is "my" claim and they are just helping me make it. This is, once again, bullshit.

Why does it matter?

In both cases we are seeing more and more people fooled by the wording and really believing that they are making an indemnity claim or they are the victim of fraud. Over time that will be what everyone thinks, even lawyers, judges, and politicians. It is a gradual change of perception, and before long the practical aspects of such things will end up as the bank have changed the rules without actually any change in the law or the guarantee or contracts.

I think banks should not be allowed to bend the truth like this.

Wednesday, 14 February 2018

When it a "30 minute guarantee" not a "30 minute guarantee"?

Well, when it is pizza hut...

How do I read that?

If they are 10 minutes *over* the 30 minutes? then that clearly makes this a "40 minute guarantee" as nothing happens at "30 minutes" in any way does it?

Just be honest!

Or is it that 10 minutes after order? Or 10 minutes after forecast? They are saying one hour to me now, so is it magically now a 70 minute guarantee?

A "30 minute guarantee" would have pay out for exceeding "30 minutes". Simple as that. Not "10 minutes on top of that". I mean, why not a "2 hours late" clause on top, it is meaningless.

The guarantee is clearly a "40 minutes" guarantee, as no recourse or penalty for delivery within 40 minutes and there is some (£10 off next order) when beyond 40 minutes.

This is bullshit - be honest. I think I'll file a complaint to ASA (like that matters)...

P.S. to be a tad less ranty!

The "30 minutes" is not meaningful in any way but as the headline. If they had a choice of customer A in 30 minutes and customer B over 40 minutes, or alternatively both A and B over 30 but within 40, they would choose the latter. They would be negligent not to. Only the "40 minutes" actually matters to anyone. The break down of that as "30+10" is purely marketing hype and IMHO dishonest, sorry.

Sunday, 11 February 2018

ICO web site hacked?

The web site of the Information Commissioner's Office, the UK regulator for Data Protection and related matters, appears to be running a crypto mining script when you access it. www.ico.org.uk

But please, check for yourself, visit the site. On safari you right light to inspect element, click resources and scripts, and there you find it.


I can't claim credit for spotting this. @Scott_Helme on twitter drew my attention to it. He has managed to find a lot of sites running it.

But I can confirm I have checked, and it is true - but check for yourself.

P.S. The hack is in a third party site (browsealoud.​com) from which the ICO include scripts but do so without integrity checks. If anyone should be "careful" and have proper "technical and organisation measures" in place, it is the ICO.

P.P.S 15:30 seems browsealoud.com have done something, using an invalid certificate (odd) but has the effect of stopping the issue.

A little more for my less technical friends.

When you visit a web site, a lot of things get loaded in to your web browser in the background. These include images, and stylesheets and scripts which do useful things. Sometimes these come from other web sites.

In this case the ICO have included a script from another site, which does something useful - a tools to allow text readers for the web site for blind people. It is included in a lot of web pages.

However, someone has hacked that third party web site, so now when you go to the ICO web site you get more than you bargained for.

The ICO could have protected you from this - there is a way for them to tell your browser what to expect, and so it would not load the hacked version. The ICO should really know about this and have done it, being, well, the ICO. They did not.

So what is this bad thing that you get? Well it is not "infecting your computer", thankfully, but it is using it to "mine cryptocurrency". While the web page is open your computer will be slower as it is doing loads of work behind the scenes.

Explaining cryptocurrencies would take a while, but they are like money except you can "create" it using computers. It normally takes a lot of computing power (and hence money for electricity) to create useful amounts. However, by harnessing the power of millions of computers that are simply accessing web sites someone can make money using your computer. That is why they do this.

Is the A&A site OK? Well, yes, we use very few external scripts at all, and we don't use the one that has been hacked. However, we had not yet added these integrity checks yet - we are actually working on a new web site, and so some "maintenance" things have been left behind a bit with "That'll be sorted with the new web site". However, this example shows how important that is, and it will be done shortly anyway. We really feel the ICO should have known better though.

Saturday, 10 February 2018

2D bar codes

I have done a lot on barcodes on my blog, and I am sure I have mentioned the URL shortener I made that is www.4.gg in the past.

It allows you to provide a URL and gives you a barcode for that in a variety of formats. Some time ago I changed from IEC16022 (DataMatrix) codes to IEC18004 (QR) codes simply because this is a tad like betamax vs VHS, and clearly QR codes have won. Shame, in my view, but they work. It's is even possible to script it to get codes for URLs from automated systems.

I was looking today at some of the stats on the site. It collects very few pieces of data - obviously it has a log of the mapping from an assigned code to a URL, it has to have that, and it records the date/time it was made, and the IP from which it was made and a hit count and latest time of use, and well, that is it.

It was never any attempt to collect data, personal or otherwise. I intended it to be useful, and well, we (A&A) use it for things like barcodes on invoices.

What makes it special is that the barcode is designed to fit the minimal QR code format, so is compact and/or easy to read. For example :-

That is the size of all of the barcodes it makes, the smallest allowed in normal IEC 18004 QR codes. But the URL shortener aspect means that can be any URL you like.

I checked, and was amazed that there are literally millions of hits on these codes now. It has been working for like 9 years now. We actually have over a 1000 new codes created a day now, which shocked me! When I started some camera phones had QR or data matrix readers, and even the Nokia phone had a bug that did not like a "z" in the code. These days phones have QR code readers in the camera apps, and iPhones just "see" QR codes when taking a picture...

So then comes GDPR, and I am concerned - we collect IP address when codes created and hit counts. Importantly we could collect way more if we wanted to. Some may count as "personal data" though that is questionable. So do I have to worry.

Well, best plan is make this an official free service by A&A and include in GDPR privacy statements. Annoying we have to do this crap in many ways, but let's do the right thing shall we.

BTW, the most popular code is some site that is now a parked domain, over 500k hits and even one today, so someone has put that barcode somewhere massively popular and I know nothing about it. Amazing how a free service I have not even advertised has taken off.

What is especially amusing is Facebook hampering my freedom of speech talking about it!


First time I have ever been accused of spamming... What is amusing is that I could post that screen shot on Facebook and a QR code of my post and the various comments and replies in QR code with no problem. Shows how effective Facebooks policies are in practice. LOL.

Wednesday, 7 February 2018

The frustrating bit...

The FB2900 is close, and one of the big things that is adding quite a bit of time, and a lot of cost, this time, is new safety standards. These were not in place for the last product.

Launching a product, especially an electronic one, has a lot of hurdles. It used to be the EMC testing (generating radio/electrical noise, and being susceptible to such) were the "biggies" that needed expensive external test houses. The "electrical safety" was a minor part of testing (can you poke your finger where it could get zapped?)... To be fair it was a bit more - things with mains power have to meet various rules for air gaps and insulation, but there are well known and tried and tested ways to design this in.

However, times have changed... The new safety standard (a little gem called BS EN 62368-1:2014) has a lot of things in it.

This is good!

I have seen too many things with power bricks melting and nearly causing fires. However, it is new, and this means some of the things you need to know when designing are not 100% clear. Unless/until the examiner at the test house makes a decision based on his reading of the spec, you cannot be sure. It is quite possible that something seemingly simple can catch you out and cause lots of delay.

I am pondering doing a more comprehensive blog some time, but here are just a couple of examples of the issues we have had to consider...

Holes matter!

The FB2700 had a grid of holes on the side for ventilation. The new FB2900 is way lower power (typically 5W) and does not need holes. We originally planned to leave the case design the same, but turns out the holes matter. Because they were more than 3mm this meant the case is not a "fire enclosure" (I think that is the term). This means things like deliberately overloading the power module to try and break it, and setting the damn thing on fire to see if any plastic comes out of the holes! Thankfully we do not need the holes any more, and the screw holes for rack mounts are small enough not to count. This meant a minor rework of the metalwork which added more delay.

Labels matter!

The front and back have screen printed polycarbonate labels. Obviously these are purely cosmetic, they could not possible matter, surely? After all the serial number label has all of the safety warning and CE marks and so on.

Wrong, they matter. Or might matter. Apparently there are factors of "touch temperature" - i.e. if the metal case is at max operating temperature, can you hurt yourself touching it while plugging in a cable? That sort of thing. I don't fully understand this one yet, but it meant the labels matter.

It gets more complex! There are LED holes that are over 3mm, and they are plugged by light pipes which are flame retardant and rated to the max operating temperature, so plugged holes. However the label provides an extra layer of flame retardant over the hole just to add extra safety. So err on side of safety and use flame retardant labels.

When we did the FB2700 the symbols and warnings on the labels were a simple checklist. Like power supply ratings, and CE mark, and class II (double insulated) mark, and so on. We simply put them on and we complied. Now it is part of the safety testing to check the label and check the associated paperwork (the quick start guide). So the production sample we send really has to be proper finished and paperwork and label and everything. That adds more delay.

The good news

This may sound depressing, but it is really good that things are tested this well. We are winning!

The production sample is off to the test house to finalise their testing and approval. Once we have that, we can stamp a CE mark on it and start shipping. Of course, something could come back and bite us and add more delay, but fingers crossed. We have a good hardware team on this and they do a damn good job, so should not be any issues.

The future

There is one thing that is not tested at all, and I can see that in 10 years time this may be very different. This is a network device. It is increasingly important that all network devices are sensible in the way they work - controlling access properly, protecting against attacks, and ensuring updates and patches as needed. None of this is subject to any formal standards or tests now. I wonder how that will change over the years. I wonder how easily a wince or linux box will pass? Fun times.

Only ISP guaranteeing no mid contract-price rises?

I just heard an advert on the radio which was very clear in stating that Talk Talk are the ONLY ISP that guarantees no mid-contract price rises...

This is rather puzzling, and perhaps worthy of report to ASA... Why?

1. Since at least Jan 2014 OFCOM rules are that ISPs (that is ALL ISPs, not just Talk Talk) cannot increase prices mid-contract, by which they mean "during the minimum term". So why on earth are Talk Talk claiming they are the only ISP with such a guarantee when literally every other UK ISP has the same guarantee! I don't recall A&A every increasing prices, and we have always had in our terms that an increase means you can leave before the end of minimum term if you wish, long before OFCOM rules came in. We sell some services with no minimum term, which makes it really simple that we guarantee no price rise during the minimum term!

2. They don't explain the other side of their guarantee. A guarantee has two key parts: (a) the thing that is guaranteed, and (b) the consequence of that not being the case. The OFCOM rules are that if you increase prices the customer is allowed out of the contract early, that is what the guarantee "pays out". Of course Talk Talk may have some better "pay out" on their guarantee - no idea what that is (does anyone know) which makes it better than the OFCOM mandated "guarantee", but it is wrong to say they are the only ones to offer a guarantee.

3. Like many adverts, people seem to misunderstand the word "contract". The "contract" is not the "minimum term", it is the agreement you have with the other party. That "contract" is on going - your broadband does not stop when you get to the end of the minimum term. So by guaranteeing no mid contract price rises they are basically guaranteeing no price rises ever, ongoing... I am not sure that was their intention, but as someone that does have a clue what the word "contact" means, that is what I would be saying to the judge if I ever sued them. Not that I buy retail broadband from Talk Talk myself.

Sadly the ASA have no real power, so no point reporting it really. At best, long after they have finished this advert run, they'll be told not to do it again. Oh well.

Monday, 5 February 2018

The important bit!

You have no idea how much debate this caused internally! Not just the actual design of the polycarbonate printed label, but how it shows on the web interface...


The "clever" bit was to make the FB2900 status page have an image of the front panel. Previously we have had simple rectangular boxes with colour and labels for speed/duplex. This time it was made using the design drawings and hand crafted SVG. I originally had the SVG made from a PDF made from the drawings, but that was massive by comparison and did not really help with what I need. I had an SVG but some parts of it needed to have id tags to allow some dynamic changes.

In the end I had to manually draw all the physical bits, the USB socket, the power socket, and the Ethernet sockets. My digital callipers were useful. The end result is pretty damn good.

We then have, within the ports, a rectangle with text to show a port connected. The green is port up and the purple is actually "remote fault" which I was testing. It works well.

The trick was a websocket feed of live status changes causing a simple javascript function to update the content and classes on the SVG objects in real time. It works! Next step is probably live port LEDs as well.

Technical bits included the fact that "className" is not a thing in SVG, you need "className.baseVal". That fooled me for ages. Also, for a bit, I forgot CSS does not allow // comments and just causes next thing to be ignored - arg! I hate CSS!

The labels under the SVG are simple divs with controls on width. This is because SVG makes it almost impossible to have a wrapped block of text.

So what caused all of the debate exactly? Guess!

The power connector. I spent ages drawing that to get it just right. It looks just like the real thing. Only issue is, of course, nothing is plugged in to it, and that does not reflect reality does it? But seriously this is a diagram, the RJ45s have nothing plugged in, just some green rectangles with the port speed/duplex.

So, we tried making the power green like the plugged in Ethernet or USB port - looked messy. We tried an green outline - maybe better. But both just draw attention to what is essentially a cosmetic detail like the logo and the grey background.

Final solution, add a label under it with the voltage range, sort of shows we know there is a power connection maybe? In fact the code has to handle three different power supply options on the FB2900, so not that daft.

Personally, I like the un-plugged power. It is like a deliberate grammatically error so that people post saying that it is not plugged in and create free advertising for you.

But all in all we are catching up with switches from the late 90s that show the switch graphically. I think it is really neat, and the fact it is live via web sockets even more so. The live status of ports is a really useful thing to have in many ways - this is just "pretty" as well...

P.S. We have live port LEDs now (optional), and as expected that creates blinking on the port that is used for the web socket to report the LEDs blinking :-) We may be able to improve that...

Saturday, 3 February 2018

svg inkscape and ghostscript...

Very technical one this time.

As I have blogged before, a lot of things are now being created as a master in SVG format. It's one failing is blocks of wrapped text, but apart from that it works really well.

So, the new FireBrick serial number labels are done in SVG, and they include a QR code of the serial number. Simples. Well, you would think.

The target printer is 300dpi, and so the design has all been done on nice hard integer units at 300dpi. This is especially important for things like bar codes which need to be pixel aligned. In this case 4 prints pixels wide per QR pixel. If this is not perfectly scaled or aligned the QR code gets all aliased in nasty ways and is not as readable.

The svg uses width/height and viewPort to ensure we can use 300dpi units but be the right size, e.g. height="27.940000mm" viewBox="0 0 1185 330" width="100.330000mm"

The SVG looks perfect, obviously, whatever scale...

I can use inkscape to convert that to a png at 300dpi and it looks perfect...


We are using a Brother QL-700 which installs nicely on (32 bit) linux using the provided drivers and operates like a normal Linux printer as postscript (using ghostscript behind the scenes). So I use inkscape to make an EPS for printing. Again, simple.

This is where it goes wrong. inkscape is making postscript using default (72 dpi) units and 3 decimal places. e.g.  28.801 28.16 m 35.52 28.16 l which means a gap there of 6.719 pt which is 27.995 pixels at 300dpi, that is 7 QR code pixels. The issue is rounding. Sometimes it would be 3.995 pixels and sometimes 4.005 and so on, so you end up with a badly aliased QR code.

The fix was to make the SVG not scaled to the right size but just using the 300 dpi units. In fact, better would have been to scale to 72 dpi units default for EPS but as it happens the default units of SVG (96 dpi) work to produce integer values. This, of course, makes a much bigger image, so a bit of sed to add a 96 300 div dup scale was all that was needed.

What an annoying mess. If only inkscape understood that EPS can have a scale command, and it could have maintained the original units from the SVG in the EPS rather than converting to 3 decimal places. I may find the developer forum and suggest a change!

Here are the before and after - the bottom is before which as you can see from the checker board is rather broken. Now we have nice readable QR codes, yay!



Friday, 2 February 2018

The soul of a new machine

The FB2900 is close...

When launching a new product, especially when we are talking a real, electronic, product, there is a lot to do.

There are some time consuming and hard parts in designing schematic, PCBs, metalwork/case, software. There are loads of fiddly bits in terms of cosmetic decisions on colour and layout of the artwork on the front/back panels, and all sorts of things like that.

Then, when you have all of that, there are a few rather annoying things, one of which is the new safety standards we have to follow: BS EN 62368-1:2014.

This is new. Last time we did a product it was way simpler. We still have to do all of the EMC testing, which is pretty straightforward and was done some time ago, but the new safety testing is much more work.

This is, of course, all good stuff. We are good on safety. We have a good solid metal box which won't catch fire! We have a proper physically isolated double insulated power supply. In fact we redesigned the whole power supply from the last model and it allows some addition DC options we will have shortly (at this rate, at the same time as mains versions).

But the last step of safety testing needs a final production sample. Sensible. Sadly that means little details that are usually minor things at the end of the production like the printed fascias, and the quick start guide, are actually necessary for the safety testing! The manual includes mandatory details of power, and humidity, and temperature, and altitude, and so on. Having the manual as supplied ready, and all of the bits to make a final production sample, is needed, and then we have to wait weeks for the final sign off, probably. These people are in no rush, it seems.

So I really thought we would be shipping by now - we have hundreds on the shelf ready to go and customers eagerly awaiting the new product, and we have a fly in the ointment. The damn printers for the fascias. Promises of quick turnaround digital prints ahead of the final screen prints so we have our production sample were clearly outright lies (48 hour turnaround says the salesman). Over a week later we get one side and not the other.

I was really pissed off at that (somewhat shouting at one of my staff even, not his fault). I was literally sat here waiting for news on this - have they finally arrived after promise after promise, and then find they sent only one side and not the other. This one minor supplier has added a week or more to when we can start selling these. I am exasperated.

But, calm down, step back, and let my staff do their stuff. We wait and see when the other side arrives and we can finally send the production sample for final safety testing. It will happen in the next few days. There is no guarantee we pass, but we know we are doing well, and we know the issues and we are good. We are pretty sure of that. I could find there is some other delay in a week to two's time, but we know there can be nothing major.

Once we finally get the sign off, we can do the formal paperwork, declaration of conformance and attach the dreaded "CE" mark to the product and start shipping.

In the mean time, next week or two, we may have a few prototypes for evaluation for some select customers. If you get one, you can consider yourself special.

But what makes the FB2900 special?

FireBricks are a tad special. There are many routers and firewalls and all sorts around now - when we started there were not. But there are actually only a handful of underlying operating systems out there - linux, vxworks, maybe a couple of others. We have our own operating system from scratch and it is all UK designed and built. We control every line of code from scratch and ensure no back doors.

The FB2900 is the latest in the long line of FireBrick products. It builds on the FB2700 but is a lot faster (up to around 750M routed traffic rather than 350M) and has an extra port (a 5th port is SFP).

This makes it truly ready for the latest Internet links, 330M G.fast and FTTP, and multiple bonded FTTC.

The SFP allows true fibre lines, and even some of the new DSL SFP modules to be used directly.

The DC options are interesting - I mean, who wants to use a FireBrick in a car or a truck? Well, you would be surprised, but what of alarm panels? Many alarm panels have 12V DC lead acid backup and these days they need Internet. A 12V FB2900 with SFP DSL could be that backup for a long time. The power requirements are really low. This is actually what I plan personally at home, albeit with fibre SFP.

It also has a few gems that are waiting in the wings. We have a true random number generator that will come in to its own as we launch newer software in the coming months. It even has a hardware AES crypto processor which we really hope to link in to the IPsec code later in the year. The key here is the software updates are free and automatic, so these advances will be in there as soon as we launch them. Obviously we need to do a lot of work on these, so no guarantees yet, but the hardware is built to support them.

Oh, and unlike previous models we actually have a rack/wall mount kit. It does one or two FB2900s in 19" 1U or a wall mount, either way round/up.

Number right?

There are many legal systems to create and protect certain rights, such as copyright, design right, database rights, patents, and so on.

However, unless I have missed something, there seems to be one obvious right that is missing. I am not suggested we make a law for this, but I am interested that this seems to be an obvious possible issue that does not have the same legal protection.

There are a lot of situations where some unique allocation of number or name space exists within an application that therefore needs some management and allocation. Some simple examples are :-
  • Credit/debit card numbers
  • Bank sort codes
  • Telephone numbers
  • MAC addresses
  • Product codes (for UPC/EAN barcodes)
  • IP addresses
  • AS numbers
  • Domain names
Now, in some cases, these are only usable within a specific group of people that all agree to follow a common authority. So, for example, ISPs all agree to work together and interconnect. Now, in theory, there is nothing to stop an ISP picking IP addresses at random without using the internationally agreed hierarchy for managing IP address allocations. However, other ISPs will simply not peer with them, or will not route those IP addresses to/for them. So it won't work. There is no need for a law to control who is allocated the numbers.

Indeed, I think, in most cases (a lot of the above examples) there is basically a club you have to join to be able to do anything, and the other members only play if you follow the club rules.

Even so, in some cases, there are laws for some specific things, like telephone numbers. It is defined by law how communications providers use numbers as part of the national numbering plan and that OFCOM manage the number allocations. But this is a specific law for that specific case.

There are some interesting edge cases though.

Barcodes is one. We have dealt with GS1. FireBrick paid for a small block of UK EAN product codes so we have barcodes for the sleeves of the FireBricks and for Ignis (the dragon). This is in the off chance that we managed to sell to some retail outlet like PC world. However, given that GS1 charge annually and nobody was actually using the barcodes, we decided not to renew. GS1, of course, said we could no longer use the numbers and had to ensure barcodes were not used with those numbers any more.

This led to an interesting discussion. Apparently they even have an "enforcement" team that look for unregistered numbers in-use. The question then is what do they do? They got quite stroppy when I asked questions, like why not? Well step 1 was easy, because FireBrick had a contract, so I said that was fine, A&A were using the numbers instead and A&A had no contract. They did not like that and pointed out that they retain all rights in the numbers allocated.

This is where it got interesting as I asked exactly what rights they were retaining. They had no answer. I pointed out copyright does not apply, neither do design rights, database rights, patents. There appears to be no generic legal mechanism for establishing a right to management of allocations within a namespace such as UPC/EAN product codes. So actually, from what I can see, nothing to stop A&A using the numbers that were allocated to FireBrick without paying GS1. What this meant is the existing printed sleeves and existing labels on Ignis dragons did not have to be scrapped.

Now, in practice if some retail outlet want to sell FireBricks we'll subscribe again I am sure. A retail outlet may well require as part of the contract with them the use of valid/current EAN product codes. So we are back to the enforcement by joining the club, which is fair enough. Though I did wonder if retailers really care as long as unique within their inventory. I did tell GS1 that as they know we have products (Ignis mostly) with these barcodes it would be negligent / irresponsible if they knowingly re-allocated the codes to someone else.

Of course, another thing may be that retailers only need a code that is valid and current which means one could perhaps get an ISBN (for the quick start guide in the box) and use the ISBN based barcode on the box. I see plenty of kids magazines with ISBN or ISSN and lego bricks attached, so this would be no different logically. It would be a unique product code, and allocated to us, and as it is a one-off fee for ISBNs, no annoying recurring fees. As a bonus, no dealing with the stroppy people at GS1 either. If ever we do a deal with a retailer I'll ask if an ISBN based code is any issue for them - I doubt it some how - it is, after all, just a number in their database.

It is rather amusing that GS1 felt some legal rights existed in the allocation of these numbers. They must know that no such rights exist, but still assert they control them in their documentation!

Another interesting case which we see quite often is MAC addresses.

These have to be unique, on a LAN. In practice the way to do this is to make them unique in the world by a central allocation of the OUI (first 6 characters / 24 bits) by the IEEE who charge over $2000 (one off) for such a prefix. We have paid for a prefix and use it.

But what we do see is some times people just make one up. This is partly because there is loads of unused space in the allocations so easy to pick one that is spare, and partly because the actual chance of a clash on a LAN is very very low even if some other manufacturers is using the same prefix. So devices with unregistered MACs exist. AFAIK there is nothing the IEEE can do about it, as, unlike many things, there is no need to join a club or contract with other users of MAC prefixes where you may be obliged to have a "proper" prefix.

Am I right that there is no generic legal right to numbering allocations?