2018-04-19

Learning to ACME

[Technical]

I thought it may be fun to explain what I have been doing over the last week in more technical detail... I have been coding ACME (which is the protocol to get a certificate issued for a domain) for FireBricks. It is aimed at making HTTPS set up really easy. Right now you have to install keys and a certificate manually, but ACME will make it simple and seamless.

JSON

The obvious first step is that the protocol talks to the ACME server using JSON. We send JSON objects and receive JSON objects back. It is all done over https to the ACME server.

I commented on JSON recently, and even with years of experience using XML, and in some cases converting XML to/from JSON to work with Javascript, I am thinking JSON is not bad, and seems quite well suited to this job.

Not the first time I have handled JSON, but I needed a JSON library for the FireBrick, which only took a few hours.

JWS

However, the JSON that we send to the ACME server is not just a simple JSON object, oh no. It is a JSON Web Signature protocol. This means you make some JSON, you then BASE64 code the JSON, and make that a "payload" field in an new JSON object. You also make some more JSON which is various fields defining the public key you are using. These fields (e.g. "e" and "n" for RSA) are BASE64 encoded. That chunk of JSON is then BASE64 encoded, and included as a "protected" field in JSON. Then a signature is made, BASE64 encoded and added as a "signature" field. So what you post is a JSON object with three BASE64 encoded fields, two of which are BASE64 of other JSON objects. Yes, I know, complicated, but I got all that working. Thankfully the reply is just a JSON object as normal.

BASE64 but not quite normal BASE64

Another fun detail is all of the BASE64 used is not normal BASE64, which is A-Za-z0-9+/ but a URL safe BASE64 which is A-Za-z0-9-_ instead. So even simple debugging using base64 command line tools on linux often failed. Also, normal BASE64 pads with = at the end, but this is all unpadded. I never really understood why padding is used anyway, so quite on board with that one. Fortunately BASE64 is a doddle.

Not just JSON

A somewhat frustrating part of the API is that it is not just about sending and receiving JSON objects. If only!

No, some of the key data you need is in the HTTP headers. Some of this is as per HTTP spec, but they did not have to do it that way - they could simply have sent all of the data you need within the JSON objects, or even duplicated in to JSON objects if they wanted. So you cannot use a simple HTTPS client to get a response, like curl, you have to also get selected header values as well. In some cases more than one such header.

So, my client library was updated to allow selected header extraction.

Replay-Nonce

There is also a special field, a nonce, a code issued by the server which you have to send in the next message you post. This is one of those header fields, but only if you POST something, not if you just GET, so you only grab this header on some of the interactions not all (arg!). You then use this in the JSON (not as a header!!) when you post the next item. This is all good in that it stops someone capturing an interaction and replaying it for their own use, but it is annoyingly inconsistent, header one way, JSON the other, for example. It is, however, included in what is signed in the JSON to avoid tampering.

JWK Thumbprint

This is special. It is a hash, BASE64 encoded, of a chunk of JSON which holds the public key (JWK). You send exactly this JSON as part of the ACME messages (in the "protected" part). It is also part of the response the web server has to send when challenged. You have to prove you own the domain by making the web server respond to an HTTP request with a specific value.

What puzzles me why not simple send a nice random string as part of the ACME protocol and expect me to respond with that?

But, no, we have to make this Thumbprint. However, this is where it gets a tad special. First off, the JSON has to be exactly right, with the exact fields you need in exactly the right order and no whitespace. If not, then the signature does match and all you know is it does not match!

Now, this is not a question of using the same JWK you sent in the ACME messages, no. They can be fields in any order, for example, and work. No, it has to be exactly right. However, the ACME accepts  it in that format so I can use one function to make it.

But it gets worse. The public key includes the "mod" value, which is a long string of bytes BASE64 encoded. A small note mentions that any leading zero bytes must be stripped. This is not needed for the ACME messages in JWS to work, but if you don't do it, you get a different JWK Thumbprint and so nothing works. It is not even quite what you might do in ASN.1 as the next byte has to not have the top bit set else you indicate the field is negative. This case is simply strip leading zero bytes. That took me hours of testing, comparing to examples, and re-reading the spec.

I am still quite surprised it is not simply some random string provided by the ACME message for the challenge.

Certificate Signing Request and ASN.1

Having got through the challenges and got as far as an authorised order I can send a final request with a CSR and get a certificate. yay!

But I have to make a CSR. So far the FireBrick code has has to decode ASN.1 for certificates and so on, but not generate much ASN.1 (SNMP is somewhat simplified in that area).

So, another couple of hours making an ASN.1 construction library, and then working out what goes in to a CSR. Thankfully tools like openssl will parse what I make at an ASN.1 and CSR level to tell me what I have.

ASN.1 is a bit like riding a bike. Every time you work on it, it all sort of comes back to you...

I am also really impressed with the Let's Encrypt staging server in terms of the error messages it returns. They tell me exactly what I have wrong.

It turns out the certificate only needs the common name, which makes sense as LE only sign that as that is all they have proved, so no need for company and locality and all that.

I was quite chuffed that the first attempt to make a signed CSR just worked, I got the signing right. That is rare in coding.

Two key pairs

So, I finally have a valid and signed CSR, and send that, and get an error telling me the key used for the "account" (all the messages to/from the ACME server, and for the JWK Thumbprint) must be different to the key for the domain (i.e. in the CSR).

So now I have to faff with a second set of keys and make sure they are used in the right place.

Finally

Finally we get the certificate and install as normal. Actually, for Let's Encrypt it is two certificate as they have an intermediary one as well.

Testing on a new box, I added a hostname to the config, and 4 seconds later we had working https using that hostname. That is how simple it should be :-)

Next

I have a lot of tidying to do, and we need to make this a bit more polished before a release of FireBrick with this in place.

One idea is handling more than one hostname. I think this will be less common, and originally we thought we would get one certificate with "alt" names on it. However that does leak all of the other names for a brick if you access one. So plan is separately getting a certificate for each, and probably a status page showing progress, and expiry and so on.

To be fair, the host names used with Let's Encrypt are published anyway, which may be an issue for some. But ACME should work with other CAs, though we may have to add extra fields if someone wants to do that.

There are also access control issues over HTTP access during the authentication stage which needs allowing TCP port 80 automatically, even if only for a few seconds, and also being locked down to just the ACME authentication and no other access via that. Not hard, but needs doing with option to turn off.

So, maybe next week we will have alpha releases for people to test.

P.S. Some work over weekend - much more polished, and much better error reporting. Really close to an alpha for customers to test now.

2018-04-13

On line orders

I ordered something recently, on-line, on a whim, a new iPhone case.

I paid in UK pounds (£) there was no immediate clue that the site was anything other than a normal UK supplier selling something to people in the UK.

I ordered on Saturday.

What pisses me off is how this is so much not the case. It seems it was a US company, and I know things can get from US, or almost anywhere in the world, to here, in a day or two, but they picked the slowest means to send to me on the planet from what I can see.


They seem to have used DHL (which people will know how I am unimpressed with them) and some sort of service that is slower than slow - delivered by snails. This is an item ordered and paid for on 7th. It is now 13th, and the damn thing is still in the US, FFS.

What is worse, there is a chance I end up with some damn duty or VAT bill to pay on top.

I just went to a web site - saw an item listed in £ and paid, why the hell is any of this my problem now?

All I can say is it better be a damn good phone case when it gets here!!!

P.S. It did eventually arrive. Quite a nice case for £16

2018-04-10

FB2900 and Let's Encrypt

Well, the FB2900 is out!

The retail prices are lower than the old FB2700, £500+VAT for base, and £550+VAT for fully loaded with £35+VAT for rack mount kit. We should have the DC powered models available soon.

We have gone for lower prices to encourage more take up in the SME market. It is a bit of a gamble, but this is a really good product - not just a gateway router handling multiple ISPs, but even a VoIP switch / PABX. Perfect for most small businesses and even some large businesses.

The delay, for a week or so, was down to wanting to ensure https was working - this meant a lot of loading Windows VMs and testing on all sorts of different browsers. It needs manual loading of key pair and cert but it works well. I am really impressed with the work of my colleague, Cliff, on this, as the end result is just as fast to use as http. Very impressed.

It is timely as safari, and I am sure others, are now getting quite pushy on sending any form to a site not using https.


But we have said we expect to release more new code soon. The FireBrick s/w has always been free, and we have ensured the older models FB2500, FB2700 and the FB6000 series, all have the update for https now. But the next code issue should make it a lot cooler.

First off, I am planning some simple self signed stuff so you can use https before setting anything up. This is a bit naff, but every other idea we have come up with has flaws, and it is what everyone else does. The key thing is that it stops passive snooping as a threat, but not not proper security.

You need a proper key pair, and certificate, to do https without warnings. The FB2900 have a key pair loaded individually as part of the production process which means we just need a certificate. The FB2500, FB2700 and FB6000 series will need a key pair loading. This is partly because we are not yet confident we can make a "good" key pair. We are very cautious when it comes to security, and this is an area that has gone wrong for others, so we want to be careful. When we are happy we can, we will, but whilst FB2900 has a hardware true random number generator, the older models do not, so it will not really help for non FB2900s.

But even with a key pair loaded, which is not hard, you need a certificate. This is where we plan to do way better than most embedded systems. We plan to use ACME with Let's Encrypt as standard!

So the idea is simple, tell the FireBrick its public hostname (and if not an FB2900 then load a key pair) and it will make a CSR, apply for a certificate from Let's Encrypt and install it and renew it as needed. Proper working https with no warnings and no faffing about renewing things. That's the plan.

The same certificates and keys can then be used for IPsec, obviously.

It is not that easy as it is aimed more at a traditional machine / server, and not an embedded device, but I believe we should be able to do that within a few weeks and have a new s/w release.

In the mean time, do enjoy the new s/w release for the whole range - which will be a formal release shortly after beta testers are done with it.

P.S. (18th April) All going well, and we expect to issue alpha code any day. Test bricks with just adding public host name working on https 4 seconds later. This is "fun" coding!

2018-04-09

Outward opening front door

One of the decisions I made in my garage conversion was to have an outward opening external door.

This is, as I understand it (at least in the UK), unusual. It was mainly an attempt to maintain as much internal space as possible.

There are issues, the hinges are outside and so subject to attack, which is why I have "hinge bolts" in the door frame. Also, when someone calls, you end up opening the door in to them (rare as I have a window).

But I noticed whilst watching Stargate SG1 Revisions that all of the town had doors that opened outwards like mine - possibly because the rooms are all small.

They are filmed in a place called Fantasy Gardens which is used in other Stargate episodes, and actually, a lot of films!

Fascinating place it seems, albeit torn down now!


Standards (TLS)

XKCD tried to explain a bit about standards...


But there are some other aspects, even when you have good, single, consistent standards the challenge can be implementations.

My fun today revolved around TLS and https.

So, the way it is meant to work, is when we close a connection, we send a TLS level close alert, and the other end sends us one, and then we close the TCP connection underneath. This is pretty simple and works for almost all connections...

Except...

Testing Edge on MS Windows 10. Some of the pages on the FireBrick are dynamic and so work on a Connection: close basis. This means, instead of a Content-Length at the start, the data in the page is sent until the connection is closed.

For http this is simple, we close the TCP at the end, job done.

For https it should be simple, we do a TLS close message, we should get one back and then close TCP, but no... We get no reply to the TLS level close, and TCP stays open. The web browser shows the page not completely loaded, and so the onLoad javascript does not run and all sorts of other nasty side effects, WTF?!

The fix is not too hard, a half close on tx side to send a FIN after the TLS level close, allowing far end to send a TLS close back or just close at TCP level (which is what Edge does).

But it has taken three engineers several hours of work today to diagnose and work around this. Arrrg!

What is also fun is we find Edge appears to do a sort of speculative connection. If it does not have a clean keep-alive session it makes a new connection when it has nothing to say, just in case. This was causing exception handling our side (as we expect a prompt request when we get a connection) which also closed TLS uncleanly and impacted session resumption. We have had to make changes for that too.

The good news, after all that, is we now work with Edge (we already worked with pretty much everything else), so should finally have the new https code release this evening at some point. Watch this space.

I have to say, and this is all down to Cliff, that the https is really surprisingly snappy and responsive. One customer said he could swear it was faster than http, which makes no sense. I am quite impressed.

2018-04-08

JSON vs XML

Recently, I tweeted

Well, I am starting to wonder if JSON is better than XML in some ways now. I have coded a new JSON library for the FireBrick today. It was not hard, in fact, the simplicity does make me wonder if neater in some ways than XML.

Both have a clear formal spec, but what do they have different?

  • XML has all sorts of special cases like CDATA and processing instructions and comments, JSON does not
  • XML does not allow a null character even escaped, JSON allows it
  • XML has all of that pesky namespace stuff. It has its place but for a lot of systems it does not help matters and makes it more complex
  • XML has no concept of even simply types for data, JSON has strings, numbers, boolean, and null as distinct and identifiable types.
  • XML only has objects with attributes and sub objects, JSON has arrays which XML does not.

The JSON library was actually really easy and the syntax if very strict, surprisingly so, to be honest.

So I am leaning towards JSON as being better than XML for now.

What is this all in aid of? Well FireBricks use code we control and we have coded everything from operating system startup to IPSec. So I needed to make a JSON library. There are "standard" open source libraries we could use, but having only taken a day to do this I suspect integrating something in to our build system would have taken longer.

But why do I need JSON all of a sudden? Well ACME uses JSON, and I am working on ACME coding to allow FireBricks to easily have Let's Encrypt certificates for https. So I start with a JSON library.

A good days work I think.

2018-04-06

IANAL

Even though not a lawyer, I do get asked advice some times by friends and family, and with the caveat that I am not a lawyer I sometimes dig out the relevant legislation and provide some wisdom from my experience in life :-)

Of course, I will be interested if my lawyer friends say I have this one wrong, but one of the things that has come from EU membership is some tighter consumer protections.

A key one is "The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013" - I have mentioned it before.

The reason it came up is a friend of mine saw this on a web site when ordering an item from a UK company, as a consumer, so subject to that law.


The clear implication by saying the "insured" option means no loss to you for damage or loss in transit is the converse that if you choose uninsured then you would lose out if damage or loss in transit.

However, that is not something they actually state, it is simply implied, so maybe they are just trying to be cunning to get you to pay the extra for insurance so they don't have to.

The law, in section 43 of that consumer contracts stuff is pretty clear :-

Passing of risk

43.—(1) A sales contract is to be treated as including the following provisions as terms.
(2) The goods remain at the trader’s risk until they come into the physical possession of
(a)the consumer, or
(b)a person identified by the consumer to take possession of the goods.
(3) Paragraph (2) does not apply if the goods are delivered to a carrier who—
(a)is commissioned by the consumer to deliver the goods, and
(b)is not a carrier the trader named as an option for the consumer.
(4) In that case the goods are at the consumer’s risk on and after delivery to the carrier.
(5) Paragraph (4) does not affect any liability of the carrier to the consumer in respect of the goods. 

So, if you use a courier they offer, then the trader has all the risk until it physically arrives in your possession, basically! No need to pay extra for insured courier.

Watch out for that when ordering on-line...

FB2900

Well, Cliff has been working hard on this, and we are expecting to start shipping any day.

This is indeed a FireBrick https access from an iPhone!


Anyone who has alpha code access on their FireBrick (FB2500, FB2700 or FB6000 series) can test https now.

You need to install a key pair and certificate, which could be self signed or (as per my testing) a Let's Encrypt one matching the hostname of my test FireBrick. The plan is that in the following release of code, the FB2900 will be able to do this automatically and use ACME to obtain and maintain a certificate to make it easy.

Email the firebrick testers mailing list with any feedback.

If testing goes well over the next few days we'll be able to announce the FB2900 details and launch.

2018-04-01

FireBrick FB2900

FireBricks have been around nearly two decades now, before things like https were a consideration. Whilst we have embraced IPv6 as part of the design of the current FireBricks from the start, https was not top of the list. Why? Well, the FireBrick web interface is usually only for management of the FireBrick. The idea is that most customers would have it is on a separate management LAN, or locally connected, of even behind an IPsec tunnel (which the FireBrick can do), so https was not actually needed that much.

However, https is more and more a thing and becoming so much the normal way of working (with browsers warning if not https even), so we are including it in the new FB2900, and the existing FB2500, FB2700, and FB6000 series as a free software upgrade.

In fact, working https, with an SSL Labs score of at least "A", is pretty much the reason for the current delay on the FB2900 launch. We have finally sorted the other issues which had added months and months to the launch of the FB2900, but as https is almost ready we are going to ensure the launch has https. It is literally a matter of days away - I have working https on my test FireBrick (SSL labs score "B") even now, thanks to hard work of my colleague Cliff.

We then follow on with ssh, and the plan is ACME support to use Let's Encrypt to make https really easy to install - point a domain/hostname at the brick's IP and bingo, it will be properly certified https. It will still have all of the access controls, but with caveats for ACME certificate renewals. The ACME Let's Encrypt certificates will help with IPsec configurations as well.

Sadly, one of the things we would have loved to do is impossible. We wanted a brick "out of the box" to work with https with no warnings. We could maybe include a cert for my.firebrick.uk or some variant to do this, but any means by which a FireBrick has a private key in the code would mean someone could get a FireBrick and JTAG or some such to extract it from the flash. It would allow that key to be extracted and misused. The only real answer will be for a FireBrick to have a unique key pair and obtain a signed certificate by ACME, or similar, and that can only happen after it has a public hostname and internet connection. So the initial set up will have to be over http or with a "security exception" to talk https. Typically this is literally a laptop connected to the FireBrick, so either is acceptable, but a shame no way to avoid that. It would be interesting to consider the ways embedded devices could solve that within an https and certificate framework one day (TTL 1 and tied to MAC address or something?).

So, FB2900 really close now... Many boxes on the shelves ready to ship... Watch this space!

P.S. I won't bore you with the days of work on the outer packaging shipping label featured in the image above. Lots of svg, barcodes, and postscript and stuff with UPCs and things. All very boring I am sure... :-)

P.P.S. We may forego the "A" rating at launch for the working on all main browsers and not add more delay.

P.P.P.S testers that can load "alpha" releases should hopefully have access to play with this in next day or so.

2018-03-31

Nice one blogger

Finally, custom domain blogs like this can be https, and so this is.


Sadly they still do not allow hosting at top level, so I cannot make www.me.uk work directly yet. I even registered d5t275oodjjs.me.uk to try and keep it happy. Oh well, maybe one day.

But at least this is working, and as expected uses Let's Encrypt. Nice one.

2018-03-30

I wonder if you can trade mark a phone number

So, my latest rant, regarding a telephone number (how unusual for me?!).

This web site (here) lists information about UK companies. I note they have a crown on their web site, which I thought was a regulated symbol and not allowed, but that is beside the point.

My gripe is they list the contact number for A&A as 01344 400 888, as well as some our other companies.

Well it is not! That is a number on the web site specifically for press contact. We are often contacted by the press for a comment or interview, and not always during office hours. That number gets through to me and someone else so we can address press calls quickly if needed. Our web site is very clear that it is not for sales or general contact, and that we offer a call recording service on it for £50 if you call it and are not press. It is TPS listed.

Annoyingly, because of that annoying web site listing it as our contact number, apart from junk calls, I am starting to get calls directly from customers when I am not even near a computer or able to help them, and they would be far better calling the normal sales / support / accounts numbers we publish.

So, I am going to have the nuisance of changing that to a different number to avoid both junk calls, and calls I am not the best to handle.

Unfortunately I am not sure I have any legal recourse in this case. If it was "personal information" I could expect them to correct it. The only option I seem to have is to change the number, which we are doing.

Which led me to thinking, can you trademark a number, and so have legal controls over its use I wonder? Silly idea I am sure.

But it also occurred to me how much times have changed - one used to, by default, have numbers listed in the phone book - you paid extra to ensure you number was easy to find. These days phone calls can be more of a nuisance, at least from a personal point of view. How times change!

This is one of the recent junk calls, to the press number, from someone that did not check TPS even...

2018-03-27

Ongoing A&A broadband stuff

As you know, I do occasionally blog on what we are up to at A&A, and so here is a bit of an update... The official announcements are on the status pages as normal.

Free installs, short contract terms, etc.

One of the big issues was the complexity of installation pricing. It depends if we can migrate it or not, if the service was BT based or not, if you need a new phone line, what type of service it is, etc. The order form worked it all out, but people wanted to know up front and wanted something simple.

So, in a rare decision for me, I am trying to average it all out a bit and offer customers a much simpler choice. It is pretty simple, you can have 1 month term for an install fee, or 6 month term for no install fee, or 12 month terms for no install fee and get a free router. There are a couple of caveats - phone line install is extra but has no minimum term, and FTTP is 12 month only, but basically that is the deal. I think it looks pretty clear - see the Home::1 page for details.

The free router is one of the latest ZyXELs which seems reasonably sane, and has 2.4GHz and 5GHz WiFi, which is an advantage.

In practice it means we expect most people end up with a free install, but those that want a short term service can pay an install price and have 1 month min term, which is a nice option to be able to offer now. We can even do that on FTTC, but sadly not yet on FTTP.

As part of that we have made the order form work somewhat more sensibly when ordering FTTP with more automation on our side behind the scenes. A bit more work still needed, but looking good.

Regrades were a concern, but the decision is that we offer the 1 or 6 month options, and if you are still within original minimum term, these are added to that.

MPF lines from other ISPs

One of the other issues we had is people want to move service from someone that uses MPF lines, that is where the copper pair is jumpered to their kit at the exchange so the other provider does phone and broadband. Many operators do this. People don't want a complete new line installed (and in some places that is not easy), they just want to move the existing line over with minimum down time.

What we have done today is improved the order form to handle this. It allows an order on an existing MPF line at a premises (where there is only one) and will take over that (losing the number) to provide the broadband with us. Downtime can be a matter of minutes.

Yes, you lose the number, simply because we still do not do "phone lines" as such. This is a policy I am likely to stick with for a lot of reasons (technical, administrative, and even regulatory reasons). So moving the copper pair from MPF to our service does not need the number to be moved - and the new "copper pair for broadband" has no meaningful number as it does not allow calls in or out.

However, at least it is now possible to place such orders, which is a big improvement I think.

A sprinkling of IPv4

We have decided for now that there are actually very few people that really still need a few IPv4 addresses over and above the WAN address, so allowing a /29 of IPv4 on the Home::1 package. Everyone gets lots of IPv6 addresses anyway.

For now, the few people wanting this, is not an issue for us. Obviously, one day, we may have to reclaim IPv4 blocks, but we hope that is a way off.

So, just ask if you need. But we expect people to be clued up enough to know what they are doing with the /29 if they need it. We just route it down the line(s) via PPP.

160Mb/s services

We are very cautious over high line speeds. This is not down to our overall capacity, but the size of individual links in our network and those that link to us. We make sure all such links have plenty of headroom, but it is a reason to take things slowly. The plan is to start trying some faster links, such as FTTP at 160Mb/s and even G.Fast at 160Mb/s. Both are expected to be available soon and £10/month more. PLEASE DON'T HASSLE SALES, it will be on the order form when it is on the order form.

FTTP NT crap

There is one less helpful thing, sorry. It seems we have been losing out on some FTTP lines because BT are charging us £10/month more for them than we realised. (NT means Non Transitional line). These are FTTP lines where there is not a phone line at the same premises. It is crazy that BT can tie these two unrelated products together, but somehow OFCOM allows this. It means that, soon, FTTP services where there is not a phone line at the same premises may start to cost our customers £10/month more. Sorry about this. Initially it will just be new orders where there is no phone line, but customers outside their initial 12 month term may be contacted over the coming months to advise of the price change. No, we're not going to back date it, obviously. It is surprising how common FTTP lines are getting now.

FTTP on demand

This is still a thing, it has changed a bit, but it is still a nightmare. If you want FTTPoD, email sales, we'll do a quote, and see if you run away screaming. We have had people put in Ethernet (dedicated fire link) circuits instead because they are cheaper and quicker (and not contended). The costs are silly, and so are the lead times, and there is even a fee to find out what the cost is even if you say no. So we are not saying we won't do these, just that it makes little sense. For now, if you do want to go ahead, we'll be capping to 160Mb/s but may increase that as we allow higher speed links on our networks over time. But seriously, if you have more money than sense, as some people I know do, consider an Ethernet fibre instead, at least for now. Over time this will change, I am sure, so watch this space.

2018-03-22

Decent microphone for my videos

My videos, whether for training or for my blog / youtube, have been getting better. I am using multiple cameras and 4k and so on, but one aspect that has always let me down is the audio.

So, having been nagged a few times, I have a lapel mic (or Lavalier mic), and a radio set...

Well, I am impressed with the quality!

Purchased from Gear4Music.

I was, however, a tad concerned that the paperwork says a "licence" is required in the UK. Well, the OFCOM web site is a tad confusing. There is a section on PMSE licensing for radio mics.

Reading more, it looks like I am OK. The radio set says 823-865MHz, and it is initially set to 863.100MHz. Well, OFCOM say "The UHF licence exempt range is 863.100-864.900 MHz.", and the power "is limited to 10mw for handhelds and 50mw for body worn transmitters both internally and externally". (Surely Watt is "W" not "w"). So, phew...

The transmitter clips on my belt, no problem, and the mic plugs in to it...


The receiver comes with 3.5mm and XLR connector cables, so connects to my audio recorder directly.


So, simple, easy to use, works well, and sounds great... This is a test video with the new mic, and three old microphones for comparison...

2018-03-18

find.me.uk

As some of you may know, some time ago I had a bit of a play with the Open Data from the Ordnance Survey. This is free data you can play with.

One of the rather fun things is the location of every postcode in the country (well the centre of it), but there is a lot of raster map data as well, and tools to convert Eastings/Northings to/from Latitude/Longitude, and quite a few other things.

Whilst we make use of various bits of this data, I put the raster map information in to a web site called find.me.uk.

I also set up some magic DNS, e.g. you can do

dig LOC rg121qs.find.me.uk

to find the location of a postcode.

When I first made the web site, I messed about with the images, made smaller tiles, and organised them and renamed them based on E/N co-ordinates. It worked quite well, and made for a useful link to show locations. Nowhere near as good as google maps, but was a fun project.

A few months ago we had a disk issue, and because of the size of the mapping data, and the fact it is available from Ordnance Survey anyway, it was excluded from the back up. It should have been simple to restore and re-instate the old site, but turns out I did not document the re-tiling stuff very well, and it looks like the original mapping data may be a different format and filenames now, so I could not simply re-instate it.

Apparently loads of people use it though! So I have found a bit of time this weekend to re-do some bits and have another play. If you have safari then you'll find it basically works now. Other browsers, maybe not - just a blue square... I'll explain why... [update: it does now]

My idea, this time, was to try and make an image that, by construction of the URL, would be a specified size, scale, and location, to make it easy to include an image on a web page. We had this on our order page when someone selects an address, but it was not centred and was just one of my map tiles which was only like 100m square. I wanted something way more flexible that would allow embedding any size image I like, so I can link in to various of our internal web pages and so on.

However, what I did not want to do is have a back end rendering a custom image on every request, that is slow. So, I hatched a cunning plan. Make the image an SVG. You can include an SVG using an <img...> tag in a web page.

So I worked on the SVG, and the URL after https://find.me.uk/ allows for location by postcode, or by easting/nothing, and a scale (A, B, C, D, E), and image size as widthxheight, and finally a .svg on the end.

E.g. https://find.me.uk/RG121QS/B/500x700.svg makes a 500x700 SVG image centred on the postcode RG121QS. The idea is you can include in an <img...> tag.

In order to make the SVG, I use the tiles as provided by Ordnance Survey, so all I had to do was unpack the zip files you download. These are TIFF files, the smallest of which is 4000x4000 pixels. So in many cases only a single tile is needed suitably positioned so the location is in the centre. SVG makes it easy to add a semi transparent pointer and some text.

Bingo... Or so I thought...

Unfortunately I have two problems. Firstly it seems that whilst an SVG can include an <image.../> referencing a TIFF file, and that works, it does not work when that SVG is used in an <img...> tag in an HTML document. I have no idea why, and I cannot find anything by googling as to why this is. So that undermines the whole reason for doing it all this way. The other big issue is that whilst safari is happy to load a TIFF in an SVG, it seems other browsers are not (the SVG spec requires PNG, JPG and SVG at least but does not mandate TIFF). I'll have to do more experimenting on that one to confirm.

To work around the first problem I have put the SVG in an <iframe...> instead, which works, but there is no point, I could simply include the SVG in a web page and use that in an iframe. The whole <img...> thing is a bust, which is a shame.

As for TIFF, assuming that is the issue, I will need to convert to PNG or some such, and if doing that I may as well re-tile and rename everything. Except this time I'll make sure I have a proper script / code to do it, and document it. It would have the advantage of allowing more manageable tiles, such as 1000x1000. I won't go down to 100x100 as I did last time as that was overkill.

Obviously, as I'll be changing the site, this blog will be out of date at some point. It depends when I find the time to play with this project again. I may even open source and put on GitHub...

So, sorry for the delay - normal service will be resumed shortly.

P.S. It really was taking all day (well all night) to tile the images, until I discovered the trick. Convert the large tiff in to an mpc file using graphicsmagick, this is its internal cache format. Then use crop on the mpc file for each tile - it maps the mpc file to memory, so making each tile in under a second.

P.S. PNGs work in firefox and chrome where tiff did not work.

P.S. All changed to new tiles now, some more tweaks to make I expect... Looking good and nice and fast.

P.S. Seems to work in everything now, even Firefox

2018-03-15

memcpy

Having been caught out by this (and yes, I should know better) this is a friendly reminder for those coding in C.

The man page on memcpy is clear.

DESCRIPTION
       The memcpy() function copies n bytes from memory area src to memory area dest.  The memory areas must not overlap.  Use memmove(3) if the memory areas do overlap.

In days gone by the memcpy would be done by a simple loop copying bytes from src to dst until length runs out. e.g. while(len--)*dst++=*src++; or some such, but probably in assembler.

So a classic case of copying a block of data back a few bytes, e.g. memcpy(data,data+1,len) would be fine.

Unfortunately the warning of The memory areas must not overlap. is not to be ignored.

You will get away with ignoring it a lot, and that is the problem! Whether you get away with it depends on a lot of things. Version of C libraries and even version of the compiler, the specific alignment of the points you are moving data to and from, the length you are moving, and probably more factors I cannot think of.

So things may work 100% until next recompiled, or simply until run on a new machine. Worse, they may work most of the time, but not quite all.

The reason is that a memcpy can be carefully optimised. For example, on an ARM you can load a whole load of registers in one go and then store a whole load of registers in one go. It may be more optimal for it to start copying from the end and work backwards, for example. The specification of memcpy not permitting overlapping areas allows for all number of optimisations to be performed in the implementation.

On the other hand memmove has to allow for overlapping areas.

DESCRIPTION
       The  memmove() function copies n bytes from memory area src to memory area dest.  The memory areas may overlap: copying takes place as though the bytes in src are first copied into a temporary array that does not overlap src or dest, and the bytes are then copied from the temporary array to dest.

In practice it does not have to copy to somewhere temporarily, just make sure it moves data in the right order if there is an overlap. This means more checks and code that may not have quite the same optimisations available.

So, always be careful to use memmove if you cannot be sure the memory areas do not overlap.

P.S. Someone pointed out I am getting forgetful. See http://www.revk.uk/2011/02/memcpy-minor-duh-moment-on-my-part-and.html

2018-03-14

Staying sane

Someone asked if I could post some words of wisdom on how to stay sane.

Well, the first question you have to ask is whether I am sane. Sadly I think I am, at least for the most part. At least I think I am rational.

That said, I lack a lot of tact and have wondered if I have slight psychopathic tendencies. i.e. I tend to look at things more on a rational basis than on an empathy basis, which is very much a psychopathic trait as far as I know. But clearly I have had plenty of cases of empathy, so perhaps I am normal apart from being just tactless :-) Even so I try to consider some social cases by using logic, which is always a bad idea.

So assuming I am sane, how do I stay sane.

Well, it is an odd mix. I try to stick to important principles, and do so even when that is not the best balance of cost/reward. I have a strong sense of fairness and justice. Does that work? Well, my concern is that as soon as you make exceptions you start a slippery slope, even if only with your own conscience. I am happy with rules as long as they are applied so that people know where they stand. Let one thing go because it is small and insignificant and you may as well let a larger thing go, and so on. I also feel that some times there are too many people that ignore the smaller transgressions and as a whole someone has to stand up and draw a line. So I try to draw a line and stick to it no matter what. That said, I am open to rational argument that says the line I have drawn is in the wrong place. Moving the line on what is fair or right is not a bad thing really as long as there is still a clear line, and not random transgressions. OK do I sound crazy saying that.

Having said that, as I get older, I realise there are some battles I cannot win. It is very hard to let such things drop. This is where things like the blog come in - by documenting the intractable issues I encounter, small or large, I can "park" them and try to move on. Mostly.

It is also worth looking at the big picture - even laws you do not like can ultimately be challenged and changed. When we are young we assume there is a framework of rules one must follow, but as you get older you realise that framework is made by men (and women), and worse, made by politicians, and is flawed in many ways. It is worth trying to change things some times - I have managed to do that on occasion - making laws more sane. But even laws can be challenged.

The idea of sticking to principle is not that bad I feel, and "doing the right thing" (even if understanding what is the "right thing" can be up for debate) is important. But I try to be rational and reasonable on what the right thing is, which is a mix of things like "what the law says", and what is "fair" to those concerned. Some times my ideas are at odds with other people's - that happens.

I would say one thing to do to stay sane is be prepared to change though. To accept a sound argument for why things need to be different and if so, then change your view. This is hard. It is always hard to change your views at any level.

Oh, and whisky helps.

2018-03-13

Blogs brewing

I am usually the first to "blog first and ask questions later", but for a change I have a list of things that are brewing.

There are some simple things, like one about councils and arsehole neighbours and planning permission. One that will probably be blogged once I get, or fail to get, the necessary permission and the way the law can be an arse, and any way I can make a certain neighbour's life hell. We'll see - you never know, it may all blow over. I'll blog when sorted, or when I am suitably pissed off.

A less simple thing is the way that my grandson was killed by negligence of several parties just over a year ago, and this is one of those that nags at me every day. Some things matter more than others, and this is one of those. Once the lawyers have finished I expect to blog that in some detail, but for all I know that could take another year! That is one that eats at me every day and I really hope blogging it will take a load off my chest one day. We know life is not fair but sometimes it is unnecessarily so.

I may have a blog over one carrier being a dick, but that may be something we agree on and not to blog. At the end of the day if someone can actually sort the issues and reach a good result, I don't have to make it all public. Not telling the world seems odd some times, but may be in all our interests. We'll see. My blog is only a weapon if compliance means I don't use it :-)

I have some technical things I may blog on - waiting on some kit. We'll see how that goes.

I have some interesting stuff on product safety and fascias and things, which may be fun, but waiting on things to happen.

There are always the political blogs - the latest on the stupid stupid age verification for porn, thankfully delayed a few more months at least. That and the way the government are trying to censor shit all over the place with no consideration for human rights and free speech. To be clear, some people's free speech is repulsive and offensive to me, but I'll fight for their right to express it. The day we lose that right we are in a police state with censored media - a day that may have happened already.

I have one relating to trade marks, and stuff, but again waiting for some shit to happen or not happen. Some will have seen the ® on my blog title. All part of a plan.

And then there is the new FireBrick, and new A&A tariffs and stuff, which all are happening. We actually have new install prices today, but more will be added over next few days.

So lots due to happen, honest - some more serious than others.

2018-03-12

Fair reporting

I rant on here and some times there are reasons to be positive instead of negative.

I ranted about Apple, and they have fixed things, so here is the "Well done Apple" video.



They have done a lot, and I am sure it is not down to my blogs and videos.

FYI, the Canon gripe was multiple things - the screen is touch focus and so very easy to accidentally touch the corner and have a string of videos focused on the wall FFS. The recording will revert to card 1 far too easily and then not record video one a few seconds. I managed to accidentally move the exposure bias, FFS, far too easy to do that. Then, on like the 10th take, someone called me in the middle - I had all on silent apart from my desk phone, and nearly lost the plot. The above video is around 6 minutes original as a result. I even had the Apple TV crash at one point, but I'll let it off this time.

Oh, and wow - that I am a "bond villain for turning to/from the screen like that". Thanks.

2018-03-11

Frustrating year so far for me

Well, where do I start...

FireBrick FB2900 should have been selling months ago, and such stupid things now being the delay - we have loads on the shelves. Safety testing final sign off within a (small number) of days with stupid minor things having caused delay. The fascia printing on the boxes, the last thing I would think would be an issue, expected in something like 10 days, but who can say for sure. I may blog the story and name and shame, perhaps. So, really, FB2900 will be shipping real soon now. The training course we ran last week went well, so do contact us if interested in the training or being a dealer!

But let's be positive - it will be shipping soon, and is awesome, and we should start work on FB9000 soon.

The new A&A tariff work we started last year, I expected to be doing more. And one of our carriers, who I have promised my own staff not to tear a large piece out of on my blog just yet, are causing some crazy issues for us. Things that should have been done and dusted over 6 months ago are not, and so more work on tariffs is a tad stalled. Even so, we hope to plough ahead with some improvements this month, albeit more risk for us doing so. The existing changes, with more lines able to get Terabyte packages, and better usage roll over and higher entry level allowances, have clearly helped, but we expected to have done more by now. More will be coming I am sure.

But let's be positive - the changes we made late last year are good, and things are happening this month too.

But I am not all about work, there is more to life that work. The stress of the broken TV was disproportionate - it is, after all, just a thing. I just feel betrayed by what almost certainly was a family member, and that is hard. Oh well.

But let's be positive - I have a nice new TV now, and rather like it. It is pretty awesome I have to say!

I've been on Indapamide, albeit a small dose, for over a year. I believe it has side effects, most notably that I am always getting out of breath very easily. I noticed right away I could no longer cycle up the hill to my house. To be frank, it is getting annoying, so I am off it now. I have to see if new meds work well, and if indeed I regain my stamina. I thought of stamina as a metric in World of Warcraft, but I could do with some now. A few days in to new meds, not sure yet. I may try starting to cycle again, we'll see how that goes.

But let's be positive - if that was the side effect, I can start cycling, get more exercise, and lose some weight!

And finally, today, it has been a year since my Grandson died. My daughter has been taken by her partner for a weekend away, but we all feel for her. Being Mothering Sunday does not help.

But let's be positive - we know exactly what killed him now, and once the lawyers have finished their stuff I'll be able to blog about it and get it off my chest. My daughter is surprisingly strong.

2018-03-09

Limits and tolerances

Frustrating how this is dumbed down for the public and, IMHO, for no good reason.

We all know that the ASA have a big issue with someone saying that broadband can be "up to 80Mb/s". They need it dumbed down to a 90th percentile or some such.

Indeed, even OFCOM want a "range" of speeds on an individual line estimate, but rather than a range of the "lowest speed we would ever expect without a line being faulty" to "the highest speed physically possible on that line length", they actually want 20th to 80th percentiles, to dumb it down, and create a case where 40% of people see line speeds that are not in the "range" that was quoted.


So, some simple bits of logic here, which any scientist or engineer will understand.

Tolerances

If I quote a simple single figure for something, such as 100mm, there has to be some tolerance for that. E.g. let's say I am telling you the length of a metal rod that is to be used as a part in some machine.

You cannot make a metal rod that is 100mm long. Basically, at the edge of that rod will be atoms, and at the very best you can make it one atom more or one atom less in length, and even the "edge of the atom" is questionable. If 100mm is not an exact number of atoms long, you have not made a rod 100mm long. It is just close, even if very very very close...

In practice I may say 100mm ±1mm. This creates a range of 99mm to 101mm. You can aim for that, and will meet it or not.

Whatever analogue metric you are quoting, length, temperature, voltage, as a fixed value, ultimately it has to have a tolerance. It should all be explicitly stated, though some specification may say "all lengths are ±1mm" or some such. In any case you need to know the tolerance to understand the fixed value you are given.

Errors

Very similar to the above, any measured analogue quantity will have an error margin, and it is just like a tolerance. If you say it is 20 in here, then that will have a margin, maybe ±0.5

Limits

If you specify a limit, e.g. a minimum, or a maximum, or a range, you do not need a tolerance.

A limit can be absolute. E.g. that metal rod must be <100mm. A rod that is one atom longer is not within limit.

Stupid regulations

Some of you may have seen my example label for the new FireBricks. Based on the specs of the parts we quoted 85V-264V AC. That is a range.

These limits are absolute, 84.9999V is too low, 85.00001V is fine (as it 85V).

But guess what? The figures we quote have to allow for 10% tolerance. WTF? Limits do not need tolerances, they are absolutes.

End result, we have quoted 100V-240V. The 240V with 10% is 264V. The 100V with 10% off is 90V not 85V, but we can handle down to 85V. We decided to give in to the madness as say 100V. We could have gone for 110V maybe. The same issues with frequency of supply, a range but with a tolerance on the values?!?!

But really, what is wrong with actual limits - why is this remotely hard - limits do not need tolerances.



As an engineer I would read that as 241V is too high, but apparently that is not the way the regulations work!

P.S. I saw a strange use of ± on train times, I think in Holland, but not sure. Basically they would say train due in ±5 minutes, when they definitely did not mean due -5mins. They actually means 5mins ±something, but was a strange way to quote it. It was almost as if they used ± as "about", when it means "plus or minus". Using ~, e.g. train in ~5mins, would make a lot more sense as "about 5mins".

2018-03-08

LG and privacy (again)

Just to explain, as some people did not get it, sorry.

This issue here is that LG can do stuff - they can log what programmes and channels I (or anyone else here) watch, and log when I use the voice activated thing.

1. The voice thing being "cloud processed" I can understand, necessary part of the service. I'd like to know it is encrypted to them. I'd like to know it is not retained and sold later. But the basic "process the voice to understand the command, and then forget it all" I would be reasonably happy with if encrypted to them.

2. The tracking what I watch, and worse - selling that to other people? Well no thanks... Why track what I watch?

At the end of the day, they either need consent in order to process this personal data (and they have a postcode anyway and an IP address, so very possible to make "personal" data here), or they do not need consent...

If they need consent they are screwed as people can come and go, enter the room, watch TV, without ever having engaged with LG nor given any consent to any processing of such personal data. They have to stop processing such data now. Needing consent and not having it is a problem!

If they do not need consent then why the hell do we have to jump through hoops in the set up to agree terms and consent to shit in the first place. I can understand the simple processing of encrypted voice to make a command, and not recording/logging/selling that information may be something that is "necessary" and not need consent - not worried if that is the case.

But which is it?

I hope that makes some sense - as to what I choose to publish on my blog, well that is up to me...

2018-03-07

LG and privacy

I tweeted LG, and no reply.


But I also sent a support email request like this:-

I noted during installation of my new OLED65W7V that there is a point you are expected to agree to terms and conditions, and consent to processing various personal data.

In this instance, as he was helping me install it, my son clicked "agree", so I have no contract with LG, have not agreed any terms and are not bound by any terms and have not consented to any processing of personal information.

1. Given that GDPR will be law soon, how will you be changing the terms and these pages so that any consent is "freely given", i.e. not "in exchange for using some smart TV features" exactly?

2. Given that I have not agreed terms or consented to processing information, how exactly does the TV know not to process voice recordings of me, or my TV viewing data? I.e. how does it tell who has consented and who has not, before processing any data?

3. If it cannot tell, does that mean you have been processing voice recordings and other personal data without my consent?

4. If so, will you be reporting this breach to the Information Commissioner's Office your self, or would you like me to do it for you?

I hope you can help answer these important questions.

To my surprise they replied!

Good morning Adrian,

Thank you for your query regarding your LG TV; I would be more than happy to assist you with this query today.

I can confirm that the TV does not record your voice or use voice controls unless you hold the button on the magic remote to do so.

It is not possible for the TV to function to its fullest without accepting the terms and conditions as it needs to know things like your country for region locked apps like Netflix as well as tracking what you have watched to make recommendations and keep track of where in a series or movie you are. We could revert back to how it used to be and how most manufacturers work and not ask and just do it without your permission.

As previously mentioned the TV does not record or listen to your voice unless you select the option to do so. You can disable this functionality in the terms and conditions by following the steps below;

Home → Settings → All Settings → General → About this TV → User Agreements

There has been no breach of any sort here. While you did not personally agree to the terms and conditions the person you allowed to set up the TV (Your Son) did. At any point you could have prevented this decision or reverted it by following the mentioned steps above.

If you do wish to discuss this further please do not hesitate to contact us on 0344 847 5454 or alternatively you can also reply to this email.

Thank you in advance.

Kind regards 
Carlin
LG Electronics UK Help desk 
---------------------------------- 
LG Customer Services

Wow... Just wow.

2018-03-06

Wallpaper TV

As I blogged, I now have a "wallpaper" TV. I hope you enjoyed the video.

But this led me to ponder a few points on this.... It is not like buying a normal TV in many ways.

Normally a TV, even an expensive TV, is not so much a "fixture". You can buy and sell it, transport it (albeit carefully for some large TVs). Someone could steal it, even. A wallpaper TV if different.

It is more of a fixture. Removing it from the wall is not simple, well, it is not that hard but you then have in your hands a large, thin, fragile, piece of glass. That is not easy to transport without the original packaging, and even then it would be a challenge. It would not be easy to simply move to a new room in the house without risk.

The wall bracket is thin metal, and screwed and fixed by sticky pads to the wall. The sticky pads will be an issue, and I doubt I could remove it without bending or breaking it. The only way to move this TV will be to get a new wall bracket from LG.

The base unit (sound bar) could easily be moved, but useless without the panel.

So, I cannot see this being something I could easily move, ever, and really not something someone could steal, any more than someone stealing my ceiling. No, that is not a challenge, honest.

I hope LG do sell new wall brackets, I should check, in case I do ever want to move it. One day, I bet I will go for the 77" and someone else in the house would like this, so a new wall bracket will be a thing we need.

There is also the fact that OLED panels can burn in - there are guarantees, but I wonder how much of the TV's cost is the panel and how much is the base unit. Replacing the panel with a new one would be viable I guess. I wonder if they sell as spare parts.

Even so, a day later, I am still impressed by the new TV...

2018-03-05

Installing LG OLED65W7V Wallpaper TV

Wow... I just got a new TV, and it is amazing.

To be clear the amazing bit it not the picture or the sound, they are the same excellent quality of an LG OLED 65" 4K TV and sound bar. The wow factor is the form factor. This is a "wallpaper" TV.

What is a wallpaper TV?

It means the actual panel of the TV sticks to the wall and is a few mm thick (in this case 6mm) with a flat cable coming down to the "sound bar" which is the main TV logic. Lots of ways that "sound bar" could be on a shelf in a recess or even out of sight if you tried. There are even instructions on the cable being "in the wall".

How much?

It costs more! The price comparison today was 77" LG signature OLED £8k, but wallpaper version £12k. I went for the 65" wallpaper version. My wall has space for 77" and in some ways I am thinking I should have done that, but to be honest, even I am not made of money. As it is, those prices meant upping the mortgage!

Is it really that thin?

Well, yes! Even fitted to the wall with the supplied wall bracket, it is that thin. It claims 6mm... It is. I held 5 credit cards against the wall to see...



Is it a good TV?

The panel is the same as the non wallpaper, but designed to be a thin panel on a wall. Apart from the fun of installing it, it is the same, and is awesome just as before. UHD and HDR, and the awesome contrast with true blacks you get with an OLED TV. Stunning.

Black is black!



Is the sound good?

Seems so - it has a "sound bar", and they have gone all out on the gimmicks with the tweeters motorised coming out of the sound bar when you power up. I even make a video especially for that feature... But actually, yes, very good sound - it even has a calibration mode using the microphone in the remote to adjust for the room acoustics.



How hard is it to install?

Well, I was impressed, it was not too hard, and basically James and I did it! I was scared we would screw up, but no, we managed. I have a nice installation video... All I needed was some wall fixings, and actually some were even supplied (we used Fischer fixing plasterboard fixings).



The flat cable!

The flat cable was an issue, it is a certain length and no "plug" at the panel end just hard wired in, and a tad inflexible. As you see in the video it was too long and meant the sound bar at the front of the table. But it does come with an extender which we used, and looped back in the base/cabinet, and made it work nicely. It is one thing to consider when choosing the height of the TV.

This meant I could have the sound bar further back.

Long term it may be sane to hide the cable within the wall, which would be pretty easy, and have a small floating shelf for the sound bar. So many ways this could look "tidy" with a small amount of work.

2018-03-04

LG 65EG960V 2015 Curved 4k OLED 3D TV

I have had this TV for over two years now, and overall I have to say I am pleased with it. It seemed like an appropriate time to say a bit more about it, as I am again changing my TV?

The reason for changing is simple. I returned from a short holiday last week (snowed in, at a cottage in the Peak District National Park, coding with two of my friends, so odd meaning of "holiday" in some ways, was fun though). Anyway, on return I found this (long scratch is around 90mm high).


This is two of several large scratches on the TV, some really long, and I am sorry to say that seeing these, even if mostly only visible when black, would drive me nuts. I took care of my TV. Sadly we will probably never know what happened as too many people in the house over the week, and I need to just move on.

However, this does allow me to confirm two important points about the LG curved TV. The first is that you can easily scratch the surface. I think it is some sort of plastic.

Sadly, I also can confirm a second point, you cannot really polish out the scratch. If you try, you polish off the anti-glare coating. I pretty much expected that, but given the scratches basically ruined the TV already I figured it was worth a try.

It is really hard to photograph a shiny spot. Viewed with the right background at the right angle, or in a dark room, it does not show. But sadly this too would drive me round the bend. You can see here in her hair...


So, you have to be very careful with your curved LG TV basically - carefully dust and follow the instructions to not use solvents, etc. Avoid anyone touching it as it takes finger prints very easily, which means keeping well out of reach of small children.

But apart from these warnings - what is my view after 2 years?

I used some of the smart TV features!

I am slightly surprised that I used the smart TV features, but I did. I used iPlayer (to watch Dr Who) and used the inbuilt Netflix especially when they launched 4k content. Very impressive.

I have not used anything else really. One app on my phone was able to stream direct to the TV, but that was not necessary as I have an AppleTV which I can stream to from my phone.

I did not use the tuner!

I have simply not been watching broadcast TV. I do have a SkyQ box but I don't think I have used that for a year. I am pretty much embracing the streaming generation using either Netflix on the TV or the AppleTV. This does mean moving the TV meant I did not need coax points, only power and network.

I have used 4k, and it is good.

When I got the TV, 4k content was hard to come by. I first found some on Netflix using the inbuilt Netflix app. I now have a 4k AppleTV. This means I am watching 4k routinely for any new content that is available in 4k. New films are, and so are new series on Netflix for example. It is impressive.

I have used HDR.

The HDR is one of those things that I have not noticed apart from when the TV tells me it is HDR. The 4k I can see, though that is partly because anything filmed in 4k is filmed on much newer and better kit rather than being able to see the pixels as much in all cases. But I have not really noticed things in HDR.

I used the 3D but very little.

The 3D is very good, and the passive glasses are excellent. The fact it is a 4K TV means playing 3D films that are left/right split but just HD do not lose rows when shown in 3D. This makes the 3D even better than the same 3D on an HD model. The passive glasses are no strain, and the separation is excellent.

I did not use it much basically because of lack of 3D content. Sky dropped it eventually. But it was also used by my son for games, two players seeing different views (2D) on the same screen at the same time.

I like the sound bar.

I got a good quality LG sound bar at the same time - the TV sounds good.

The curve is fine

To really work out if the curve matters, I just need to now use a flat TV more. The curve has no negative impact as far as I can see, and I think meant reflections were less of an issue. It is perhaps a bit of a gimmick which is probably why it seems to have been dropped.

I am clearly spoiled...

What was interesting was the week away. They had a TV in the cottage, no sound bar. It was not OLED. To be honest I am not sure what TV it was - reasonably modern - my mates say it was a big / good TV. I could see the black was not black. I could hear the sound was not very good. It seemed small, and it was only HD :-)

I had not quite appreciated how good the LG TV actually was.

So what next?

The answer, and the topic of the next blog, is the LG OLED65W7V. This is LG OLED, and 4k, but is a flat screen. In fact it is 6mm thick and mounts on the wall. I'll leave the rest for that blog.

2018-02-28

Very Special "Data Protection" logic from Norwegian Cruise Lines

So NCL have some very special systems in place, and I use special in the most derogatory sense here.

I have a "latitude" account/login, as does my mate.

However, we have linked addresses. Not email, not name, not latitudes number, etc, but address and phone number.

But some of it is worse. I tried to log in an failed and found that my latitudes have my wife's email and my friend's address.

We have been playing ping pong all day updating our addresses. They also have some strange cache, so I make a change and I will not see for say 15 minutes, but my mate sees the change. And worse, we have seen it constantly get the phone number wrong. So my address and his number, or his address and my number.

How does this happen. How is this not GDPR waiting to happen with big guns.