GS1, scam?

You will have noticed codes on products you buy, with a barcode, these are product codes. Also known initially as UPC (Universal Product Codes), and then for Europe, EAN (European Article Numbers), and now GTIN (Global Trade Identification Number).

These are 13 digits (12+checksum), and allocated by a company, GS1.

At the beginning the UPCs were allocated on a one off basis to companies for a one off fee, but this changed and now they are allocated to companies on the basis of an ongoing rental.

Rental makes sense.

It is 12 digits, but this is some whole blocks to each organisation so not evenly spread out, and ultimately they will run out, so a system to manage these makes sense. Rental makes sense on the basis that companies will only rent as many as they need, will be encouraged to recycle from discontinued products, and the whole blocks could be re-allocated to new companies once a company no longer needs them or goes bust, etc. Obviously re-use of codes needs a sensible waiting period, and GS1 even had recommendations on that for companies recycling numbers.

Except!

Things have changed, in that GS1 no longer recommends re-cycling numbers because many platforms stick them to a product and do not update/delete that record.

What is extra odd, when querying this, I found GS1 do not re-allocated lapsed blocks to new companies.

This means GTINs are allocated as a one-off operation to companies - never recycled to new companies and not even expected to be recycled within that company!

So rental is a scam!

Rental for one-off allocation makes no sense. If the allocations really are forever, then the pricing should be for a block to be allocated. Ongoing rental is a scam as if you stop renting the numbers stay allocated. Indeed, discontinued products continue to cost you if rental.

We only have 100, and the price has doubled this year. We do discontinue products, and we tried to recycle (several weeks or Amazon support is failing to do this). So at some point we will be renting a significant number of dead codes, and it will be worth getting a new 100 block, re-allocating new numbers for current products, and stopping rental of the old 100 block.

What is interesting is that platforms like Amazon do seem to lock in a GTIN, but also they seem to not care if it is your GTIN unless there is a conflict. So if Company A got a block of numbers, paid the year, did not use them, and then ceased. Company B could use those numbers on a platform like Amazon as no chance of a clash.

Interestingly GS1 have replied to my various emails right up until I said the above, and they said Company B could face fines. I asked for legal basis for fines. GTINs are not covered by a contract with Company B (not that fines are allowed in a contract). GTINs are not protected by trademark, copyright, or patent or any other legal framework I am aware of. I mean I may have missed something, so I am happy for them to enlighten me - and asked as much - but no reply.

It seems to me, in my honest opinion, a rental arrangement for a permanently allocated resource is a scam, simple as that. If it is permanently allocated it should be a one-off fee for the allocation.

That is just my view, obviously.

The printer that just worked (and other fairytales)

I am impressed with the Canon TC-21 A1 printer. Don't get me wrong.

But it seems that Canon doing something very stupid! I have had this with many printers before.

It is telling the printer the type of paper!

Please make it simple!

Firstly there seems to be no standard such as what satin or coated actually means, or even terms like heavy/light weight.

But it does seem the printer considers the paper type (and notably the weight, and hence thickness) in deciding when the roll ends, and somehow I must have had it wrong as it ended several metres before it really did with no option to say just bloody print - I know what I am doing.

But there is one standard and that is gsm (grams per square metre), and the paper is marked with it, so why not make the paper settings on the printer also show the gsm - that way I stand some chance. Another idea may be to allow me to set the length of the roll, as that is also printed on it - or at least show the lengths for each option.

Doing the right thing

So, it is a Canon printer, I'll do the right thing and use Canon ink, and Canon rolls of paper, what could go wrong.

This is the paper.

You can see it is Canon, and is 130 gsm, 610mm wide, and 30m long, and described as "Premium Paper FSC". The FCS is just a certificate not related to type of paper though.

I have some options.

There are many more options, but they get quite specific. The only one marked "Premium" (well "Prem") looks like 80gsm perhaps. So not that. I am assuming "Coated Paper" for now, but I really have no clue at all. The options are not clear and none use the exact wording on the roll of paper itself or state 130gsm.

If you sell a printer and it has a list of paper types, and you sell paper and they have specific names for each type, why the hell not use the same terms/names in both places, please, Canon!

Quality product?

But it gets worse. The roll has to be installed with the paper pushed properly to the right hand end stop that fits in the core or the roll. It checks this (good) and even has little diagrams showing you how to fit, and lock the end stop in the core.

Except...

The core sticks out, so no way to push the end stop up to the paper edge. I tried several times, and no joy.

Only fix was a sharp knife, and finally it works.

This is official Canon paper for the printer and does not work in the printer. Really not that impressed.

Reseller?

The reseller has taken this seriously, and has pointed me to some reference information that may help.

Age verification

The Online Safety Act is in force to block porn sites accessed in the UK now. You have to prove your age.

There is even a petition to repeal and rework it. Do sign, but we all doubt it will help. Maybe if it gets to millions.

Just to be clear - this legislation does not just impact porn sites, or just adult sites, but millions of sites and services, and there are millions more that may be in scope. This is not something where one can say that compliance is a "cost of doing business" as the vast majority of sites and services in scope are not businesses. They do not have money to comply, or even to get legal advice to find out if they have to comply - get it wrong and they face huge fines. That is the crux of the petition.

Let's stick to porn sites for now.

This is a huge invasion of privacy and a largely pointless exercise as there is no real way to stop teenagers that want to access porn from doing so. In my opinion a better approach is education, and especially on the nature of porn as fantasy and fiction so young people do not get the wrong idea about healthy sexual relationships. Blocking will not work, in my view, but it creates a lot of problems.

• It does not just impact kids, it impacts everyone.
• The legislation has huge overreach causing a lot harmless sites to shutdown to avoid the burdens and risk involved. It is not even clear when it applies (what of a shared diary with my wife and nobody else? That seems in scope of risk assessments, at least, as we can each post user content the other sees, and perhaps even AV if anything we add is racy).
• It creates a norm of proving your ID, or camera access, in order to access many web sites (not just porn sites), so opening the floodgates for scammers. Even if some sites have less intrusive means (see SMS below) there will be scammer sites that insist on camera access.
• Even when not scammers it creates the risk of a huge databases of sexual preferences linked to real identities being leaked.
• Teenagers will find ways around it, and even have to help adults to do so (irony!).
• It is questionable as to the extent that porn is actually harmful in the first place, especially with associated education.
• Obviously VPNs are a way to bypass as the restrictions are country specific.

So, let's look at what has happened.

I have done a few checks, and the AV falls in to a few categories as to how it works. This is "legit" AV, scammers may be more creative... Actually I have only checked one site which seems to use "age>>go". Some other sites start by insisting on a sign up to the site and creating a login before they do any more checks, which seems intrusive.

But these are some of the "age>>go" choices...

• A selfie - i.e. allow video/camera access on your device (can you see how that can be abused), and confirm some facial expressions (open mouth). Apparently there are on-line images with expression settings to which you can easily point your camera in order to circumvent this and that is just some games, not even a site set up for this purpose, yet.
• ID upload, like wow - how can that be abused, but also selfie to match ID. No idea if that copes well with edited images in the ID. I was not going to upload an ID, sorry.
• An SMS check, sends a code and they confirm the mobile operator has no age restriction.
• A credit card check. I have not tried this, but they do know kids can have cards? Maybe kids cards are debit not credit cards and that matters somehow. It claims to be a zero value "active card check" - does that show on all card apps? i.e. borrowing a parent's card may work, and leave no trace... Again, I was not going to provide a credit card - but you can see how scam sites will abuse this.

SMS

I looked specifically at the SMS, which concerns me for several reasons. This is, however, by far the least intrusive - as no camera or images or actual ID, just a mobile number.

They take a number and send an SMS with a code to enter, and then do a check with the operator to confirm the number has no age restrictions. This may be an issue in itself - the privacy policy for mobile services can be vague, but sharing whether you have age restrictions with a third party, for a number, is not a clearly identified thing that I can see. So may, in itself, be a GDPR issue.

What they do not immediately say is they then want an email address to which they can send a code. This too is a GDPR issue, as having confirmed you (a) control the number (can get SMS), and (b) the operator confirms no age restrictions, they have no legitimate interest in knowing an email address, and no option to not provide one that works. And this was a "legit" AV site. Scammers will do way more.

What is interesting is the email address has a "remember me" option - but not clear what for. Well, the answer is that you can then verify using "login", i.e. enter the email address and get emailed a code. So the use of the mobile number has now made the email verified with no further need to use the mobile number.

Back of the bike sheds!

This is one of the concerns I had with any age verification system.

So let's assume that..

• Some teenager happens to have access to a mobile with SMS and no age restriction for some reason, or
• A sixth former that is 18 has legitimate mobile SMS with no age restriction, or
• Some guy in a dodgy trench coat has legitimate mobile SMS with no age restriction.

Can they sell (or just give) AV access to horny teenagers?

(Just to be clear, A&A numbers fail to get this to work, the SMS works, but then says you do not have access. This is no surprise as we have no system to allow some third party to check if our SIMs have age restrictions.)

Obviously they can simply provide the code sent to their mobile, and code emailed to them, to their customer to allow them access.

But actually it is even simpler.

Using the mobile number for the first step, and their customer's email address for the second step, the customer tells them the emailed code, or the supplier can tell them the mobile code, either way, but use the customer's email address. Now the customer's email is considered verified, and can be used to login in future without the need for the mobile number. It just needs access to an email address.

By using a domain and mail forwarding the customer's email can be hidden as well, allowing for some ongoing income as the supplier can revoke the mail forwarding at any time.

So yes, this now creates an opportunity for people to exploit others - even adults that want access without giving up any details! Of course those doing the exploiting can be scammy as well, they know the email address, and can even see how often it is used if they wanted.

Testing

I used a mobile (Three data SIM with no age restriction - I am an adult after all) and an email address (one of my @fuck.me.uk addresses) to get access to a dodgy site, yay! But also I can then login using just the email address.

I then did the same, using the same mobile number, but a different email address. This also worked, and both email addresses can now simply login using the email address. I can now forward the second email address to someone else and they can simply login. This has the advantage for them that the site and AV service do not have their details (mobile or real email). No, I am not going to send to a child, obviously.

Now, I do not know if they permanently allow the login or ever re-validate using SMS. It is not even clear how long a site grants access from a login (though clearly at least a day, from my testing).

More data collection

Another issue here is that it allows access to a site to be correlated. With NAT and incognito browsing it is harder to link multiple accesses to be the same person (though browser fingerprinting may allow this). But if there is a login of some sort - or some auth code from the AV service, it can allow all accesses to be linked together, even if not knowing the actual personal identity. With common AV systems it could allow multiple site's accesses to be correlated now without even the need for working cross site cookies / pixels, etc.

Bloody Amazon

Once again, weeks of seller support tickets on Amazon.

The problem - re-use of an EAN - a simple matter.

What is an EAN?

A European Article Number, known now as a Global Trade Item Number (GTIN-13), is a code used on a barcode on a product. They are issued in blocks by GS1. We have a block. We assign to products. UPC (Universal Product code) is the same system.

Reusing an EAN?

When a product is discontinued, there is no reason for that EAN to stay assigned to the discontinued product and so it can be re-used. Or can it?

GS1 did have stuff on re-use of EANs, and time frames for discontinued products before reuse. But apparently now they recognise that platforms assign an EAN more permanently to a product record and they may not be recyclable. So they have changed policy on this!

This is interesting - EAN/UPC used to be assigned for a one-off fee and that was it, but GS1 assign on a rental basis.This year they seem to have doubled the price, even. In theory when you stop the contract, they can assign the block to someone else. But based on this new policy, they cannot - so why do we have a rental? The idea being one could get a block, use it, cease it, but know it can never be re-assigned to keep using for free. Well not quite, there was a contract which continues to say you cannot use once ceased. OK, but a different legal entity could use the codes now, knowing they will never be re-assigned to someone else. Yes, I asked GS1 this. No reply yet.

Basically the idea of GS1 codes being rented only works if they can be reassigned. If they can no longer be reassigned, then rental makes no sense. Also, they will run out with such a policy (which is why rental came in, AFAIK).

Just to be clear, GS1 retain all rights to the numbers they allocate, but I asked, and they could not say, what rights they are! They are not covered by copyright, trademark, patent or any legal framework of which I am aware. They have no rights that I can see apart from contract (which is only with contracting parties).

Amazon

So, Amazon use the EAN barcode, yay. We had a product, with an EAN, sold some, discontinued, and some time later I re-assigned the EAN two a new product. One would expect Amazon to have a process to handle this. It is not an odd thing to do AFAIK.

But I cannot make a new listing, as the description does not match that of the old, deleted, listing.

The issue is the total ineptitude of Amazon seller support...

• Told yes, I am entitled to re-assign an EAN as a GS1 holder (good)
• Told the existing ASIN+EAN cannot be deleted, so tough, so no new listing
• Told the EAN cannot be removed from the existing ASIN, so no new listing
• Told the EAN can be removed from the ASIN, but I have to report a violation (i.e. someone misusing our EAN). So I did that.
• Told eventually (many times over many days) the EAN has been removed from the ASIN, so should work to make a new listing (it did not).
• Told that an EAN cannot be re-assigned, tough. I asked if they lied before or are lying now.
• Now told the ASIN can be deleted, and that will fix, but I have to re-make the listing and then do some spreadsheet update to delete the ASIN. That is going to be fun, and no clue if it will fix.

In my view this should be simple - we prove we hold the GS1 allocation (easy), we state the (unused) ASIN+EAN is no longer valid - Amazon delete it (or remove EAN) - we make a new listing.

To be clear, if they had a system that an EAN was always stuck to a description, and were actually consistent in that, and GS1 agreed (which they sort of do), then that would be annoying but not as bad as this - they keep giving hope it can be (or even, has been) fixed, and then changing their damn mind.

But no, Amazon seller support is, without fail, a battle at every step of the way, every fucking time.

Update

I have someone with windows and Excel to try this... They made the file to upload. Thanks. But...

• They say "Create listings with a spreadsheet in any format - Al will convert it for you." Nice.
• They say "Accepted file formats: Excel, TSV" nice
• I load an excel file and they say "File Type: Inventory Loader File (Automatically detected)"
• They then say "Please upload a tab-delimited text file (file format txt or .tsv).  This feed does not support the type of file you uploaded. If you're using Excel, please convert it to a tab-separate file by following these instructions."

So yes, upload any file AI will sort, or upload excel file, and we recognise you uploaded an excel file that is an inventory loader file, but a final FUCK YOU you have to load text or TSV.

I mean what that actual fuck. We loaded a TSV, it may have worked, watch this space!

Updated regulator

I do a lot of circuits, and they all use the same basic design for power supply. OK, technically not quite, I have one for battery and one for USB+DC. But the latter is a basic buck regulator.

I revise the design from time to time and newer and better chips come out and as I learn more.

The latest design is using a TI buck regulator based design using a TPS562246. This is a big step up from the MD8942. The key difference is the old design was 600mA and the new design is 2A.

Do I need 2A?

For almost all of my boards the answer is no, the ESP32 can peak to 500mA with WiFi apparently. 600mA is close but enough. But some boards have other peripherals and you soon find you really want a supply rated over 600mA - even adding just 10 of the small WS2812 diodes can hit 100mA total when fully lit and some of my boards have more than that. Some have GPS modules and a lot more.

Why TI?

They are a well known and competent brand with good data sheets.

Will it make any difference?

The main difference is many of my designs would take a DC input 5V to 35V, and now 5V to 17V. I think for almost all cases this is not an issue. Being able to run off 12V DC or some 13.5V or similar battery based 12V, is what is needed (and I do all sorts of stuff at that level).

I think it will result is less ripple, and allow more peripherals within the power budget.

Fun?

As always, I am learning a lot - finding the right components, the inductor with low enough resistance, caps that work in the required temperature range, careful PCB layout. It has indeed been fun.

So, yes, many of my designs will undergo an upgrade over time.

IR cameras

I have an IR camera, well technically I have three now. One was a bit of fun, a FLIR attachment for my iPhone, which is somewhere in the loft. One was actually for work, a Fluke PTi20, and now a Hikmicro pocket2. The Fluke actually melted its own USB charging port (if only they had a thermal camera in checking that design!).

Why do I have these?

Working on circuit design I have to consider the power and components - which work within specified temperature ranges. A thermal camera is extremely useful for testing and confirming which components get how hot under load, etc. Even things like the thickness of PCB tracks can matter. So that is why I have one.

I am currently working on a new regulator design for my boards, one that allows 2A at 3.3V. I do not need that much for any of the simple designs, but some have a lot more peripherals, and some have 3.3V power pads to connect and power other devices from the board, so making a generic 2A capable design - this means testing under load. One of my first test boards has an underrated diode which is getting hot under high load, and highlighted my error. I don't have the full picture yet as I am awaiting the macro lens (a nice feature of the Hikmicro camera).

Gripes!

The biggest annoyance is that thermal cameras are all very low resolution (or alternatively very very expensive). For example, the Fluke is 120 x 90 pixels (really). The Hikmicro is 256 x 192. But I guess this is a limitation of the technology, and we have to live with it. Compared to the normal cameras I have this is quite an amazingly low resolution.

Tell us the resolution!

One of the biggest gripes is so many devices do not say the resolution. Many say the screen resolution. They will also say the normal camera resolution, but the IR camera resolution is buried in the small print if at all. Some are even more devious, saying the enhanced IR resolution which is actually upscaled from a lower resolution sensor. Please just own up and make clear the specification.

Transferring files

Another gripe is some cameras (notably the Fluke) make it really hard to just get the images. It had WiFi and even a dedicated send button, but that only worked if you have a cloud account and only sends to the cloud and you then have to log in to get the images. Maddening.

The Hikmicro seems to be saner. It has an app, and WiFi, but also has simple USB bulk storage to allow direct access to the images and videos (yes it does video too 25Hz). So at least that is sorted. 

Show us the image

The image stored is a fucking screenshot! I mean literally, it is the screen with any image blending and overlayed text and icons and scaled to the screen size. This was the same on both the Fluke and Hikmicro. And is just really annoying. The Hikmicro has an option to also save the visible image separately but no option to save the clean IR image.

On the Hikmicro it even removes the [MENU] overlay to take the screenshot and puts it back afterwards!

Why why why? The IR is low enough resolution, why lose loads of pixels covering with a colour scale and overlay text. I mean I can just about see the logic of a marker for a temperature point (optionally), and the hikmicro does make it optional but if not set you don't get the temperature reading at all!

But why not save the IR image clean, in a larger image with the colour scale and text overlays all off to the side (and ideally in some meta data too). This is simple in software, and there really is no reason not to do that.

The other annoyance is it saves in jpeg, a lossy format. FFS this is such low resolution there is no reason not to use a lossless format - just use png even.

If the camera had an option to also save the clean IR image, that would be good enough, but it does not seem to have a way to do that.

More

The macro lens has arrived, and it excellent, but IR only (blocks visual), which was a surprise. Even so, the results are impressive, and useful.

Wish list: Power/battery management IC

I mentioned I am playing with battery management. It is clear some interesting ICs out there. One of the problems is that there are so many ICs with so many variations, even if one just looks at one manufacturer like TI (who do some cool ICs).

So I thought I would try and explain what would be an ideal IC for some of my projects. From what I can tell this is all available in various ways with various ICs but not as one simple IC. I am not actually asking for much, honest. I have some of this pretty closely now but in a lot more components than is ideal.

There are some monster large QFN power management ICs out there as well, which seem overkill, and not sure I have yet found one with the "button" aspect.

So here is the list of what I would really like.

1. A small IC, probably not actually BGA, but small, a QFN package or even small SOP style if few enough pins. It does not need a lot of pins for what I am talking about. TI have some funky QFN style packages with larger pads for the power, that would be fine. Ideally not special handling at PCB manufacturer (hence not BGA).
2. A 3.7V LiPo connection for one LiPo cell.
3. A 5V power input connection, i.e. from USB.
4. A regulated 3.3V output - ideally 1A but at least 500mA. Can be switched off.
5. A simple push button input (see below). Maybe also button state output pin.
6. An I2C interface (see below).
7. Perhaps even a "reset" output, that rises once power has stabilised, drops before power off - this saves a couple more passives.
8. Perhaps even a LED output (I don't really need this).

Now the idea is simple, this provides both regulation for 3.3V working of a device, running from 5V and/or 3.7V LiPo, but also provides battery charging for the LiPo from 5V. There may need to be a pin to define charge rate, and even a pin for voltage output, but a fixed 3.3V saves more passives.

The regulated output could be a simple LDO type thing, or perhaps a synchronous step-down with integral FETs and small external passives. Minimal passives is ideal. Needs to run off 5V or 3.7V, i.e. work when there is no LiPo.

The idea of the button is simple. The device would have off or on modes. When off, and just on LiPo, its current needs to be a few uA at most, and no 3.3V output. But the button is used to turn on. The button could also have a last ditch "hold for 10 seconds" power off to allow it to be used as a system reset. It makes sense to turn "on" when powered up, and when 5V applied, as processor can decide to turn off if not needed.

I2C would allow checking state of battery, and 5V. Ideally an ADC for battery voltage, maybe even for 5V supply voltage too. Needs a way to check button state so it can be used when on for other functions, or perhaps a pin output to mirror the button. Needs a way to tell the device to go to "off" mode. A pin output mirroring button is probably best as this allows for processor (e.g. ESP32) in low power sleep when this chip is "on" and still use button to "wake up". There could be some special power regulation modes for extra low power but still "on" perhaps to allow this type of working as well as a proper "off".

I can't help feeling this fits the needs of a wide range of small battery operated devices.

If anyone knows of devices that tick some of these boxes, please do let me know.

Oh, and reverse polarity protection and reporting, thermal shutdown, etc.

Some feedback I have had, thank you all.

• https://www.ti.com/product/BQ25155
• https://www.ti.com/product/BQ25186
• https://www.ti.com/product/BQ21088