Tesco Scan As You Shop

Someone may point out the obvious that I am missing, but I am puzzled by the latest development with Tesco Scan As You Shop system.

Overall it works well, and even some of the issues I have seen in the past are now fixed (mainly that you could not scan through the notice of things being on offer, which you can now).

But this latest innovation seems a tad special. Scan As You Shop is all about convenience. You can pack bags as you go (something my wife takes very seriously) and then check out quickly.

Indeed, my wife gets exasperated at the occasional extra scan of like 5 items as it messes up her neat packing. I know why they do that - obviously to catch genuine errors and to catch those taking the piss as well.

However this new thing appears to be applied in a manual way, not part of the system. They have applied a red mark to some of the handsets and then they have staff force a full re-scan. Indeed, I wonder what would happen if you kept quiet about the red mark as I bet the "system" has no idea it is there.

I have to wonder what purpose this serves. If you are planning to shove a few things in the bag without scanning, you know not to if you get the red mark. So not for catching thieves at all.

Apart from having no advantages, surely it is just pointless in other ways. Sadly I think the system means you cannot simply pick up another scanner, as you have one already on that club card. Maybe take two club cards to the shop just in case.

But you can put the scanner back and walk away - go to a sensible shop instead.

You can also decide, well, if all is being scanned, I'll just use an ordinary till anyway, save me scanning stuff myself.

In what way is this at all beneficial to Tesco in any circumstance?

I can see us shopping elsewhere pretty soon. The pharmacy have already lost our business because they were unable to get Aviva blood test strips, and they are a pain for other reasons too.

Or have I missed the obvious here?



This is a quote from The Hitch Hiker's Guide to the galaxy trilogy (found here from Life, The Universe, and Everything).
Bistromathics is the most powerful computational force known to parascience. A major step up from the Infinite Improbability Drive, Bistromathics is a way of understanding the behavior of numbers. Just as Einstein observed that time was not an absolute, but depended on the observer's movement through space, so it was realised that numbers are not absolute, but depend on the observer's movement in restaurants.
The basic principle is that numbers behave in a totally different way in a bistro or restaurant bill, not following any of the more conventional laws of mathematics.

Whilst on holiday I managed to observe some of this for myself, and anyone that has been on an NCL cruise has probably seen it too. It really is quite amazing. Sadly I did not screenshot the bill on the app before leaving the ship, and the paper copy is in the hands of my friends, so I'll try and explain some of this from memoryUpdated now I have the bills.

Things technically add up, it seems...

Firstly, and very deceptively, the bill does add up in the conventional sense. It is how the items get on the bill, why, what they mean, and how any of that relates to the package as sold, which causes the confusion.

Some clues come from the ancient runes emboldened on the room card like so...


We have come to understand this to mean "Ultimate Beverage Package", plus "Coffee", plus "Juice". But that apparently has a string of restrictions, as we discovered last year. We managed not to fall foul of any of these this time.


The mystical "All inclusive" package they sell includes an "Ultimate dining package", and was on my card marked as "3UDP". We believe UDP stands for Ultimate Dining Package. However, even though the non-specialty restaurants are described as "unrivalled", it seems they are in fact rivalled on the very same ship by the "specialty" restaurants which is where the UDP comes in. It allows, in this case, for a 9 day cruise, just 3 evening meals in such specialty restaurants.

Of course, you have to know which are specialty restaurants, and the fact that when they do breakfast or lunch in the same place, that is OK and does not count.

There are also 3 of us, each with our own UDP quota of 3, and we did not all go to same restaurants all the time.

Why is this really Bistromathics?

Well, apart from the magical "Non-refundable on-board credit" and "Refundable on-board credit" entries that appear almost at random throughout the cruise, we got a tad confused on the last night. I made the mistake of looking at the accounts on the app and trying to work out if we would be paying for our last meal, or not.

My bill (shows no free dinners)

I had already had all 3 UDP as far as I know. They showed on the account on the app with no charge on them, so easy to see and count. I had two steaks from Cagney's (room service) and one Teppanyaki. So I was all used up. These all showed on the app during the cruise, but the final bill (above) does not show any of the free items! A shame I did not screenshot the app.

Mike and Simon each had Teppanyaki twice, and Moderno, but somehow this showed as 3 Teppanyaki on Simon's account on the app and none on Mike's. It only listed the $5 on the bill (for two of them) because they gave a tip (the cruise does say it is all included but they still ask!?). So in theory all of us had used all 3 UDP, but the app did not show anything like that.

According to the accounts on the app, we had 3 UDP left on Mike's, whilst Simon and I had none left, so we went to Cagney's expecting to be able to use the 3 UDPs (yes they are transferrable within the cabin like that). However they billed the lot?

So, we queried, and they came back and said Mike and Simon had used all 3 UDP, but I had 1 left?

We gave up and left them to it - and sensibly the waiter re-billed my meal, with one main plus all of the sides, and everything else as on my account (as one of the UDPs), and billed just the two mains to Simon's account.

However, Simon's account was in credit due to a "refundable on-board credit" for $50. Once they credited the first charge and recharged he was actually owed like $4 or something.

Magically, by morning, with no explanation, or signed bill, or anything, they magically added a $10 charge to Simon's account for Cagney's so they actually charged $6.44 to his Visa card. Mike's bill had no dinners at all on it!

Simon's bill (shows two free dinners as $5 tip).
Adding to the fun, we told them it was Simon's birthday. It was actually last month, but last time we did this they ignored the birthday (which was while on the cruise) so I ticked the box again this time. So there was even a complementary bottle of wine (which did not show on any bill) and a cake :-)

What is a shame is that we thought we understood the system. Last time, the cabin we were in, meant they did not stick to the 3UDP, and just did not charge. For that cabin it makes no sense for them to be petty and only do 3UDP not 9UDP each to be honest and I would far rather they did that than have rules they don't always follow and nobody understands.

Basically, the app, and bill did not reflect what actually happened, and did not reflect what they said we had done. Overall we all paid a small extra amount on an "All inclusive" cruise, but not worth even trying to argue to be honest - it was "Someone Else's Problem", a clear example of an SEP field in use.

It does, however, make me wonder if Douglas Adams ever went on an NCL cruise.

All good things come to an end

I am back from my holiday with my two friends Mike and Simon.

It was fun, and Norway is interesting. We had a couple of days with shitty weather so stayed on the ship (places we had seen before). In Geiranger we hired these strange little electric car-like things that they insisted were two seater! I volunteered to sit in the back, which was rather a squeeze. I could not even have my camera with me, no space! I think I am getting a bit of a hint here :-(

We were able to do more than was covered by the bus tour we did last year, and it was interesting. The car also did a GPS based tour guide thing which was nice.

I did have a few surprised for my mates, one of which was some custom marmite jars for the trip...

The butler had never heard of marmite, so we gave him some to try this morning before we left, and he likes it. So we donated a nearly full jar to him :-)

The internet worked well, as I have already said. Some work was done, but not a lot. Having a proper computer rather than just a laptop was good, but not suitable for all holidays. A lot of playing of cards was done (I brought a selection of decks).

Sadly, right at the start of the cruise (thankfully, after we had done those tiny electric cars) I made the mistake of leaning on the back of a chair, which slid out and I hit the deck hard on my bum. I have bruised or damaged my coccyx and been in pain all week and not been able to sleep properly either. I have to thank Mike and Simon for putting up with me to be honest - I was a tad grumpy and they were very helpful. Still in pain now, and I expect this will take some time.

We met some Americans, and it just happened to be that they were hugh fans of The Fifth Element. When I produced this from my wallet they were gobsmacked!

I was determined to see Shetland, and we got a tour from a taxi, which was nice, even if somewhat painful. I know A&A do VDSL on the island, so it is quite likely that we drove past our most northern customer!

For fun, a friend of mine decided to send a telegram to me on ship, and the confirmation he got said it was relayed by satellite, and printed for delivery by crew. Sadly it never turned up. Shame.

So overall, a good holiday. Shame I have managed to injure myself - it was stupid, I know.


This, Jen, is "The Internet"

It was a classic from The IT Crowd when they presented Jen (their boss) with "The Internet". We even have one of these boxes with flashing red LED in our office.

I have been looking at some kit to work with WiFi which you may find in a public hot spot of some sort, or, for example, a cruise ship.

Obviously, the simple answer is just point your phone or laptop WiFi at the service. But sadly, in spite of net neutrality in the EU, it is not always that simple. Some times the service will have loads of things blocked. Not just web sites, but ports and protocols so making things like IPsec unavailable. Of course, if you are being really special you may have something that does not have WiFi such as a VoIP PoE desk phone, which Simon has been using!

The answer is to bring along The Internet. I am far from the first to do this, as a friend of mine (Kev) had a cunning set up with a FireBrick and two access points strapped together, and (if I recall correctly) a way they ran off one power supply. To be fair, it is more compact than what I have done.

Mikrotik mAP light

The first solution used a FireBrick and the tiny Mirotik mAP light which can literally stick to the lid of the FireBrick. Powered by the USB on the FireBrick (which worked, to our surprise). However, not enough juice to power two of them. It did, however, have a cunning mode where it could be a client WiFi, and on the same channel it can be an AP as well. This is not perfect but I have to say it is very clever. The result is very small and neat. I did, however, have a Mikrotik die on me, and I found it very fiddly to configure. But well worth a try.

HPE/Aruba 501

I have now found a rather curious device that is a dedicated WiFi client bridge, the Aruba 501. I would have to say it is much more industrial than the Mikrotik (which matters to some customers, obviously), and it even has DIN rail mounting.

It has all the bells and whistles - multiple antennae, 2.4GHz and 5GHz, 802.11a/b/g/n/ac, roaming, etc. It is intended to allow a device that does not have WiFi to effectively have WiFi via Ethernet.

It even goes a tad further and even has an old school serial port which you can configure to connect to an IP address and port to pass serial data. This is ideal for old PoS (Point of Sale) terminals and things like console ports.

However, the big thing for me was that it can do "MAC cloning". This is where it connects on the WiFI using a MAC address of your choice, and passes packets to/from the device with that MAC on the Ethernet connection. The only down side is it stops answering ARPs for its internal IP when in that mode. Thankfully if you have the ARP cached you can still talk to it, but it does seem an oddity.

The reason this is important is that a lot of public access points are locked down so that only the MAC of the WiFi/radio side is allowed to send or receive packets. The MAC cloning allowed me to make the FireBrick appear as the WiFi device.

Where the FireBrick comes in to play

The reason for a FireBrick, apart from how cool they are, is that they are very good at being an endpoint on the WiFi and working in a variety of ways - such as NAT out to the Internet for locally connected devices on Ethernet, but also as an endpoint for various tunnels. These can include standard things like IPsec (which, as I say, may be blocked), or things like L2TP (not blocked) or even custom FB105 tunnel protocol, which can be configured on any UDP port.

It is even set up to flash its LED red if no connection, and solid green when L2TP is up, which is handy as you navigate a fjord.

The end result...

Actually, Jen, this is The Internet!

  • Top left: Aruba 501 WiFi Bridge Client
  • Bottom left: Aruba 305 WiFi AP
  • Top: Aruba 2580 PoE switch
  • Top right: FireBrick FB2900

The switch was mainly for simplicity - the FireBrick has enough ports, but the Aruba 501 and 305 are both PoE. But I also used a Snom on PoE off the switch as well.

Why the fibre: Well, just because - this is all testing stuff, and it was interesting as the switch would initially not talk to it. I had to find a CLI command to not check the manufacturer of the SFP. It was expecting it to be "genuine hp" and not a Flexoptics unconfigured SFP. But that worked. Fibre to the ship :-)

So now we have a LAN here, and WiFi, on fixed IPv4 and IPv6 addresses, all working. We ended up using L2TP with lower MTU as the tunnel solution that worked. And when we had some people we met come round for drinks they were saying "wow, this is way better than the ship wifi", which sort of makes no sense as it is the ship wifi!!!

And just to clarify, this is not some nasty hack too use WiFi for which we have not paid! We have paid for the premium WiFi 24/7 for the whole cruise which is listed as "unlimited" and allows streaming. In practice, it is around 2Mb/s up/down with 800ms latency. But this works, even for VoIP.

Obviously, as above, there are less "industrial" solutions to this. But I like "industrial", and some people demand it, so always useful to understand what is possible even if it is rather overkill for a holiday.


Taking a computer on holiday, or not

Some people have said to me that when you go on holiday you should disconnect from everything and just relax. Whilst those two things seem at odds for me, I thought it worth some pondering...

Totally disconnect

Many years ago, when I worked a 9 to 5 job (well, flexitime), I would get home at the end of the day and not have to think about work until the next day, or after weekend, or after a holiday even. I could go on holiday and leave work behind.

Back in those days though, we did not even have mobile phones. It really was disconnecting!

Taking a phone

Later, I had a mobile phone. Indeed, I had mobile phones before many people I knew as I worked for a mobile phone manufacturer.

It was, however, still a normal job, and I could leave work and go on holiday. As holiday would typically mean taking the kids to a caravan park in Cornwall, the mobile was no use most of the time anyway. Coverage was not good back then!

These days, a phone is pretty invaluable, even if just for emergencies, or just calling a taxi.

Phones are smart now

What has changed a lot since those good old days is not just what work is but what a phone is, and the very idea of social media. Up until we had social media, disconnecting would mean leaving work behind when on holiday, and for a lot of people that is a key part of a holiday.

But social media, on smart phones, is about social, not work. And holidays are about social. So leaving social media behind sort of makes no sense. You want to tweet and facebook and so on about what you are doing on holiday, and stay connected.

So I am not sure it makes sense leaving a phone behind, but of course the phone also has the email and everything else on it.

Running a business

This is where things get difficult. My phone has my work email on it, and work chat accounts, and so on. I know some people manage a separate work and home mobile, but I just use the one.

In my case the team we have at A&A are more than capable of running things without me while I am on holiday, but it is very much not the case for a small businesses. My friends are both trying to take a holiday too, and have people covering for them. But it is hard. We all want to keep up with things just in case, and watch out for anything that is urgent or important. For my friends here there is the fact that the office is one man down, and that costs money. Some small businesses, like being a lawyer, you literally sell your time by the hour! A chance to keep up on work stuff, even if doing work a little during each day, is useful, keeps the money coming in, and so can reduce the worry of what you face when you get back.

Taking a laptop

It makes a lot of sense for people to take a laptop if they do feel they need to keep on top of work. But a computer can be useful for social things too. With cameras and memory cards these days I could take thousands of shots a day on holiday and not fill the card. But if I take a few videos, I will soon fill it. Having a computer, and even extra disk, means I can edit videos and store them off the memory card during the holiday. This can be nothing to do with work at all and just part of a photography / videography hobby. If you are doing some work, a laptop is invaluable though.

Simon with monitor, keyboard, and track pad
Laptops are fiddly...

Of course, laptops are not the same as a good desktop computer - in terms of nice keyboard, nice screen, big screen, nice mouse, and processing power (for things like video editing). They are a compromise. Laptops are great for taking to a conference, or a meeting, or some such, obviously.

If you only take a tablet, they are even more fiddly. Thankfully a hotel room will usually have a usable desk, so actually taking more is possible. But it is a bit crazy perhaps.

However, it seems I am not alone in the crazy - Simon brought a laptop but also a monitor, keyboard, and large track pad so that he could use a computer as and when he wants with some comfort. I am inclined to agree, perhaps with the caveat of where you are staying being suitable (e.g. staying in a room with a large desk).

What do you do?

Do you take a phone, tablet, laptop, or more?

P.S. I am sort of stuck in the cabin for now, or at least until I get some better pain killers, as I managed to fall badly last night and no way I can walk around Flåm. So actually having a nice computer here is quite good...

P.P.S. Taking the snom/VoIP phone as well has been excellent, albeit mostly used by Simon and getting some random wrong number calls :-)



I got myself a FLIR One Pro! It attaches to my iPhone (there are different models), and has two cameras: a low res (160x120) IR and higher res (1440x1080) visible camera. It can display one or the other or a mix/overlay.

The first thing I pointed it at was a FireBrick FB2900...

This showed pretty much what I expected - most heat (and so most power usage) was the power supply units and the processor. The overlay is not perfect as it is two adjacent cameras, but pretty good. This example did not have all Ethernet in use, and did not have a working SFP, both of which will be interesting to see.


We are working on the next generation of FireBrick, and one of the key things is whether we can (like the FB2900) make a model that will work with no fan. Obviously there is a lot of work that you do just on paper and specifications first. Even with a fan it will need careful consideration of airflow. Using this will help us prototype heat sources to match the devices on the board and their proposed placement and consider air flow, and so on, for different scenarios. On the FB6000, for example, we channelled airflow over a heat sink. Being able to lift the lid and see the impact of changes can help verify the design.

Other uses?

Well, it is quite fun - I looked around my study, and could see what was using power and what was not. Devices that stay hot (even if a fraction of a degree) when supposedly switched off were obviously examples that would benefit with power off at the wall. I found a phone under some stuff that was on - could see the glow on the wall behind it, and did not need to be on. I have yet to look and see how much heat escapes from the house - a night in winter is best to try that.

It can also do spot temperature measurements with multiple spots. Cats and dogs have cold noses :-)

Any surprises?

Well, I was surprised that in a bundle of cables, you can spot the one that is actually charging something - a tiny bit warmer and so it glows.

We also tried looking at the car charging, and as you can see, the power lead glows!

It was interesting to see the 3D printer, obviously. The bed was set to 100℃ and the image shows 99.1℃ so seems about right (the bed being on a thermostat). In this case the print head was 230℃ so shows a tad white in the image.

And finally, I did point at things like a cruise ship (boring) and the water at Stavanger harbour (more interesting). There were flows of water several degrees cooler than the surroundings...


Insulin - an idea

As I said, insulin transported at wrong temperature can go bad.

The insulin I take is really clever stuff, releasing over time from one injection. But if it gets too hot or cold it is buggered.

So what we need is a clever means to include in the insulin something that changes colour dramatically if outside these temperature, but is also safe to inject.

That way, badly stored insulin could turn red or some such.

Surely this is possible?

P.S. As people have pointed out, far safer to have something external on the pen that shows out of temperature at some point, and no need to make it actually safe to inject.

P.P.S. Surprised manufacturers don't do this, as they would sell more where it was badly transported :-)

Did GDPR kill my blog?

No comments since 23rd? I almost had not noticed, I was sort of beginning to think I was boring all of a sudden. I have also been a tad busy.

Then I checked the "awaiting moderation" and loads of comments! I have approved all that look non spammy as always, sorry for the delay. Yay! I am not boring, well, that much, yet...

So I checked settings and the moderation email is marked "The email address added in this field will be invited by email, and will have 14 days to accept the invitation in order to receive notifications."

So I am wondering if I missed an email pre-GDPR and so stopped getting the moderation emails. Makes some sense...

Though, having changed the moderation email, I have not had any "invitation", so maybe it is just broken at blogger?

Sorry for the delay, and thanks for posting comments. And thanks to geekypenguin for asking on irc.

How could I think I was just boring :-)


Multihoming IPv6

I am lucky, I have an IPv6 PI block and announcements via multiple transit providers, but most people don't have that and rely on somewhat more flaky DSL lines and the like.

If you have two providers for IPv6 you end up with two separate PA public IPv6 blocks, which is exactly what one of our customers ended up with. A /60 from us and a /60 from someone else. Well, technically, from A&A he had a /48, but was only using /60.

He wanted some higher availability networking, so went for "prefix mapping" RFC6296. Now, this does seem a lot like IPv6 NAT, I agree, but not really and almost none of the usual NAT issues.

Basically he maps the low bits of the /60 from each provider incoming (68 bits of host) on to a local FD01::/60 block for machines on his LAN. He can have DNS for each device/IP on the LAN pointing to both the external IP blocks. No change of source IP, nor ports, just mapping the IPv6 space.

For outgoing he can map to a preferred link, or even randomly or randomly with a bias, mapping the host part of the FD01::/60 to each of the external public IPv6 blocks, and can even make that mapping apply depending on whether the PPP link in question is up or down!

So for outgoing, one link down, just works. For incoming, one link down means things trying both IPs from DNS, which is quite common these days in many protocols.

How has he done that? Well, he asked on irc if FireBrick do it, and the answer was no! We had something similar for IPv4 only on the older FB105 model but not on current FireBricks.

I ended up making him wait a whole 48 hours before I did an new alpha release that does this. The reason was I was waiting to issue a stable release with all the recent ACME code first. No last minute changes for a new feature like this - a stable release needs to be, err, stable.
But, it was a good idea, a good feature, restored some of the old FB105 features for block mapped addresses, and so I have issued it as an alpha now. My only thought now is if I should have some way to do random IP mapping one day... Hmmm...

Obvious the solution is more complex than the IPv4 only old FB105 FireBricks, as we not only allow IPv6 prefix mapping of any size, but also IPv4 prefix and range mapping, and IPv4 to IPv6 as well as IPv6 to IPv4 mapping. You can use this to make a NAT64 mapping engine putting all of IPv4 space in an IPv6 /96 if you want. Very flexible.

Have fun if you try the latest alpha, and obviously in a few weeks it will be in a general release.



I am diabetic, and it is inherited from my mum. So I am on insulin, for a few years now. It was to be expected.

I am lucky, as currently I only need one shot a day of a time release insulin (over 24+ hours) and some pills when I have a meal...

But my dosage is mostly pretty consistent, and I try to stick to routine.

I know I have had issues with insulin in transit before. I went to Greece for a week and quickly realised my insulin must have got cooked in taxi from airport to hotel as it was not working - high blood sugar, asleep all the time, and zits and boils (one on my nose ended up with antibiotics once I was back home). Really not nice.

So I wonder how well the insulin is managed before I get it from pharmacist. Recently after some change of medication I upped my daily dose from 40 units to 70+ units a day. Medications for blood pressure have caused such changes before, but this seemed a tad extreme.

I have taken to using a cooler pack specially for the insulin now even for short trips, and will do so this week for trip to a ship for a cruise.

But this week (yesterday) I started a new batch, and today, well, WTF? This morning I went for breakfast as usual at Costa, but by the time I got there I could hardly stand, was shaking, and really wondered if I would pass out! I had breakfast, coffee, and also 500ml of Lucozade as well, and when I got home was only a 7 on the blood sugar (which is high side of perfectly normal), but all day I have been hitting hypos and eating and drinking more and more sugary drinks! This is silly! That said, I got a shit load of work done!

WTF? I am wondering if I had a bad batch before, or something. I need to work on maybe lowering my dose over the next few days.

A holiday is bad enough for this, and time zone changes, but this on top of it is not funny. More test strips and reserve chocolate for this trip I think!


Winding down

I am in this odd phase of a holiday all booked which is in only 9 days, 18 hours, 0 minutes, and 26 seconds away. Oh, do I have a countdown app on my phone? Maybe... I'm sort of putting off work I should do until after the holiday now.

Got a message from one of my cohorts today...

"Cagney's" is one of the restaurants on the ship. It seems I am not the only one "winding down".

I am packed as much as I can be, which is also unusual for me. OK yes, maybe the packing is getting a bit OCD here. Being weeks away I have labeled every cable and attached velcro cable ties to each, and put in labelled plastic boxes, and well, it is almost like I am bored or something!

If I was a normal employee, this would be a couple of weeks of very low productivity for my employer. The irony is that I will get work done whilst on holiday too.

I also have a list of things still to pack, and keep adding to it - latest being my hat, which will be needed assuming it is sunny. I even listed passport, just in case I am so tied up being careful to pack what is on the list and I forget some of the basics. Yes insulin and needles are on the list too!

Is there a word for "fear of forgetting something". I bet there is.

Even so, I expect to do the new FireBrick release before I go. The latest alpha has been tested a lot and very stable, and the last bits are just about ready. Lots of work on the true random number generator in the FB2900, and the entropy from other sources for key generation. It has taken a bit longer than expected but it is important to get it all right. The ACME stuff is very cool and easy to use now.


Analogue phones, 1876 to 2025, RIP

Analogue phones have been around a long time, but BT plc have finally announced that in the UK the analogue phone will be gone by 2025.

I have been saying this for a while, traditional landlines are on the way out. People use mobiles for calls, if they call at all as people tend to "message" and "text" and "FaceTime" a lot more these days, or so it seems to me.

But the end is in sight - BT plc t/a Openreach will stop selling analogue phone service, and even ISDN phone services, in only 5 years time (2023) and stop actual services 2 years later in 2025.

For actual phone calls the alternatives are mobile and VoIP. For businesses, services like webRTC to call from your browser. I have been using VoIP for a long time now, in fact I am not sure how long, but over a decade at least.

This will be a challenge to some industries where analogue lines are still used for alarm monitoring systems, lifts, and just as a backup.

It will also be interesting to see how OFCOM cope as voice telephony becomes simply an "over to top" service just like web pages, email, or things like FaceTime, which are out of their remit. It will also be interesting if this move is followed by the death of the "phone number" as a thing.

A&A have been selling broadband using the analogue copper pair simply as a carrier for the broadband for a long time. We don't do "landline" phone service. So for us, for these existing services, we simply migrate them to the data only variants rather than a "phone service with no calls" as we have now.

The bigger challenge is the existing broadband customers that have a phone line from someone else and broadband with us. They will need to realise that they have to change at some point in the next 7 years. Thankfully we already offer a means to migrate to a broadband only service and (where a BT number) port the number to VoIP which we can even point to a mobile SIM if needed. Even with our small customer base that represents an average of several lines per day that need moving in order to be finished in only 7 years!

But for now, no change. We need to wait for BT to have these new SOTAP and SOGEA services rolled out, which is likely later this year.

We live in interesting times...


Pick a card, any card... @monzo a winner

I have blogged a few times on issues with banks, and indeed, only yesterday, had the fun with Barclays wanting me to text a short code after they authorised a card payment.

So I thought it time to give a bit of a review of a couple of cards for personal use, Monzo and Starling, and how my views have changed slightly.

For my non techie friends and relatives - download the Monzo app on your smart phone and follow the instructions to get one now... Just do it!


I prefer Monzo now, they are a proper bank now, and less hassle. I am recommending Monzo to my friends.

Both Monzo and Starling accounts have a number of key features:-
  • Instant set up using a smart phone - you need photo of ID and short video clip and your details, and sorted.
  • Both have "account switch" systems to move DDs and payments from another bank, but you don't need to close your existing bank account - nothing stops you having more than one bank!
  • The account does all the usual things like direct debits, faster payments, and so on. You can have you salary paid in to them. They are proper bank accounts.
  • Both offer overdrafts.
  • Both do Apple pay.
  • Both do live updates of spending on the phone app.
  • Both allow third parties to send money using a debit card! i.e. charge someone's debit card to put money in to your account. That is cool, you can send someone a link to pay you money!
  • Both allow API integration with your own systems so you can see transaction details live on your own computer system if you are geeky enough to want that. It is cool for geeks, honest.
  • Both allow you to disable and re-enable the card as you wish.
  • Both allow separate spending pots / savings pots to partition off your money.
There is not a lot to decide between them, but I have listed some of the key differences I have noted below and why I prefer Monzo now.

I feel they are especially good for anyone living on a budget and wanting to carefully manage their money.


I got a Monzo card when it was in beta (my son got one in alpha), and was a pre-payment Mastercard with quite a nice phone app. Back then there was a waiting list even. I used in UK and US and worked well.

It has moved on massively since then. It is a proper bank, and they have neat features like warning you of a Direct Debit the day before, and you have to love the "ka-ching" sound when using the card. They now have Apple pay as well.

Some key advantages to Monzo:-
  • The app clearly shows the limits on usage, e.g. daily card usage amounts and so on.
  • They have a warning of DD payments the day before.
  • They show declined card transactions and the reason why declined, very useful if there is some fraud, or you simply mistyped the expiry date!
  • The API (and app) has way more detail including sender bank sort code and account number and showing the proper reference on payments and Direct Debits.
  • The "ka-ching" sound effect when you spend money
  • Really simple means to send payments between Monzo card holders you know, or near you, and the reference allows lots of text and even emojis, and reaction emojis as well making easy to acknowledge a payment with a smiley face.
  • That really bright orange!


I got a Starling card later than Monzo, and one of the key things that impressed me was the instant set up. At the time Monzo had a waiting list which I am assuming they do not now. Also, not only did I have a working bank account in minutes, with sort code and account number, it was on Apple pay instantly even before I has the card. Next day it popped up offering an overdraft (though I don't use one). The day after the card arrived and it was in very cool packaging!

Whilst Apple pay is a bit gimmicky, I do like it, and use it, so I started using Starling for my day to day spending instead of Monzo. I also asked them about spending limits on the card as the app does not show it and they said there was no limit. With that I decide Starling was the card for me and pretty much stopped using Monzo at all. Indeed, a card that would just work for any amount I had on it, that was going to be my main bank account now. Finally a card that would do what I wonder, or so I thought.

I ran in to a few snags and basically they were not interested in fixing at all. One was that there were no details of sender sort code and account on payments, and another is the Direct Debits do not show the actual payment reference so you cannot relate to a specific DD notice for an individual invoice. Whilst both are minor issues, my concern was their reluctance to do anything or consider either an issue.

Then, recently, I found that they misled me over the spending limit on the card and actually it is £10,000. They also said that fast payments were £10,000 in 24 hours too, so having moved money to Starling to pay something more than £10,000 (only option was a single transaction for full amount as was on a web site) I could not move all the money back to a different account. It then turns out that this was also mis-information and that the £10,000 fast payment limit is per transaction! To this day I don't know if the £10,000 card limit is per transaction or per day...

To my surprise, even days after alerting them to these issues and misinformation a friend contacted me to ask about Starling limits as they too had multiple contradictory statements from Starling about limits, and they wanted to buy a £16,000 car but did not want embarrassment by having the card declined. They too were considering new banks like Starling because of the hassle of traditional banks and their over zealous and often misdirected "fraud protection" systems, and the appalling way you are treated once they are triggered. So it seems Starling have not learned. This is a real shame. Mistakes are one thing, not learning is another.

Now Monzo have Apple pay, I have basically stopped using Starling. Monzo have limits but they say what they are in the app, no ambiguity!

Their only possible saving grace is that Starling do business accounts now (in limited cases), and if that has a sane API (with sender sort code and account as well as full reference) that may be useful.

To be fair, some other features...
  • Pay interest on credit balances, which is nice.
  • Do some stuff with € it seems.
  • It seems foreign cash withdrawals may be better.


Clearly neither Monzo nor Starling will help with any larger transactions. Monzo is great for day to day spending, but if and when I want to spend more, I cannot trust them to work because of usage limits. Also, I am wary of Barclays or Lloyds or other banks because of the hassle and attitude the second you trip their fraud systems. To be honest the attitude is perhaps the worst part.

So, it seems, the best way forward is an Amex card. They have a reputation for not dicking people about. I hope it is well founded. Early days (1st month) but we will see. So far only hassle is pizza hut don't seem to take Amex. Otherwise no problems at all. I'll blog more on this if/when I really put them to the test but that may be some time. It is almost sad that I am deliberately putting everything I do through Amex to make sure they build up my credit rather than using Monzo.

The good news is they do have an app and it has real time alerts. It is a bit odd, in fact, as the alerts flag up in the Apple Wallet in real time, and the Amex app lags behind by minutes. But the end result is I can see spending in real time just the same Monzo or Starling, which is nice. It also means any fraud can be sorted really quickly.

I hope that has been useful - I appreciate an Amex card is not for everyone - I have a wide range of readers and friends and I know some have used Amex Platinum for years (and have more money than sense, some of them), but some have almost no income and struggle, so it is a tad hard making a blog post that works for that range of people - maybe I have succeeded this time. I know that, thinking back to when I was really broke, a Monzo card would have been perfect.

New toy (Mag card reader/writer)

Much like barcodes are a bit of a hobby, magnetic cards have been for a long time. I made my first mag card reader using a Sony walkman cassette head mounted on a block of wood, over 30 years ago...

Back then magnetic stripes were the main way bank cards worked, even for cash machines, long before we had chips in cards. Oddly, they are still quite common in the US but I understand chip and PIN is catching on. They are also used for some door entry systems.

Well, on a whim, I got one of these :-

Of course, really, most people have no need for a card reader, and even less use for a card writer.

Now, in my case, we sort of do. We have a nice card printing machine, which will also encode mag stripes on cards. The driver code is written by me (as had no linux drivers). We sell printed cards, including encoding mag stripes on cards for customers. We used to have a card reader and it seems to be missing, hence my buying a new one. It is useful for checking things if needed. But I thought I'd order one that writes, why not? I got an MSR Pro USB reader/writer. Seems easy to use, and very flexible.

To be honest, unless you have a mag card based control system of some sort, a door entry system, or maybe handling mag cards is part of the business (like us), you probably have no "legitimate" use for a reader or writer.

Of course there are probably fun uses for this, and also not so legal uses, especially if there are places that only use the mag stripe in some way for bank cards. These are few and far between, but I noted when in the US they not only used the mag stripe but also print the "name" from it on the receipt.

I am not sure I have the nerve to do it, but I could, for example, recode a card so that instead of track 1 containing ^KENNARD/ADRIAN^ it could contain ^SERVICE/INCLUDED^ so that in the US it prints that on the receipt just to confuse them. Would that be "legal"? I have no idea (and even less so for US law). The card remains the issuers property but this is not "damaging" or even defacing their property, and it can be undone by re-writing the original coding. It is not done in order to defraud anyone (even in US, tips are supposedly optional). So might even be legal. Of course there may be specific laws covering this (there is a law on changing ESN in mobile phones, would you believe!). That said, I am not sure I'd want to get caught doing it...

The more dodgy thing to do, is to recode the other details, copy someone's card mag stripe to another card. Now, these days, with chips being used rather than mag stripes, it is not going to work. If done to defraud someone it would be very illegal.

So whilst this is a fun toy, it is really only any use for things like checking we have correctly coded cards, and debugging the code that drives the card printing machine. So I would not suggest you rush out and buy one...

P.S. First thing was packet dumps from my machine whilst running the card reader s/w to double check it was not sending every card I scanned to China.


Holiday tech

I am off on a cruise next month. I am still amazed my mates and I manage to rustle up what it costs, but it makes for a fun holiday each year.

But I am taking tech, I do that, and so do my mates. We all have work to do.

This year I plan to take the proper desktop Mac I use. Because I can, and the suite has a nice useful table for it. So I have a flight case for it!

But there is more - I expect to do some work - there are "sea days" on this cruise. So FireBricks, ethernet, fibre, and all sorts, just to be able to work on this stuff. So I expect to take some "tech" with me...

Of course I also want to take pictures and videos, so even more tech.

That said, I do plan to have some time relaxing, honest.


If you wanna be the best, if you wanna beat the rest, medication's what you need

OK sorry, that slogan was from some old TV show and was "dedication" not "medication", but so easy to change in your head.

Amlodipine is the latest they have me on for blood pressure. I changed from Indapamide to this, and it is, err, interesting.

First off, the Indapamide made me very "on-edge" but I could get work done, but was out of breath all the time.

Now on Amlodipine it is different. The first thing was going off the Indapamide meant I was hypo (low blood sugar) and had to quite drastically lower my insulin. Hypo is pretty easy to spot and to fix, if you have snacks.

Then put on Amlodipine I was hyperglycaemic, which is harder to spot. You feel more tired, which is easy to dismiss. But you also find infections, spots, acne, boils, and all sorts within days. Not at all nice. High blood sugar can be a real pain, and take a while to recover. Though, low blood sugar can be dangerous in very short timescales too. It is harder to die from high blood sugar, generally, but not nice.

What is key is any change of any medication, even if unrelated to diabetes, do the blood sugar tests like mad, even if only for a few days! Other unrelated medication like these drugs for blood pressure can have a massive impact!

Amlodipine has massively pushed up blood sugar and I am on almost twice the daily insulin now. That alone is strange.

Routine is everything - change anything from routine and it all goes to shit. I had this at the weekend, with being late for my usual breakfast. OK breakfast is a costa coffee and sausage roll, but normally at 8:30. My body does not understand weekends. On Sunday, my blood sugar went from high 7 to low 4 in 20 minutes and by 9:30 I was shaking. Going on holiday, along with a few time zone changes, is going to be, err "fun". I'll cope. There is 24 hour pizza on the ship!

As long as I stick to routine now, I think I have it sussed, finally. Much higher insulin, but breakfast, some light lunch, a proper dinner (with Gliclazide) and a few drinks... The daily routine works and keeps me on balance. It amazes me sleep for 8 hours+ works to be honest as during the day that would not, so clearly my body learns a routine and adapts.

It was so much easier when my body regulated this crap entirely by itself! One day we'll have stem cell or artificial replacement pancreas implants, but for now, I inherited this crap from my mum. Not her fault, obviously, and she has had a way harder time than I have. But that's life.


Apple used to be good at this!

Once again I am moaning about Apple!

My issue is on-going watching of a TV series... A simple task which incidentally Netflix has well sussed.

Once upon a time it took several clicks to get from the main menu in to the TV shows and select the show, but at least at that point it knew which episode you were watching and where you had left off within the episode.

Then, wonder of wonders, the "TV" menu in the Apple appeared, and at power on it would be basically one-click to continue watching what you had been watching, in the right show and the right point in the show. This was finally almost as slick as Netflix.

Now, as you will see in the video, they are being extra special.

It remembers where you were, what series, what episode, and where in that episode. It shows on the main page when you turn it on, offering you "Up next" as "Continue" watching that episode. One click to play it.

But then it goes horribly wrong for no apparent reason. It says you need to install Netflix! If you cancel that you see the series of shows, and the episode you are on selected ready to play. If you select, then again, you have to install Netflix.


If you go up several levels of menu, in to TV shows, pick purchased items, and all items, and scroll to find the show you were watching, you eventually find it is there but is offering to show episode 1. So you then have to find the episode you were watching if you can remember, and play.

It plays, with no Netflix needed, and carries on from where you stopped (within that episode)...

I just don't get it! It makes no sense. It seems to only be some series, but it baffles me how they release such broken code with such serious bugs in it. Seriously, Apple used to be good at user interface - it was their thing.



I am not planning to say a lot here at this stage, but I suspect people would be rather surprised if I did not comment a little on GDPR. I remind you all I am not a lawyer. I'll try to cover the basics...

Is this a big change?

You would be forgiven for thinking it is. To be honest, I think for the most part the basic principles have not changes a lot, and if you were "doing it right" before, you are probably "doing it right" now. There are changes, yes, but it seems to me that the biggest change is around "accountability". Under GDPR you are expected to have a lot more processes in place, and be able to show that. Before, if you did things right you may have more easily got away without all of the paperwork to prove that was the case, but GDPR puts a lot of onus on the paperwork and accountability... GDPR also has big fines which is what is actually making people jump!

"Consent" has changed...

As a basis for processing personal data the use of "consent" has changed, in rather odd ways. For a start it has to be "freely given" so cannot be in exchange for some service, which is interesting. But also it has to be revokable. Some of the rules on proving you got consent (i.e. not default pre-ticked boxes) have changed a bit too. And of course the accountability to show you actually got consent is clearer now.

The upshot of this, and paraphrasing the advice from our lawyer, is that anyone relying on "consent" as the basis for processing, is crazy.

I know I am seen as speaking for A&A here on my blog in spite of my caveats on the matter, so to be clear, A&A do not use "consent" as the basis for processing. It is far too difficult, and fragile a basis for doing anything really. Why would we - you can withdraw it at any time...

Extra rights

Not that many to be honest, you had loads of rights before, but maybe a few more now. One thing is that subject access requests are to be free. This is likely to be a pain for many companies.

Once again, with an A&A hat on, pretty much everything we have on you is available on the web pages now (accounts or control pages), and indeed, I expect some level of "full SAR" to be in there soon anyway, depending on if anyone starts asking for lots of data. I'd rather people do not go mad on 25th asking for data, to be honest, as basically we are not the bad guys here hoarding loads of personal data on people, and never have been. A lot of replies will be referencing the data you can access anyway. That is not to say we won't welcome suggestions and feedback on this all.

Privacy at the core of the business

This is where A&A are a bit different, and I had a long chat with out company lawyer on this the other day. Obviously we have been working on this for months, but he was impressed how we do take privacy seriously at every level as a matter of course really. It has made his job a bit easier as basically we are not changing what we do, but doing the paperwork to document what we do and so on. Not only is the company simply not in the "business" of selling / processing personal data in the first place, but we have myself and key staff on the case every day challenging everything we do, or consider doing, from a privacy standpoint.

Some changes at A&A

To be honest, the whole process has meant we are looking more closely at some aspects of what we do, and so some things like the way we identify customers that call/irc/email/etc may be tightened up a bit. We need the right compromises of helpful and secure. We did a lot of this last year with controls over levels of security on accounts and two factor authentication so as to give our customers a choice of the level of security (or paranoia) they felt was needed for their data. That was all done before we even really considered GDPR, just how we work and how we can be better at privacy!

But obviously we welcome feedback, if you feel we are too strict or not strict enough on verifying you as a customer, please do tell us. The whole process here is a lot about learning the right balance to ensure people have the right level or privacy and convenience.

OK, the real reason to read this - those annoying emails to re-conform consent!

We have all had them, heck they are filling the inbox for us all - asking to reconfirm "consent" before 25th May.

I don't know what to say to be honest. I do not think a single one of these emails is from someone that I actually gave consent to in the first place!!!

We've had them sent to mailerdaemon@somedomain at the office, clearly not an email address anyone used or consented to marketing (or any other) emails to.

The only light at the end of the tunnel is that, if we are lucky, all of these muppets delete us from their mailing lists for fear of fines related to GDPR.

But, really, none of them should have us on the mailing list anyway under existing privacy and data protection laws, FFS! If only the ICO had enforced the laws we had, this would have not been an issue, IMHO.

If you have a lawful basis to have someone's details and send them email, GDPR does not really take that away, and so you do not need these stupid emails asking to re-consent.

Anyone considering sending such emails over the next week or so - talk to someone that understands GDPR properly, i.e. @neil_neilzone


(mis) targeted adverts

OK I get that there is a lot of tracking.

I get that if I search on the Internet for green jelly babies, I'll start seeing adverts for people selling green jelly babies.

What I do not get is how people actually pay advertisers to bombard me with adverts for the very thing I have just purchased by the very company from which I have just purchased it.

That has to be the daftest thing possible?


Will GDPR help, like fuck it will...

P.S. I am assuming that posting this (with names) on my blog (for all the world to see) is morally no different to clicking "like" on it (for all the world to see)? Is it? Is it legally wrong?


Looking forward to a holiday

It looks like the holiday is on - another cruise, after much hassle with banks (quelle surprise).

Once again working with my friends on this so we can get a nice cabin on an NCL ship. It is 9 days around Norway and Scotland next month.

I am once again really looking forward to this, and I hope it will be relaxing. It will be a lot of drinking and playing cards!

Holidays are funny things. To be honest, the biggest benefit of a holiday in many ways is that people know I am on holiday and do not hassle me. I could take a holiday at home (and I know people that do that) with much the same effect except in my case I know people would hassle me anyway as they would know I am not on a "proper" holiday. Maybe I need to "fake" a cruise one year!

This is a bit different because it is the same. I.e. it is a holiday I have done almost exactly the same once before, with the same people, on the same ship to mostly the same places. Later in the year so weather should be better for the hot tub.

It is always rather odd doing that - you "know the ropes" and so do not spend half the holiday learning what you need to know. A normal holiday can involve a lot of that, and when you are doing something like a cruise you learn a lot of the cock-ups and special cases and incomprehensible rules they have which spoil the holiday. You also learn the things you wish you had brought with you. A second time we should not fall foul of any of them.

We did this once in Rhodes, a second holiday a month later than the first, and it was really quite different. The hat I lost the first time was recovered from the restaurant owner that though he could keep it :-) But the second time of any holiday is always very different in so many ways, and a different experience in itself.

Once again sailing from UK (Southampton) which is so much nicer than flying somewhere first. I cannot stress this enough. One thing I am doing is taking my Mac with me, the cabin has the space, rather than a laptop. This is one more heavy bit of luggage, but all that means is the taking from car, walking like 10m to the luggage drop off, and done. They take to the cabin (I have a nice flight case for it on order). Taking an extra, heavy, flight case on an actual flight would be a lot of hassle. A cruise is the holiday, unlike a flight which is getting to the holiday, so starting in the UK a short drive away really is just so much less stressful, and the same coming back. Flying home is one of the worse parts of so many holidays.

Whilst NCL are a pain, and have lots of issues, the actual holiday is not bad, and they have cabins that start from a few hundred pounds for a nice trip. So I am hoping a second instance of the same holiday will work well and be relaxing. We can but hope.

I have also had fun with making FireBricks cope with the challenges of high latency (satellite) links, which I think we have sussed, but I don't rule out more work on that from the cabin. Last time it was DNS timeouts.

I hope to do loads of videos and pictures once again. Not sure I'll do the daily blog, but we'll see.


Real banks are shit, but "challenger" banks are more shit, maybe?

[I've added some constructive comments at the end of the blog now]

I have had a lot of issues with Barclays over the years, especially where card payments are declined for no good reason (and where they allow fraudulent ones that are so obvious to anyone that it is fraud, against Barclays, it is unbelievable).

So I am very wary of using Barclays for anything, and hence have Monzo and Starling accounts. Both are great at letting you know what happens in real time on mobile apps and recommended to most of my friends. For most people both work well, but I have to say I would now recommend Monzo.

But, it seems, neither can do the job of a "proper" bank, in my view.

I am booking a cruise with my (rich) friends. As I have blogged before we take turns for holidays, and between us we are doing another cruise. The total comes to more than £10k between us. I'll no doubt post pictures and videos at the time (next month). I know that is a lot of money.

So, paying over £10k on my Barclays card - risky - it could bounce, decline, fail, go wrong in so many ways, and I am wary. As I say, it is a lot of money. To be honest the most likely is they allow the cruise and then block my card without telling me and make my life difficult when I want to buy a coffee.

But I have my shiny new Starling Bank card, and I asked them, back in December, if there are any spending limits using the card. I was advised of top up, and ATM usage limits and told that otherwise there was no limit. I asked at the time as we were sorting a rather expensive car for my son, and wanted to ensure it worked. Sadly Tesla don't take debit cards (WTF?) so was not the issue. Seems it would have been if they did!

I have spent the last 6 months thinking my Starling card had no spending limit, so I decided the safest tactic for this cruise was move the money to Starling, and then pay on card. They declined it! UNLIKE Monzo they do not log or show they declined it on the app. I had to ask on the chat thing. They declined as they have a £10k limit. It seems that previously they LIED TO ME about the limits, or lack thereof.

Now I find they can do nothing to fix this, and I cannot even send the money BACK to my Barclays account to try paying with the Barclays debit card as sending money out has the same limit! Before you ask, yes, I tried to resolve this with them before making a blog post and putting on twitter - had they resolved it, e.g. "I'll temporarily allow a higher level, try now", then I would have been impressed and not cross at all.

This is starting to be show stopping for use of Starling, and I will go back to Monzo for some stuff and Barclays for other. It really seems that these "challenger" banks are just playing around and not "proper" banks at all. Shame.

Anyway, the money, carefully collected together, is held to ransom almost, in my Starling account, and I do not want to lose the cruise booking over this. So I decide, that is OK, I can borrow from my mortgage reserve for a few days. I am not above using my mortgage reserve for a holiday, that is what these things are for. What do I find?, well Barclays have broken the mortgage contract (IMHO) and reduced my reserve with no notice to only £1k available. What the hell? If we manage to get this cruise sorted it will be a miracle. So I'm threatening to sue Barclays now over that...

Seriously, do no "proper" banks exist?

P.S. I could not send the money back to another account (well not all of it) as they stated there was a £10k “in any 24 hours” limit. However, experimenting, you can simply send more than one payment in a row. So yet more misinformation.

What would help is:-
  • Clearly stating actual limits in the app like Monzo do,
  • Ensuring staff understand and can explain them correctly.
  • Allowing customers to change them to suit their spending, ie £10k is way too high for a lot of people who would be happier with a much lower limit
  • Allow time limited pre-advice of large payment via app with face/finger security, and password, and PIN or whatever.
  • Please have the app show when a card is declined, and the reason, like Monzo do!
  • Maybe even a link/button to "enabled this transaction if you would like to try again in next hour" restricting to exact amount and merchant to exceed a limit...


Change of mindset

I have worked on embedded coding for a long time.

I worked on mobile phones, and before that 6502 and Z80 and (I forget exactly) other stuff. I have written code for home made gadgets made from wire wrapped 6502 boards I put together myself and designed myself. I have written code for ticket machines for tote betting on race courses! I designed the Walthamstow dog track jackpot bet thing from several decades ago and made the big display board they had work with it. Those were the days - coding was challenging but much easier to grasp every aspect, to understand how the logic gates worked to make the processor tick at every level. Life was simpler in so many ways :-)

Nearly 20 years ago we (FireBrick) did something amazing with an H8 micro controller, making IP packets flow using an Ethernet controller. It was 10Mb/s Ethernet, and needed to be read byte by byte in and out of the processor using code, but it worked, and we actually coded TCP. We made a usable firewall product!

That was huge. You would never get TCP on a BBC Micro. Well, technically, I bet I could, but really really limited. If nothing else the memory was an issue, as a BBC micro had 32K of RAM if you were lucky. That is not a lot of TCP packets!

Of course something like a PIC 16C84 was more fun in many ways and it had what, tens of bytes of memory, I forget... (OK, I checked, it is 36 bytes of memory). No, that is not enough to generate a TCP/IP(v4) header even! I liked those PICs...

So my view on embedded devices extended to talking TCP and hence the things that could do, like http as a web control interface. My mindset moved on...

But times move on.

Now we finally have had TLS and https on FireBricks for a while now. Until now, I really did not feel talking TLS was an embedded controller thing. But we have the code. We have the algorithms for the negotiation and encryption, and the code for the TLS and well, it is a thing, even on a small ARM controller. We're even looking at some of the hardware crypto processors now.

So now I have to have the mindset that a small embedded controller has no real excuse not to talk proper encrypted https and similar protocols.

For a lot of my life that would be madness. It is hard to get my head around some days!

I look forward to the next 20 years!


It feels wrong somehow

I just paid for a copy of Word. I have never done that before in my life! I don't think I have paid for any Microsoft office product (i.e. I have never had to as not using one). It was actually a copy for Word for my Mac at around £100.

Why would I do this?

Well, short answer, BT.

They provide bills in RTF (Rich Text Format) only. No idea why not in PDF. We have tried to get them to see sense. They don't have to stop providing in RTF for those that want but just add that extra link on the portal for PDF, pretty please.

If you google you will find loads and loads and loads of ways to open RTF or convert RTF to PDF or PS, or LaTeX or text or whatever. Apparently TextEditor on Mac will open RTF, as will LibreOffice. So will unrtf on linux, but no, the magic RTFs that BT make are not handled by any of them. I even tried Wordpad on a windows VM! No joy. It seems to be XML (not ZIPPED) and says it is a Word document, but nothing can open it. Very frustrating.

So, an actual copy of Word - it was risky - if that did not open, what then? More shouting at BT? Refusing to pay until they fix it?

One time we had a VAT inspection, and VAT office threatened to disallow a lot of VAT if we could not produce the bill on paper or some readable format, which proved very hard. I think, at the time, they used an older RTF that would open, but was hundreds of pages long, so VAT inspector literally had to wait around half an hour for the document to open to see the front page with VAT details. That was very nearly very costly for us.

Their portal does not say how much the bill is (I think it used to, hence having paid the above bill) so we need to open it somehow, and usually someone in BT will load the RTF in to Word and save as PDF and email us, but I am guessing they are on holiday, and it is kind of handy to know how much we owe. Why are they so backward!

Now, my paid for copy of Word did work, though it would not export as a PDF (generates an error)! Thankfully, being a Mac, I just say "print" and select PDF and bingo, sorted.

Such a faff. It is not so much the £100, it is paying Microsoft. That just seems so wrong somehow.

Buzz off

I am not a fan of wasps or hornets, though I am pretty sure I have never actually been stung.

So picture the scene, I am sat in the bath this morning, (maybe don't picture the scene), and suddenly there is this loud buzzing and banging and crashing around in the bathroom around me!

I got a glimpse of what appears to be a huge wasp of some sort - that thing is about 2cm long! It was literally knocking stuff over crashing in to things.

My bath is actually a shower/bath and steam thing with sides, and a top and sliding doors that close completely - obviously to keep water and steam in. The doors were closed very quickly, and it does a job at keeping a wasp out, thankfully.

I ended up spending ages waiting for the damn thing to go away, or rather just go quiet, as it did, which was worrying.

Fortunately the water does not go cold very quickly when the doors are closed. Eventually I did get out, and it was walking on the floor very slowly. I think I can thank my air conditioning for making the bedroom and bathroom 20 for that. It was expelled out of the window - actually, my wife did that (thank you, dear).

I have no idea what it is! Some (on twitter) suggested a European hornet, some suggested Asian hornet, and someone said it may just be a normal wasp but a queen. None of those are at all appealing in any way.

So now the air vent in the ceiling is sealed with tape until I can find a fine mesh to put in it or something. If I'm found suffocated in the morning because every tiny gap to the outside has been sealed up, you'll know why.


Did https kill my blog

Seriously, hits are down like 50%, and I wonder if it is https?

I hope not. Maybe I should test it. Surely that is not the cause.


The problem with SNI (and domain fronting) - Heisenberg's SNI?

HTTPS/TLS means that a browser or app or client can access a website or other resource over an encrypted link.

Now, the way this usually works is things like https://aa.net.uk/ where the browser makes a connection and as part of that connection its says it wants aa.net.uk so the server knows to serve the certificate and key for aa.net.uk.

The problem is that the name of the service (SNI) is in the clear and so some censorship systems can spot this and block it.

Now, we have some generic hosting environments. Cloud services. The nice thing is they have loads of IP addresses for all sorts, so hard to block.

Domain fronting fools this but sending a different SNI (asking for a specific certificate, in the clear) that is "OK" and then talking to a server that is not the same as the SNI.

This fools censorship systems.

Some cloud services are blocking "domain fronting" like this (why?).

OK this is hard to explain... We could do SNI after DH logic, making it so the service you want is encrypted. But as that is before you authenticate (as you cannot authenticate yet as that depends on SNI) it could be "man in the middle" but if it is then the next step of authenticating will fail.

It is like Heisenberg - you can either see what "domain name" is being requested, or you allow the connection, one or the other.

So the logic is simplified - your have two choices :-
  • You can detect what someone is accessing (see the SNI)
  • You can allow a connection to work
Basically no way to detect it and allow it to work. It is one or the other, only!

Does TLSv1.3 do this, I have not checked. If not then maybe TLSv1.4 will.

Clearly this is possible, and necessary, ASAP. It seems a real shame to me that the SNI was ever "in the clear".

Discounts and surcharges

One of the things that apparently confuse people, it seems, if that whenever you see a discount you have to see the flip side, that the un-discounted amount is much like a surcharge.

For example, I just saw this on facebook (with someone making the same point).

Yes, it says "free delivery" but a discount of 10% for collection.

I.e. the pricing clearly allows them to sell (food I think) for the discount price, so the extra 11% on top of that is a surcharge for deliveries.

That is very much not "free delivery", is it!

The trick is to always look at the other side of things.

Let's look at BT!

Now, BT have finally launched the rather odd lower price line rental for people with no broadband. It is described here. It is quite a lot cheaper than normal, £7/month off.

But let's look at this the other way around. What it is, in fact, can been seen as a £7/month surcharge if you get broadband. Even with another supplier than BT for the broadband.

How the hell has OFCOM allowed this basically anti-competitive behaviour - how are they allowed to link their price to competing providers independent services? Well, OFCOM actually encouraged and/or mandated this crazy scheme.

Interesting, broadband via your mobile does not impact the line rental. But on face value, broadband via cable, wifi, or other means would impact the price. It just says "Broadband with another supplier" is not allowed (but says mobile is OK). They actually say broadband via Virgin means you DO NOT get the discount. So this is nothing to do with the line being shared access to the copper or anything like that, it is simply a surcharge for taking a broadband service!

I am surprised it is even legal for this sort of linking of price to independent services from other providers. I cannot help feeling it should not be legal. It would be like us giving a discount on broadband if you use Daz washing powder.


I have not found the formal contract terms - it used to be easy, so if someone finds them, let me know. But that web page is very clear about you having broadband - so presumably if your spouse, parent, child, friend, etc, has broadband installed at your house then the discount still applies (or rather the surcharge does not apply)?

Maybe two neighbours can install broadband for each other, and just use the wifi through the wall :-)

Ideally it means checking the exact terms to be sure.

P.S. Just to clarify, the discounted price is £11.99 from BT. A&A do a "line for broadband use" for £10 (no calls allowed) which obviously applies with having the broadband (only available with broadband).