2016-02-29

Maricopa County Attorney bans iPhones

An odd article: http://www.scmagazine.com/maricopa-county-attorney-bans-iphones-questions-apples-motives/article/479287/

They say that "Apple's refusal to bend to federal prosecutors a “corporate PR stunt.”"

I have to say that the move by that body seems to me to be an ill conceived PR stunt of some sort and misses the point massively.

However, I got a rather odd (what I can only describe as) "troll" on my comments on Facebook over this, saying: :"since it's only the newer versions that Apple cannot/will not provide access to at this time, the County Attorney does not want government phones that have this feature - thus sticking with older models and refusing upgrades that might incorporate that feature since they own the units and have every right to access them at will."

This struck me as rather odd.
  1. If there are work related files on a staff iPhone, and only on a staff iPhone such that recovery of such files would be needed later then there is a serious problem. Storing data sole on an iPhone is not a safe place - they can easily break. Use apps that securely ensure data that needs to be stored is stored centrally (in a "cloud" even) and not solely on a phone, and then there is no problem with no being able to get data on the phone.
  2. If there is any personal information stored on the phone, it needs to be secure. Phones can get lost, so making sure a phone does not have encryption means that any personal information could be lost and leaked just by leaving a phone on a bus. You actually need high security if storing any customer/public personal data on a phone or you are perhaps negligent.
  3. If you have worries about staff storing data you cannot access on the phone, you are stuffed, as encryption exists and data can be encrypted and stored on the phone in a way neither you, nor apple, nor the FBI can access.
This is a boycott, pure and simple, and it is stupid and ill thought out.

What is especially ill conceived is the idea that upgrades are a bad thing. This could be one of the biggest fall outs to the whole fiasco that people feel unsure of deploying s/w updates on products for fear of secret back-doors being added, and hence leaving themselves more vulnerable to attack from criminals.

2016-02-28

The state is our servant not our keeper

With permission from @MartinShovel
I think I need to make this clear.

There are always measures that can make us safer - ultimately if the "state" was to ensure that all citizens were monitored in all they do, 24 hours a day, at home, at work, in bed, on the toilet, everything, then there is a good chance that we will all be safer and no crimes committed. It would need a heck of a lot of watching the watchers, but it could be done.

The real question is whether you want to live in such a world.

I do not.

So, it all comes down to where one draws the line.

Let me be clear, the "state" is our servant - they work for us. They are our servant and not our keeper.

I have to agree with Apple, that the requests made of them are going too far. It would set a dangerous precedent that allows any US government agency to order any amount of assistance in decoding and extracting any information, and once we have that it could easily stretch to any government in any country. It is so "slippery slope" is dazzles with the shine it gives off.

What is worse is that criminals can use end to end encryption and enjoy privacy if they wish. Such precedent only impacts the normal people, the law abiding citizens, you and me...

The US has the constitution, and in the UK we have some fundamental rights which include some privacy rights. But whatever country you are in, there is a battle of the state wanting more police and surveillance and the people wanting some right to privacy for normal, non-criminal, life.

I, and A&A, are in support of Apple's stand in this matter.

2016-02-27

On splitting up BT...

OFCOM have decided not to split up BT but there are various things they are doing.

I have been asked a lot on how I stand on this, and I am still not sure.

I remember when BT was one thing, and to be honest I used to get on OK with them back then. They had reseller arrangements which worked well. They had compensation that was pretty much "one month rental for each day late" on a fault or install. This meant some incentive for doing things on time, and when they did not would mean very much free installs for some things. First two years trading A&A have a negative total phone bill.

The idea of splitting up BT has a lot of different aspects - where you split them is key and I am not 100% sure of the way it is done now (operationally) makes sense or not. The split was based on the idea of copper pairs in the ground, but communications is not quite like that now. You have, at one level, ducts that people should be able to rent and put fibres in, and at the other end you have FTTC cabinets that could do PSTN and VDSL with handover for VLAN and SIP at exchange. Then you have wholesale broadband/etc and where that fits.

One of the issues we have now with BT is the operational split with Openreach. In a lot of ways this makes it way worse for us dealing with BT, but you have to remember we are not (yet) putting out own kit in exchanges and running our own national network. If we were, we may have a different tale. In a lot of ways the Openreach stuff is a pain as we have BT Wholesale blaming Openreach for operational aspects of the service and costs.

I very nearly blogged that BT Wholesale do not seem to know who their "supplier" is, as it took a day for them to finally confirm that they are BT plc and their "supplier" is also BT plc. They were trying to blame Openreach for not being able to fix a fault whilst a 14 day lead time cease was pending (as part of a migrate to LLU) and I was saying that they, BT plc, were refusing to fix the fault. It is still not fixed, but they are now at least trying and not blaming their "supplier". The big issue is that if they really had a separate "supplier" they would, in many cases, in my opinion, be negligent in the contracts they have chosen to negotiate which do not allow them to perform their contractual obligations with us. Also, if it was really a separate company they could talk to them as a separate company - we have good relationships with many suppliers and customers - relationships which BT Wholesale seem banned from having with Openreach!

I seriously doubt a real split of Openreach would help any of the day to day operational aspects.

It would have impact on the economics and politics I guess. Things like who invests in putting in VDSL cabinets? And can BT Wholesale buy backhaul and services from someone other than Openreach? What would stop BT Wholesale selling Talk Talk Business services? Or BT Retail selling Talk Talk Business? If really split, the risk of such things would put a rocket up BT Wholesale and Openreach somewhat. Would it be good?

Right now, we play BT Wholesale off against Talk Talk Business, and in spite of our medium size we do quite well at that (hence some new tariffs now, and more to come). What if BT retail could do the same?

Annoyingly things that really matter are demarcation points and service provision, such as VDSL being to an Ethernet port on a BT supplied modem (something that is no more). That is what we need from Openreach, and even BT Wholesale, to remove the nightmare that is SFI engineers and charges. If that meant the tail costs were 50p/mon more or whatever, it would avoid the threat to end users of totally stupid costs (£160) for an engineer to fix a fault. It would make faults clear cut again (which they simply are not when modems are involved). Moving away from this is not good, and OFCOM need to be defining standards for such things for whoever offers them (BT or TT as one or many companies). That would help massively with quality of service if people can safely report a fault without the risks.

So, I have not got a good conclusion, sorry. Much to ponder though.

2016-02-25

BT Group plc shareholder

I have a 5p share in BT group plc, the sole owner of British Telecommunications plc.



I acquired it because someone (a customer I think) was kind enough to give it to me. He had direct ownership of some BT Group plc shares and so filled in the form to assign one share to me. I really appreciate this, but I cannot, for the life of me, recall his name (I must blog on my inability to handle names some time). I would be happy to acknowledge his contribution if he contacts me again.

Now, I am not sure how it usually works. I looked at trying to buy some shares, but it looked complicated using brokers.

What I would like to do is get maybe 25 of the BT Group plc 5p shares, for which I am more than happy to pay market rate plus a free FireBrick dragon, so as to give one share to each member of staff.

I feel it is somehow empowering if every one of my staff, in dealing with BT, can say "I'm a shareholder, you know"...

All a bit of fun :-)

P.S. It would also mean we could all attend the AGM :-)

2016-02-23

Talk Talk refusing to fix faults

Getting annoying.

We have moved a few lines from BT to TT back-haul recently, and a handful have been "mis-jumpered" at the exchange.

As faults go, this is pretty much as clear cut as you can get, the fix is also simple - an engineer goes to the exchange to fix the jumping.

But TT are refusing to fix the fault unless we pay them to fix it! Well, we do pay them, every month, a fee for a *WORKING* service, which includes fixing it if it does not work. Unfortunately they refused to understand this.

This is just like BT all over again, so we are escalating to get the work done - we do not want a customer off line, obviously.

What the hell is wrong with these people?!?!?

P.S. We managed to get a manager out of a meeting and progress the fault this time, but it is a systematic problem in TT (and BT).

2016-02-19

SciFi: Time Travel

I am off to visit a fiend this weekend, and even though he is somewhat technical and a bit of a geek, he has never really watched/read any SciFi! So I thought I would write up one of the common SciFi themes for him: time travel.

Credibility

First off, some basics. SciFi is fiction, and to watch it you have to suspend disbelief and imagine, for a short while, that the universe in which the story is set could exist. For science fiction this works by taking the normal universe in which we live, and tweaking it a bit to create something that is a bit different. Obviously, you also have the fact that you need a good story, and characters and a plot, and so on. Indeed, the science itself, and the changes that make this universe different to our own, do not actually have to be key to the plot - they could simply be utilities that make the plot even possible. An example would be the “faster than light” travel in Star Trek - without that the entire 5 year mission would be the crew getting to Jupiter, maybe, and the drama would be the sonic showers breaking down. Some science fiction revolves around the key scientific difference that the depicted universe has from our own. Time travel is rarely simply a utility for the plot but usually a key plot element. Annoyingly I know I saw a film where the time travel was totally incidental to the story but cannot for the life of me remember what film it was!

Some of the most plausible science fiction is set in a universe where the laws of physics are as they are here, but that some current leading edge theories are assumed to have been proven and practical innovations and technology created from them.

Consistency

One of the things that puzzles my friends is that I will watch SciFi and criticise the science some times. They find it odd and point out that it is science fiction. I have to point out that it is science fiction. It is worth explaining what I mean. Basically, the universe in which the story is set must be one where science would work. Science is not the laws of physics of our universe, but is in fact a toolkit of methods by which we have test and understand the universe in which we live. The universe of a SciFi story can be very different to ours, but science in that universe would work to allow the rules of that universe to be understood.

Of course, as an audience, we are unable to perform tests on the fictional universe, so the author has to do those for us - part of the story will have to be some demonstration of the key difference between that universe and ours, and provide some framework by which we can understand the rules by which that universe operates.

What causes annoyance, and makes the fiction break down is when the rules are not consistent. This is especially difficult for time travel as making any consistent set of rules for time travel is actually quite tricky - there are many ways it could work.

Ideally the author makes a proper set of consistent rules in their own mind, even if they are not always revealed in the story or done so over time. This avoids inconsistencies. Sadly this is often not the case and you realise that the social structure would not exist if that technology existed. An example if Star Trek transporters. They conveniently gloss over the details as much as possible but it is not clear if the device somehow moves you from A to B (via some energy conversion or something) or, as suggested and even necessary in some story lines, it somehow digitises you, converting you in to information and sending that to create a new instance of you at the destination. The latter is extremely problematic as it has huge moral/ethical issues, killing one instance to make another. It would also mean nobody could die as information can be backed up so you could've a backup made every day. It would also allow an army of soldiers to be created all the same from your best individual examples. Society would not be the same if that is how it worked.

Even so, many science fiction stories are set in a world that is meant to be based on ours. A common theme is to set the story in our future. The key scientific differences being the result of discoveries and subsequent technology developed in the future. Star Trek is another good example of this. Another common idea is to set the story in the here and now, but where only a select set of people are aware of these scientific revolutions - Stargate is a good example of that. A lot of alien based science fiction assumes the here and now, but with the availability of alien technology and understanding that we do not yet have. In either case the “normal” laws of physics have to still apply except where modified by these specific key innovations - and this is where you can end up shouting at the screen - when something stupid and wrong is included in the story for no good reason. One simple example is the idea that cold air (still is gaseous form) can flash freeze someone solid in seconds if it is cold enough, simply as an example of extreme bad weather. That is not how it works - gaseous air does not have enough thermal mass and conductivity for that. For science fiction to work, the science has to work even if the laws of physics are different.

Forward in time

The concept of going forward in time is not difficult. We are all doing all the time, it is simply a matter of going faster. Indeed, even going far ahead in time is not difficult to conceive as it is functionally the same as simply being in some sort of suspended animation for some long period.

Time travel stories rarely have just forward travel though :-) And even when they do, there is the transporter problem (see below).

Backwards in time

This is where it really becomes a problem. Basically you have to resolve the paradox caused by backwards time travel. The classic being the grandfather paradox where you go back and kill your grandfather before your parents are even born. But any travel back in time, or even simply being able to send some information back in time creates a paradox. There are a number of ways this can be addressed (or ignored) in fiction…

Circular plot

A classic method of addressing the paradox is to basically make the story such that the time traveller did not actually change history at all. Everything he does is something that already happen. In such a story he could not in fact kill his grandfather - not due to a law of physics, but because the author does not make that happen. Typically the exact nature of what the time traveller does is not obvious until the end, when it becomes clear that he has done what happened anyway. Indeed, some stories work on the time traveller trying to make changes, and ending up being the cause of the things he meant to change in the first place due to misfortune. Some stories have the characters deliberately try to reproduce what they recall from history for fear of some catastrophic effect due to a paradox. Of course, such stories can work well, but they do not actually address the issues, and you are left wondering why the character did not at least make some small attempt to create a paradox of some sort. 12 Monkeys worked like this.

First law of time

There are some stories where there are “laws” of time travel which the characters have to obey. These usually involve avoiding a paradox very carefully, and again the issues are not really resolved. In some cases these are rules and regulations of some time travel agency our authority from the future. Being rules, the characters can be compelled to stop people breaking them and hence avoid the author having to address the issues.

It all turns out right in the end

Another common theme is that the changes to the past end up changing the future as a consequence. This can leave the characters never needing to back in time even, and is usually the last scene of a story where everything turns out all right. Off course, this is a paradox anyway, as who actually fixed the past if not those that are no longer going back to fix it. Stargate had a fun one like this with a tiny twist that there are fish in the pond this time around! This sort of story can be a bit unsatisfying as you end up with the whole story you just watched being erased from history and not having happened.

Ripples in time

Another idea is that the consequences of the change happen, but take time (!) to happen. Somehow the traveller is protected from them - finding himself back in a new future with his old memories - or in some cases with both sets of memory (confusing). These sorts of stories can involve multiple attempts to go back and fix things. Again, at the end of it all, the story you watched is erased from history to give a reasonably happy ending.

Changes in the past having “real-time” impact

This is where things get very strange, and Back to the Future sort of did this. The idea that as you change the past, and as the chance of you fixing that change diminish, you impact yourself in some way. Marty sees his siblings vanish slowly from a picture, and even starts to fade out himself until he eventually manages to fix his mistake. I have to say that this sort of thing is really messy. The whole thing is very inconsistent and hard to derive any sort of laws of physics from it.

You also get this where someone manages to meet themselves, and perhaps injure themselves and in doing so magically they get a scar from that injury. Again, very inconsistent logic.

Bogeymen

One of my favourites comes from a Dr Who episode. Dr Who stories try very hard not to create a nasty paradox, but they do happen, and the TARDIS has technology to handle a paradox even. But interfering in your own timeline is seen as something you must not do. But rather than this being some law of people (or time lords) or a law of physics, it is done as a law of nature, sort of. The idea is that by creating the paradox, such as saving the life of your father, you create cracks in time that allow some nasty creatures in to reality. So the law is there to protect you, not something that there are police to enforce. Fix the paradox and seal the cracks!

Multiverse

One way that you can create a consistent set of rules for time travel is to use the concept of the multiverse. The concept is that at each point in time, a branching set of subtly different parallel universes are created.

In this situation, going backwards in time is easier than going forwards! Going forwards is steering a branch through that multiverse - the decisions and random events of our daily life steering as we go. Gong backwards is simply going back up the tree - only one path to take. However, when you arrive at a point in history, your arrival creates a new branch of history with you in it.

This has the advantage of removing any paradox. You can change what you like in your new branch of history and not impact the branch from which you came.

Even this gets abused, as in Back to the Future, where they are again inconsistent in the rules of time travel. It also has several issues with time travel duplicates and getting crowded.

Time travel duplicates

A consequence of multiverse logic is that you are immediately a duplicate of yourself when you go back in time. Go back 10 seconds and tell yourself not to go back, and bingo, there are now two of you. One branch of the multiverse has lost you and another has gained you. That breaks ordinary laws of physics in some ways, as it means matter/energy within a single universe being created or lost, but that could be seen as that law of physics being too narrowly scoped and not catering for the multiverse!

Futurama has a special twist on this, using basketball mathematics, they deduce that a time travel duplicate is always doomed - having a high probability of demise to leave only one of you in any time line… But that is sort of science comedy!

Sideways in time

A consequence of multiverse logic is also the concept of travelling sideways in time. The idea that you can go to the same time in an alternative parallel universe in the multiverse. This was the main theme in Sliders and is explored in many science fiction stories, including Stargate and even Star Trek.

In Stargate they created an extra twist on this, that somehow you could not exist in the wrong universe for very long and would eventually collapse at a sub atomic level in some horrid way, so you have to return. They also explored the issue of addressing (numbering) the multiple universes - a key plot issue in Sliders.

Transporter problems

One of the problems that is rarely addressed in any of these stories is the fact that you end up with matter appearing or disappearing. This is the same issue with a Star Trek transporter. When you have someone pop in to or out of existence, how do you ensure that the borders are correct and that they do not take half the pavement with them. And how do you target things to avoid appearing in a wall. For that matter what happens to the air that was where they are when you appear. Even forward time travel has this issue. Terminator tried to address this by putting the traveler in a sphere and that would actually cut a hole in the ground when the traveller appears - it solves the question of how do you get a skin tight enclosure for the traveller to be cut out of one space and put in another.

Getting crowded

You also have the issue in a multiverse scenario - whilst there may be many futures all the same in most aspects there is only one past - surely if one person goes back in time to a specific point, a million others have done the same and are trying to occupy the same space at the same time in the same universe at that point in the past? Well that could be solved by saying that the new branch of the multiverse they create by their arrival is the one that has them in it, and all of the others are in another one. That does not really handle things very well, or cater for the versions of themselves that decided to arrive from that new future and arrive a second later in to their timeline. It gets very messy and should get very crowded the second someone invents time travel!

Winning the lottery

One common concept of time travel, of even just sending yourself information in to the past, is that you send winning lottery tickets. This is where I have an opinion which I have not seen in any film. The issue here is how that time line goes forward. It is fair to say that you would follow the same path forward with all of the quantum level decisions being the same. Maybe lottery balls are actually random enough not to come out the same? Perhaps a better idea is to bet on sporting events where the outcome may be much more Newtonian and following the skills of the players rather than quantum level random luck?

Mind travel

Another twist is the idea that you do not physically travel in time, but your mind travels. In the case of About Time the traveller is travelling to an earlier version of himself. This does not quite eliminate any paradox but does avoid many questions. He returns back to a later version of himself but having followed a new future because of his actions in the past. The issue is that random things have changed making it somewhat pot luck, and meaning that he realises he could never go back to before his child was born for fear of changing that event. In some ways Ground Hog Day is like this but the travel back to his own body at the start of the day is involuntary and even works if he dies.

2016-02-18

Another stupid OFCOM code of practice

The latest OFCOM code of practice on line speeds sounds sensible. ISPs agreeing to it will give a clear minimum speed when ordering, will try and address speed issues, and will allow a customer out of the contract if they cannot.

It sounds good. I agree wholeheartedly in principle with such a plan.

But there is a problem!

Most ISPs are not the underlying line provider or carrier themselves - they buy either a broadband service from a carrier like BT or TalkTalk, or they buy copper pairs from BT and have their own kit in the exchange. Yes, there are exceptions like Virgin, but by far the majority of ISPs are buying a wholesale back-haul and DSL tail service of some sort.

This creates a problem - as an ISP, we could sign up to the code of practice, but issues impacting the actual line speed are outside of our direct control - we simply have to rely on the efforts of the wholesale carrier to rectify such issues. Indeed, even a minimum speed forecast depends on the carrier providing us with the data.

So, obviously, you would expect that OFCOM have either imposed the same conditions on the carriers like BT or TalkTalk or at least got agreement from them to support this new code of practice at a wholesale level.

After all, if they have not, then it is meaningless for ISPs like us, and hundreds of others, to sign up the code. We could not state a guaranteed minimum if the carrier does not tell us one. We cannot make effort to fix a speed issue unless the carrier will consider such an issue a fault and accept a fault report from us and themselves make such effort. Obviously the last point of allowing someone out of contract we could do, but only at our cost if the carrier holds us to term or charges us cease fees. Without the first two points we are left simply signing up to a means by which we lose money and do not actually help customers. That is dumb.

What is especially strange is that BT plc used to offer FTTC on the basis that if the line does not meet the minimum speed estimate then they will (a) make effort to fix it, and (b) we can reject the install and get a full refund, not be held to term, and even have a line put back to ADSL if that is what is was.

I.e. BT used to provide exactly what we would need for this code of practice for FTTC. But BT have changed their terms, detrimentally, so that they no longer do this. They actually have some hidden lower percentile minimum against which we can reject an install but we are not told that speed, and they will no longer make any effort to fix a line that is below the minimum they state on their checker. They have moved away from this sensible customer service based system. They don't have this for ADSL.

So what the hell are OFCOM playing at? Why did they launch a code of practice where ISPs would have to take on liability with no hope of any means to mitigate that liability or actually help customers improve their lines? In whose interest are they acting exactly?

What is worse is that a customer can impact speed themselves in various ways - impeding the line speed. With no means to get the carrier to take such issues seriously we would have to accept the low speed and let customers out of term, paying the carrier ourselves, i.e. opening ourselves to a get-out-of-contract-free scheme.

I'd like to thank TalkTalk for at least replying on this issue, and checking with OFCOM, who confirmed they are not imposing or agreeing any requirements on wholesale operations.

Sadly this means, once again, we cannot sign up to their code of practice. Last time it was stupid wording, this time it is sensible wording but no backing for such a scheme.

Thankfully we have our own code of practice on speed and quality, and take issues where a fault is causing low speed very seriously, using our advance diagnostics and monitoring tools.

But seriously OFCOM - don't you ever think when you make this stuff?

P.S. To be clear, we would be happy to sign up to this code of practice if and when the carriers we use do so as well, and hence provide us with the means to actually provide the assurances and guarantees offered.

Computer says "no"!

I got a parcel today. Yay!

It came by DPD, who are pretty good at this. In fact the whole ordering and delivery process was very impressive.

I ordered yesterday at 2pm from the exploding kittens web site, and the order seems to be handled by Blackbox. I got confirmation email right away. At 17:30 DPD emailed to say delivery would be today. At 07:46 they emailed to say it would be between 08:18 and 09:18.

All very efficient and impressive I have to say.

At 8am a huge white van turns up and parks across the drive. The driver spends 5 minutes faffing about while we watch from the door. He sorts his paperwork, cleans the cab out, and goes to throw a rubbish bag in our skip but catches sight of us watching and changes his mind sharpish. He then says that as he is early the item won't "scan".

He literally spends 18 minutes on the drive (good job nobody had to get off the drive, but I guess he would have moved). At 08:18 he walks over with the parcel.

I am figuratively at a loss for words!!!

P.S. I order something else yesterday (from UK) which is coming by UPS. Oddly the tracking shows it was shipped 3 hours before I ordered it!

Apple

As I am sure you all know, Apple have taken a stand on a recent court order requiring them to make a back-door version of iOS so the FBI can try and unlock a phone of a known terrorist. Their customer letter makes their position very clear.

I know some people do not like Apple, and there are a lot of issues around the way they do business, but in this case I am very pleased with the stand they are taking. I, and anyone else with any clue as to the technology, have been saying the same all along. This is in part why I have started yet another petition (please sign).

There is, however, a big problem with explaining this to the public - because TERRORIST! I mean TERRORIST FFS!!!

I asked my wife if she had seen this in the news and her reaction was along the lines of "well, if he is a terrorist then they should unlock the phone". I do think I have convinced her that this is a really bad idea and a hugely bad precedent to be set.

The fact they have used an ancient law to force this order is just a clue to how underhand this is, and if allowed could open up all sorts of orders.

It is also crucial to realise that this is theatre. Criminals can encrypt things - the "secret" of encryption is out of the bag. I can encrypt things and store them on my phone, and the FBI would not be able to decrypt them even with Apple's help. This order may help one investigation with one phone now, but it is not a help in general, but it is a serious risk to the normal day to day security that we all expect and deserve. It is just about control of the largely innocent population. It is putting the government on the same side as the criminals in the security "battle", which is just silly.

Of course, one of the issues would be, if allowed, that every other country's law enforcement would ask Apple the same under each of their own laws, whether that is the UK, or France, or Russia, or China, or North Korea, and how would Apple have any argument? Indeed, once the magic version of iOS is made, Apple cannot even argue that they would have a cost in making it for other countries.

But what could Apple do if they fail to defeat this order? Well, one possible move would be to put keys in a separate tamper proof module in the hardware design in future. Much as SIM cards and bank cards work. This would allow a separate bit of hardware to impose retry timeouts and fail counts and erasure of keys on repeat fails. If that was in the hardware design then they would be unable to bypass in the firmware of the phone. Would they be ordered to change the hardware design? It clearly would not make sense to make an order for decoding one phone in future if it had such hardware...

Another simple idea, which they may be able to do now with the new s/w release even, is to make the firmware not allow loading new (signed) firmware on a locked phone. That would mean that the magic firmware the FBI get would work until the next iOS release and never again after that!

Really, we need governments to understand that encryption exists and if you make any part of it illegal or weakened you only do so for those that obey such laws - actual criminals will be unaffected by such rules, and you make their life so much easier when they are hacking us.

Indeed, part of the reasoning to explain this to my wife was another news article of an LA hospital being held to ransom by computer hacks. That is quite serious, and it is vulnerabilities and back doors in s/w that allow such things - the very sort of thing the FBI are asking for.

P.S. Seems later models already have a separate hardware security model! See here for good explanation.

P.P.S. Reading more details, the order is very specific to one phone and can even be done in Apple's premises, but the bigger concern for apply is the use of this old law to make such an order - if allowed, then it could mean any number of more intrusive orders. This is a "foot in the door" situation that needs to be stopped.

Accused of lying?

There are fun logic puzzles, such as the paradox "This statement is a lie", and of course more subtle variants of that theme.

But I have just come across a rather fun "complaint".

The complaint is that we accused someone of lying. Apparently, accusing someone of lying is a bad thing, and really bad "customer service". Obviously anything where the customer is not happy is, by definition, bad customer service. However, personally, I don't see a problem with accusing someone of lying, if, in fact, they have lied. I have a problem with lying.

But it struck me as an almost "clever" sort of complaint, as there is really no way to answer the complaint without it being true!

If I investigate and find that we did in fact accuse the person of lying, well, then it is true.
If I investigate and find that we did not accuse them of lying, as is the case here, then my finding is now accusing them of lying about the accusation of lying!

Either way, we end up accusing them of lying. Catch 22!

Oh well, I will have to agree that we accused them of lying or are now accusing them of lying. I'll not dispute in any way that we have or are accusing them of lying and not dispute in any way that it was bad customer service. After all, I would not want a "dispute" that might need "resolving".

I should say well done to the customer for coming up with a self confirming complaint though.

2016-02-17

Skyaphobia

I really do not want to call the Sky TV call centre. I am not sure I have strong enough blood pressure medication for that. Yes, it is silly. Almost a phobia. Oooh, is that a new phobia - skyaphobia?

Yes, I subscribe to Sky for TV. Well, I have been on Sky TV enough times :-). I know some find that odd, sorry. I think I was "the one" the broke their system by having 7 sky boxes on multi-room. They even tried quoting the contract terms that said "if you have a sky mini dish you can have up to 4 sky boxes" which did not work as I do not have a sky mini dish - I have a huge dish with quad LNB and a distribution amplifier in the loft. I installed it myself when younger and more inclined to go up a scaffold tower. They did manage in the end, and we do have 7 Sky boxes on multi-room!

The whole "all connected to the same phone line" also confused them when the "line" was an ISDN2 with 100 numbers and each box has its own number. But we resolved that with VoIP and making all call from the same London number (we are not in London). A SIPURA can work well using a-law to support a Sky modem call.

On a serious note I hope the move to checking multi-room at an Ethernet level on the LAN and not using phone lines soon. Someone in Sky take note (happy to discuss at next forum we are at together). It would avoid the simple trick of making Sky boxes all over the country call from the same VoIP number.

The issue is that half the kids have moved out. In fact, only 1½ live here full time now. I hardly watch Sky myself now I have the man-cave, but I'll keep on as an extra room subscription. My wife watches a lot and we have grandkids around quite often and they watch it. So we can reduce things down to maybe 4 cards. Sadly we only have 3 working boxes, and need a new one.

Now, this should be simple - reduce the number of cards, buy (yes PAY FOR) a new box, and set it all up, ideally without me engineering some sort of phone lines, and without paying  a Sky engineer to "install" the new box, FFS!

I even considered just cancelling the whole lot and then having my wife sign up as a new subscriber - it would be easier I feel (as well as cheaper I expect).

But I have spoken to their call centre before, and it fills me with dread. Skyaphobia!!

So I wonder - has anyone managed to just write a letter stating what they want and Sky actually handling it?

The power of the blog

My blog and my twitter account are starting to get to a sort of critical mass. A level where, on almost any subject, someone will read my blog who has some connection to that subject and do something about it.

I have found this quite a few times recently, whether it is a post regarding Royal Mail, BT or even more obscure suppliers. I get a nice email from someone that has read it that either is themselves involved, or knows someone, involved with the company in question and is able to get someone high up to take the matter seriously.

This has actually led to several issues being properly resolved after a blog post.

But how does one use this power?!

Well, for a start, I need to not "go to the blog" as a first resort - it needs to be there after I have tried the conventional means to resolve a problem. I need to make sure I give people a change before "going public". That really is only fair and I would hope the same applies when people are cross with something I (or A&A) has done.

Heck, the whole involvement with Parliament over the IPBill started because of tweets of blog posts coming to the attention of a Lord.

But I do have to say that it is nice to be taken seriously... well... at least by some. Thank you. I will not abuse the power - honest.

How slow can it be?

So, I order stuff on the Internet occasionally as we all do. In the UK there is usually next day or two or maybe even three day shipping, but usually any delay is not the courier/post but the sender taking time to ship.

Overseas, can take longer, but I have ordered stuff next day from the US before now and it works.

But this was just "shipping", and is strange...


I mean, why sit around in Salt Lake City for 4 days - how is that helpful having a courier or postal service that does that - it means storing shit.

And then, 3 whole days since "departed" from London. What UK courier or postal service would not have got it here by now.

Very annoying.

Problems with Royal Mail

As you will know from my previous posts, we are using Royal Mail - this works for letters and parcels and we ship quite a few routers out directly. The integration with our systems is really useful, and postage at franking rates or better is also good (without the annual rental of a machine or even paying for labels or ink!).

But I do start to wonder if we have made the right choice as there have been a few issues of late, and their handling of them is far from ideal...

The most worrying is that they lost a bag of post, between us and the sorting office, this week. I can see the sorting office from our office - it is a few hundred metres away. But they do not even seem that interested in investigating the matter even! So we are re-sending routers and stuff out today. I bet we will struggle to even get the cost of postage back from them.

The prices for their tracked service are not fixed, they are based on volume and weight overall, but somehow they are charging us slightly more than they said, which is annoying, and we are having to chase that.

As a normal postage customer, sending a special delivery parcel, if it does not arrive on time, you have to claim for the postage back (as it is a guaranteed service). But when you are an account customer, they know it is delayed (it is tracked), why don't they just credit to our mail account? They expect us to send in paperwork to claim a refund making a lot more work for them and us (well, if it happens again I'll automate it our end).

Their tracking API fails in odd ways - I can't use the multiple item track as one item causing an error stops access to any of the items. So I have to request one at a time. Even so, it is often saying "Service is unavailable due to an unknown reason. Contact RMG Customer Experience Team.". I have contacted them about 77 times on this now (it does say to contact them) but they are ignoring me!

Their shipping API claims that some email addresses are invalid when they are not, oddly not my short one, but ones ending in newer TLDs. Again, ignoring me when I ask for this to be fixed.

Oh, and we had a fun one today - we also have a freepost account, which we have to keep in credit, and they invoice for a top up when it is low. The invoice has terms and we pay in those terms by BACS so no ambiguity over the payment date at all. They had the cheek to call up and have a go claiming we paid late by a day, when we did not. But even if we had, this is a credit account and well in credit even before we paid, so it does not mean a lot to be "late". Statutory penalties don't apply as the service we are buying has not yet been provided, and if they had the cheek to suggest charging interest I'd want the same rate of interest on the credit balance from them all the time. Why waste time, two weeks after we paid, contacting us to say we paid a day late, especially when we didn't - that is a proper jobsworth type attitude and waste of their time and ours!

So, not a good start to the year using Royal Mail. One to watch out for. And I'd love to know where our post has gone. I may set TR-069 to alert us for any of the missing routers ever going on line :-)

Update: The missing post has just started tracking updates, after we have sent replacements. FFS!

Should we stay in ISPA?

The Internet Service Providers Association is an important industry body for Internet Providers, and does a lot of good work, but I am really not sure if there is much benefit in A&A staying in ISPA.

The main thing that has really pissed me off is that we were told, with almost no notice at all, that the ADR scheme provided as part of ISPA membership was moving from CISAS to The Ombudsman Service. Having dealt with the latter and concluded that they can, in my humble opinion, burn in the fires of hell (if such a place existed), I was not amused at this change with no notice or consulation at all.

We have signed up with CISAS directly, and that has removed one of the benefits of being an ISPA member.

Do customers put any stock in whether A&A are an ISPA member or not?

Is it worth staying a member?

I guess I need to decide soon as membership renews 1st April.

2016-02-13

Properly clarify status of encryption in The Investigatory Powers Bill

I have tried to make the wording clearer and once again try a petition on this.

Sign here: Petition 121521

This is the wording now:-

Properly clarify status of encryption in The Investigatory Powers Bill

The draft bill suggests that communications providers may have to remove "protection". The joint committee says the bill should make clear that this be only where technically practicable. This does not quite go far enough. We need a clear statement allowing CPs to offer secure communications.

The bill MUST make clear that CPs can offer secure communications which cannot be read or intercepted even with a warrant or with an intercept order or order to maintain an intercept capability.

Without this people (in UK and overseas) cannot trust CPs offering secure communications, and trust is essential in this industry. 

Even as worded now, the bill allows criminals to communicate using own encryption, so that battle is lost. We need to allow non-criminals the same benefit using CP services

Contrary to last time the petition was published in a day, on a Sunday! Do sign...

Sign here: https://petition.parliament.uk/petitions/121521/

2016-02-12

Market power (Facebook and the French)

There is a rather odd article on the French deciding that Facebook contracts cannot be under California law and have to be under French law.

I have to say that I am a tad conflicted on this point.

The contract is clear and offers, for no fee, a service to anyone that wants it if they AGREE to be bound under California law for that contract. Why the hell should the French or anyone feel that is unreasonable. It is a free service, and offered freely for anyone to take or not take. If someone does not like being bound by California law, simply do not take the service.

The specific case, which is not yet decided, is over Facebook removing an image that breached their decency terms. But Facebook is their web site, why the fuck should they not have final say on what is on that web site. It is not like the "customer" paid them to display that post and they broke that contract. In fact, the "customer" broken the contract by posting the image.

Now, I wonder how it will play out in French courts. I hope there is some sanity that the customer in this case did breach the terms, even under French law, and that Facebook are entitled to control what is on *THEIR* web site. We'll see.

The whole thing does raise a lot of issues though.

Choosing jurisdiction is one - it is not unusual for a contract to define the jurisdiction and ultimately it only makes sense if that is defined as one place, and so one party to the contract defines it. Ultimately if the other party is not happy then they should not enter in to that contract.

The problem is "consumers are assumed to be stupid" and so, even if they agreed something, then maybe they should be protected from having done so. The solution, in my opinion, is more education, not stitching up companies when consumers are muppets. But that is just my view. I want consumers to make good, informed, choices.

But I wonder if this ruling has other problems. Is simply accessing one of my web sites that provides some useful "service" for free, something which has some implied "contract"? I have some useful sites like http://find.me.uk/ for example. I do not try to impose any contract and hence any jurisdiction on disputes over contract. But is there one, implied. And is it one that could be deemed under the law of some foreign country which has some Draconian rules and could apply some penalty if the site is down for a day? How can I tell.

Now, for my site, it may be better if I have a note stating it is a non-contractual arrangement. Such things are possible, and avoid any issue of jurisdiction as no contract disputes can exist. Maybe Facebook should try that.

Though I suspect for Facebook this will simply mean they have some French compatible contract terms drawn up under French law, and then they are covered.

Even so, this does raise other issues - at some point an organisation like Facebook or Google or Twitter reach a level globally and/or even within one country when maybe the usual rules need to stop applying. The "don't agree to Facebook terms" option stops being sensible when one would fall out of all social circles by doing so. At that point, maybe new rules need to apply somehow. It is, perhaps, the price of success.

P.S. I am told that one can have a contract under one countries governing law, and another countries jurisdiction, just to add to the fun. Thanks Neil.

2016-02-11

Likes?

I have liked the odd 9gag thing before.

I did not "like" this post.

Facebook are telling people I did!

That is defamatory and fraudulent.

That is both civil and criminal liability for Facebook.

Not sure what I should do.

Sorry, but still unclear on crypto #IPBill

The report from the Joint Committee is not as good as it could be - many recommendations to get issues clarified but still basically agreeing with what the bill is trying to do, even the data retention.

One key comment is :-

Government still needs to make explicit on the face of the Bill that CSPs offering end-to-end encrypted communication or other un-decryptable communication services will not be expected to provide decrypted copies of those communications if it is not practicable for them to do so.

That sounds good, and I would agree, but sadly it still does not go far enough. It is still unclear if an order to maintain a capability could require CSPs to engineer things so that they are not offering end-to-end encryption or so that it is somehow practicable for them to decrypt it.

CSPs still do not know. The bill needs to be clear that offering communications services, where the content cannot be accessed, is permitted. It also needs to make clear that continuing to offer such services, in that way, even with an intercept warrant, or a "maintenance of capabilities" order, is permitted.

As I say, criminals can send encrypted messages - we need this to be clear for everyone else. It is possible to do the end-to-end encryption yourself, so why should companies not be able to offer such services to customers freely and therefore help all of the non-criminals be safe on the internet as well as the criminals.

So, we are still not clear even if they follow that recommendation.

Do sign my petition:-

https://petition.parliament.uk/petitions/121521

Terabyte services

Our VDSL terabyte services seem to be going well, and we have managed to halve the install price down to £50 from £100 now.

We have not yet managed to separate out the "phone line" part, but that is expected in due course, making the ongoing £50/month for the VDSL terabyte service and £10/month for the "phone line" part, but allowing people to have the phone line with someone else if they want. I really hate to suggest dates having been bitten by this before, but we are hopeful of that next month. The other key thing is it will allow this in exchanges where there is no Talk Talk MPF service - OK that is a tad technical, but basically means it will be available in more places.

What I am really hoping we will be able to do within the next few months is an ADSL Terabyte service as well. We are expecting it to have a target price for Home::1 domestic users of around £40/month (not including the "phone line" part), but that is still to be confirmed. It would also be possible to move existing services to that package once we launch it, but it will depend on location as it is only on one back-haul provider (Talk Talk). Yes, I know it is a bit of a teaser to say this now, but I am really quite confident this time. It really is starting to change the way we sell these services at last and I hope it is a sign of things to come in the industry as a whole. We will have to see.

It is probably a good time to thank everyone for their understanding over the moves we have been making on back-haul providers which started this week. Customers that have been impacted by this were all emailed, and I know there have been a few that are puzzled by this and some discussions in irc. The good news is that we are seeing pretty much everyone getting higher sync speeds in the move. Please don't be confused over the invoicing - I have looked, and it is surprisingly complicated to have the system not generate a credit note and matching invoice when the change over happens, or an invoice then a matching credit note. So please do wait until the end of the day when they should all match up and no extra charges as a result. If I can find a way to do this, I will.

Our core network upgrade is starting soon as well - we have some shiny new switches and have started to install this ready for some planned work to move equipment over.

Exciting times.

P.S. I think I have worked out how to fix the billing in most cases.

2016-02-10

#IPBill Joint Committee report

It comes out tomorrow at 09:30. I have a copy.

I note the embargo does not say a time zone, so I wondered about finding an Aus site to publish it on tonight, but maybe not.

The whole issue of what would happen if I published it sooner it a grey area - with penalties for contempt of the House of Commons and House of Lords being a bit tricky under Human Rights law if they do not have a clear legislative framework, but suffice to say that I am not planning to be a test case for that right now. Maybe next time.

I am actually quite surprised how easy it is to be part of the democratic process. I, like many people, vote. However, like most people I have to feel my vote makes almost no contribution to the result. I could stay at home (again, like many people) and make no difference.

But the process here has allowed anybody - and not even just any UK citizen - to contribute to the process and submit evidence, yet only 148 people and organisations did, and only 59 people gave evidence in person. I submitted two bits of written evidence and one oral evidence session.

I am mentioned on 15 pages of the 194 page report!

I feel like I have made a contribution to the democratic process somehow. It is really a strange feeling - 64 million people and I am quoted on a report about a new law that impacts them all, 15 times!!!

I mean, that is not just my "15 minutes of fame" which I have done many times on TV, that is actually in the parliamentary process. It is a tad scary. They even mentioned my pornhub comment! I think someone owes me a free subscription :-)

I'll comment on the actual report tomorrow once the embargo is over, but I am sure many others will comment in more detail. The bill has many issues. The committee has picked up many, but not all, of the serious concerns. We'll see how it goes.

2016-02-07

L2TP services

Internally we have L2TP links to carriers for DSL services, and for a long time we have had a sort of informal L2TP only service.

If you have DSL from us, you can connect via L2TP using the same login and password to get access to the same IP addresses. We allow this as a form of backup which some people use via other ISP links. It is no extra cost but comes out of the usage allowance for the DSL service.

However, people started wanting an L2TP only service without having DSL. So we started this and billed in the same way as our highest usage service at the time which was BE back-haul DSL. And it sort of have continued like that. It is messy as it is units usage based, and unlimited speed which could impact services

I am thinking that we should come up with a much much simpler plan.

The idea would be that L2TP only services would be, say, £10/month, capped to 100Mb/s and allow 1 Terabyte of download allowance a month (after which capped to 3Mb/s). So simple pricing, and no excess charges. It would include one IPv4 and a block of IPv6.

What do people think?

2016-02-06

Future of BT?

Some has asked about splitting BT and the like, but I did have some thoughts.

I do think that the technology has moved on and a heck of a lot of the lines in the country are capable of getting VDSL from the cabinet now. (Fibre To The Cabinet, Infinity, etc)

It seems odd that we even have a copper pair to the exchange - makes more sense to be the cabinet with an MSAN but sold by the likes of Openreach to any CP connection at the exchange with SIP for voice and ethernet port/VLAN for data. Why have a copper part to the exchange at all. Do an "outside the exchange" cab for direct exchange lines even.

In some ways new SOGEA will get close, but not offering the voice on the pair. And to some extent the idea of data only connectivity is sensible in the long term. However, there are silly people wanting old fashioned copper pairs to something I guess for a while.

I think the problem may have been regulatory - what you need there is OR to be operating this as a non-profit maybe. Though you have to work out where the capital investment comes in.

This seems more sensible than sub-loop unbundling to me. And could move on to FTTP or DP based DSL in the same way - hand over at the exchange as ethernet with SIP and all sorted.

Sorry if too technical - just a bit if techy rant this time.

2016-02-03

Blood pressure

Stuff that they just don't tell you at school.

OK, there was a lot of shit at school, but very little on "life" and what happens in life and getting old.

I have diabetes, and I knew about that solely because my mum had it, and so was ready for it.

Blood pressure issues is a new one - I was always scared of this. Largely because you get asked "are you on blood pressure medication" when buying Sudafed.

But actually it is one of those odd conditions. For many, high blood pressure has no symptoms apart from high risk of suddenly being dead.

For me it has some symptoms. One I notice is that with high blood pressure, excessive alcohol consumption causes really very bad headaches and unwell feelings. Not like any normal hangover. Seriously this is not at all nice.

But also, and what I had not noticed, is a general "not that well" feeling - tired early in the day. Not doing that well mentally. I did not notice any of this until taking meds for blood pressure made it all go away. I feel way better now.

The meds have side effects - one was a nasty rash! The one I have now is a cough. But the meds do work.

So, seriously, check it out. High blood pressure may be a "symptomless" issue (apart from suddenly being dead) but it may be making your life shit without your realising it - get checked out and medicated!

Copyright reform

Some very simple comments on this.

1. Yes, artists need some way to get paid for their work.

2. Current copyright law is broken in far too many ways and was written before the Internet and computers.

One of the things I would like is the idea that I can buy a copy of something, a book, or film, or computer programme, or picture, or TV show or something, and I own a "copy" of it. I "own" a right to view/access it at any time in any way I like.

That, like owning a real book or VHS tape or DVD, means I can watch/view it, and the choice of device on which I do so should not be a problem.

Indeed, like a book, I can lend it to friends and family - maybe some "family sharing" system as iTunes has.

I am pleased to say that some systems are close to this, but within each system. I have paid for loads of movies and TV shows on iTunes, and some on Sky TV. I have paid for books on two types of e-reader things including Kindle.

But ideally I should only have to pay once, and I "own" a copy. The platform should not matter. I can understand if there is some nominal fee for spreading what I own to a new platform - cheaper if I do it in bulk for all I have. But ideally once I own a copy of NCIS Series 1 Episode 1 in HD, I should damn well *own* it!

We need copyright law that allows the various platform operators like Sky, and iTunes, and Amazon, and whatever (XBOX?) to be able to recognise that somehow I own a copy of something and therefore be legally allowed to stream it or download and play it to me on any device. These operators make money selling me new content and by ongoing subscription or such.

Basically, the underlying notion of "copying" being the right that is protected is bullshit and nonsense. It was created in a time when copying was a "hard" thing to do. Now we live in a world where copying is transient and costless in all practical terms. So we need the idea of a person owning a logical "copy" of a work and once they do so being able to access and view that as they wish with the underlying "copy" process being totally irrelevant.

The price of snooping

One the the huge unknowns aspects of the Draft Investigatory Powers Bill is the cost of compliance.

The unknowns for ISPs are the data that is to be generated and recorded, and which ISPs will be targeted. Nobody knows exactly what is intended now, and what could be asked for later once in law.

At present the bill simply requires a "non-zero contribution" to the costs. Why the hell say "non-zero" in the law, that is nonsense, as paying 1p would meet it and be the same as zero for all practical purposes. It is a stupid thing to say.

The Science and Technology Committee has now reported, and has made some good points. But one of the key points is :-

"The Government should reconsider its reluctance for including in the Bill an explicit commitment that Government will pay the full costs incurred by compliance."

This is important and saying that ISPs should indeed get paid for providing this service.

And let's be clear here, this is a service we are being asked to provide if the bill goes through.

When the police buy toner for their photocopier, do they make a "non-zero contribution" to the cost of that toner? No... Do they pay the cost price for that toner? No, they pay a commercial rate for the toner and the supplier gets to run a business and make a profit.

Everyone supplying goods and services to law enforcement does so on a normal commercial basis as a business.

It seems ludicrous to say that ISPs are somehow special and should provide a valuable and costly service without being paid a proper normal commercial rate for that service. Saying they have to provide it "at cost" is crazy, as it saying that they should get even less as a "contribution".

I really cannot see why this is even an issue. Or do we all feel that every service supplier to law enforcement should provide the service at no profit at all, or below cost - effectively conscripting us all in to law enforcement?

2016-02-01

Will Govnt allow companies to offer communications services which can't be read?

In spite of saying that I had not made clear what I was asking the government to actually do, they have now published my revised petition which is the same but says I am asking them to answer a question.

Please sign https://petition.parliament.uk/petitions/120148



So let's try and get a straight answer shall we?

FB9000

I know techies follow this, so I thought it was worth posting and explaining... The FB9000 is the latest FireBrick. It is the "ISP...