No, we will not be logging your search history, David Cameron

Apparently they want ISPs to log web site visits and even search history.

Sorry, but Google almost force you to use https these days. We (A&A) as an ISP,  cannot log search history using https Google even if we wanted to, and no amount of money (and yes, the government will have to pay ISPs for this) will change that fact.

We also have no intention of logging web access either. It will be interesting to see what law you bring in. It will be interesting to see how much you think it will cost to pay every small ISP to install expensive kit to log this all (and retain it securely in accordance with DPA) and what happens when that ISP decides to sell its customer base to another new ISP over night, and eBay all that nice snooping kit you just paid for and delete all that data that was retained as old ISP no longer exists. Rinse repeat. "Andrews & Arnold Nov 2015 Ltd", "Andrews & Arnold Dec 2015 Ltd", anyone?

Or maybe we will make each and every customer an ISP themselves and we'll merely be "transit" for them, then they can each discuss the fee for imposing logging and secure retention of the search history for their home/office individually with the government. That would be fun.

Even if only the big ISPs are forced to do this - I hope that *lots* of their customers will DPA subject access request them on a regular basis for copies of all of the logs held.

I also hope that every time one of these logs associates web access with one person in a house when it is actually another person in the house, people will use their legal right to have that data corrected on those logs under the DPA, and report the incorrect data to the ICO.

Seriously, this plan is STUPID. It will not actually help address serious crime but will impose massively on the HUMAN RIGHTS of every citizen. We have a right to privacy and some of us intend to retain that right.

Until all MPs have their full personal web and search history publicly available as a matter of course I cannot see anyone taking these ideas seriously.

Ironically, this week, having been in the US, I was using various wifi, and VPNing back to a FireBrick here. Almost all I do is https anyway, but VPN is an extra layer because "No idea what US or local wifi operators do with my meta data or whatever". I can see it soon being normal for the reverse - VPN from your home/office to "sane" countries so as to access the Internet without breach of your privacy.

Once we have exact details of the proposed law, I can provide a more detailed comment on this lunacy.

New New York

After the F1 in Texas, which was a bit of a fiasco, but ended reasonably well, we went on to New York. I watch too much Futurama not to call it "New New York" occasionally. We stayed at the New Yorker Hotel (just by the future site of Madison Cube Gardens).

It is the first time I have been to New York. The reason behind it all is that Sandra has always felt a bit cheated that we married in a register office and she did not get (as we could not afford) the whole white wedding thing. This year (Tuesday) it is 25 years, and so she wants to organise a blessing (which will be some time next year) and do the whole white wedding that she always wanted. Thankfully it is still me to which she wants to stay married :-)

The down side is that she has been watching "Say yes to the dress" and "I found the gown" on daytime TV solidly for about the last 6 months! You can see why I wanted a "man cave" with its own TV now. They booked an appointment in Kleinfeld's. I have not seen it, but a dress has been picked, and paid for (ouch) and will be ready in a few months. Yes, she will be flying back for a fitting. It is a new designer dress and she is the first to order this one.

New York was interesting - we got the hang of the roads quite quickly - I commented that London cab drivers have to learn loads of roads and routes but New York cab drivers just have to be able to count.

Trying to get cereal and toast for breakfast was impossible (I even had my marmite, but no luck).

We went to a show (Something Rotten) which is really funny. We got soaked on the way back. We saw Times Square. We even went to an Ice Hockey game at the Barclays Centre (who don't like it if your camera lens is over 4"). I got a cold, and so picked up some industrial strength sudafed which required passport and signing disclaimers and so on - but works well. Sandra has a bad cough too - but did get soaked in Texas and New York, so not that surprising. We abandoned doing Empire State building because of queue and price. We went to Macy's, shopping, several times! They had a buggy ride around the park. We did a lot of walking all week.

I left my Tempur pillow in Texas - idiot! Managed to get another one in New York.

Our A&A voice SIM cards do work in US for calls, texts and data. There is wifi pretty much everywhere - even so, I used the SIM for maps when Victoria was driving in Texas, and that quickly costs (it is around £2.50/MB). Once we got to New York, James and I both got T-mobile pre-pay SIMs with 3GB of data for $40 and used that when no wifi.

BA were terrible - the flight out to Texas was a new plane (LCD window shutters even) but the staff ignored people's call buttons, spilt tea on Sandra, and were generally crap. One passenger managed to be sick, and was sort of stick, call button was ignored for about half an hour - when we realised what happened (sat across aisle) we (well done Mikey) ended up helping him out. On the way back from New York the plane was older and the staff were just as bad, if not worse. They had over booked the flight and could not even seat us together. World Traveller Plus (their premium economy) did have bearable leg room though, just. Even so, I have to question whether BA is a good choice for such flights in future.

Getting in to the US was slightly better than previous trips - more ETSA terminals, and they worked this time. Even getting back in to the UK was a tad better (Heathrow) with more ePassport terminals that were a bit quicker.

One thing that I really dislike about US is the tips. It is bad enough that prices are before sales tax, but then they have "service charges" on things. They make like they are optional, but try and guilt you in to paying tips saying the staff rely on them - so basically saying that they do not pay their staff properly and that is somehow the customer's fault. I am happy to pay extra, a tip, for exceptionally good service, but if it is a necessary part of the price - then damn well make it part of the price. One place I handed over what worked out around 15% tip as that was convenient number of $20 bills - they came back as we were leaving pointing out it was below the 17.5% "guide" tip by a couple of dollars. I did ask if it was mandatory and they said it is "typically" 17.5% unless there was a problem. I was cross, said the "problem" was "questioning the tip" and hander her another 5 bucks, but as I left I was kicking myself for not saying "if it is not mandatory then now, because you have tried to embarrass me, there will be no tip - give me change". Why the hell cannot people simply state / agree a price and be happy to be paid the agreed price, with any "tip" only for being exceptional. US companies should damn well pay their staff properly in the first place!

Update: Wow, tipping came from prohibition and bribery and really should be abolished - see this article and great video!

However, we are finally back in the UK - and as always - happy to be home.


Seriously, censorship of communications is bad

Once again Cameron is meddling. See wired article. The EU have started "Net neutrality" which is designed to ensure that communications is "clean", and does not have interference from commercial or other interests to block or slow or preferentially treat some communications over others. This is important to ensure communications systems continue to provide the invaluable framework for business and personal communications to grow and boost the economy.

The problem is that ISPs filtering porn (apart from the logistic and technical impossibility of doing such a thing) is that it goes against net neutrality. It is ISPs specifically blocking some traffic - and not even illegal traffic at that.

I have to admit I am at a total loss as to why the government have latched on to "porn" as the target here. It is a legitimate and legal industry, but just something that our social taboos mean we try not to discuss. I can only assume that the government have latched on to it, not because they think that actually a lot of people are against "porn" but because a lot of people will say they are against it, or agree with such policies because of such social taboos.

The whole "think of the children" angle is just designed to try and get the popular and vocal support of parents, grandparents, and well, anybody who quite sensibly has concerns over children. I have five kids and two grandsons now, but I think this is crazy. The whole thing is the very definition of "nanny state".

Young kids have no interest in porn, and it is a good idea to try and ensure they do not accidentally find porn - this is a simple task for parents to do these days with operating systems including various parental controls in the control of the parents. Search engines have the same with "safe search" settings. There are also simple streps at network level such as controlling DNS and using free services like openDNS to control some access. Of course, actually supervising kids is another good idea!

None of this will stop someone who actually wants to access porn - all such systems are trivial to bypass. I would have to include adolescent children in that. Porn has always been available, and I would be shocked if any MP did not access porn before they were 18 (not counting dead pigs).

The side effect of trying to ensure all ISPs filter porn, or at least have the large scale systems to filter porn by default, is that it allows more and more to be censored, and not just porn. The list of sites that are blocked will not be managed by ISPs themselves in most cases as it is a massive task - porn is a legal and well funded industry (that has no interest in kids accessing porn anyway) so they can easily ensure they stay ahead of filters. This means you have a handful of companies in control of the censorship that applies to most Internet connections - companies that the government can pressure to include sites they do not like, and "wrong thinking".

We already see massive blurring of "extremism" and "freedom of belief" and "freedom of expression". No matter how crazy people may be, they have a right to their religious beliefs and freedom to express that. You need that freedom in any democratic society.

Even so, with all his meddling, I seriously doubt that we (A&A) will not be able to offer an unfiltered service. Every bill Baroness Howe has tried to introduce has so far had no impact on us, and with which we already comply. We offer a choice, but we simply refuse to provide service to anyone asking for filtering. Simples.


Daylight Saving Time

I really don't know why we have Daylight Saving Time - it just causes hassle, and does not do anything useful - we have plenty of daylight in the summer, and we move that daylight around (relative to when we work) by an hour. Makes no sense at all.

But we did have slight fun yesterday flying from Texas to New York. The problem being that we were not sure if they were different time zones or not. Yes, googling would have worked.

Of course, all of the iPhones and Apple watches switched and advanced an hour. But my Casio watch insisted it we the same time. This would have been fine if not for a clock on the wall at the hotel telling time in New York, Paris, Tokyo, etc, which agreed with my watch! It was the only clock we could see in the hotel. We ended up having to ask someone the time to be sure.

The problem - bloody daylight savings time. On my watch I adjusted the world time until it matched where we were in Texas, and it said "NYC", so I assumed time zones must be the same. What I failed to spot is that the "DST" setting needs to be adjusted manually as well (per time zone). Had I done that I would have realised I needed to set to some other time zone "CHI"? So when we got to NYC it was saying the wrong time but claiming to be "New York City" time. Of course, the "DST" indicator is not obvious when "un lit" so the mistake is not obvious.

What is worse is that it has the UK time wrong as well. It had DST set to AUTO, which works perfectly when in the UK, but does not switch DST based on the "rules", but on the radio signal (which it cannot get whilst here in US). So I had the local time set a hour back and the UK time an hour forward on a watch that normally "just works".

To add to the fun, in New York, it is still DST until this Sunday, but not DST in the EU. Anyway, at least we are only 4 hours adrift from UK, not the 6 of when we landed.

I have finally managed to get my watch set right! Time for some breakfast.


F1 Paddock Club

I feel like I have fallen for a con, and am now kicking myself for being so stupid... Do read updates at end...

But let's start with a bit of background.

Sandra likes the Formula 1 racing. If you have ever watched it on TV, you'll see that there are lots of spectators - those sitting in various grandstands and even people sitting on the grass watching. There are many types of ticket at different prices and many places to buy tickets (some of which are a con as we have discovered in the past). However buying from f1.com should be pretty safe and you should get what you expect.

Some years ago we had the best holiday ever in Singapore. We went for the F1 (night race) and we got the best tickets you can from f1.com - "paddock club". The paddock club meant we ended up in an air-conditioned suite overlooking the pit lane and start/finish line. There was free flowing champagne and wine as well as nice food. We were well looked after and it was a great event and a great holiday. Paddock club is expensive, but if you can save up enough, it makes for a very special event. What is important for me is that the temperature and humidity in Singapore is not even in "bearable" let alone "comfortable", so the air-con was great. Obviously being at the track you can only see some of it, but the suite has large TVs and race data screens and so on.

This year we decided to try paddock club again. It is a big wedding anniversary in just over a week, and my wife has a big birthday coming up, and so we decided to splash out once again and this time go to Austin, Texas.

No air con?

Again, air-con is a must - sadly the air con in the suite appeared to be broken, meaning that on Friday it was hot, humid, sticky and uncomfortable. Whilst the air con seemed to be fixed by Saturday, ironically, by Sunday the temperature in Austin had dropped to the point of almost being cold and so air con was not really an issue.

Paddock access!

This year F1 are doing an extra feature. If you are buying the full three day tickets, and for a limited number of people, you can pay a mere $930 per person extra for Friday evening paddock access and evening meal, and what is described as "unparalleled access to the Formula 1 teams, drivers, international media and VIPs" and we will "mix with the teams as they put the final and vital tweaks to their cars ahead of Qualifying". Somehow with Victoria reading the details and telling Sandra they assumed there would be drivers at the dinner, and Sandra has been looking forward to this for months. It was to be the key feature of the trip (even more so with this weather)...

However, it was not quite what was promised. Yes, it was access to the paddock (area behind garages) but at the end of the day on the Friday. The original schedule had a period of wandering around the paddock, but the revised schedule sent the day before had removed that. We saw the Pirelli garage, the safety and medical cars, and did get to see the Lotus garage. Not quite "mixing with the teams" but it was interesting. Then the meal, which was a tapas affair and was good food, but no sign of drivers. In fact, there were no drivers to be seen at all. To be fair, they did not say drivers would be at the dinner, but we were promised "unparalleled access to the Formula 1 drivers". We did not even see a driver, let alone meet one, not any one.

"unparalleled access to the Formula 1 drivers"

To say it was a disappointment is an unbelievable understatement. As it happens, Sandra got caught in the storm at lunch time, but stayed, soaking wet (100% humidity and broken air-con, not even warm air dryers in the toilets) for three hours because "at least we will see some drivers later".

You stand more chance of seeing a driver on the pit walk you get as standard with the paddock club tickets.

I have massively let Sandra down. I have been stupid in thinking that we would get what was described on the web site. I am really pissed off and upset. I have spent a lot of money trying to make a special event and failed.


In other news, and not something that they could control, there a hurricane that has hit Mexico, and resulted in rain, lightning and flooding. No idea if we will actually get a race or not. If we had managed to meet some drivers, maybe it would have been worthwhile coming this weekend. If only.

Whilst paddock club itself is usually good, do not believe the extra "unparalleled access to the Formula 1 drivers". In my personal opinion it is a con and a shame that f1.com has stooped so low.

Update: Qualifying on Saturday was delayed and delayed and at 4pm we were told qualifying would be 9am Sunday, and sorry, "nothing more is happening today". That was it. Loads of people leaving and so did we. Apparently 16:20 they opened the pit lane and allowed fans to meet the drivers. If they had said they were going to do that then of course we would have stayed. Why the fuck did they not say. Seems that the people paying extra for "unparalleled access to the Formula 1 drivers" are the only ones that did not meet any drivers. Fucked off or what?

Update: On Sunday we spoke to a representative from f1.com and explained how unhappy were were. He is obviously sorry about the issues, and wants to take on board the feedback - the one thing he did say is that they do have Massa coming in to the suite next door to us at 11:45. Great, at least we meet one driver. We went next door 11:38 and apparently have "just missed him" FFS what more can be screwed up today? Sandra is in tears now - what a special wedding anniversary this is turning out to be.

Update: Andrew, from f1.com, redeemed himself a little. Managed to get Sandra a Kimi signed cap, and get us behind the barrier at the Mercedes garage on the pit walk. James took the chance for a pic!

Update: Andrew also mentioned that we were allowed all the way down the end by the podium. This was not a "special" extra, just "normal" paddock club. However, we did not realise we could, so thank you Andrew for pointing it out. We'd also like to thank Kate who got us a nice F1 hat for our wedding anniversary. At the start of the race Sandra was the only person by the podium. But by the end it was some pushing and shoving. Even so, we managed to hold our ground, and get sprayed in the face with Champagne by Lewis... James managed an awesome shot...


Even during the race Sandra was very much "don't think I am ever doing this again"... After finally seeing some drivers close up at the podium she was somewhat happier. Even so, the paddock access was not as described and set us up for disappointment from the start - without that I expect the weekend would have been much better. F1 need to improve that offering, or describe it properly.


Matica/EDISecuere vs Zebra

Having used both printers now, I feel I can comment. Matica XID9300 and Zebra ZXP8.

I have only been using the Matica for this week, but even so, I have a good idea what it can do and how good it is.

Both printers are good for what they do. We got Zebra originally because I knew the brand from long ago (labels on mobile phones printed on Zebra printers). The Matica was found after a lot of chasing suppliers to find one that did what we need exactly.

Both printers can print on plastic cards, edge to edge, double sided, colour and black and (if you want) UV layer as well.

Both printers are "retransfer" printers. This means they print on to a transfer ribbon using normal die sublimation, and then transfer on to the card. This allows true edge to edge printing. Apparently this is a challenge with direct die sublimation for some reason. They also end up with a laminate like effect where the transfer ribbon transfers on to the card and gives a gloss finish all over (even where not printed).

They are a similar price around the £3k mark when you have contact station for contact cards (like SIMs) and mag card encoding (because, what the hell).

They both have windows only drivers, but I was able to make linux drivers quickly.

Both work over USB or Ethernet.

Both have the same horrid way of handling card encoding using contacts - they will place the card on the contacts as part of printing, and that is it. These contacts can either wire to a port on the back, or go to an internal USB smart card encoder with the USB going to the back. This appears to be industry standard and, IMHO, bizarre. Why have Ethernet printing that allows printer to be distant from printing machine, but require USB for the encoding - it defeats the point of Ethernet printing. Encoding a card is simple message each way which would be simple to include in the Ethernet protocol anyway. Why? Why? Why?

The Zebra USB card reader option is one that linux does not know - so we had to wire something up from a card reader keyboard. The Matica USB card reader option is one linux does know - so a win. Both ways we simply wired to a Raspberry Pi to provide Ethernet connection.

Both have similar running costs.


There are a few differences...

Firstly, the big one - and what matters for us. Printing on different types of plastic needs different speeds and temperatures. The Zebra is very flexible with this, and allows multiple card types to be configured. When sending a job I can select the card type and it will adjust settings. The snag is that we have one card (Data SIM card) that needs the highest heat setting to work, and it seems that even though that heat is within the range you can specify, it will bubble and melt the transfer rollers with one card. This is a design flaw, clearly. A compromise of lower heat sort of works but quality suffers. Also, the time to heat and cool between different types of cards is annoying, and often the first card  or the day is not any good and wasted.

Having said all of that, if you do not have these SIM cards, and so do not need that heat setting, it works fine, and will do other SIM cards, and no problem with plain white cards whatsoever.

The Matica has settings too, but just +1, +2, -1, -2, etc over normal. To get printing to work on the difficult SIM cards I set speed down one and temperature up one, but that setting then works on plain white cards and both types of SIM. The fact I cannot easily set up card type pre-sets is not an issue and no waiting for heating or cooling between prints. Clearly the printer can work at these settings and do so reliably as I have printed hundreds of cards now - just like the Zebra on lower heat does. I have not even had to code settings controls in to my divers.

The Zebra has card feed hoppers which made it easy to have several, one for each type of card, and swap as needed. We do have a spare tray for the Matica, but not simple to swap. However, inserting a few extra cards in the tray for the Matica is easier than it was on the Zebra so we'll keep the tray with plain cards normally and add SIMs as needed I think.

The Zebra has a slightly smaller bleed area. At 300dpi a card is 1012x637, and the Zebra prints 1024x648. The Matica prints 1036x664. That said, both seem pretty good at consistent alignment and so do not run in to bleed area much.

The Zebra had issues printing on thin air. To print on sims or mag strip on the Zebra you need an "inhibit" ribbon to mask transfer on the cut out of the SIM, the SIM contacts, and any mag stripe. This works, but is fiddly to align perfectly so leaves a white border of non printing on to the card. Also, if you try too hard and do multiple SIM cut outs you can actually tear the ribbon consistently! If you do not use the inhibit ribbon, it works, but you get a sort of cellophane effect in the gaps and on the SIM contacts which you have to wipe off, and they stick with static and get everywhere.

The Matica is magic! It simply does not print on SIM contacts, mag stripe or thin air - it manages to transfer edge to edge and have no rough edges, no cellophane effect, nothing - just works. They don't even do an "inhibit" ribbon! So much easier.

The Zebra always does a transfer of both sides of the card - using two transfer ribbon panels. The Matica does one side at a time, so can print on one side only if you want, saving some cost. Both can do CMY on one side and K on the other, or have CMYKK ribbons.

The Matica is a tad smaller, looks like it can be stacked (is a cube) and weights lots.

There are some downsides to the Matica...

The "black" is not quite as strong - on its own it its a very dark brown even, but on top of YMC black it is black. It is not quite so "crisp" and "on the top" of the card as with the Zebra.

The "UV" layer prints the MAC of the printer in the corner - we are chasing the manufacturers to find a way to turn this off. Nice feature, but not one we need or want.

It seems a tad slower - but given the faff with heating or cooling on the Zebra, it is faster for one card and there is not that much difference.


The Zebra is perfectly good unless you have these Three 3G SIM cards that we have.
The Matica seems more of a work horse, and works with all of our SIM cards.

I like the new Matica. We have two used Zebra ZXP8s for sale.


Unraveling a zebra

I don't have a good image to put with that title, so this will have to do :-)

As you know, I am working on a new printer for printing  SIM cards, i.e plastic cards (on a Matica printer) as the old printer (Zebra) is not really up to the job.

The problem is one that software engineers have from time to time, and it is very much the "1, 2, many" counting problem.

In software, coding for one thing is easy, coding for 2 is a lot more work and coding for many is what you should be doing.

I have a zebra-print.c file. It is great. It prints on the Zebra printer, but its functionality has got overloaded and tied in to the Zebra printing function.

It does two main things. (1) is compile a number of separate files that provide colour, black, UV, and inhibit "layers" of print for two sides of a card and make a single print job to the zebra. (2) is actually print the card.

Having coded all of that I realised I needed a way to show what a card would look like. So I made the last step create a BMP image to include on web pages. This is used on our main web site, SIM ordering page, internal staff management pages for printing SIMs, router programming cards, my ID card printing site, and so on. It was a minor change to add this as the main code had to create the various layers for the Zebra - making a BMP, even scaled down, was a simple final step.

Now, I have a new printer. I could take the zebra-print.c and rework to drive the new printer, but that means copying code, which is never good.

So what I plan to do is make separate tools - one that compiles images and postscript to make card images, i.e. the BMPs to display a card in 1/4 and 1/2 scales for web sites, but also makes a raw image format for printing. Then a separate tool to print on the Matica from that raw image. The idea is I can easily (if I can be bothered) make one to take a raw image for the Zebra.

Just to add to the fun, whilst a plastic card is 3⅜" x 2⅛" so 1012½ by 637½ pixels, the Zebra over prints to 1024 x 640, and the Matica over prints to 1036 x 664.

So the plan is for the new tool to centre whatever it is given and hence handle 1024x640 source data if necessary.

Update: CardArt code and Matica printer driver code all working nicely, and our systems all changed over. Yay! I am not sure I want to re-live the nightmare that is BMP files ever again.


Reverse engineering the IDSecure/Matica XID580ie/XID9300 card printer

We have a new card printer at last!

We have used Zebra printers for cards to date, and as some may recall I found they only had windows drivers so I made a suitable linux command line app to talk to it.

Unfortunately, I am sorry to say, that the Zebra is really not coping. Basically the issue is printing SIM cards. Normal white plastic cards are fine on any printer but SIM cards tend to be different materials (we have two types of SIM and they are different to each other and to plain white cards). They need more heat to transfer, and the only way to get them to work on the Zebra is hot enough to damage the transfer rollers and impact print quality.

So, we needed a new printer, and we have tried a few, as have the dealers with which we have been working on this. Quite a few have been tried, even the DataCard one, they all had issues with printing on the SIM cards, especially the data SIMs on Three. In the end we have finally found one that needs only very minor adjustment to settings to work on the SIM cards. Indeed, with the same setting it will do plain white cards and both types of SIM card. The Matica XID9300 printer.

It is clearly an older style, well build, solid (and heavy) printer - apparently used for ID cards by police even.

This is not that new a model as printers go, but it clearly works on slightly different mechanical and film transfer processes to some others and just copes with SIM cards seamlessly. Importantly it also copes with gaps and the contacts with no special measures - it simply manages not to print on the contacts or over the gap. Compared to the Zebra, this is magic - it needed an inhibit ribbon and print to mask where the transfer was applied - leaving a white border and alignment issues. Without it, you got this cellophane type flecks that stuck to everything and had to be wiped off the contacts. So the Matica is massively better on the printing. We set speed -1 and heat +1 and it just works. It also manages not to bend the cards (which was a challenge on the zebra).

I really feel print quality will be fine now, which is excellent news.

Printing over Ethernet

An important point for us is printing over Ethernet (TCP/IP) and from linux. Again, as expected, only windows drivers come with the printer. This is where the reverse engineering comes in.

First step is windows - I installed a copy under virtual box on my Mac. I tested some stuff on IE. I then installed the drivers. Interestingly, there is a choice of driver, including "Third party" drivers. This suggests they have published a spec for the interface. I have asked the dealers many times, and Matica, and no reply, so tcpdump it is.

Sending print jobs from the windows machine (Print Test Card) I tcpdumped the traffic on the host Mac and stored in a pcap file. I could see three types of traffic - simple pings to the printer, UDP to port 50330, and TCP to port 9100. I then used tshark with -z follow,tcp,hex,0 to extract the content of the TCP exchange.

The UDP appears to allow settings and status to be extracted and set - I have not debugged this yet but it should be quite simple. There is a "monitor" app that gets status and displays, so I can dump what it does. I'll look in to that later.

As for the print itself, over TCP port 9100, you start by looking at the dump. It quickly becomes clear that there is a message exchange protocol of some sort. The printer started with

00000000  f3 00 02 00 00 00 00 10  00 00 00 00 00 01 f9 2f
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 50 52
00000020  49 4e 54 45 52 30 31 00  5b f0 b0 5c 00 00 00 00
00000030  00 00 00 00 00 00 00 00  58 49 44 35 38 30 69 65
00000040  00 00 00 00 00 00 00 00       

Which contains the printer ID and model and other stuff. There are then a series of messages sent from the printer driver and replied to by the printer, they all have a common format and the first 16 bytes have an obvious pattern, e.g.

 00000000  f2 00 03 00 00 00 00 1d  00 00 00 02 99 99 99 99
 00000010  15 09 00 d2 73 09 0a 06  1e 17 00 00 4f 00 57 00
 00000020  4e 00 45 00 52 00 5f 00  54 00 4f 00 44 00 4f 00
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 78 00 69 00
 00000040  64 00 2e 00 64 00 6f 00  63 00 75 00 6d 00 65 00
 00000050  6e 00 74 00 00 00 00 00  00 00 00 00 00 00 00 00
 00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
 00000070  00 00 00 00 00 00 00 00  00 00 00 00            
00000048  f3 00 04 00 00 00 00 02  00 00 00 00 99 99 99 99
 0000007C  f0 00 01 00 00 00 00 03  00 00 00 00 00 00 33 b0
 0000008C  01 02 00 00                                     
00000058  f1 00 01 00 00 00 00 02  00 00 00 00 00 00 33 b0
 00000090  f0 00 01 00 00 00 00 03  00 00 00 00 00 00 33 b1
 000000A0  02 02 00 00                                    
00000068  f1 00 03 00 00 00 00 03  00 00 00 00 00 00 33 b1
00000078  01 02 04 00                                     

The first message from the printer was a generic job header (OWNER_TODO, and xid.document), and it seems clear that each message from the driver had a reply from the printer - so far so good.

The first thing to establish in any binary protocol is endianness of binary values. Fortunately we have a some sort of increasing counter (you see 33B0, 33B1), and it becomes obvious that the data is big-endian (most significant byte first).

The second thing in any block protocol is trying to find a length indicator in the blocks - this is important to ensure you can process blocks even if you do not yet understand them. Some times the length is implicit from knowing the message, but that is horrid - in this case the length is in the header. I quickly spotted that the second 32 bit word was usually 2 and sometimes 3 and sometimes much higher for longer messages. It was clear that this was number of 32 bit words following the length word, and clearly had a minimum of 2 making a 16 byte header on all messages. This also supported the idea that the data was big-endian.

It also became very clear that the 4th word was some sort of sequence, as every message from the driver got a reply quoting back the same number and the next message from the drive was one more. Even the fixed generic document header, which used 99999999 (odd, as clearly not decimal) gets that in the reply, so looks like the reply simply repeats the request and can be used just to ensure you stay in sync. That said, it seems that every message waits for a reply anyway, so not really needed.

The 3rd word was almost always 0, but occasionally had some value. It seems to be used on reply message to indicate error codes, where 0 is all good.

And finally the first word has some logic - it starts F0 or F2 from driver, and F1 or F3 from printer, always followed by 00, and then 01 to 04, and followed by 00. Only the initial exchange used F2/F3, after which F0 and F1 were used.

I quickly worked out some obvious formats :-
  • F3 00 02 00 Is printer initial message
  • F2 00 03 00 Is job header from server
  • F3 00 04 00 Looks like ack for job header
  • F0 00 01 00 Sends a command?
  • F1 00 01 00 Simple ACK
  • F1 00 02 00 ACK with status (e.g. printer busy) in 3rd word.
  • F1 00 03 00 ACK with some data
  • F0 00 02 00 Sends colour panel data
Oddly on the TCP dump after sending a print command the driver kept checking status and getting a busy response code, but when I tried the response did not come in until the requested command was done and had response error 0.

Command format

The interesting one was where it sends some sort of command, as this was a sequence of words in itself. E.g. this has a command 04 02 80 00

 000000A4  f0 00 01 00 00 00 00 03  00 00 00 02 00 00 33 b2
 000000B4  04 02 80 00   

The command itself has a format, and looking at several it is clear that the first byte is the command code, the second is length (bytes) that follow (usually 2) and then data bytes.

By trial and error I have managed to decode many of the commands :-
  • 01 appears to check the command/error state, returned in the 3rd word of the header
  • 02 appears to check the state of printing, where the card is?
  • 03 appears to re-initialse the printer
  • 04 appears to load a card
  • 05 appears to move a card about
  • 06 appears to print the colour panels on to the transfer ribbon
  • 07 appears to transfer the image on to the card
  • 09 appears to encode mag data
  • 0A appears to engage or disengage the contacts for the contact station
  • 0D appears to request info, e.g. what looks like a serial number request
With 04, 05, and 07 there appears to be one byte with some flags, the only one I can make do anything is 10 meaning flip the card over, 80 means something but not sure what; then a byte with some location for card. This location is also last byte of the response to 02020000 command.
  • 00 Print ready
  • 01 Contact station
  • 02 Contactless station
  • 03 Mag coding station
  • 04 Reject card
  • 05 Eject card (after print)
  • 06 In the printer - not sure what?
The contact station position does not do anything until you then use 0A020000 command to engage the contacts. Use 0A024000 to disengage.

Oddly the length of the 07 messages appears to be 6 bytes not 2, and have 00 00 00 00 on the end.

The 09 command has 00 and 01 as first two bytes but then has a string that starts TB (track and bits), e.g. 16 is track 1 coded in 6 bits, then length in characters, and then the encoding data (without start/end sentinels included).

Image format

The image format was easy to work out, e.g.

 000000B8  f0 00 02 00 00 02 9f cd  00 00 00 00 00 00 33 b3
 000000C8  01 00 00 00 00 0a 7f 24  00 0a 7f 20 00 00 00 00
 000000D8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
 000A7FE4  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00

The message contains (as you can see) 00029FCD(+2) words. In the data it starts 01 00 00 00, and then has two words with each appear to be bytes following, so 000A7F24 and 000A7F20.

The 01 is the colour, 01=Y, 02=M, 04=C, 08=K, and we assume 10=UV. The 06 command 4th byte is a bit map of which panels to transfer. After these initial words are bytes for the image, 00=unprinted, FF=full print, one byte per pixel for 664 rows of 1036 columns covering the card in that colour. Very simple!

Problems - SIM/IC contact station

Getting things to print was easy! The problem was the IC contact reader. We had been very clear with the dealer that we wanted to use Ethernet/IP as the computer printing this was nowhere near the printer. We needed the IC contact controller to work over Ethernet.

Sadly this appears not to be the case, just like the Zebra. There is a contact point to connect to the card, and either that is wired to the back directly, or you have an inbuilt IC contact controller which has an (additional) USB on the back. There appears to be no integration to the control board.

Looking inside, it is clear that the controller is in fact simply a cheap USB card controller with a header to connect in to the contacts in the printer - it even has the original card slot in it so I could insert a card and talk to it over USB!

The step that was lacking is how to tell the printer to place the card on the contacts, and I have tried everything. I cannot find any test or demo app to do this. There is one called cardpresso that claims to, but does not appear to do anything. I have tried loads of values on the 04 and 05 commands, and I am rather concerned that one is rejected with an "IC module not installed" type error.

At this stage I do know know if the card reader contacts are not properly installed or configured or if I have simply not found an app to try using it under windows (for which I could dump the traffic).

(Update: we now know printer works and how to load on to contact station)


Update 13th Oct: I managed to eventually get the maintenance app running - it involved loading an XP version of windows as anything later would not run it. After a lot of messing about I worked out that whilst it would talk to a printer over Ethernet it would not allow "Self test" to be available unless connected over USB. The self test allowed me to confirm the contact station does work - loading the card and you hear a clunk as it engages and the USB card reader wakes up and reports a card connected. So I know the hardware works. I tried usbsnoop but the USB data is nothing like the Ethernet data (surprisingly) so no clue. I have made some more progress - from the manuals it seems the printer will load the card on to the contacts as part of printing, but the driver refuses to even try doing that unless it has a "plugin" which it runs at that point. The plugin is expected to talk to the reader and do its stuff as needed before printing continues. I can tell the printer I want to encode a chip and get as far as it complaining about the lack of the plugin dll. I don't actually want to do any more than see what command it sends to load the card - it is so frustrating. A completely "dummy" plugin that says "yes, card encoded OK" would be fine. Googling is not helping. Some people seem to sell plugins for some printers and cards but even they don't make it obvious how you buy one or get one to try or anything. Thankfully one manual says a free development package is available demonstrating the development of a plugin - so I have asked for that.

Update 13th Oct: The manufacturers have sent the SDK, which may be handy. Now, the SDK has various licensing and some source code. I have sent it to a colleague to see if he can make the printer put a card on the contact station and I'll dump what it sends. This is partly because I have no bloody clue how to do any code dev on a windows machine or make a COM object SDK thing and Cliff does, and partly because I don't want any drivers I make to be tainted by having read their source code and so a derived work of something copyright.

Update 14th Oct 5am: Cliff spent all night working on understanding how to poke some XML at the driver as a COM object, which cleared up the use of position 01 for the card contact station, and the 0A command to engage the contacts. Today I shall be testing and working on the driver code.

Update 14th Oct: I have command line tools for composing cards from postscript and image files for colour, black and UV layers for both sides and making the raw file for printing as well as making image previews for integration with web pages, and I have a tool to print to the Matica printer. I have managed to update our various systems that print cards.

Driver for linux

Let me know if you want a copy.


I am not in fact doing anything with any of the s/w they provide other than using as a normal printer driver - not decompiling it or anything. So no issue with Matica copyright here. Even so, EU regulations would allow me to do that to make compatible products if I had to.


Thanks to Mike and Simon who came over for the weekend to see the man cave, and for whom coding is now a spectator sport! Thanks to Cliff for playing with COM objects.


Man cave: Nearly

The good news is that we are nearly done - this week has been a lot of decorating. Few minor bits to do next week when some more wood stain comes in. Steve (the decorator) does a nice job.

So far the main snag is that the shelves over the bar cannot handle the weight, and the brackets actually started to bend. The solution is going to be some wood at the end to ensure it is more rigid and screwed to the wall. There was nearly a very messy whisky related incident as the shelf started to droop, but I was quick enough.

Not finished yet is the sink and taps plumbing in, and the boxing in of the meters, and the sofa arriving.  I have blinds to put up as well. Hopefully sink today, but the rest in just over a week. I'll do a blog post when all finished anyway, with more pictures, and a list of all the workmen involved and contact details.

For now, the room is in use (and that does mean James invaded yesterday to watch a LoL world championship, or something, on the big TV with half a dozen of his mates).

So my blog should return to normal a bit now.


Man cave: Day 24

I'll stop doing the daily posts on this now. We are in to some final bits and decorator coming in and so on - and I may as well do a post with loads of pictures when finally all done.

Today was some little bits like the hole for old boiler flue in the back wall, fitting hinge bolts, that sort of thing. A couple of bits more still to do, including the sink. Sadly the decorator is not well today.

Some furniture has started to arrive, not the TV yet though. Sadly I think we are looking near end of week for decoration to all be finished. Not sure when the man is coming to box in the meters but might be this week.

Thank you all for following.


Outward opening external door

To continue the fun I thought I would explain some of my logic for an outward opening external door.

First off, I found a great discussion thread on the topic here. The best comment was clearly "Creates a clear threshold that magical creatures cannot cross without being invited".

The other one was how it was easier for emergency services to break down the door (and for police, HMRC, etc, too) if it is inward opening.

It seems to be the case that in the UK, and apparently the US, external doors normally open inwards. Some other countries (Sweden was mentioned) do not follow this rule.

I used to have a house that opened right on to the street, and for that an outward opening door (especially with no window) would have been, err, fun. But here I am opening on to our drive.

My reasoning is simple, and applies to both internal and external doors - I want to maximise the space I have been graciously given by my wife for my "man cave", and outward opening doors help with that. The internal door uses the same space as a cupboard in the utility room, so a no brainer - not taking away any extra space doing that. The external door is more interesting.

I can see two obvious downsides to this, and ways to address them:-

One is quite important - the hinges are exposed and someone could break them, cut them off, pop the pins out, or some such. Obviously this would trip the alarm, but a smash and grab could get stuff. The answer is, however, very simple - hinge bolts. They stop the hinge side being forced like that. Only issue is why they are labelled "Window Hinge Bolts"???

The only other real concern (and magical creatures are not an issue, AFAIK), is catching in the wind. I am not sure I need to worry - it will simply be a matter of being careful, but I plan to try installing a concealed door closer in the top of the door limiting it to 110° and closing the door nicely. I may try this on internal door first to see how well it works.

Sandra has a concern if she was to park too close on the drive, but to be honest, I do not see the size of a door being an issue, even if a 3ft wide one.

Floating shelves

Having spent a month on this project, I felt it is worth writing a few articles on some of the things I have learned.

This one is on floating shelves.

The first thing - someone asked on my blog comments "Why floating shelves?". Well, FFS, they look better. Same reason you have frickin lasers on the sharks, obviously.

My decision on the worktop and shelves was mainly based on how well the kitchen worktop had come out being solid block oak 44mm thick worktop, stained and oiled. This was my "theme" for the whole project after that. It is a somewhat timeless style (wood never goes out of fashion).

Sadly this is not a cheap choice, it is several hundred pounds per worktop (3m x 616mm x 44mm). I have some shelves 308mm deep over the bar and some 200mm deep for bookshelves. In total I used 5½ worktops!

The worktop has used some serious worktop brackets. A floating worktop would have been near impossible - maybe if short and with ends fixed to something, but this is 4.75m long. Even so, these brackets, which are rated at something like 400kg, and height adjustable, are pretty good.

However, the shelves will look nice "floating" with no visible brackets. The way this normally works is with fixings like these :-

They screw to the wall, and you make a hole and route out the back of the shelf to hide the bracket within them. The rod can be screwed in against the back plate to lever it up a bit so as to make the shelf level.

The big concern I have is the leverage on these. As you can see, it is down to the screw and the back which is as little as 5mm height on to plasterboard. The rating is apparently 25kg, but even that I find hard to believe.

So, what I did was have them dig out the plasterboard and fix vertically directly to the stud work which is fixed to the wall. This means at least 55m of leverage screw to screw, and not on plasterboard but something more solid. The hole in the plasterboard needed to be filled. To level it I had to put a washer behind the bottom screw, but that was easy enough/

However, the result is a shelf that is 308m deep, 4.75m long, and 44m thick and from which I can hang with my weight! We did use nine of these fixings though, just to be sure.

The other shelves were more of a challenge - not because of this way of doing things, but because of breeze block. It is a building material which loses a fight with a small butter knife. It is horrid. They had to put strips of wood up the whole height of the shelves using 6" screws right through the breeze block, and resin to fix it in, and then do the same trick with the floating shelf brackets screwed to that. The end result works, but even though much smaller shelves they are not quite as sturdy. However, they are good, and will hold up books and bottles of whisky.

Update: Whilst the long shelve is really rock solid, the one over the bar is not so much, and nearly resulted in a whisky related accident. Updating to have a support at the end.


I am not planning to retire, well, not yet.

However, the last month has been an interesting exercise - I have been watching over builders all month and not going in to the office. Doing so for a whole month has been quite an interesting test.

Well, mostly - I have had to pop in on several occasions for various things. I also now have a long list of work I have to get done (mostly coding related to some extent).

Most of the day to day management and hiring and firing stuff has managed to be done without me for the most part, which is good.

I suspect the next step will be trying to do what work I need and/or want to do, but mostly from Binfield Engineering Centre where possible.

In the mean time I have a busy couple of weeks catching up on stuff before I go on holiday.

I can't imagine I will ever properly retire.

P.S. Just went to do one of the coding jobs I had been putting off - need to add an option to change the ICMP IP address used in trace routes through L2TP. Was not looking forward to it. Looked at the code only to find that there is already a flag in the code and the config and the documentation to make it do just that - I had coded it that way in the first place. Well, that is one job done :-)

Man cave: Day 23

Yes, well over a month now, and still not quite finished. I think we have a day of carpenter/builder work and the rest is decorator during the week.

The decorator is being very helpful and finishing one side of the room with the work benches first so I can move some stuff in while he sorts the other end. We have the work bench all stained and oiled now, and the ceiling is all painted - so I just need that wall painted.

The outside door has stain and varnish now, so protected.

The internal door frame has warped a tad and they are sorting that, but I do have skirting board and architrave now, and even a window sill.

I have some stuff being delivered on Monday, but now the ceiling is done the decorator is happy with stuff under a dust sheet in middle of room! I need to get some bar stools and some blinds for the window.

Note to self (well, to Paul/Callum):
  • Fill bricks where boiler flue and aircon were located in back wall
  • Fill hole outside external door which was dug to check foundations
  • Fix internal door frame so door closes properly
  • Fit door stop around internal door
  • Fit door step to utility room
  • Fit skirting/architrave on utility room side of internal door
  • Install concealed door closer in external door
  • Install hinge bolts on both doors
  • Patch plasterboard on bottom shelf
  • Screw down work bench to brackets
  • Fit power strips under work bench (I can probably do that)
  • Fit sink and (correct) tap
  • Box in meters (checking rules on gas pipe ventilation)


Man cave: Day 22

The carpenter was somewhat sidetracked on another job most of today, but managed to do the trim around the outside door, and around the loft hatch.

The decorator (Steve) however has made a lot of progress, oiling the worktops, staining the internal door, and filling more holes.

I expect one or two more days of work internally with the carpenter, and the rest is all decorator now.

I was slightly worried about the door yesterday. We nearly took the frame out when the wind caught it. Now that it is finished, it opens wide and hits the drain pipe before the door hits the brickwork at the hinge, so "safe" in that respect.

However, I have ordered in a concealed door closer that fits in the top of the door and the frame. That will stop it opening too far, and close it automatically. The spec is for 80kg, and the door is only 50kg, so should work.

I was also concerned that the lock sounded like it was straining, but it seems to be working well. It is a high torque motorised lever bolt that comes down in to a "V" receiver which pulls the door cleanly on to the weather seal. You can see the door pull in to place as it closes! It is actually working really well.

From a security point of view, as someone else pointed out, the hinges could be popped and allow the door to be opened from the wrong side. I have a pair of good quality hinge bolts coming tomorrow to solve that one. The door has a sensor, and the lock bolt has a sensor, either of which will cause an alarm if someone tries to force it. I may go for Kensington locks on kit in the room as well just to be extra secure.

I do think it looks nice though.

Cycling on the pavement

There are quite a few good articles and blog posts on cycling on the pavement, e.g. here.

One of the common questions is about the legality of cycling on the pavement, and as you will see with very little googling, this is covered in Section 72 of the Highways Act 1835. No, it is not legal.

"If any person shall wilfully ride upon any footpath or causeway by the side of any road made or set apart for the use or accommodation of foot passengers; or shall wilfully lead or drive any horse, ass, sheep, mule, swine, or cattle or carriage of any description, or any truck or sledge, upon any such footpath or causeway; or shall tether any horse, ass, mule, swine, or cattle, on any highway, so as to suffer or permit the tethered animal to be thereon; every person so offending in any of the cases aforesaid shall for each and every such offence forfeit and pay any sum not exceeding level 2 on the standard scale], over and above the damages occasioned thereby."

Oddly, I was sure I had seen more recent legislation on this, but my googling does not come up with any, so that seems to be the relevant law on the matter.

However, I was pondering this the other day - and the reasons behind it. It seems not so much that it is there to protect pedestrians - as there is already plenty of law on that including laws on dangerous cycling - but it is specific to the cases where the footpath is along side a road. Other footpaths do not have cycling automatically prohibited even if they are used by pedestrians.

I can only conclude that the logic is that the cyclist should be using the road, and not the footpath.

So I wonder what the situation is where there is a footpath alongside a one way road? In such a case, if going the wrong way, one cannot use the road. Surely if the reason for this law is as it seems then one should be allowed to cycle on the footpath alongside a road which does not allow cycling in the direction you are going.

I mean, is a road a road if it only allows traffic in the other direction?

Oh, and for avoidance of any doubt - I use the road normally, or dedicated cycle paths if they go where I want to go (and there are not annoying pedestrians wandering all over them). Shared cycle/footpaths are a bloody nightmare.

Hot tubs are expensive (again)

Yes, my hot tub is expensive. Our whole house total power consumption was, typically, 55 to 60 kWh per day. Which is a lot. I have some excu...