Very Special "Data Protection" logic from Norwegian Cruise Lines

So NCL have some very special systems in place, and I use special in the most derogatory sense here.

I have a "latitude" account/login, as does my mate.

However, we have linked addresses. Not email, not name, not latitudes number, etc, but address and phone number.

But some of it is worse. I tried to log in an failed and found that my latitudes have my wife's email and my friend's address.

We have been playing ping pong all day updating our addresses. They also have some strange cache, so I make a change and I will not see for say 15 minutes, but my mate sees the change. And worse, we have seen it constantly get the phone number wrong. So my address and his number, or his address and my number.

How does this happen. How is this not GDPR waiting to happen with big guns.


Slightly frustrated with Starling bank...

Both Monzo and Starling are good, and it seems Starling are a bit ahead with things like Apple Pay (have Monzo done that yet?). They are also launching a business account soon, which will be very interesting, providing they fix some of these issues...

Anyway, one thing that surprises me is that Starling seem very poor at addressing small bugs. After all, both of these are new banks and should be taking on the feedback people give them.

I have raised two issues, and it seems to me that they are just ignoring them - not even "adding to the list", but basically saying they will do nothing.

1. When you get a payment (or even a DD) they do not show the other party sort-code and account number. Their response is that they "can't" show it. Which is odd. No more explanation and no indication that they will "fix" this. Why can't they show it? Clearly there is no technical issue - they see the data, but clearly there is no regulatory issue as other banks show this. Monzo show it with no problem, and other banks like Barclays will disclose it if you ask even if not shown on the statement. So it is not "secret" nor something they are not allowed to provide. It would be nice if "can't show it" was backed up with a tangible reason, but no. Nothing!

2. When you get a Direct Debit they don't show the reference. This is especially odd as the DD rules make us tell our customers the reference, but they don't then see it on the payment. All they see is the "base" part that was on the Direct Debit Instruction. For us that means customers not seeing the invoice number to which the the payment relates. Again, not explanation why - my message explaining this just got a message explaining that this is what they do - D'Uh, no attempt to address the issue at all, not explanation of why it is not shown. No suggesting they will even look in to it.

So, as of today, A&A DD notices for Starling Bank customers have an extra caveat to ensure our customers are not confused. I am happy to add the same if people find any other banks that are doing the same.



It is a strange business model, selling coffee.

The Costa coffee shop, very much like the Starbucks coffee shop, is somewhere primarily selling coffee. It is made in a number of carefully prescribed combinations with tight controls on the way the franchise works and what exactly they sell.

The barista makes the coffee using a standard machine with milk, and steam, and coffee, and extras like syrups and cinnamon topping and so on. All very consistent, and nice. Apart from a lack of Marmite Paninis outside the UK Starbucks, it is all very standard.

But really - nothing it beyond a coffee machine here. The whole franchise, either of them, could be a machine, and would be if not for the love we all have of "the experience".

The coffee you buy is well defined and controlled and could really just be the product of a coffee machine, or a bank of ten of them for much faster service. Why do we need "barisas"?

So really what is the point of it all? Well, the whole experience is somehow what matters.

I go to any costa or starbucks with my wife within several hundred mile radius and she will have been there and they will be making her coffee before she gets to the till - not a word spoken and she has hers, and mine, served up. The people make it happen. They chat (not about her order, as they know that), and they make the coffee and serve it.

It has struck me for some time that they need systems so you wave your costa or Starbucks card at the start and it knows a "Sandra order" even if new to that location / franchise. But to be honest, I am not sure that would help.

It is amazing how they have made a business out of something a coffee machine could really just do. Yes, it is nice coffee, IMHO, but is not something a machine could not just make. We have deliberately non-automated machines and involve people in this just for the experience, and somehow that works.

I do wonder of the future - what happens when an interactive "human faced" robot is serving your coffee and chatting with you. It will come, but is that the future? Somehow the "coffee machine" is too impersonal, but maybe the "barista robot" will not be? Who knows. We live in interesting times.

P.S. To all Barristers, I did not mean the legal kind. Sorry for typo in first version of this blog.

The Orville

I am not usually much of a film/TV critic but I think it is worth saying a bit about The Orville.

I had seen trailers for this, and my first impression from them is that it was totally a piss-take / comedy, so maybe I'll get around to watching one day.

Yesterday I had the day off, so watched it all day from episode 1, and I think the trailer does not do it justice.

The series is very much in the true style of Star Trek - the episodes are distinct stories with interesting and thought provoking ideas. There is an ongoing development of the crew and the universe in which they live, with a nemesis (the Krill). There are episodes that provide some proper character development for the members of the crew.

The graphics, effects, and even costumes are excellent - more than could ever have been done in original Star Trek, and to be honest better than TNG, etc. Not surprising with advances in CG but they are actually quite good.

Unlike the limitations of the original Star Trek where aliens had to allow for a person inside a suite in almost all cases, they have not pulled any punches. The aliens are varied, and whilst most of the crew are people in (good) costume and make-up, some are far more exotic - such as Yaphit, a gelatinous blob. But even Yaphit is not just a joke in the first episode, he is a crew member with a role in the plot in many episodes.

I my view this is much truer to Star Trek than the latest Star Trek Discovery, which I think has lost the plot. The Orville is great to watch.

However, as you would expect, it is also played with the realism of Seth MacFarlane, with loads of throw away comments and snide remarks that would happen in reality. Some of the practical jokes are crazy! It is also done without any of the usual taboos of Star Trek - yes there is mention of going to the toilet even, and scenes where an alien is naked. I love little things like a damage report after the ship is somewhat shaken about (as is classic in Star Trek) but it includes that someone spilt soy sauce on their shirt - the captain is "really, he included that in a damage report?", but you can bet in real life someone would do that. It also has lots of contemporary references, and, of course, aliens not having a clue what they are talk about - even "go to hell" confusing someone. And of course Kermit the flog.

But the jokes do not ruin the plot or make it any less fun to watch, or deminish how it looks at some serious issues even. I also found the humour not cringeworthy either, which is good.

Well worth watching. In the UK it seems to be on Fox on Sky, and on Now TV, but not from the first episode any more which is rather annoying. I ended up finding it on iTunes. Whilst the episodes are mostly self contained it is worth watching from the 1st episode in order.



Network equipment in cars and boats?

One of the crazy things my son did on an older car (long before the Tesla) was set up some networking - using a FireBrick, WiFi access point, and 3G dongle.

Yes, seemed crazy, but much of the kit needed an inverter as well to get Mains from 12V car power. These are not very efficient.

The latest FireBrick (FB2900), available real soon now (literally waiting on safety test sign off now) will also have some DC power options. Yes, I may be crazy, but I decided "what the hell?", and these will be available at launch, along with rack mount kits.

The two options are (a) an automotive option aimed at cars and trucks and (maybe) boats allowing 12V and 24V supplies. Much more work than you expect as it needs all sorts of protection from voltage and current spikes you can get in such an environment. (b) The telco option for telecommunications racks with 48V DC.

The connector...

We decided on Anderson power-pole connectors, and will supply a plug and tail with the unit as well. They are excellent DC power connectors. The two variants are different colours and different keying too.

The application?

This is more tricky - who wants these? Well, telco racks with 48DC do exist, so that is one case. We do the FB6000 models with DC 48V supplies even (both DC+AC and DC+DC as dual power).

But will anyone really want in a car? Not sure.

Will anyone want in a boat? Maybe more likely... We have already had some enquiries, though I doubt we would meet the requirements to sell for boats (lots of salt water involved).

So what else?

Well, I want one myself? Why? Well I have a good 12V DC lead acid backup for the alarm/door system here. It lasts all day! They are common and simple. Alarms often need Internet access too. They are way better than a UPS for lasting all day if you have kit that can run on 12V DC.

The FireBrick FB2900 can provide the Internet access (e.g. a VDSL SFP) and connect to the alarm/door system anyway as well as some Ethernet connections for laptop in the event of main power failure. At around 5W for the FireBrick, and a max of 15W with USB and high power SFP, that is still a good lifespan from a 12V lead acid battery system.

The cost?

They cost a bit more than the AC version, but I can see there being all sorts of unexpected uses for this. We shall have to see how it goes - if you want DC powered serious network equipment, well, let us know. For now, with thousands of AC powered FB2900s on the shelf ready to ship, we have some DC models ready for evaluations in the next few days. Just talk to the team at A&A for more details.

I hope it was worth the investment in the DC options. It was my call to go for these options, DC and rack mount, to see how well they sell. If we only sell a few, we know for next time. Surprise me!

Direct Debit fraud

We had an interesting case this week where someone set up a Direct Debit on one of our accounts for Hastings Insurance.

Obviously I spotted it, and the bank have refunded the payment (they were oddly less argumentative this time, which is good).

What is interesting is someone on twitter thinks they know the cause of this, apparently someone is paying commission on new signups so a fraudster is signing up loads of bogus new insurance accounts to get commission.

This seems odd - it clearly cannot last as the insurance companies will get Direct Debit reclaims from the bank, and soon realise it is happened. If they don't already have a means to claw back their commission, they soon will, and ultimately it is going to be easy enough to "follow the money" and for the fraudster to be caught.

So really this explanation makes no sense. The person on twitter seemed to have a lot of these as regular monthly payments and says it has been going on for years. Even so, he simply gets a refund for all of them from the bank and is not out of pocket as a result.

I would not be surprised to find someone, somewhere, is confused about their own bank account number, or mixes up numbers, and so has simply set up DDs on the wrong account a few times. Clearly the guy on twitter does not notice for many months at least from the transaction he posted. Easy mistake, and not necessarily fraud.

What was interesting is that he then went on about how Direct Debits are a huge security hole as the bank just accept them with no checking.

Do banks just accepts Direct Debits with no checks?

Basically, yes - there is not really anything they can check. All they get is sort code, and account number (both of which they can check for validity), and a name. However, the chance of names matching is slim to none as people simply don't know their exact 18 character bank account name, so adding a check there would not help. Even if added, that is just one more bit of data a fraudster needs, it does not stop fraud.

So are Direct Debits hugely insecure?

Basically, no. The key security comes from the fact that they can simply be reversed, with no time limit, and guaranteed by the bank (not the originator).

However, how is this security really - do lots of people "not notice" and hence a fraudster not get noticed? Well, not really - refunding a DD is flagged up, and the sponsoring bank do notice them.

At the end of the day, the end user that has had money taken can simply get it back, so not really losing out, just hassle. The fact the end user cannot lose out makes it just a nuisance.

However, what really makes the system more secure if that this means a fraudster cannot gain from it. This is what stops Direct Debits being widely abused. Fraud is rare for this reason, as there is simply no point in doing DDs fraudulently.

The real hassle, and loss, comes for the merchant, who, on the basis of bogus bank details, has supplied services or goods and may struggle to get them back. This makes a good incentive for merchants to be very careful about how they use Direct Debits.

Can anything be improved?

Definitely. Merchants can try and do more checks, but that is just as hard as the banks to be honest. Clearly if someone is paying commission on sign ups they need to allow enough time to ensure the signup is valid and DDs are not being refunded.

One thing I did not realise is that my bank, for example, can mark an account not to accept Direct Debit instructions. This is important if you have a "paying in" account, like we do, and never set up DDs on it.

Obviously banks with more interactive phone apps and the like help massively, alerting when a new DD is set up before money is even taken, and making it easy to cancel and get a refund.


Let the juice flow

Well, the nice man from British Gas came round and did a very neat job, and we are all 100A now. Cool.

Unfortunately there was another side effect of having everything re done that has added a lot to the cost! A new washing machine.

Turns out the old one had an earth leakage issue but was not tripping the old circuits (may have been one of the non RCD circuits), and so as soon as we put in RCBOs, we find it is duff.

All good fun.

P.S. the geek in me that passed A-level physics can't help feeling there should be something more fun and youtube worthy to do with a 100A power feed than just charge a car and run a tumble dryer at the same time. Shame.


Clawing back a DD

I have covered this before, and slightly on my recent blog, but I think I have had a few more angles on it now...

Suppose I buy services from BigTelco and agree to pay by DD. I run up a bill of £100. They take £100 by DD, simple.

How it works..
  • I agree to pay by DD and provide an instruction to my bank allowing BigTelco to request them to send money from my account to BigTelco.
  • The bank, in return, agree to provide me with the Direct Debut Guarantee. It is pretty simple - if a mistake is made I am entitled to an immediate refund.
  • BigTelco tell me they are going to take £100, let's say the pick 10th of month
  • They tell my bank to pay them, but make a mistake, saying 9th, and the money goes on the 9th
  • For sake of simplicity let's say I have the money, the account does not even pay interest, I don't even notice the error, no inconvenience or costs at all.
At this point I have paid my £100, simple. Everyone is happy.

Then, later, I get my bank statement and realise it went on 9th not 10th. So I tell my bank. For the sake of argument, let's assume bank not being arses, and in a case like this I could literally show them the advance notice saying 10th and the bank statement saying 9th, so no question, no argument, no doubt.
  • My bank give me £100 immediate refund.
  • The bank, having now lost out, make an insurance (Direct Debit Indemnity Claim) from BigTelco
  • BigTelco pay out on the claim sending £100 to my bank.
[update] It is worth explaining a bit about this complicated system. Obviously the scheme could have been that the originator (BigTelco) had to give an immediate refund if a mistake is made. Had that been the case it would be clear the money was sent back by them, but one assumes people did not trust the administration of the guarantee to be in the hands of the party that made the mistake in the first place, and so the guarantee is made by the banks and not the originator, hence this complex process of an indemnity (insurance) to the banks.

Now, at this point I am £100 better off, and BigTelco is £100 worse off.

The question, and the whole point of the blog post, is do I still owe BigTelco £100?

I can think of three reasons why...

1. BigTelco were forced to send me £100, so obviously I do.
[update] AKA, the payment was "reversed" so obviously I do.

This is probably the most obvious and what most people and companies would assume. Obviously if I only owed £100 but they took £110 and I got a £110 refund, I would in fact only owe the initial £100 not £110 that was a mistake, but clearly, having been forced to send money back to me, I now owe whatever balance is now due after adding that refund. Obviously there could be something in BigTelco's T&Cs to cover this case, but that does not seem to be the case generally as everyone assumes this scenario is BigTelco returning the money to the customer.

I think not!

[update] This is not a case of the payment being reversed (see above for the complicated way this happens).

BigTelco are £100 worse off, but not because they were forced to send me £100. They sent my bankers £100 and that was because they agreed to insure my bankers. The £100 was not "for me" it was for my bankers that have lost out to the tune of £100 and made that insurance claim from BigTelco.

I am £100 better off, but not because BigTelco were forced to send me £100, no. The £100 was from my bankers not from BigTelco, and was because my bankers agreed a guarantee with me.

To illustrate, consider, after taking the £100, BigTelco went bust and by the time I told my bank of the mistake they no longer existed. In that case my bankers still have a guarantee agreement with me and still have to pay me the £100. In that case my bankers are £100 worse off and have nobody to make an insurance claim from. I get to keep my £100 in that case, clearly. This demonstrates my £100 did not come from BigTelco.

2. Insurance companies can pursue losses as if the insured

Another principle is that if you pay out on insurance, you can then pursue someone for damages. E.g. if you were to break my phone, I could pursue you for damages. If, however, I claim on my insurance, then my insurers can pursue you for damages.

So BigTelco insured the bank, but they can pursue me for the £100 they had to pay out.

I think not!

The insured risk was "a mistake in the Direct Debit payment". The mistake was made by BigTelco, not me. So if they have anyone to pursue, it is themselves. I am not the cause of the insured event.

3. Unjust enrichment.

There is a principle of unjust enrichment which may apply, and I am not a lawyer.

However, I am £100 better off, and BigTelco are £100 worse off, I am "unjustly enriched" and so should pay them the £100.

I think not!

Again, this was not £100 from BigTelco. If I am "unjustly enriched" I should pay the money back to the person that paid it to me, my bankers. However, I do not think this is "unjust", this is money from a guarantee the bank offered me and on which I validly claimed.

Consider Pizza Hut. If they take more than 40 minutes to deliver my pizza I get £10. This is not to cover losses or damages in any way - I don't really have any losses for a pizza a few minutes late. It is a guarantee they offer. It would not matter if it was £10 or £1000 they pay, if they agree to pay it if the guaranteed event does not happen, then I justly receiving that payment.

I don't see how my bankers offer of a guarantee is any different. In this case they agreed to refund me if a mistake is made, and they did what they agreed when a mistake was made. My gain is justly from the guarantee the bank offered me.

Also, what of the example above where BigTelco no longer exists. Surely my getting a refund would be 100% just in such case, even though it is my bankers and not BigTelco that have lost out.

I am not a lawyer

One thing, obviously, is a judge is going to do the whole "walks like a duck" thing, and clearly say that the money came bank from BigTelco to me in that case, and so I still owe it. But really, that is not how it works and not what happened. I wonder if there has been any case law on this.

Imagine the chaos if there were - every clawed back DD ever would suddenly be something you could keep. People would be suing suppliers like mad if there was a case the way I think this should work.

On that bases, I must be wrong, surely. But... think of PPI, that was rock solid logic until the day it was not. This could be another PPI fiasco if it ever happened!

Just a though :-)


Startgate Origins - Indeed!


Stargate is one of the TV series I quite liked, and the films, and I have watched them all several times. So when I saw there was something new, Stargate Origins, I was quite looking forward to it.

Initially I thought it was a new film, a prequel to the initial films, set in the 40s or so "Young Catherine Langford embarks on an unexpected adventure to unlock the mystery of what lies beyond the Stargate in order to save the Earth from darkness." - it's MGM so I expected it should be good.

Even so, it grates with the initial film and start of the series where Catherine Langford did not know it could open and access other worlds or that there was ever more than one place it could go. The plot is at odds with it all, and could have been done better. If only the plot did not involve Catherine, it could have worked as an unknown site track in the gate's history, maybe.

But putting that aside, I thought this could be good, and actually the trailer looked good. Release 15th Feb, yay!

Then I realise it is a new series, and actually that is way better than just a film. Cool.

But no, and WTF?

I am used to two main formats, a film which is like 1.5 to 2.5 hours, or a series which is a dozen or more episodes which are distinct stories (sometimes double episodes) of maybe 45 mins to an hour each.

But this is crazy, so far released is three episodes with streaming via an app. The first is 10 minutes, including credits, titles, and a long scene from the original movie. The second is 8 minutes, including credits and titles. The third is 13 minutes including credits and titles. These are not "episodes". You are stretching to call them parts between advert breaks in the UK even! They are little more than "scenes" at best.

Each is in fact just the steps of a longer story, not distinct "episodes". I would not normally give away "spoilers" but seriously, at this stage, there is nothing to "spoil"...
  • Stargate unearthed (clips from original film)
  • 10 years later, Prof and Catherine Langford made no progress, losing any funding
  • Nazis turn up, with old parchment and notes and open the gate using car batteries
  • Take a few people inc Prof Langford through, meet female G'ould that kills one of them
  • Catherine, left behind escapes and gets British army chap and his mate
  • They dial, using car batteries, and go through
That is it! All 31 minutes in total. It may make like the first third of a story/episode, perhaps. If this was SG-1 we'd maybe be at the first advert break by now.

Vaguely redeeming feature, it has Connor Trinneer (who played Michael in Atlantis, and Trip on Enterprise) as Prof Langford. Even then, the make-up is not that good.

I mean, I have no idea, if, when finished (IMdb says 10 episodes) it may actually be possible to stitch together to make like one episode, or even something that could be called a film, but at this point I am less than impressed. I only paid £19.99 for this (with streaming of all existing movies and series), and I think I was ripped off!

Only IMdb review: "NO...JUST NO complete and utter drivel ,If MGM want to destroy a franchise this is the way to do it production values very poor scripts and concept worse, sets just not worth the effort ,totally ignores not only the movie, and series universe but craps all over it. who ever wrote this and decided it was a good idea needs taken out and shot. very very disappointing" - well, I agree!

What is this crap?


Barclays incompetence

I asked Barclays to refund a Direct Debit in accordance with the Direct Debit Guarantee. This should be a simple and routine thing for any bank involved in the DD scheme. Sadly not, and this is the exchange with Barclays lasting a week! I have redacted some details obviously...

First message, via secure on-line banking messaging...

Fri 09/02/2018 20:19 A direct debit from my account today appears to not have had the required advance notice. Please provide an IMMEDIATE refund as per the Direct Debit Guarantee. The payment is for £271.38 today to BUPA CENTRAL A/C from my account number XX-XX-XX XXXXXXXX. Don't cancel the Direct Debit instruction, just refund that specific payment. Thanks. 

Concise and to the point and all of the details they need.

Well, I get (at every stage) a standard reply saying they aim to respond within 48 hours (clearly bullshit), so I'll omit those... But I did reply to the first one, just to be clear...

Fri 09/02/2018 20:22 Sorry but a reply in 48 hours is not acceptable, the Direct Debit Guarantee you offer is an IMMEDIATE refund, and not a 48 hour delay, please rethink this and reply IMMEDIATELY with a REFUND as per your GUARANTEE.

So, how long to wait I wonder... After 4 days...

Tue 13/02/2018 07:29 It has now been substantially more than 48 hours. This is meant to be an IMMEDIATE REFUND under the DD guarantee. This does not feel very IMMEDIATE to me. Please act on my request today or I will have to take this matter further.

Finally a reply...

Tue 13/02/2018 13:47 Hi Mr Adrian, 

Thank you for sending us a message and I apologise for the delay of response. 

I understand that you would like your direct debit payment to BUPA for £271.38 on 09-Feb-2018 to be returned because you were not given an  
advance notice for it. We can progress this as an indemnity claim for you. Most customers receive a refund which will be visible in their  
account immediately, however on occasions we may require further information regarding your claim to establish the error before a refund can be  
provided. If we do require further information from you, I will advise you of the outcome once your claim has been logged. Whilst the bank can  
provide a refund, you may be required to pay back the amount refunded if an error has not occurred. In this situation, the originator that  
collected the DDR is likely to seek payment from you, which may include legal action. Are you happy to proceed on this basis? 

I look forward for your response, Mr Adrian. 

Rodante Jericho Araullo 

Customer Support Manager 
Barclays Bank PLC

This is what prompted my recent rant. "We can progress this as an indemnity claim for you" is just wrong. I am requesting a refund under the Direct Debit Guarantee, not any sort of "indemnity claim". I respond, promptly...

I have to say the scare tactics of possible "legal action" are over the top. There may even be some major flaws in the logic here. I request a refund as part of a guarantee the bank offers me. The bank claim from originator as part of an indemnity they have with the bank. That indemnity is to cover losses due to the originator failing to follow DD rules (such as giving notice). I see nothing in either of those to processes that impacts the fact I did pay the originator by Direct Debit as per the contract I have with them. Even after my bank (not the originator) refunded me for an error, I still paid the originator as per their contract terms. The fact they paid on an insurance policy they have with the bank because of an error they made (not my error), does not mean they can reclaim that insurance pay out from me in some way, does it? So actually I feel the law and the contracts and guarantees in Direct Debits have a huge hole in them.

In practice all originators consider such a refund and indemnity claim to be "un-paying" the money you owed, but I am not sure that actually holds legally (before anyone asks, A&A T&Cs do make it so for our DDs).

There is a new clause on the DD guarantee that if you get a refund to which you are not entitled, then you will have to repay it if/when the originator asks, but in this case I am entitled to it as they made a mistake, so even that clause does not kick in.

Anyway, in spite of scaremongering I try to explain I do want this!

Tue 13/02/2018 14:02 I am making a claim against you under the direct debit guarantee. So refund the payment immediately as per the guarantee. Don't cancel the ongoing instruction. 

The error is simple, I have not seen the agreed advance notice for this collection. Obviously I cannot prove that as one cannot prove a negative. 

As for an indemnity claim, that is entirely a matter between you and the originator and nothing to do with me, so I'll leave you to do whatever you wish in that regard. My dealing with you relates only to the Direct Debit Guarantee which you as a bank offer to me. 

Please confirm when you have made the refund. Thank you.

Note, I state things like "So refund the payment immediately" and "Please confirm when you have made the refund" so there can be no doubt I want them to go ahead...

But, oddly, nothing, no reply... I did say they need to action "today" or I would take further, so next day...

Wed 14/02/2018 07:10 I requested this on Friday. It is now Wednesday and it has not happened. 

I remind you the guarantee is an IMMEDIATE REFUND. 

This is not IMMEDIATE. 

I did say in my last message that if not done yesterday I will have to take this further. 

As such, please advise the process to refer this matter to the banking ombudsman as Barclays have failed to response to communication within their 48 hour target and failed to provide an immediate refund in accordance with the Direct Debit Guarantee.

So this really is making it crystal clear I am expecting this to have been done by now. I mean how clear can I make it?!

So I give up and contact them on twitter, and end up talking to the social media team on the secure messaging system... Even so this is next day.

Thu 15/02/2018 16:00 Hello Adrian, 

I can see that my colleague has replied to you about this on the 13th of February, asking you to confirm if you're happy to proceed with the  
indemnity claim to recall your direct debit. As you haven't specifically said you're happy to proceed with this the claim hasn't been actioned.  

In regards to the timescale, we aim to reply within 24 hours however it can take up to 5 working days to get a reply. If you need something to  
be actioned urgently I'd recommend that you ring us directly on 03457 345 345 (24 hours a day, 7 days a week). 

Let me know if you're happy to proceed with the indemnity and I will get this set up for you to recall the direct debit payment for you. 

Kind regards, 
Ramona Oprea 

Barclays Bank PLC. 

I mean, really, all of my messages were somehow not I "specifically said you're happy to proceed" how the hell is that a sensible reply in any way?!

Thu 15/02/2018 16:06 I replied at Tue 13/02/2018 14:02 

I stated "So refund the payment immediately as per the guarantee." 
I also stated "Please confirm when you have made the refund. Thank you." 

How clear do I have to be on this. As per my original message nearly a week ago and that reply. 


Is that clear enough for you?

So hopefully now it makes sense...

Thu 15/02/2018 16:53 I am sorry for the confusion created earlier with my colleague, I think he got confused when you've mentioned that this is not an indemnity but  
a refund.  

However I have now raised this for you and the details have been sent to our processing team who normally action by the next working day,  
however on occasions we may require further information regarding your claim to establish the error before a refund is to be made. If you have  
not received the refund, it is likely we need to obtain further details from yourself.  

Once this has been actioned you should see the refund coming back into your account.  

Kind regards, 
Ramona Oprea 

Barclays Bank PLC. 

And finally the refund happened on Friday... A week after I demanded it.

Barclays, this is not how you handle an immediate refund!

Apple iMac Pro 10G Ethernet buggy?

I would be interested in anyone else able to test this on their iMac Pro to confirm as it seems highly unlikely to be anything but a simple driver bug. Sadly to test you need to craft broken TCP/IP packets.

Myself and a colleague have wasted a lot of time trying to track an issue over the last few days, it seemed to be that a simple TCP stream could have corrupted data in it.

Basically, we would do a test of a web page served from a device (the FireBrick as it happens, with test s/w on it), and the page would be all nulls and spaces, or should be, but random corruption would appear.

To be 100% frank we have not tracked it down yet, but we initially assumed it had to be an issue in the new FireBrick code. We are just launching the FB2900, so any issue in testing is somewhat serious.

Now, if you know anything about networking, TCP as a stream will only work if you get proper packets at both the TCP level and lower levels like Ethernet, with good checksums/CRCs. Whilst Ethernet is generated on each link. The TCP checksum is end to end (no NAT involved here).

So, you have a visible, albeit slightly intermittent problem - basically view a specific web page from a specific device and see gibberish in the page. You naturally assume it has to be within the TCP stack / processing of each end as that is where data could be corrupted without breaking the TCP checksum logic. There are two ends, one is my nice shiny new iMac Pro and the other is a FireBrick somewhere on the end of a DSL line. It has to be one of those two ends with the issue, and well, obviously not the iMac, so look at the newest code, and latest hardware, at the FireBrick end. Anywhere in between would cause a TCP checksum error and so we would not see in the final TCP stream.

A lot of time wasted, and a clue pops up - cannot make it happen from the iMac (not the Pro) at the office. Hmmm. Sadly it is a tad intermittent, so not conclusive. I could not make it happen locally either, but assumed the slower uplink and more buffering may be a factor.

Then it gets really really weird, and I can imagine some network engineers would pull their hair out at this point. On my home iMac Pro I did lots of the same test. I tested on wired Ethernet (running only at 1Gb/s), and on WiFi. Every time on wired it got corruption. Every time on WiFi it did not. A dozen tests. Pretty conclusive. WTF?

Seriously how can that be - clearly the iMac Pro is not randomly corrupting TCP streams, as I would notice in web pages, images, etc. Even, as it seems, levels like 1 in 1000 packets, you'd notice. So why only the stream from the FireBrick. It cannot just be an iMac bug...

So I used wireshark to pcap on the iMac Pro, and yes, it saw the corrupted content. Odd. Then it occurred to me - tell wireshark to check checksums. Bingo, the TCP checksum is bad. Yet the iMac Pro has accepted the packet and fed the corrupted data in to the TCP stream!

This changes the game massively. It means this is a raw data corruption somewhere on the route from the FireBrick to me. It could be ANYTHING now, as not in the TCP realm as the TCP checksum is wrong. We were (probably) looking in totally the wrong place for this issue. Thanks Apple!

It seems that the iMac Pro wired Ethernet is not checking TCP checksums. The WiFi is fine. Likely cause is that they use h/w TCP checksum logic on the MAC (not Mac, I mean Media Access Control, the Ethernet hardware) and there is either a h/w or s/w bug meaning the checksum check is not being checked! It is an easy bug to exist and one you will not notice generally as almost all packets have no TCP level corruption!

Reported to Apple but also said that I am not spending ages doing logs and crap for them unless I am paid my hourly rate.

When debugging you really do not expect two unrelated bugs to be in play at once. This is hard work.

Sadly, at this point, we confirmed the corruption is definitely upstream of my Mac (dumps on router in-between), but the bug has vanished for now - Heisenbugs we call them. If/when we manage to reproduce it, we can then trace at each step along to way to find if an issue in our network, BT, the modem, switches, and so on, or, as is seemingly increasingly unlikely, the FireBrick at the far end. As this happened on old FB2700 and new FB2900 on this DSL line, but not anywhere else, the chance of this being in the FireBrick is getting vanishingly small.

Chasing bugs can be hard!

P.S. looks like it was BT supplied VDSL modem all along. Wow.


Power to the people: Stage 1

Upgrading the power in the house is not something I really expected, but seems like a good idea.

The main driver is the fact my son has a Tesla, and now has a 32A Tesla charger on the wall. It is quite nice technically, can take one or three phase, and can be configured to tell the car how much current it is allowed to draw. Mostly James uses the free supercharger on his way to/from work, but he tops up over night at the house. It makes it very cheap to run (for him, at any rate).

So, having installed the Tesla charger, we can be using 32A extra. That is a lot for a domestic installation, even for a large(ish) house like this one. The first time it was charging at the same time as the tumble dryer it tripped the 80A RCB on one half of the consumer unit. Now, we were not up to 80A, I can be pretty sure of that, and it is an RCB, so it is likely just all of that load from various sources led to just enough leakage current somewhere. Hard to be sure to be honest. Moving off the RCB worked.

There are therefore a couple of concerns. One is the nuisance caused by an RCB that trips half the house. We have computers with disks, a wax printer with melted wax in it, sudden power losses are a nuisance. To be fair, computers are way better at this these days (journalling file systems, etc), but if you are in the middle of something time consuming you can end up starting again. And then there is the possibility that you are playing some on-line game, which, by total fluke, my son and I were doing at the time (I rarely play anything, this was AoE on steam!).

The other concern is the overall current usage, with one device that can draw 32A, and a "commercial" tumble dryer on a 30A circuit, and five air-con units on 16A circuits. One can see this adding up.

So, yesterday was stage 1.

I have had the consumer unit replaced. As per that picture it is all RCBOs. This means each individual breaker is an RCB, rather than a breaker for each half. They are on 100A switches on each half. This is not cheap, and took many hours to do. But now, each circuit will trip independently of the others, which is much cleaner. I also isolated my "Internet" stuff (connection, switches, PoE for WiFi, and security cameras) on to their own circuit. The alarm is already battery backed up. So this means less chance of tripping something taking out the Internet as well.

Also, the tails to the meter were upgraded from 16mm to 25mm to allow for 100A feed.

Also, a separate meter was installed on the Tesla circuit so I know how much James is costing exactly.

Stage 2: The next stage is upgrading the tails from fuse to meter - next week. They are also adding an isolation switch, which is nice. All that for £44 from British Gas.

Stage 3: We checked the fuse, and it is marked 100A on the carrier, but is in fact only 60A. Wow, we are way closer to hitting that than we realised. So we need that upgraded. That cannot happen until the tails are upgraded, and they checked the meter is 100A, which it is. So we are good to go for 100A installation...

What a "dick head" (his words): NRG Installs Ltd

Wow, I get some dodgy sales calls, but this takes the piss.

It took me ages to find he was calling from NRG Installs Ltd.

  • He could not say who he was calling from, just "NRG Installations"
  • He did not know the company number, and thought his phone number was the "company number" no matter how hard I tried
  • He did know his web site, but thought that the web site/domain was actually the "company name"
So then we have the fact he called a number on the TPS...
  • He told me the number he called, which I presumed was one of my numbers, I have a few. It is a number on the TPS!
  • It turns out he made the number up (i.e. lied), but then rants at me for lying about it being one of my numbers!
  • He refuses to say which number he actually called - to be a "dick head" (his words)!
  • He has no idea how to say a phone number, i.e. area code, pause, number
  • When I did track down which number he did call, from the incoming call logs from our PSTN gateway, he is adamant that is not the number he called. Now, in theory it could be some sort of re-direct but that is unlikely (I don't recall setting one up and would not have to that specific number), but we normally see redirection headers on the incoming logs in that case.
  • The number he actually called is in the TPS and has been for a long time.
But it gets worse, I mean really bad!
  • He says the TPS gives them numbers and they call them
  • He actually has no idea who the TPS are even
  • He thinks we should sue the TPS and not NRG Installs Ltd for the PECR breach
  • "I thought we were meant to call the numbers that the TPS give us"
I have muted the number he called from the recording here... It is well worth listening to...

Sadly there is little point in talking to the ICO on this, they don't care.

Banks trying to change the rules by bad use of wording.

As you probably know I have a gripe with banks over their use of the term "fraud". When someone pretends to be me and fools the bank in to paying out money which the bank then debits from my account with them - the person who has been defrauded is the bank, and not me. The person lied to was the bank, not me. So I really hate that when that happens ALL of the wording and communication from the bank is worded as if I have been defrauded and the bank is helping me sort it out and reclaim the money. In actual fact the bank has been defrauded, and so has no right to have debited my account and so must credit it, and then I am helping them with their fraud by providing information. They twist the wording and most people fall for it.

However, today, I see another case of mis-wording things to somehow "take the bank out of the loop". This is the same principle as the fraud thing - by making me the one defrauded they sort of take themselves out of responsibility, which is bullshit.

I refer to the Direct Debit Guarantee.

I am trying to claim a refund under the guarantee from Barclays, and for some reason they have taken nearly a week to provide the immediate refund that they guarantee, and at each step they refer to "my indemnity claim".

So, it is worth explaining to people how this works so that you know.

  • I authorise the bank to debit my account at the request of someone else (the "originator") - this is the Direct Debit Instruction.
  • In return the bank offers me a guarantee that if a mistake is made the bank will give me an immediate refund.
  • Quite separately, the originator offers all banks in the scheme an insurance (an "indemnity" agreement) that if the bank loses out because of the DD guarantee, they will pay the bank.
  • This means the bank make an "indemnity claim" against the originator after they lose out because they had to refund me.
This means there are two distinct and, in principle, unrelated things that happen here. I claim my refund. The bank make an indemnity claim.

This is quite important as, in theory, things could go wrong with the indemnity claim - e.g. what if the originator no longer existed (e.g. a refund on an old DD after originator has gone bust)? Well, in that case the bank is still obliged to refund me under the Direct Debit Guarantee that they provide to me. However the bank will have nobody to claim from, and so the bank loses out. Not me!

There are other cases. The originator can make a "counter claim", claiming from the bank that the bank should not have made the refund as "there had been no mistake". In that case, the counter claim provides the bank with the evidence necessary to reverse the refund on the basis that they should not have paid out on the DD guarantee, and they refund the originator as part of that counter claim. The bank can then use that evidence to reverse the refund.

So why are the bank messing about calling it "my" indemnity claim? I can only assume they are trying to extricate themselves from the process. I.e. if for some reason the claim does not work, they would try and reclaim the refund, because it is "my" claim and they are just helping me make it. This is, once again, bullshit.

Why does it matter?

In both cases we are seeing more and more people fooled by the wording and really believing that they are making an indemnity claim or they are the victim of fraud. Over time that will be what everyone thinks, even lawyers, judges, and politicians. It is a gradual change of perception, and before long the practical aspects of such things will end up as the bank have changed the rules without actually any change in the law or the guarantee or contracts.

I think banks should not be allowed to bend the truth like this.


When it a "30 minute guarantee" not a "30 minute guarantee"?

Well, when it is pizza hut...

How do I read that?

If they are 10 minutes *over* the 30 minutes? then that clearly makes this a "40 minute guarantee" as nothing happens at "30 minutes" in any way does it?

Just be honest!

Or is it that 10 minutes after order? Or 10 minutes after forecast? They are saying one hour to me now, so is it magically now a 70 minute guarantee?

A "30 minute guarantee" would have pay out for exceeding "30 minutes". Simple as that. Not "10 minutes on top of that". I mean, why not a "2 hours late" clause on top, it is meaningless.

The guarantee is clearly a "40 minutes" guarantee, as no recourse or penalty for delivery within 40 minutes and there is some (£10 off next order) when beyond 40 minutes.

This is bullshit - be honest. I think I'll file a complaint to ASA (like that matters)...

P.S. to be a tad less ranty!

The "30 minutes" is not meaningful in any way but as the headline. If they had a choice of customer A in 30 minutes and customer B over 40 minutes, or alternatively both A and B over 30 but within 40, they would choose the latter. They would be negligent not to. Only the "40 minutes" actually matters to anyone. The break down of that as "30+10" is purely marketing hype and IMHO dishonest, sorry.


ICO web site hacked?

The web site of the Information Commissioner's Office, the UK regulator for Data Protection and related matters, appears to be running a crypto mining script when you access it. www.ico.org.uk

But please, check for yourself, visit the site. On safari you right light to inspect element, click resources and scripts, and there you find it.

I can't claim credit for spotting this. @Scott_Helme on twitter drew my attention to it. He has managed to find a lot of sites running it.

But I can confirm I have checked, and it is true - but check for yourself.

P.S. The hack is in a third party site (browsealoud.​com) from which the ICO include scripts but do so without integrity checks. If anyone should be "careful" and have proper "technical and organisation measures" in place, it is the ICO.

P.P.S 15:30 seems browsealoud.com have done something, using an invalid certificate (odd) but has the effect of stopping the issue.

A little more for my less technical friends.

When you visit a web site, a lot of things get loaded in to your web browser in the background. These include images, and stylesheets and scripts which do useful things. Sometimes these come from other web sites.

In this case the ICO have included a script from another site, which does something useful - a tools to allow text readers for the web site for blind people. It is included in a lot of web pages.

However, someone has hacked that third party web site, so now when you go to the ICO web site you get more than you bargained for.

The ICO could have protected you from this - there is a way for them to tell your browser what to expect, and so it would not load the hacked version. The ICO should really know about this and have done it, being, well, the ICO. They did not.

So what is this bad thing that you get? Well it is not "infecting your computer", thankfully, but it is using it to "mine cryptocurrency". While the web page is open your computer will be slower as it is doing loads of work behind the scenes.

Explaining cryptocurrencies would take a while, but they are like money except you can "create" it using computers. It normally takes a lot of computing power (and hence money for electricity) to create useful amounts. However, by harnessing the power of millions of computers that are simply accessing web sites someone can make money using your computer. That is why they do this.

Is the A&A site OK? Well, yes, we use very few external scripts at all, and we don't use the one that has been hacked. However, we had not yet added these integrity checks yet - we are actually working on a new web site, and so some "maintenance" things have been left behind a bit with "That'll be sorted with the new web site". However, this example shows how important that is, and it will be done shortly anyway. We really feel the ICO should have known better though.


2D bar codes

I have done a lot on barcodes on my blog, and I am sure I have mentioned the URL shortener I made that is www.4.gg in the past.

It allows you to provide a URL and gives you a barcode for that in a variety of formats. Some time ago I changed from IEC16022 (DataMatrix) codes to IEC18004 (QR) codes simply because this is a tad like betamax vs VHS, and clearly QR codes have won. Shame, in my view, but they work. It's is even possible to script it to get codes for URLs from automated systems.

I was looking today at some of the stats on the site. It collects very few pieces of data - obviously it has a log of the mapping from an assigned code to a URL, it has to have that, and it records the date/time it was made, and the IP from which it was made and a hit count and latest time of use, and well, that is it.

It was never any attempt to collect data, personal or otherwise. I intended it to be useful, and well, we (A&A) use it for things like barcodes on invoices.

What makes it special is that the barcode is designed to fit the minimal QR code format, so is compact and/or easy to read. For example :-

That is the size of all of the barcodes it makes, the smallest allowed in normal IEC 18004 QR codes. But the URL shortener aspect means that can be any URL you like.

I checked, and was amazed that there are literally millions of hits on these codes now. It has been working for like 9 years now. We actually have over a 1000 new codes created a day now, which shocked me! When I started some camera phones had QR or data matrix readers, and even the Nokia phone had a bug that did not like a "z" in the code. These days phones have QR code readers in the camera apps, and iPhones just "see" QR codes when taking a picture...

So then comes GDPR, and I am concerned - we collect IP address when codes created and hit counts. Importantly we could collect way more if we wanted to. Some may count as "personal data" though that is questionable. So do I have to worry.

Well, best plan is make this an official free service by A&A and include in GDPR privacy statements. Annoying we have to do this crap in many ways, but let's do the right thing shall we.

BTW, the most popular code is some site that is now a parked domain, over 500k hits and even one today, so someone has put that barcode somewhere massively popular and I know nothing about it. Amazing how a free service I have not even advertised has taken off.

What is especially amusing is Facebook hampering my freedom of speech talking about it!

First time I have ever been accused of spamming... What is amusing is that I could post that screen shot on Facebook and a QR code of my post and the various comments and replies in QR code with no problem. Shows how effective Facebooks policies are in practice. LOL.


The frustrating bit...

The FB2900 is close, and one of the big things that is adding quite a bit of time, and a lot of cost, this time, is new safety standards. These were not in place for the last product.

Launching a product, especially an electronic one, has a lot of hurdles. It used to be the EMC testing (generating radio/electrical noise, and being susceptible to such) were the "biggies" that needed expensive external test houses. The "electrical safety" was a minor part of testing (can you poke your finger where it could get zapped?)... To be fair it was a bit more - things with mains power have to meet various rules for air gaps and insulation, but there are well known and tried and tested ways to design this in.

However, times have changed... The new safety standard (a little gem called BS EN 62368-1:2014) has a lot of things in it.

This is good!

I have seen too many things with power bricks melting and nearly causing fires. However, it is new, and this means some of the things you need to know when designing are not 100% clear. Unless/until the examiner at the test house makes a decision based on his reading of the spec, you cannot be sure. It is quite possible that something seemingly simple can catch you out and cause lots of delay.

I am pondering doing a more comprehensive blog some time, but here are just a couple of examples of the issues we have had to consider...

Holes matter!

The FB2700 had a grid of holes on the side for ventilation. The new FB2900 is way lower power (typically 5W) and does not need holes. We originally planned to leave the case design the same, but turns out the holes matter. Because they were more than 3mm this meant the case is not a "fire enclosure" (I think that is the term). This means things like deliberately overloading the power module to try and break it, and setting the damn thing on fire to see if any plastic comes out of the holes! Thankfully we do not need the holes any more, and the screw holes for rack mounts are small enough not to count. This meant a minor rework of the metalwork which added more delay.

Labels matter!

The front and back have screen printed polycarbonate labels. Obviously these are purely cosmetic, they could not possible matter, surely? After all the serial number label has all of the safety warning and CE marks and so on.

Wrong, they matter. Or might matter. Apparently there are factors of "touch temperature" - i.e. if the metal case is at max operating temperature, can you hurt yourself touching it while plugging in a cable? That sort of thing. I don't fully understand this one yet, but it meant the labels matter.

It gets more complex! There are LED holes that are over 3mm, and they are plugged by light pipes which are flame retardant and rated to the max operating temperature, so plugged holes. However the label provides an extra layer of flame retardant over the hole just to add extra safety. So err on side of safety and use flame retardant labels.

When we did the FB2700 the symbols and warnings on the labels were a simple checklist. Like power supply ratings, and CE mark, and class II (double insulated) mark, and so on. We simply put them on and we complied. Now it is part of the safety testing to check the label and check the associated paperwork (the quick start guide). So the production sample we send really has to be proper finished and paperwork and label and everything. That adds more delay.

The good news

This may sound depressing, but it is really good that things are tested this well. We are winning!

The production sample is off to the test house to finalise their testing and approval. Once we have that, we can stamp a CE mark on it and start shipping. Of course, something could come back and bite us and add more delay, but fingers crossed. We have a good hardware team on this and they do a damn good job, so should not be any issues.

The future

There is one thing that is not tested at all, and I can see that in 10 years time this may be very different. This is a network device. It is increasingly important that all network devices are sensible in the way they work - controlling access properly, protecting against attacks, and ensuring updates and patches as needed. None of this is subject to any formal standards or tests now. I wonder how that will change over the years. I wonder how easily a wince or linux box will pass? Fun times.

Only ISP guaranteeing no mid contract-price rises?

I just heard an advert on the radio which was very clear in stating that Talk Talk are the ONLY ISP that guarantees no mid-contract price rises...

This is rather puzzling, and perhaps worthy of report to ASA... Why?

1. Since at least Jan 2014 OFCOM rules are that ISPs (that is ALL ISPs, not just Talk Talk) cannot increase prices mid-contract, by which they mean "during the minimum term". So why on earth are Talk Talk claiming they are the only ISP with such a guarantee when literally every other UK ISP has the same guarantee! I don't recall A&A every increasing prices, and we have always had in our terms that an increase means you can leave before the end of minimum term if you wish, long before OFCOM rules came in. We sell some services with no minimum term, which makes it really simple that we guarantee no price rise during the minimum term!

2. They don't explain the other side of their guarantee. A guarantee has two key parts: (a) the thing that is guaranteed, and (b) the consequence of that not being the case. The OFCOM rules are that if you increase prices the customer is allowed out of the contract early, that is what the guarantee "pays out". Of course Talk Talk may have some better "pay out" on their guarantee - no idea what that is (does anyone know) which makes it better than the OFCOM mandated "guarantee", but it is wrong to say they are the only ones to offer a guarantee.

3. Like many adverts, people seem to misunderstand the word "contract". The "contract" is not the "minimum term", it is the agreement you have with the other party. That "contract" is on going - your broadband does not stop when you get to the end of the minimum term. So by guaranteeing no mid contract price rises they are basically guaranteeing no price rises ever, ongoing... I am not sure that was their intention, but as someone that does have a clue what the word "contact" means, that is what I would be saying to the judge if I ever sued them. Not that I buy retail broadband from Talk Talk myself.

Sadly the ASA have no real power, so no point reporting it really. At best, long after they have finished this advert run, they'll be told not to do it again. Oh well.


The important bit!

You have no idea how much debate this caused internally! Not just the actual design of the polycarbonate printed label, but how it shows on the web interface...

The "clever" bit was to make the FB2900 status page have an image of the front panel. Previously we have had simple rectangular boxes with colour and labels for speed/duplex. This time it was made using the design drawings and hand crafted SVG. I originally had the SVG made from a PDF made from the drawings, but that was massive by comparison and did not really help with what I need. I had an SVG but some parts of it needed to have id tags to allow some dynamic changes.

In the end I had to manually draw all the physical bits, the USB socket, the power socket, and the Ethernet sockets. My digital callipers were useful. The end result is pretty damn good.

We then have, within the ports, a rectangle with text to show a port connected. The green is port up and the purple is actually "remote fault" which I was testing. It works well.

The trick was a websocket feed of live status changes causing a simple javascript function to update the content and classes on the SVG objects in real time. It works! Next step is probably live port LEDs as well.

Technical bits included the fact that "className" is not a thing in SVG, you need "className.baseVal". That fooled me for ages. Also, for a bit, I forgot CSS does not allow // comments and just causes next thing to be ignored - arg! I hate CSS!

The labels under the SVG are simple divs with controls on width. This is because SVG makes it almost impossible to have a wrapped block of text.

So what caused all of the debate exactly? Guess!

The power connector. I spent ages drawing that to get it just right. It looks just like the real thing. Only issue is, of course, nothing is plugged in to it, and that does not reflect reality does it? But seriously this is a diagram, the RJ45s have nothing plugged in, just some green rectangles with the port speed/duplex.

So, we tried making the power green like the plugged in Ethernet or USB port - looked messy. We tried an green outline - maybe better. But both just draw attention to what is essentially a cosmetic detail like the logo and the grey background.

Final solution, add a label under it with the voltage range, sort of shows we know there is a power connection maybe? In fact the code has to handle three different power supply options on the FB2900, so not that daft.

Personally, I like the un-plugged power. It is like a deliberate grammatically error so that people post saying that it is not plugged in and create free advertising for you.

But all in all we are catching up with switches from the late 90s that show the switch graphically. I think it is really neat, and the fact it is live via web sockets even more so. The live status of ports is a really useful thing to have in many ways - this is just "pretty" as well...

P.S. We have live port LEDs now (optional), and as expected that creates blinking on the port that is used for the web socket to report the LEDs blinking :-) We may be able to improve that...


svg inkscape and ghostscript...

Very technical one this time.

As I have blogged before, a lot of things are now being created as a master in SVG format. It's one failing is blocks of wrapped text, but apart from that it works really well.

So, the new FireBrick serial number labels are done in SVG, and they include a QR code of the serial number. Simples. Well, you would think.

The target printer is 300dpi, and so the design has all been done on nice hard integer units at 300dpi. This is especially important for things like bar codes which need to be pixel aligned. In this case 4 prints pixels wide per QR pixel. If this is not perfectly scaled or aligned the QR code gets all aliased in nasty ways and is not as readable.

The svg uses width/height and viewPort to ensure we can use 300dpi units but be the right size, e.g. height="27.940000mm" viewBox="0 0 1185 330" width="100.330000mm"

The SVG looks perfect, obviously, whatever scale...

I can use inkscape to convert that to a png at 300dpi and it looks perfect...

We are using a Brother QL-700 which installs nicely on (32 bit) linux using the provided drivers and operates like a normal Linux printer as postscript (using ghostscript behind the scenes). So I use inkscape to make an EPS for printing. Again, simple.

This is where it goes wrong. inkscape is making postscript using default (72 dpi) units and 3 decimal places. e.g.  28.801 28.16 m 35.52 28.16 l which means a gap there of 6.719 pt which is 27.995 pixels at 300dpi, that is 7 QR code pixels. The issue is rounding. Sometimes it would be 3.995 pixels and sometimes 4.005 and so on, so you end up with a badly aliased QR code.

The fix was to make the SVG not scaled to the right size but just using the 300 dpi units. In fact, better would have been to scale to 72 dpi units default for EPS but as it happens the default units of SVG (96 dpi) work to produce integer values. This, of course, makes a much bigger image, so a bit of sed to add a 96 300 div dup scale was all that was needed.

What an annoying mess. If only inkscape understood that EPS can have a scale command, and it could have maintained the original units from the SVG in the EPS rather than converting to 3 decimal places. I may find the developer forum and suggest a change!

Here are the before and after - the bottom is before which as you can see from the checker board is rather broken. Now we have nice readable QR codes, yay!