Peccavi

Interesting Times

2011-09-20T23:04:00.001Z

I’ve been thinking a bit about the fact that we’re living in a time of monumental change that is running rings around the established systems of the world.

First consider that the world we live in now is one where the average computing power, and digital storage available to individuals is increasing at a rate that is roughly equivalent to a 64x improvement in performance, capacity or cost-effectiveness over the lifetime of an average political leader ( 8 years ). Those in nominal control of things haven’t got the beginnings of a clue what that actually means, they are struggling to come to terms with the concept that stuff that was functionally impossible a handful of years ago is easily managed by a school-kid with a phone today. And the idea that such school kids might actually have experience with the complex multi-tasking needed to marshal armies is something that I suspect rarely bothers them but it probably should, after all hundreds of millions of hours are spent by the youth of today doing just that, only they call it online gaming.

Have a read of Ben Hammersley’s awesome speech last month to the IAAC. He puts forward some ideas there that are well worth reading at any point in time but it is truly worrying to think about the conceptual problem the rulers of the world have given the things that are happening right now.

So there are clear problems with “The Suits” trying to get their collective heads around security and governance in a world that changes faster than they can change their ties and pin stripes but so far they have mostly only been dealing with the effects of revolutions in communications capabilities and patterns. Now even those can be dramatic – the Arab Spring and the London Riots both showed how social networks and cell phones can pose existential threats to governments. It is interesting to note that these are proven existential threats, unlike the fake existential threats that Hammersley talks about that have prompted the ridiculous security theatre of Airports and the rest of the pointless moves towards a ubiquitous surveillance society.

Now think about the following two articles I read today about some interesting legal edge cases in the world of 3D printing.

3D Printed parts for Automatic Weapons.

ATM Skimmer Gang invests in 3D printer.

Once the ability to print your own guns, and any other illegal machinery of your choice, gets out there it will be out there and no amount of banning will put that genie back in the bottle.

Interesting Times doesn’t even begin to describe what I suspect is about to happen.

I think that despite my previous rant about being able to buy Rule-34 as an e-book that I really should go out and get a copy.

What the austerity plan actual means to you and me.

2011-07-29T21:45:00.001Z

So we now have some fairly solid information about what the next three to four years worth of budgets are going to look like.

It’s pretty fucking savage: To put it in easy to understand terms, take 60% of your current gross salary - that’s effectively what you will be earning in 2014 in todays terms.

Now I know that this is what is needed in order for this particular plan to succeed but I don’t think the average sod on the street understands precisely what that means for the amount of money they will have left if it does actually work.

Oh and that’s before we even begin to consider paying for the banks. This part is just about getting our current budget balanced.

There are actually some long overdue and good ideas for reform in the plan too, but I don’t think there will be anyone worthwhile left in the country by 2014 for them to matter.

The Numbers, for those who are interested.

Income Taxes: The plan outlines €1.5bn in tax increases from additional individual direct taxation ( ie you pay more tax, get lower tax credits or pay some new taxes ). Since there are about 2.2million individual tax payers in the country tat will average out at an extra €700 per annum. given the income distribution of those earners the _average_ PAYE tax payer will be paying around €1000 more in direct taxes next year.

Spending Cuts: Then there will be €2.1 billion in spending cuts. A significant chunk of that will hit the less well off via social welfare cuts, and a nice chunk should be realised by trimming down the civil service numbers but at least €500m or so will come from reductions in general “benefits” – many things that are now free, or subsidized will have to be paid for adding up to another €250 or so per taxpayer. That’s money you have today that you wont have this time next year.

Where we have to get to: Now remember that we are €18bn or so out of balance and need to bring that down to about €15bn to hit the deficit target. This first step addresses €3.6bn of that. So by the start of 2014 every tax payer in the country will take home (on average) €4000 or so less than they do today on the same earnings. Those that earn around the average wages for the country will end up with about €5000 less net take home pay per annum.

Net Income per person: To put that in context someone on the average income in Ireland today (€35k) who will take home about €28k (after PAYE, USC, PRSI and the rest). Or in other words they will pay about €7k in tax. By 2014 the plan is that they will pay €12k in tax – an increase of about 71% in the individual direct tax burden.

Inflation: Meanwhile we have high double digit increases in Medical Insurance (20%+ so far), Electricity (Bord Gais 12%), Gas (Bord Gais again 22%), Petrol is up about 15% over the past 12 months and there is no sign that it will abate. These increases will continue and on average we will all pay about €1500 per annum more for these core necessities each year. Even if the now freeze those costs we are all going to be €1500 worse off per annum next year based on the increases that have already been confirmed.

Mortgages: A 20 year mortgage for the average house price as it was in 2008 ie €300k , calculated on a monthly repayment basis, at 4% costs €1812 per month. If the rate rises to 6% that increases to €2138 per month. The increase is €3920 per annum. The actual average outstanding mortgage is probably only €200k but even at that level your average punter will end up €2700 worse off.

Putting it all together: An average PAYE earner on €35k gross who has €28k to live on today will find that in three years they have the same buying power at that point in time that someone who earns €21.5k gross has today (about €19k net).

The Power, or something.

2011-06-16T23:09:00.001Z

I was sitting on the bus this morning, giggling away to Gift Grub, and reading a pretty engaging book on my phone (Joe Abercrombie’s “The Blade Itself”, quite good I have to say) when I noticed that the bloke beside me clearly had just acquired a new phone. Glancing across I then noticed that he was wearing a pretty sharp suit, lovely shiny shoes and had an impressive briefcase tucked under his seat.

Good for him I was thinking, nice to see the mercantile classes roughing it with rest of us on the suburban bus run.

Then I noticed that he was reading something called “The Power!” or “The Power of You” . I’m not sure of the name, blue sky with clouds on the cover, tag line of “Believe it and it WILL happen!!” or some such. I was having trouble not breaking down in fits of hysterics –– grinding my teeth and screaming “SAVE ME FROM TEH STOOPIDZ!!!” silently inside my head..

I could see that he was opening it for the first time and I developed the impression that this bloke had just landed a new job, after some level of desperation given the current climate, this was his first week and the new boss had given him his “favourite book”. So here he was trying to read some of it to see if the success his new boss seems to be able to command could possibly rub off if he could just find the right set of instructions. He hadn’t been able to read it earlier because he was so busy making sure he was impeccably turned out, no doubt the boss also says things like you can judge the quality of a man by his clothes. At least that’s how it played out in my head.

Now he might have been a journalist struggling through this drivel so he could write a really compelling critique on the stupidity of this type of self help book and I’d love that to be true but I strongly suspect my first impression is closer to the mark.

I mean even if you were such a journalist you wouldn’t be caught dead reading something from the inner circle of literary hell on Bloomsday, of all days. Surely.

Anyway I really wish I’d found this particular presentation yesterday because if I had I would have pulled it up on my phone, tapped him on the shoulder and told him that he would learn far more watching this for 5 minutes than from reading that whole book full of drivel.

Growth, Default and Pay in Ireland

2011-05-29T11:58:00.001Z

I’ve been following some rather disheartening debates about some fundamental aspects of our economy over the past few weeks. The lack of joined up thinking, and the complete unwillingness of most of the players in this game to honestly explain their long term objectives says a lot about how dishonest those who have any power in this country actually are.

The recent debates have covered both the high level macro problems of balancing growth, total employment and deficit reduction, as well as the (more) micro issues of the individual effects of taxation (in particular the new Universal Service charge), minimum wages and unemployment. There have been some interesting ideas and observations made but I’m astonished at the lack of joined up thinking.

We have, for example, the various business groups calling for things like reductions in minimum wages and the removal of agreements that enforce premium rates of pay for Sunday work. The main thrust of their arguments are that our minimum wage is too high (compared to the rest of Europe) and the premium agreement is an anachronism. This is not that different to the popular German view that Ireland shouldn’t be bailed out because we pay ourselves too much. And there is some merit in these points when taken in isolation.

Say we were to remove the minimum wage and remove the sunday premium. I don’t know how much either actually contribute to overall employment costs but since the existing premium under debate amounts to 30% and a market driven drop in real minimum wages is unlikely to drop total wage costs by more than 50% for those on the margin I think it’s reasonable to assume that the overall effect on employment costs can’t really be more than about 10-15%. Those are not trivial numbers but they aren’t huge either. Still let’s take them at face value. Our total Income tax take is about €8bn (and dropping) at the moment at an average effective tax rate of 10% or so indicating total income (of employees) coming in at around €80bn or so.

So if we were to drop the two rates and delivered the savings that the business groups would hope to see we might be able to remove about €8-12bn of their cost base (bonus!) but also a reduction in net individual income of the same amount from the economy (hmmh).

For the people we are talking about here (virtually all minimum wage, low end jobs) the effect cannot be that the affected employees will compensate for the reduction by saving less: they have no effective savings for the most part. They will either consume less, or consume less expensive replacements. For the non-export part of economy it means that there will have to be a contraction, GDP will be reduced. And there will be a multiplier effect, all sectors that serve the poorer sectors of the economy will contract by at least as much, and possibly some multiple of that. And there will be an effect on Government revenue – the reduction in pay will reduce USC and Income tax revenue directly by 10% or so and again the multiplier effect of the loss of that expenditure will impact VAT, Excise and Corporate tax revenue (from those low end product\service providers). It’s also worth noting that such downward personal income pressures will typically push up import substitution, hurting local businesses, since we are stuck in a fixed currency zone and comparative advantage pretty much dictates that most things can be manufactured and served more cost effectively from other countries.

The other core argument, and it’s a good and valid one, is that reducing business costs will increase employment, in particular in the vulnerable lower end of the market and increase overall competitiveness. These too have significant multiplier effects, assuming they result in lower product\service costs, and they should certainly drive export competitiveness, which by the way includes domestic tourist and entertainment revenue. This is why we are seeing the real push for this change coming from the larger business organisations and the catering\hospitality sector rather than the broader smaller firm groupings.

How big each effect will be is an unanswerable question, and the argument about merit hinges on the final equilibrium state you believe would be reached. Such changes are not a universal win.

However what is certain is that such changes, if implemented, will drive down personal income across the board. This is the desired outcome and we need to be clear what that means. The reality is that larger businesses and certain sectors desperately need us to deflate the local economy severely (by 20-30% at least) in order to regain global competitiveness. If we had a universally fair reduction in income coupled with a reduction in costs of living then this could seem like a “neutral” change in the longer term but one thing this cannot do is reduce our debt. And if we reduce income (either personal, or government) then our debts become more of a burden.

This is the core problem. We might be able to reduce government deficit, and reduce average wage costs and costs of living. These are things that are technically under our control but we cannot reduce the lump sum of our debt in this way. And if we make this extremely hard changes, and are successful, we will effectively inflate our debts by the same amount. That €100bn to €200bn hanging over our heads effectively becomes equivalent to €150 to €300bn. A 10 year repayment and austerity environment becomes a 15 year trial.

Add to this the reality that our current austerity regime has already started to produce contraction – we’ve got 0% growth at the moment and facing into 2-3% over the next 12 months. Add in the above contractions and deflationary pressures and our ability to service our debts, let alone repay them will disappear completely.

We’re living proof that for countries reducing expenditure when you are in a recession makes the recession worse.

We’re owed some better explanations about that the overall resolution plan actually is. The current platitudes about austerity, deficit reductions and returning to the market do nothing to explain how we can get from here (effectively bankrupt) to a viable end state in 3, 5 or 10 years time. Detailed analysis of how we can successfully reduce employee wage costs and cost of living in a sustainable way while not turning a horrific but arguably manageable national debt into something that will kill the country would be a good start.

And that’s before we start to talk about things like the effect on society of having 40% of the under 25 male population who are available for work being unemployed. That’s a social catastrophe of monumental proportions that would be very hard to deal with even if the economy was healthy. 5 years of those rates and you are breeding a widespread criminal or revolutionary class of the dispossessed – countries have fallen on a lot less.

The last few weeks have generated some positive buzz for Ireland with our high profile visitors and some interesting oratory by our glorious leader but I’m sorry to say that the big picture looks a lot worse today than it did three weeks ago.

iPhone Tracking–Apple’s Response

2011-04-27T13:05:00.001Z

This statement from Apple is just about the only viable explanation for the data that I see on my own iPhone:

This data is not the iPhone's location data-it is a subset (cache) of the crowd-sourced Wi-Fi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location. The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don't think the iPhone needs to store more than seven days of this data.

The far more detailed “local” tables are probably the source for the “crowd-sourced” data referred to above but I’ll be digging a bit more to see if there’s anything else lurking in the system databases.

It’s still technically possible for Apple to be harvesting location specific data that could be used to track users but I really don’t think so in the light of their previous statements, the actual structure of the data* that caused this latest batch of seriously uninformed speculation, and the obvious legal risks (in California, where Apple is based) associated with tracking anything that could then be mapped to real people.

Hopefully some sanity will prevail about this issue from here on.

That’s not to say that there aren’t huge risks associated with using crowd sourced location data, as Apple admit to doing a number of times here, but at least at this stage Apple do appear to be aware of the risks and concerns and have been acting accordingly.

* So far almost nobody appears to have actually examined the data with a view to understanding [a] whether it could be used for tracking or [b] why there are so many entries with identical timestamps. I know it’s silly to expect signs of intelligence on the internet but most of the echo-chamber chatter about this was truly uninformed and pathetic.

iPhone Tracking.

2011-04-26T16:58:00.001Z

The initial brouhaha has calmed down although the level of traditional media coverage was fairly awesome. I had a rather odd encounter with a strange woman on the corner of Green St and Barrack St in Cork on Saturday who felt led to [a] ask me was that an “I4” that I was using and [b] did I know that it was tracking my every move. Apparently she’d read about it in that well known tech journal, The Star, earlier and she was extremely concerned. She went on to explain to me that she used to work with US Intelligence, and to be fair her accent made that slightly plausible but I hope that US Intelligence agencies would hire agents that were less arbitrarily voluble and a lot more discerning in their sources than my over eager friend on Barrack St. Gotta love Cork though, it wouldn’t happen anywhere else.

Apart from that hilarious encounter I’ve had a chance to dig a bit further into the whole “consolidated.db” tracking issue. I have to say that the general commentary online is useless. Almost nobody has bothered to actually look at the data which is astonishing given how easy it is to find with the instructions provided.

Some of the best commentary I’ve seen so far has come from Frank Rieger here on his Knowledge Brings Fear blog. I think there is probably some truth to his assertion that this is the sort of thing that happens as a result of companies or individuals using a bug or bug like feature for plausible deniability but given the fact (as I’ll explain later) that the data is more or less useless for real tracking this is increasingly looking like a non-issue. Indeed if IT Forensics folks are using this to assert that they can covertly track iPhone users then I don’t think that sort of claim should be allowed stand up in court – the data is far to vague, and inconsistent for that.

As I said before there are four sets of tables. Within each group there are xxxLocation tables and xxxLocationLocal tables. All of the discussions I’ve seen talk about the Location tables and these are definitely the locations of cellular towers or WiFi Access points, not the location of the handset at all. It might be possible to deduce the handset location from these if the timestamps on them made any sense but they do not. The timestamps are grouped into batches with tens or hundreds of entries sharing the same timestamp which almost certainly corresponds to the time that Apple sent this location helper data down to the phone. I have 60k or so cell tower locations in my celllocation table but only a couple of hundred unique timestamps. This data might be useful in indicating that I had been within a few km of somewhere at some time but its so infrequent that I doubt that there is any “tracking” data that could ever be derived from it, even if the locations were reliable. And the locations aren’t “reliable” – more on that later.

You can broadly see where someone was over a timeframe of weeks, and by broadly I mean within a few tens of km or so, so I can see that I wandered over and back to Amsterdam, visited Eindhoven, Moscow and Bracknell over the past few months but there’s no way to tell where and when I was in the broader Dublin area on March 20th for example.

Anyway back to the main tables. One is CDMACellLocation and is used for CDMA Cell towers (indexed on MCC+SID+NID+BSSID , and dupes are not allowed by the index) Those are Mobile Country Code, System ID, Network ID and Base Station ID and they uniquely identify CDMA cellular towers globally. For the CellLocation table used for GSM Cellular towers the index uses MCC+MNC+LAC+CI and again duplicates aren’t allowed. The GSM keys correspond to Mobile Country Code, Mobile Network Code, Location Area Code and Cell Identity , again these uniquely identify a GSM cell tower globally. The WiFiLocation table is a lot simpler and it uses MAC addresses as a unique index.

Note that the indexes do not allow multiple entries – so these cannot be used for tracking for any practical purpose. They can be used to tell the last time that a particular cell was possibly nearby but the time resolution is a couple of days and the location is accurate to within a couple of km at best.

I’ve checked the data, not that I don’t trust the SQLite indexes but just to be able to say for certain, and all the tables contain only a single entry for each cell location.

Let me be 100% clear – the data in the CellLocation and Wifilocation tables on my iPhone are totally unusable for tracking, and any other advanced analysis of location patterns. As cached data to help speed up Celltower\WiFi AP based location triangulation they are quite useful though.

The spatial quality of these tables is quite dubious too. There are Celltowers in my table that are more than 100km from any location that I’ve been near in the last year and even one entry in Northern Italy that I know for certain I haven’t been near so even at that level this data is unusable in terms of telling where someone has been. For some reason my database also seems to have missed four days that I spent in Spain and I know I had my phone powered on there, and I was using it all the time although that trip to Spain might just be the one location where I never triggered any Location Aware apps.

In fact, given all of the above, I think that the issues with the temporal and spatial accuracy of the main tables, as far as tracking the user is concerned, make me think that someone decided to structure it this way so the data could not be used to track people.

Actual Tracking data.

Of far more interest to me is the user specific location info that seems to be logged in CellLocationLocal and CDMACellLocationLocal. There are far fewer of these 130 or so vs 60k in the celllocation table in my case, but they have accurate timestamps, locations that appear to be accurate to within a few hundred metres and speed\bearing data. There doesn’t appear to be any pattern to the logged data though so I need to do some more work there but at an average of 1 entry every three days isn’t a whole heap of tracking info. Even with location services enabled for 36 hours it only added an extra 20 or so entries.

Out of curiosity I enabled location tracking, and automatic updating, via Google’s native Latitude app for iPhone on Saturday. Google has now gathered a really impressive track of my movements since then that absolutely can be used to see where I’ve been at very accurate temporal and spatial resolutions – here it is catching a number of spots on my 18 minute walk from Hartlands Rd over to the The Evergreen just after 9:00PM on Sunday night. You can also see that I had a walk around the Lough earlier on, including a diversion that I took to get a cup of Coffee in a shop on Togher St.

This is an example of pretty useful tracking data but it generated a huge number of entries (about 1000 over a day and a half). If someone really wanted to secretly maintain a useful tracking database then that’s the sort of level of detail they’d need. The main thing I noticed as a result was that my iPhone ran out of juice after about 3 hours which makes it a bit useless.

Quinn, a name that I hate more and more every day.

2011-04-26T15:20:00.001Z

I was horrified to hear on the news today that the Government (with a straight face) has indicated that it would consider instituting a 2% levy _on consumers_ to pay for the €600m or so shortfall that Anglo Irish Bank (!) and Liberty Mutual say they will not take on board as part of their acquisition. The levels of crazy in this story are beyond belief.

For starters Quinn was one of Senior Demons on the the inner circle of the hell that brought us to where we are today. Sean Quinn’s insane CFD gambling on Anglo Irish shares was a significant trigger in the collapse. Of course there were many others in that same circle but the Quinn group was one of those sick beyond all belief organisations that frankly we should let die to serve as a lesson to all the others. I’ll admit that the jobs are important, but the blatant disregard for basic financial responsibility that the Quinn group practised for years is the sort of thing that needs to be eradicated with extreme prejudice.

The fact that Anglo Irish Bank are involved in this at all beggars belief. That they are doing so in this way is something I just can’t get my head around at all. Seriously WTF are Anglo doing buying an interest in any significant financial business? I thought they were on the road to structured euthanasia.

Who is owed this debt that is so important that I, someone who has never had a Quinn policy in my life, has to pay part of it? Why can’t they take they hit?. What happened the normal rules of capitalism? Did I miss some new government policy while I was flying all over the western hemisphere these past few months.

Seriously – my answer to this is no. You can’t have it from me, I’m not going to pay and if you want to you can put me in prison before I will allow any of my money to be spent to bail out yet another capitalist’s gambling debts. Sean Quinn may be a nice man but his addiction to high stakes gambling should not be my problem, or yours.

Restructuring (Again)

2011-04-26T15:05:00.001Z

Richard Porte has a very balanced commentary up on VOX Eu that clearly outlines why a restructuring of our debt burden is inevitable, and shouldn’t be viewed as either a disaster or a failure of the system. In a very good overview of the situation he also makes the very valid point that some private burden sharing would go a long way towards countering the vast moral hazard situation this has been brought about as a result of the 100% guarantees that investors in Irish banking have been given by the government.

It’s well worth a read although he makes an odd point at the end about the current account deficit that I don’t really understand. We now have the odd situation that we have a current account surplus (Portes’ data is a little out of date) because it reflects trade balances and our export sector is doing particularly well. This helps avoid some liquidity problems depending on what the various parties do with it but that is not _our_ money, or at least not the Government’s money and it will have no real impact on the Government Deficit which is the thing that is giving me sleepless nights.

As I understand it we are currently running a Government Deficit of around €15-18bn a year. I’m not sure precisely because the numbers are hard to find but total annual expenditure is somewhere between €48bn and €51bn and total annual revenue is around €33bn. We have committed to reducing that difference it around €750m-1000m (2%) by 2014 (or thereabouts). That is on top of an existing fiscal adjustment that adds up to around €4.5bn between tax hikes and spending cuts.

Our progress so far has been pretty good – few other countries have ever managed to contract this fast while remaining stable – but the remaining gap is, as Portes points out, an heroically ambitious target. It might be possible but _even_ if we manage to do that we will still end up with a debt that is 120% of GDP and interest rates that are likely to be punitive. Future growth and our ability to maintain a stable society are certainly at significant risk if we do as we are asked, and then still find ourselves paying more to service debts than on anything else.

The difference between what we spend now, and what we need to be spending is more than we spend on Health, Education or Social welfare. In effect we have committed to cuts that could be achieved by totally eliminating one of those. Obviously that wont happen but it is useful to clarify the scale of the heroic effort that we are going to have to put in in order to get out of this. Debt restructuring wont make that particular problem go away, but it will make it slightly less difficult to achieve, and it would at least make it possible that we could look forward to a future where a recovery was possible.

More detail on Apple’s iPhone Tracking Data

2011-04-22T18:16:00.001Z

It seems highly likely to me that the tracking data retained by iPhones and (currently) backed up in the collections.db database is fairly innocuous.

I pulled together some Perl scripts to analyse the data and have come to the following conclusions:

The CellLocation Table (8000 entries) is a subset of Apple’s global cell tower location database that is cached locally. The timestamps in this only makes sense if they are part of a batch update from some other source. In my case there about 100 distinct groups of location and they don’t match where I’ve been at any level smaller than about 50km and on a timescale of days. There are some really odd entries too – one in northern Italy that I haven’t even flown within 500 km of in the past year.
The WiFi Location table (60000 entries) has similar characteristics. It’s got groups of AP locations that also make no sense. My table correctly has a bunch of locations in Bracknell during March but there are also more than a hundred entries much further North at the same time in a curious east <-> west line that only makes sense if there is some caching process that pre-fetches a bunch of these to improve non-GPS positioning performance. All the MAC addresses listed appear to be infrastructure (AP’s) rather than user systems so the general threat from it is pretty limited.
The CellLocationLocal Table looks much more like tracking data but it only has 106 entries. All of these have unique timestamps, include altitude, speed and heading information and most importantly all seem to correspond very accurately (to within a few metres) with times and places that make sense even though they claim the accuracy is only 1500m. Thinking carefully about it all of these seem to correspond with times when I had the GPS function enabled. It looks to me as if this is data that Apple might actually be likely to harvest and could be sending home in order to improve their Cell Phone location maps.

Having discussed this with some folks and after reading the online commentary I think it’s pretty safe to say that this looks like a storm in a teacup. There is certainly some tracking data in the file, but it’s privacy risks are a lot less than they seemed. Apple don’t appear to be gathering location data that includes the DeviceID or any other details that could uniquely identify the user or phone. They could be sending that back along with such an identifier but I doubt that they would – having these tables structured in this way only makes sense if the primary purpose is to enable a local cache for quick location lookups.

Ultimately I’m a bit disappointed – I’d wanted to have a reliable record of where I’d been over the last year – but on the plus side it really doesn’t look as if Apple are harvesting data that could be used to spy on me. We’ll have to se what comes out on this over the next few days but I’m not losing any sleep over this.

iPhone Location Tracking

2011-04-20T19:08:00.001Z

The subject of iPhone’s tracking their owners locations has hit the Interwebs again because Pete Warden and Alasdair Allan just pulished a rather nifty application that extracts and maps out the location logs that iOS keeps.

Their application uses the location info that is acquired using cell tower triangulation which is of dubious accuracy (about 500m for me for the most part) and seems to have something weird going on with it’s timestamps in my case, but that might just be something strange about either my iPhone or O2’s network. They get all of this from the CellLocation table within the iOS database that Apple use to manage most of the OS system configs and functions (Consolidated.db). Finding the Database is a minor challenge given the instructions provided. Extracting the data is the work of a few clicks after that.

Interestingly they don’t mention the fact that there is dramatically more and far better GPS derived data in the Location table which has far fewer entries and only seems to log data when you are actively using a GPS app.

And there is a WiFiLocation database for those times that you have WiFi enabled that has logged about 8 times as much data as I have for Cell towers. That particular table intrigues me because it contains MAC addresses, and there appear to be lots of them (120k entries in that table). Interestingly it only records MAC addresses (along with location data and timestamps) not SSID’s which confirms one of my older assertions that SSID’s are useless for location tracking. I’m going to take a look at that table in much more detail to see whether I’ve been harvesting thousands of MAC address\Location combos silently over the past year.

It would be very interesting to know whether Apple extracts any of this data, and if so what it does with it. Kim Cameron had a lot to say about the risks of this last year when he made some fairly insightful remarks about the massive privacy holes in Apple’s Policy. At that point we were only talking about Apple gathering the user’s own device ID but I am at a loss to explain why Apple would have the phones log all of this location data if they did not intend to harvest it.

Funnily enough all three location tables also have a corresponding “Harvest” table but they are currently empty on my iPhone at least, perhaps they have plans for some future capabilities.

I’m thinking of putting something together that will allow us poor Windows users to get the data poured into a nice Map interface, Pete and Alasdair’s version is OSX only at the moment so I’m making do with Perl and Google Apps to see what data SkyNet has been collecting on me. It’s not very accurate as I noted above but it’s logged all 20 of my international trips over the past couple of months at some level.

Earthquakes and Tsunamis

2011-03-13T02:31:00.001Z

I’ve been following this with a seriously high horror quotient but the following quote from CNN live reduced me to tears:

Since the initial earthquake, there have been 250 aftershocks above 5.0 and almost 50 above 6.0, CNN's Chad Meyers said.

We live in a potentially savage world but that is so afar beyond the pale that I don;t know what to say – even one of those 250 “minor” quakes would reduce this country to rubble and anarchy – and these people have had to withstand hundreds of them.

I sincerely hope it gets better now , rather than worse.

Quack Medication and Professional Ethics

2011-03-12T11:48:00.001Z

I believe that the multi-billion pound\dollar alt-med "movement" is a real problem that is a shame on our society. Apart from the areas where it accidentally leverages placebo effects it does nothing positive at best, can be hugely destructive at worst and relies on fantasy and a denial of reality as fundamental principle.

As an example, the overwhelming medical research* out there indicates that Homeopathy does not, and cannot, deliver positive medical outcomes. I’m picking on them as an example but like the rest it’s a hugely profitable business based on fantasy. Fortunately, unlike some others (many herbal teas can be toxic in large doses for example), there is also zero risk of direct negative medical outcomes. The opportunity cost, however, can be fatal for those ill-informed enough to put their entire trust in it which is not a trivial consequence. As a business it’s about selling little bottles of water and sugar pills where the raw material costs of the ingredients are effectively zero. All real costs are for packaging, marketing and distribution alone. Even better they can make “stronger” products (ie more expensive ones) by (further) diluting the ingredients. Imagine how you could rake in the cash in any other business if you could persuade your customers to pay you twice as much for half the product. From a purely business perspective, that really is magic, but it needs a lot of effective marketing to convince people to pay for something that does nothing. Most of that marketing comes from effective placements in Pharmacies, because we’re all conditioned to trust our Pharmacists’ professional medical judgements.

That it exists at all may be an insult to rationality, but at some level if people want to be duped then I can’t fault a smart business for chasing that market. However a large part of its continued success stems from the fact that the public perception of its validity is massively inflated by the fact that Pharmacists appear to a casual consumer to consider them as perfectly valid medications.Now I know that many will argue that they are (usually) displayed and labelled in a way that separates them from real medications but I cannot understand how they can fail to acknowledge how weak that argument actually is.

From my perspective the fact that Pharmacists dole out Homeopathic and other “alt-med” quack cures would be like an Electrician who would happily wire up your house with wiring made from wool wrapped in paper. We don’t get duped by wool and paper pseudo-electricians of course but that’s because any fool can demonstrate that some wool wrapped in paper wont power your kettle. With medical issues we need trustworthy medical professionals to tell us whether some possible treatment will do what we need it to do. Proving medical outcomes is hard, requires expertise, and defending the rigour required by those processes in the face of the overwhelming force of the profitability of the quack medication industry is hard. Given the trust we put in Pharmacists I feel that they should be obliged to act ethically in this regard, and they don’t.

Before I go on I probably should also say that I don’t particularly trust the Pharmaceutical Industry as a whole, the companies that make all our (legal) drugs that is. It’s got its own problems, some of them immense, but for the most part their business is to make stuff that has genuine medical effects. For all the corruption that there may be there, they are accountable to rationality at some level and their products are subject to extensive scrutiny with regard to their benefits and harms. They are also profit-seeking scumbags in many cases, but they actually do deliver reality based medications that have transformed the medical outcomes of virtually everyone on the planet. They are subject to license (in most places) and have to act accordingly.

In Ireland we have a tightly controlled consumer pharmaceutical trade. I cannot buy more than a handful of paracetamol pills at a time (for well intentioned medical reasons), codeine based OTC painkillers are now only available after talking to a Pharmacist (again arguably a valid requirement that helps limit potential abuses), and pretty much any genuine medication has to be purchased through a regulated pharmacy. We give Pharmacies this monopoly because they are rigorously regulated as professionals and that provides benefits to us because they control the distribution of many beneficial but genuinely dangerous drugs.

The downside is that, as with any other monopoly scenario, we pay many times more for common drugs here than we otherwise would. If I recall correctly from my last trip to the US I could buy many common drugs (ibuprofen, aspirin, paracetamol, famatodine) easily in bulk at costs up to 40x lower than here. And if I can buy a couple of thousand ibuprofen pills in the US for the cost of a packet of 24 here then, frankly, the bloody pharmacists should be doing that for us instead and making it obvious to us when we are about to spend €5 on a couple of Neurofen that they could give us 100 generics for €1, or whatever. And by all means be careful about selling 1000 Paracetamol to anyone stupid\depressed enough to try and down them all in one go but don’t use that as a shotgun excuse to extort 95% profit margins from the 99% of the population who aren’t going to do that.

But all of that is a minor business ethics faux pas compared to the medical ethics catastrophe that is their willingness to collaborate with the various quack pseudo medication scams out there. The sight of magic cures sold by Pharmacies and presented as if they were on a par with real medication is a shocking example of profit trumping medical ethics. How on earth can anyone trust a pharmacist's ability to provide competent advice on taking medication when they also sell magic magnetic bracelets, water potions, Flower Power pills and Mr Fruity's Frightfully Useful Unguent. They might as well have displays for Ollivander's Magic Wands, quantum dream catchers, holographic pixie dust, compressed unicorn karma, blue moon crystals and other trans-dimensional snake oils sitting by the till under a sign that says "Guaranteed Cures for all your Ailments".

Frankly in doing this they whoring out their professional reputation in order to delude the vulnerable and make a quick buck. I really find that despicable. I’m sure their businesses are complex, and making a profit is relatively hard overall so in their defence I’d actually be happy enough to let them charge me 40x the cost for a few painkillers if I knew that cost also made their business viable enough that I would then trust their medical judgement when it came to the stuff they sell. But right now there is no way that I can, and I don’t see how anyone could.

As a possible compromise perhaps Pharmacists should be obliged to treat alt-med products in the same way that they deal with codeine based products: Hide them behind the counter and interview all potential customers. After all the purpose with the Codeine rule is to protect people from their own stupidity, so if they took the time to have a chat with anyone looking for magic water pills so as to explain what they actually contained, the real benefits\risks attached and then form a judgement as to whether the sale was going to be helpful to the customer before allowing it, then they could ethically continue to sell them.

-------------------------------------------------------------------

* You know the extensive actually scientific stuff with proper controls**, statistical analysis, peer review and openness about methodology.

** For placebo effects***, age cohorts, other drugs, blah blah.

***Now if Homeopathy was to rebrand themselves as “Placebopathy” and drop the magic water-bashing of minute trace dilutions imparting some mystical quantum molecular memory mumbo jumbo then we’d be getting somewhere.

Election Commentary

2011-02-10T21:05:00.001Z

Most of the Election Manifesto material from the various parties and the content of the debates has been depressingly thin on policies that have any chance of actually making a material difference to me or the country at large.

There are a few things being discussed that I like the sound of though:

FG’s proposal to change the Leaving certificate so Irish is no longer compulsory.
FG’s plan to overhaul broadband. I don’t believe the claims about direct employment there because broadband infrastructure deployment is capital not labour intensive so it will cost money we don’t have without meeting it’s main objective but in theory we’ll have great broadband options by 2014 even if it’ll be way too expensive for us paupers to afford.
FF\FG\Labour plans to overhaul the structure of the Dail\Senate. Not sure which plan I prefer and I don’t think there is any merit in doing this for reasons of saving money but any plan that tries to fix a system that is clearly broken is worth a shot.
FG (again) – An end to totally daft crap like the various construction tax write offs and upward only rent reviews. Both practices are obscene.
Labour – Burn some Bondholders.

Other than that I’ve yet to see anything that is really convincing. The fact that I like the flavour of more FG plans than others shouldn’t be taken as an indication that I’ve converted to the dark side although it does worry me that old age is slowly turning me into a blue shirt.

Adventurous policies I’d like to see but pigs will fly first unfortunately…

Dropping Irish as an official language. I’d go a lot a lot further than FG minor tweak – drop the pretence that there is any value in maintaining parity of access for Irish in all aspects of public life. It’s a joke, provides no benefit to the economy at large or the welfare of the overwhelming majority of the population. The economic cost of keeping it alive is enormous – given that teaching it consumes around a sixth to an eighth of all teaching resources at primary and post primary level. In effect that costs us around €1-2 billion a year keeping it alive, for no material benefit and frankly with pathetic results for all that cost. Overall the cost of maintaining Irish – covering the aforementioned education cost plus the duplication of all legislative procedures, legal documents and the various Gaeltacht subsidies pushes that number up well past €2 Billion per annum and it could be over €3 billion. If you are in favour of keeping Irish going then by all means pay for it yourself but I am not impressed with having over 10% of the taxes I pay going into maintaining it.
Go really aggressively green – build some nuclear power stations – Thorium by choice. Loadsa jobs, potential for some serious R&D upside, followed by serious export potential for the expertise gained, cheap power for decades, seriously cutting down on imported energy, hit our CO2 targets, Blah, Blah, Blah. Get in bed with the Chinese to fund it, they’ll love us for it and that would really give the Eurocrats something to chew down on. Your grandchildren will love you for it, and for a bonus you can have a healthy business selling medically useful isotopes and PU-238 to NASA so they can keep on exploring. Heck build a bunch and sell the power back to the rest of Europe - if we dropped Irish we could build 2-3 Giga-watt capable power stations per year, that’s about 50% of our current total capacity effectively for free. Which would you prefer keeping Irish on life support for €2bn per annum or free power for you and your children for the next 50 years? Net effect on the economy – by the time the first few come online [say 3 years, it’s worth being aggressive here] we’ll be saving a couple of billion per annum, making about €500 million profit on by products and we’ll have astonishingly cost competitive energy options for heavy industry.
Go back to the Catholic Church and get them to pay 100% of the costs of all of their past mistakes. Pass some laws to prevent them asking their parishioners for the cash – make sure it comes from the Vatican. We need the cash now folks, thanks, sorry ain’t good enough any more. I’d be looking for a couple of billion Euro there.
Revisit the pricing of our natural resources – I’ve no problem with Shell’s operation in Mayo or any of the rest but it’s absolutely insane that we do not impose a per unit levy\tax on the resources they extract. If it takes a complete revolution to do that alone it would be worth it. The Corrib gas field is estimated to contain 110 billion cubic meters of gas, at about 10kWhours/cubic meter that has a retail value of at least €30billion. I don’t see any reason why we can’t demand a good chunk of that up front – a levy similar to the corporate tax rate of 12.5% would yield a couple of hundred million a year for a very long time. And Shell ain’t short of the cash – they cleared $20bn last year.
An immediate end to closed shop pricing for professional services. This needs to apply to things like Medical Consultants, Lawyers and anyone else.who’s carved out a legally protected niche that allows them to command obscene fees. There’s easily a good chunk of a billion to be saved there in Government expenditures alone.
And someone needs to go through the HSE with an axe, a shotgun and a chainsaw and a BFG-9000. Easily cut out €2 billion worth of middle management. Put half of that back in to Nurses and keeping more hospitals\beds\emergency rooms open.

For starters.

There’s a good clear €4-5 billion in annual savings in there with the bonuses of loads major high tech heavy engineering jobs, increased competitiveness and better quality of life all round.

The reason we’re screwed is we’d never allow anyone to run the country who could even begin to contemplate things like that.

Questions for our Politicians

2011-02-03T00:02:00.001Z

I just watched an utterly shameful display of political fuckwittery of the highest order. We had senior(ish) representatives from what are now apparently our four main political parties (FF, FG, SF & Labour) gracing our National airwaves in order to catastrophically fail to explain what their plans would be for tax increases and expenditure cuts if they happen to get into power. They seemed to prefer to call each other names and bang out shrill party slogans with obviously no intention of actually communicating anything substantive.

In the interests of getting this straight for myself (my numbers may be off by a billion here or there, it doesn’t make any difference) I took a look at the numbers.

We are currently running our country by spending €14bn more than we make. We make €33bn. In the long term a 3% (or ~€1bn) deficit is more or less OK so we’re searching for a way to tax more and spend less so that €13bn difference goes away by 2014 or thereabouts. Now this is down from a €17bn problem prior to December if I recall correctly. But that extra few billion will only remain saved if the incoming government does not backtrack significantly on the measures already taken by the outgoing FF crew.

So all of our friends on TV tonight needed to say where they will find that €14bn and none of them could offer up anything that convincingly demonstrated more than a few hundred million worth of ideas. At best they were talking about stuff they might do this year, not how they would actually get us out of this.

To put that number in some perspective, these are the important taxes and expenditures for 2007, 2010 and 2011. Between them they account for about 75% of the whole equation.

	2010	2011	2007 (!!)
Income Tax	11.1	11.5	14.3
Corporation Tax	3.8	4.1	6.7
VAT	10.2	10.7	14.6
Excise\Stamp Duties	5.5	5.9	9.9
Education	-7.9	-8.4	-7.6
Social Welfare	-13.2	-14.2	-7.4
Health Services	-10.8	-10.6	-10.6

The 2007 numbers show just how extremely trashed the economy has been by the collapse – at that stage the four main sources of income exceeded the three main expenditure items by a more than 80%. Now income from them is 20% lower than the expenditure on those three alone.

Now ask yourself how any tweaking of the system can find €14bn in there without causing levels of hardship that are sure to cause a revolution.

Nobody is addressing this elephant in the room with any honesty – the numbers can be made add up but it’s got to be a combination of savage cuts in areas that haven’t seen real cuts yet (Education\Health), savage cuts in social welfare along with massive increases in Income tax, VAT and Excise. Corporation tax is a bust much as I would prefer it to be otherwise, any significant increase there will simply lead to offshoring of profits or disinvestment.

The problem with this is that the Irish population simply will not vote for someone who tells them that even if it is true and even if someone actually does manage to go so far as to implement it there will be blood on the streets. Note how outraged people are with the impact of the 2011 Budget, and just look at how trivial those changes actually were in the context of the immediate problem.

The other elephant in the room is that while growth could help make these numbers a lot more attainable the debt and interest burden required to fund ourselves until we get this into balance adds significantly to the problem – we’re running on a treadmill that’s accelerating there. And don’t forget that each €2bn in savings in expenditure translates into at least a 1% reduction in GDP if not more. So that’s another treadmill on top of the debt one that we have to race against.

Until someone puts some realistic numbers on genuine alternatives (wealth taxes that take into account the inevitable flight of wealth as a result, real property taxes, levies on natural resources (those gas fields off Mayo spring to mind) I can’t see how there’s any way out of this.

And I sure as hell don’t believe that any of our politicians have a clue how to do it either.

Then and Now – Running a Country into the Ground.

2011-02-01T22:37:00.001Z

Any monkey can run a business, or a country, when revenues are rising rapidly. It requires no skill to appear to be successful, because you can hide your mistakes easily and nobody asks hard questions when the money appears to be flowing. What does require skill and wisdom is recognising the danger that presents and acting pre-emptively to ensure that when your luck changes you are in a position to weather the storm. Clearly none of our politicians have that skill, the promises made in advance of the last election are worth examining now as a measure of how they are all guilty.

Fine Gael Election 2007 Manifesto (cut taxes and spend more and )
Labour Election 2007 Manifesto (sort of play with taxes and spend more to be fairer)
Fianna Fail Election 2007 Manifesto (spend more and cut taxes, oh and aren’t we great)

I’m amazed that it now appears to be blazingly obvious to everyone that the tax base we had at the time was fragile and over exposed to construction. The fact that not one of the above documents gave the slightest indication that building a sustainable, recession proof tax base was on anyone’s mind a mere 9 months before the current disaster started to unwind is a good indication that the same people are not really equipped to get us out of this mess, regardless of party. Whatever options they put forward for consideration this time, they better show some better analysis of both sustainability and actual vision. It gets even worse if you go back further.

And don’t get me started on the Greens. Or Sinn Fein for that matter. At least the bloody PD’s did us all a favour and died out.

Primetime had a few notable numbers that we should all keep in mind with the election looming. Obviously we’re all aware of these, and the even more tangible reduction in net income after the last few budgets but it’s worth remembering that this is how badly screwed we are. And we would still be here no matter who had won the last election…

Despite last Decembers budget we are still running at expenditure levels that are almost 50% higher than revenues and this is before any of the punitive effects of IMF\EU “bailout” funding kicks in.

	2007	2011
Tax Revenues	€48bn	€33bn
Unemployment	158000	349000
National Debt	€38bn	€93bn
Deficit	-€1bn (Surplus)	€14bn (deficit)
Average House Price	€340000	€191000

What I want to see is grovelling apologies across the board from all of these clowns and something that will genuinely convince me that they know how to [a] get us out of this and [b] make sure it can never happen again.

VHI and the drive to Co-Payment

2011-01-07T17:36:00.001Z

The country has reacted to the VHI’s announcement of increases of up to 45% with a mixture of outrage and shock. Call centres from all three Health Insurers have buckled under the response as people scramble to find a way to either reduce or avoid this hit.

The thing that I find absolutely unbelievable in all of this is the continuous harping on about the burden that VHI’s elderly members put on the system. The amount of complete garbage being thrown about beggars belief. The VHI is apparently suffering because some 20% of their members are 60 or over, and those people tend to claim a lot more. This isn’t a surprise folks, that’s sort of why they have actuaries and all the other expensive risk profiling staff they have employed but even without them it’s blatantly obvious that older members will claim more. For a medical insurance firm to turn around and say that those people are a burden on them that affects their profits doesn’t make any sense – these people have been members for decades, probably all their lives, and were under claiming or claiming nothing for many of those years. If the VHI were properly accounting for the risks their members presented they should have built up reserves to deal with the age profile of their members. I’d have some sympathy for Quinn or Aviva making the claim given the fact that they haven’t been around so long but even so their charges should allow them to meet their expected claims profile, including making assumptions about those members getting older and making more claims.

If the VHI are actually claiming that the claims that older people now represent a 45% higher burden than they previously expected them to be then frankly they are admitting to gross incompetence. I’ve no problem with increases being necessary, medical costs are rising too fast, but the VHI and other providers are in a distinctly powerful position to keep that under control. In any case I can’t believe that’s true at all, it’s just a convenient excuse. The real problem is that Plan B represents a style of plan that the VHI really wants to kill off because such comprehensive insurance is a bad idea because it removes any cost awareness from the members, and ideologically that’s a bad thing if you’re an insurer.

It seems to me that the motivation is that the VHI want to move the population en masse to co-payment based plans, because those are believed to encourage lower overall claims, and to do so in a way that avoids most of the specific debate that would take place about that if they were to do it any other way. Given that the people who have reacted to this are, by and large, younger people on Plan B and its ilk I suspect that it is all pretty much going according to plan and the VHI will be pretty happy provided most people elect to change plans rather than providers. Even if relatively few elderly members switch they will have made significant inroads into eliminating the real problem – the 500,000 odd younger people that they never want to see growing old on a non co-payment plan.

If I’m right then VHI will continue making the same claims about the elderly being a burden , and continue to equate elderly with Plan B participation while they repeat the dramatic hikes on the cost of those plans.

The joys of travel

2010-12-22T20:41:00.001Z

I’ve just finished a rather epic amount of business related travel (well epic for me at any rate) where I clocked up about fifty thousand km of flying over about 11 weeks – two US trips, about a half dozen hops over to The Netherlands and a couple of other hops to Spain and the UK. All while trying to finish up a major project that required me to spend a lot of time writing, editing and learning a bunch of new technical content for a course that I was developing.

For those of you travelling I have a couple of tips. Schipol Airport in Amsterdam is the best Airport I’ve found to get delayed in – lots of things to do when you’re trapped, plenty of places to crash for extended periods of time in reasonable comfort and some half decent places to eat even when you are stuck in the Departure\transit areas. Bristol Airport (Airfield would be a better description) is a shithole. Madrid’s alright, Austin is pretty good. In Newark you can keep yourself entertained by exiting the departure gate area and coming back in through the TSA security checks as often as you like. It’s amazing how the rules change every time you try this; take your boots off\don’t take your boots off, unpack your laptop or don’t, Is that an Umbrella!!!!. The best fun can be had by repeatedly going through with a bottle of water carefully stashed in your back pack. They love finding them, it brightens up their day and when you get the same screener for the second time in an hour they start to think you’re really a TSA plant who just might be carrying something else that is designed to test their success rate. Hey what can I say when you have a six hour stop over you have to be creative about your entertainment.

I was hoping to find that they would have the new back scatter X-Ray scanners in the US but was disappointed however they just introduced the new back scatter type scanners in Schipol at the start of December so I got to play with them on my last flight back. Now you are absolutely not allowed to remove your shoes in Schipol, presumably the fancy new machines are certified for all types of footwear. The best bit about the Schipol implementation though is that the displays are on the outside of the machine so once you come through you can grab a nearby seat and watch low res security porn along with the screeners. For the conscientious objectors amongst you I couldn’t figure out if there was any option but to go through the scanner although I can’t say for sure as nobody made an issue about it on my flight.

Thankfully nearly all airlines have now decided that “Flight Mode” on phones actually means something useful but for some reason European airlines still refuse to let you enable phones “until the cabin doors have opened” while in the US it’s OK to turn them on as soon as the tyres hit the ground. In any case it’s an improvement on the recent past when the flight attendants on some airlines (Lufthansa, I’m looking at you) would threaten to turf you off the plane if your electronics weren’t fully powered for the entire time you were on board.

Texas was a laugh. They do food very well for the most part and my personal favourite was a place called Rudy’s that specializes in Texas BBQ. Rudy’s is a Gas station\BBQ restaurant combination – sort of an up market truck stop. The various options for giving yourself liver poisoning by overdosing on barbecued meat were superb though. This sign on a one of the outbuildings sums it up quite well – and captures my Texas experience perfectly.

I was staying in a pretty basic residence style hotel in Round Rock that had no real restaurant and no bar. Next door was a delightful little eatery called “Joe’s Crab Shack”, part of a chain that’s pretty popular in Texas apparently. Anyway they served food (which was alright but the hefty portions more than made up for my quibbles about the style of preparation) and Joe’s had a Bar which I took as a sign that I should give them some business. It was good fun with plenty of Beer options and a wide range of other stuff including the delightful blue drink they call a SharkBite which comes in a Mason Jar and probably includes insurance cover for getting your stomach pumped later. The highlight of that trip was a conversation I had with “Hi I’m Tabitha and I’m going to be your server this evening”. To be fair to Tabitha she was very friendly and efficient, the beer was kept coming at the rate required and her desert suggestion was superb. However about half way through my meal she sat down opposite me, having noticed that I was reading a book (on my own travelling you see, so I read a lot) and came out with a line that was almost the funniest thing ever. Thankfully she didn’t quite get the quote 100% correct or I would have been unable to avoid collapsing in a heap on the floor, she was just genuinely curious about what anyone would be reading while out for some food. Anyway she sat down and said “What ya’ll readin’?” – At that point in time all I could think of was this bit of Bill Hicks comedy gold, coincidently recorded at gig in Austin.

I was so entertained that I doubled her tip. In hindsight I suspect she might even have been a Bill Hicks fan and planned that all along.

Property Taxes in Ireland

2010-10-14T22:40:00.001Z

Or how to alienate all your friends with one blog post.

The prospect of property taxes is getting a lot of coverage here in Ireland of late and I’ve been very disappointed with the tone of the debate. Too much of the “over my dead body”, “I paid my taxes already”, “what about the old folks” and not enough debate about whether it’s a good type of tax or a bad type of tax. Given that we’re all going to be paying a lot more taxes I’d like to see those being good taxes and that we have a decent discussion on what that means.

Good taxes are efficient, equitable, progressive, broad based, sustainable, hard to avoid, easy to collect and immune to external shocks. They take proportionately from everyone at a level that they can afford and provide the government with a predictable and stable income.We’re going to have more taxes – there’s no avoiding that and I would prefer that we got taxes that improved things in the long term. We’ve got a chance now to fix one of the most broken parts of the Irish tax system and we should be making an informed choice about it.

First off let me say that I’m all in favour of property taxes in general and even more of a fan if they are well thought out. As far as I can see they can have most of the characteristics of a good tax if they are properly implemented. The current “Stamp Duty” style of tax on property transactions is poorly structured and has major negative effects in terms of market effects the volatility of the government revenue stream it provides. A regular annual tax on property ownership that was used to eliminate stamp duty would be a much better approach from an economic perspective. I’ll look at the reasons why I think so at the end but first off lets figure out what it might look like and deal with the common counter arguments.

Let’s assume that the property tax will gravitate to a number that is equivalent to the average stamp duty/average time a house is owned so that over a fairly long time period we’re looking at something that is mostly revenue neutral. Let’s assume for the sake of roundness that this equates to an average current homeowner having paid €30k in stamp duty (which is near enough to 9% of the average house price at it’s peak) and people hanging onto houses for an average of 15 years so the tax will be around €2k per annum for an average house. I actually don’t think the tax should be that high, possibly half that smells about right to me but we’ll work with these numbers for now.

An inability to pay is going to be a valid and real concern for many people. The best suggestion I’ve seen for this is to use a system of deferrals – basically if you can’t pay according to some assessment criteria (e.g. it would result in > 50% of your net income being spent on housing) then some or all of the tax due could be deferred against the final disposal of the property (either by sale or inheritance).

Anyway onto the screams of why it wont work.

I’ve already paid my property taxes via stamp duty. True in a limited sense, not true enough though. Yes you have paid a tax already but if property taxes were properly levied based on the economic value of the property on a periodic basis and stamp duty was abolished (because it is a bad tax) then you would be no worse off in the long term. For people selling to trade up (or down) there is now no tax to pay so it will be easier to sell (good) and the cost of your new house will be lower (even better). Provided you hold on to your houses for less than 15 years you will actually be better off under this model. If you are a first time buyer now trading up the same fundamentals apply but you will also benefit from getting a free pass on the Stamp Duty that you didn;t have to pay but was priced into the cost of your first purchase by the market. In effect a first time buyer will be better off provided they sell within 30 years (or thereabouts). The only people who will be less well off in this case are those cashing out totally, or those who exceed those periods. Given how long they are (and the reality will be even longer) I don’t think this is a fair criticism of this sort of tax. Yes you will be paying more money now – but for the vast majority of people you wont be paying more in the long run.

What about the Old folks? And you can amend this to include the young folks who’s backs are to the wall because they’ve lost their jobs. There are many people out there who are on limited incomes, who scrimped and saved all their lives, braved out the 70’s and 80’s when it was really tough to buy and hold on to a house and are now left with nothing much apart from a house. Many of those will be pushed to, or even over the limit by a property tax. The best approach here is the deferral concept where either all, or a proportion of the tax due can be deferred against the value of the property and comes due when it’s sold or inherited. That’s not ideal from a taxation perspective as the revenue stream benefits of a regular property tax are lost but it means that the tax becomes fundamentally identical to the current stamp duty scenario so the transition can be made relatively painless for those who would genuinely suffer. Over time this will progressively hit older people more though – especially if they live in their homes for longer than 15 years which is currently pretty much what we expect. Then again if this encouraged sequential downsizing and a social transition towards structured private elderly\frail care housing developments then this would be a damn fine thing too for the longer term. I would really like to have that sort of option become practical here and this would encourage it.

Over my dead body/this is my house, I built it with my bare bands/Gerroutofit ye thieving Gummint carpetbaggers. Honestly John Galt appears to have set root in Ireland lately and it’s not pleasant. There are lots of issues behind this type of comment but I’m going to ignore the ones that are mostly about people just not wanting to pay their fair share of tax. That’s something we’ve got no choice about and I’m tired about the whinging - people seem to forget that we have taxes for good reasons as well as the current high profile bad ones and even now most of the money is being spent for good reasons. In any case how and why you got\built or grew your house is irrelevant but you own it and it has both an asset value and it delivers an ongoing benefit to you. Sure you are paying for it (most of you anyway) but it is also returning a regular income to you in the form of rent that you would otherwise have to pay. If you put the money in a bank, generating interest and rented a house then you’d have to pay taxes on the investment income and also pay rent after all. There’s no logical reason to treat the invisible income from an investment in a home any differently from other income, certainly not here where home ownership is somewhere north of 80%. That income may not come in the form of money but it is still income. Just as the benefit I get from having a company car has to be taxed the effective saving a house owner makes from not having to pay rent should be taxed, and property taxes do just that. For those with mortgages that probably should be offset (somewhat) by the mortgage interest payments but the economic benefit of accurately pricing home ownership and rental the same way from a tax perspective are significant.

But I bought this as my retirement fund. Well whoop-de-do. It was a good strategy at the time, by far the most tax efficient thing to do but frankly not economically healthy for the rest of us. And just because it used to be a tax free (or very tax efficient) way of stashing away money doesn’t mean it should remain that way. This is particularly true for the 250k second homes out there sitting idle. The current system encouraged capital to be invested in properties that are now a total deadweight from an economic perspective. Taxing them actively will help prevent that sort of gross misallocation of resources in the future and go some way towards pulling some of those vacant follies back into the productive part of the economy. First, second and whatnot houses should all be treated and taxed the same way – the current second home levy is a bad concept and should be ditched along with stamp duty. Remember if there’s a genuine financial stress issue with this then my earlier comments regarding deferrals is a fair way to deal with that. In the longer term I have little sympathy – my own retire-early-with-a-fat-pension prospects have been substantially scuppered by the mismanagement of the economy by those who fed the property boom so I see no reason why anyone involved, even someone who simply bought a house as an “investment” should be given any particularly special treatment.

We’ll lose the family home when Mom\Dad dies. Grow up. Seriously. If you’re that worried then do something about that now and help Mom and Pop pay the bill today. If you can’t then you can’t afford the house when you inherit it anyway.

On the plus side:

Immediately delivers a long term stable revenue stream for the government. This is the key benefit – instead of having a massive decade long hole in the public finances the government gets to pull in a tax revenue stream that will remain immune to economic cycles. That’s a very good thing. One way or another the government is going to get that money out of us but this way they get the cash they need now in a way that will prevent them screwing things up repeatedly in future. That’s a win.

It’s progressive and equitable. By definition – if you have a bigger, better house or more of them then you will pay more and you should because you are richer. If you don’t own property (and are by definition poorer) then you don’t pay. It’s a tax that almost everyone will have to pay (or defer) since over 80% of the households in the country own houses but it’s one that will by and large be imposed on the basis of relative wealth. Those who made paper millions by having and holding onto a nice house in a good area since 1980 will be hurt but they should be allowed defer [some of] the payment if it’s punitive and, to be brutal about it, anyone in that position did absolutely nothing to earn the €1.5million that the house they paid €20k for is now worth.

It’s hard to avoid. Again it’s pretty obvious but tax avoidance and evasion are going to be huge issues over the next couple of years and a simple (or relatively simple) property tax code based on real valuations (or good proxies to them) should be relatively immune to abuse.

Its economically efficient. I’m not sure if efficient is the right word but if something is taxed as if it generates income then basic economic forces will lead to more accurate pricing (no more bubbles which is a good thing*) and will help prevent wasteful resource allocation (no more, or fewer ghost estates). To be fair the elimination of all of the dodgy tax-exemptions for building trash pits will do more on this front but having a property tax apply to property as soon as land is zoned for development will go a long way towards making sure that waste is avoided.

More to follow – I’ve got to look into the issues of property (and other investment asset) taxes and corporate entities. I think that the same basic principles need to apply but I’ve no idea what the current scenario is.

* unfortunately no more bubbles and efficient pricing of the housing market would mean that it will be about 10-15 years before there’s any chance that house prices will recover to 2006 levels assuming we get out of the current mess in a year or two. That would also mean that homes would never gain be a “good” investment. They will be safe and stable and affordable though which is what we really should be looking for, isn’t it?

IPMI Serial over LAN

2010-08-23T23:29:00.001Z

Almost every server you are likely to come across has a built in baseboard management controller (BMC) that supports a pretty decent, if basic, set of out of band management tools. You can use this to remote manage the power state of your server (Check power state, power on\off\cycle), query fan\temperature\power supply sensors and get some information about the system (Serial numbers, basic spec). Life is a lot more pleasant for remote Server support with a full blown iDRAC\RiLO but IPMI can save you a lot of grief if you take a few minutes to set it up.

On systems that have an IPMI aware Operating System you can usually get the OS Host name as well which is a useful thing to check if you are using IPMI to forcibly reboot a box that you can’t actually get to physically. If you have a system that supports IPMI V2 (which I’d expect any server that’s under about 4 years old) you also get Serial over LAN (SOL) support which is very handy – you can remotely redirect the character mode console display and interact with the system over a LAN connection, at least until it switches to GUI mode. For most Linux distros it’s pretty easy to set it up so that you can log in over SOL.

Configuring basic IPMI operation is generally pretty straightforward but getting SOL requires a couple of more steps.

The main IPMI configuration has to be carried out at boot via the BMC option ROM – on Dell’s 9th and 10th gen servers (like the PE 2950\PE 1950\PE R300) you get prompted to “Press CTRL+E to enable Remote Access in 5 seconds”. Once in this option ROM setup screen you need to set up to following:

Set “IPMI over LAN” to ON
Set “Nic Selection” to shared unless you have a dedicated management port. In this mode the IPMI NIC piggybacks on the first on board NIC’s port but has a separate MAC address.
Open the “LAN Parameters” Section

Set “IP Address Source” to Static
Configure your ip address, subnet mask, default gateway and hostname to some useful values
Set “RMCP+ Encryption Key” something strong if you want to boost the security a bit – by default this is blank and the authentication handshake is really insecure.
Set “VLAN Enable” to On, and configure the VLAN if you have a separate management VLAN.

Return to the main menu and open the LAN User Configuration Section

The default user is root, level is admin, password is calvin
Set “Account User Login” to something other than the default
Pick a good password (secure but usable on a telnet screen where backspace is iffy)
Confirm the password.

Basic IPMI functions should now work and things like ipmitool and ipmish that you can download as part of the Dell DMC Utility will allow you to explore the options.

The following will now remotely power on a system where the default username hasn’t been updated.

ipmish -ip 192.168.1.10 -u root -p calvin power on

And the following will give you some info about the system and what it’s running:

ipmish -ip 192.168.1.10 -u root -p calvin sysinfo fru

Board Language Code             : English
Board Product Name              : FRU17T,DELL P/N
Board Serial Number             : CN1247088P007Z
Board Part Number               : 9JZ1294B0
Board FRU File ID               : 01
Host Name                       : helvickesx
Product Model                   : PowerEdge R300
Asset Tag                       :
Service Tag                     : 3A4CD9J
BIOS Version                    : 1.2.0
System OS Name                  : VMware ESXi 4.1.0 build-235786

ipmitool gives you more commands although some are not applicable to all platforms but it can give you more detail than you get with ipmish.

These are quite nifty things to be able to do with a powered off Server but the real plus with IPMI V2 is SOL. Enabling this requires a couple of more steps.

Reboot the machine and press F2 to open up the main BIOS configuration screen
Open up the “Serial Communication” section
Set “Serial Communication” to “On with Console Redirection to COM2” – It has to be COM2, COM1 will not work.
Don’t worry about the “External Serial Connector” setting
Set the “Remote Terminal Type” to VT100\VT220
Set “Redirection after Boot” to Enabled – We want to be able to get into the BIOS after all.

For real Operating Systems you can redirect both boot and a terminal that you can login with through this interface – Brice Goglin has some details here on how to modify Grub and /etc/inittab to achieve this in his article on setting up IPMI.

To connect to your redirected console you can now use the sol capability of ipmitool :

ipmitool -I lanplus -H 192.168.1.10 -U root -P calvin sol activate

This implements a simple Telnet emulation that talks directly to the SOL protocol in the BMC and is the easiest way to check that it works. It renders anything other than very simple text quite poorly though and I prefer to use the SOL proxy that comes with the BMC Utilities to provide a more capable Telnet terminal connection. Once that is running connect via Telnet over port 623 to the machine running the proxy using your preferred Telnet client – Putty handles it pretty well. Once connected to the SOL proxy you then have to connect to your server’s BMC and activate the SOL proxy so it is a few more steps but the improved console is worth it if you are going to be playing around in the BIOS.

The basic steps are almost identical on all Dell 9, 10 & 11G servers and shouldn’t be dramatically different on any system running an Avocent BMC (which is most of them).

Once you are connected via SOL there are some useful escape combinations that are worth remembering:

~. exit the console.
<esc>1 F1
<esc>2 F2
<esc>0 F10
<esc>@ F12

Clever Web Meme – I Write Like..

2010-07-15T22:29:00.001Z

There’s a clever web site doing the rounds at the moment: “I Write Like” analyses the glorious, flowing prose that you’ve crafted and then tells you that you write so amazingly well that you will have publishers falling over themselves to sign you up as their next big thing.[1]

I waved one of my less awful screeds over the magic joojoo beans and Lo! I write like William Gibson - my dream of being a filthy rich SF author idling away my days on a beach in Montserrat sipping Mojitos may actually come true. And pigs may fly too, no doubt. [2]

The site’s traffic stats, posted earlier on their own blog, shows a growth rate that must be the envy of Web 2.0 entrepreneurs across the globe - they soared two hundred thousand visitors from a standing start in about three days and it’s not showing any signs of slowing. Clearly the herds of blogging sheep have been dazzled by the bright shiny thing that penders to its collective ego and have responded as required by advertising it to the four corners of the world. [3]

Of course the chattering classes of the Web have risen to the bait and there has been a flood of shrill criticism of the site’s white-male-author bias. The crazies have awoken having found fresh troll food, wailing about the lack of diversity and the insults to minorities and the oppressed everywhere. Clearly the end of days is at hand. But then, I knew that already, it’s always the same. [4]

If an improved version manages to correctly identify my style as that of “Concerned of Turnbridge Wells” then we’ll all know that it has actually matured into a genuine style analysis utility. Traffic will plummet of course, a clever business idea will fade into oblivion and nobody will write about it. Which would be a real fucking shame. [5]

Dan Brown
Vladimir Nabokov
David Foster Wallace
Ray Bradbury
Margaret Atwood

I was hoping to get Douglas Adams or HP Lovecraft in there but apparently I’m not in the mood. And yeah, I know that [a] I can’t actually write like any of these people and [b] testing short paragraphs is cheating but [c] it’s fun so get over it. :) [6]

6. Harry Harrison.

Apple and location based tracking

2010-06-26T20:11:00.001Z

Kim Cameron just posted an interesting blog post about the latest changes to Apple’s iTunes Terms of Use. He noticed a rather alarming change to the Privacy Policy which I’m ashamed to say I missed entirely when I blithely accepted the changes earlier this week. My bad. Anyway these terms of use are a no-opt out agreement that you have to accept if you are going to use iTunes and be able to either activate your shiny new iPhone or deploy any apps to it.

The kicker is this part of the revised document:

Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

Note the weasel terms at the end – they may share it with those people but they say nothing about whether they can share it with others, they don’t really clarify that very well. And also note that it is not just Apple – it is Apple and its partners and licensees.

Kim’s follow up on a Consumerist piece from June 21st indicates that the change was made a number of days before I saw the Terms of Use up date on my iPhone so the timing is a bit of a puzzle. Still the point remains – Apple is building a huge database of participants who have “consented” to being put in a global location tracking database. Kim’s right in pointing out that the timing of this change is a bit supect given the high profile attention being focussed on Google’s location tracking practices of late. A key reason for doing this must be that they hope to be able to defend their location tracking practices from legal challenges that they expect to happen now that the Google WiFi ID scanning has become such a serious issue.

However there is another timing issue that should be borne in mind. The reason Apple are now more interested in location tracking, and precise location tracking at that, seems pretty obvious to me – accurate location data makes the new iOS 4 iAd feature* a killer advertising platform. Minority Report’s directed advertising only skims the surface of the possibilities – linking individually directed advertising to locations and even more specifically to location patterns makes the sort of things we’ve seen before (Google adverts for BP when I’m reading about oil slicks for example) seem trivial. Imagine the power of an iAd that knows what your location patterns are, and the sort of pre-emptive advertising that could support – trivially we’re talking about inserting an advert for Burger King as your phone realises you are following a regular route to McDonalds. The problem here is that for this to work Apple has to give this advanced level of location data to a whole bunch of people you probably do not want watching your every move. No doubt Google hoped to gather similar data (and possibly do with their Google Latitude product and Android phones) but Apple have cut directly to the chase as far as their customers are concerned.

The “partners and licensees may collect, use, and share precise location…” phrase got me thinking – if “licensees” were to include your employer could they use the data to track your specific location at all times? What if a private investigator wanted to be a licensee? Could they just pull in anyone’s location data they wished? How about PETA, Greenpeace or the someone like the BNP in the UK? I’m pretty hopeful there will be some serious controls that should prevent those specific scenarios but honestly, how can you be sure?

Kim also points out that when someone figures out how to map this data to a larger uber databases maintained by one of the global WiFi identifier scanning operations then its really hard not to see this as major privacy threat. The problem comes back once again to the use of globally unique identifiers and how they can be used to make undesirable connections between data sets– however if the iAd motivation is behind this then Apple really do need a globally unique identifier. The value in this data for advertising is that it is globally unique and personally identifying – Apple’s claims that it is not are absolute rubbish – the globally unique device ID of someone’s phone is just as much personally identifying as a real fingerprint.

I certainly think this is an issue (and clearly Kim does) but we seem to be in a fairly small minority at the moment. Looking at the coverage of the Google WiFi scanning debacle it’s interesting (and depressing) to note that there is almost no attention being paid to the privacy problems of “just” scanning for device identifiers.

* For some limited interpretation of the term “feature” – not one that’s really useful for end users but great for advertisers, obviously.

Progress

2010-06-23T22:53:00.001Z

From iFixit – via ArsTechnica

The always cool folks at iFixit have provided a nice disassembly and exploded final view of Apple’s latest phone.

That’s the entire logic board of the new iPhone 4. Similar in style to the equally minute logic board on the iPad and not far off actual size (at least on my screen). It’s astonishing to think that embedded in this we have:

1 Ghz CPU
Memory and IO controllers
Power management and Systems Management circuitry
512Meg RAM
16-32GB of Solid State Flash Storage.
3-axis Accelerometer \ 3-axis Gyroscope – a full 6 axis IMU \ Compass.
Bluetooth \ 802.11a\b\n Radio + FM Receiver (and Transmitter but disabled thus far)
Tri Band GSM Radio
PentaBand WCDMA 3G Radio
GPS (12 Channel)
Proximity sensor
Ambient light sensor
Multi-touch screen controller
USB Controller
960x640 video controller
MicroSIM reader
Stereo Microphone \ Speaker Hi Fi Audio
5Megapixel Still \ 720p HD Video Camera
0.5Megapixel Video Camera

OK so there area few other peripheral bits that actually have some part to play in those roles but the level of integration is incredible in any case. That’s 6 different radios (18 if you count each GPS receiver channel separately), 4 environmental sensors and more processing, storage and graphics power than a high end PC from 2000\2001 all in a strip that doesn’t take up much more volume than a credit card.

Whatever way you look at it that’s an amazing level of progress. If the same rate of change continues we’ll have the same sort of capabilities available in fingernail sized devices by 2020.

Mobile Fingerprinting

2010-06-20T23:35:00.001Z

Kim Cameron has been following through with some additional musings on the issues that have emerged from the Google WiFi Geolocation database debate and gives us a personal example from 2005 that shows how Bluetooth isn’t necessarily all that safe and how a simple behaviour (discoverability) can turn into a powerful tracking technology. It’s notable that even in 2005, when the idea of building a global database of identifiers was just a pipe dream, the problems were fairly clear as far as Kim was concerned.

I’d made a point in my earlier post that because these issues had been highlighted fairly early on in the commercial proliferation of Bluetooth that the manufacturers had pretty much sorted things out by adopting much safer defaults and implementing features like timeouts for discoverability. Newer devices are, by and large, better at keeping themselves quiet. Out of curiosity I just enabled Bluetooth on my iPhone and Laptop and scanned for nearby devices and found a total of 4 – my own two obviously showed up for each other but apparently someone called Danielle* has a phone nearby and there’s some other Bluetooth device that I could probably identify if I was to try to connect to it but I’m so not going there now. So even though there have been improvements in the field there are still some problems there. As an example of how this can be done intelligently – the iPhone’s Bluetooth is only “discoverable” when you have the Bluetooth menu open, it’s disabled once you close that menu.

There’s also the entire field of malicious interception of “secured” Bluetooth comms. It’s a sad fact that many devices use very poor pairing techniques and compromising the integrity of many supposedly secure Bluetooth connections isn’t particularly hard. From a casual users point of view that still serves a useful purpose – an entity like Google could never launch a global project to harvest Bluetooth ID’s using those techniques. That doesn’t stop some random attacker targeting individuals or small groups but at least it prevents large scale abuse, as I pointed out in my earlier post. As a healthy reminder of why my casual remark that the Bluetooth folks had made some good decisions shouldn’t be taken as a statement that Bluetooth is safe in anyway here’s a link to a presentation at this years Shmoocon about Bluetooth Keyboards which is really disturbing, especially (but not only) if you are still using XP.

*Name’s have been changed to protect those who devices are poorly configured. :)

This ain't going to end well

2010-06-18T20:41:00.002Z

Given my recent focus on WiFi scanning, geolocation and the potential for abuses of such data I was intrigued and horrified in equal measure when I read this Gizmodo article on the upcoming Nintendo 3DS

I'm not sure that it significantly adds anything new or increases the risks above and beyond those caused by the WiFi capability of current generation Nintendo DS\DSi handhelds but the "always on even when powered off" aspect seems a lot less like a good idea to me today than it would have a week or two ago and the silent integration with a WiFi GeoLocation system doesn't make me feel all warm and fuzzy I have to say.

So how much does a MAC address tell about you?

2010-06-08T23:53:00.001Z

Kim Cameron responded to my previous post making some very good point – you shouldn’t just dismiss the parts that can’t be solved by fixing the technology.

I’d discounted the payload snooping issue as a distraction because I’d believed (and still do) that it was almost certainly an unfortunate error. I’d then made the point that a legal barrier to a technical problem was insufficient to prevent the bad guys doing bad things but I used that as an excuse to ignore the problem – small scale abuses of this sort of thing are not good but systematic large scale abuses “benefit” from network scaling effects. You might not be able to prevent small scale\illegal abuse through legal means but just because you can’t does not mean that you can’t control large scale abuses this way. The benefits and dangers inherent in this data become exponentially worse as the scale of the database that contains it increases. Large scale means companies and companies react to regulation by being much more careful about what they do. If a technology that is already out there has major privacy issues the regulatory approach is the only way to keep a lid on the problem while the technologists argue about how to fix the bits. Even if we assume that the law was OK about companies creating Geo-location databases using WiFi SSID\MAC mapping, effective regulation would have made the additional mistake made by Google (assuming it was a mistake) much less likely.

Now the obvious question is should scanning for identifiers that are broadcast openly by all WiFi radio signals be acceptable and legal?

802.11 WiFi signals are pretty complex things - Wikipedia has a brief overview here for those who want to see the alphabet soup of standards involved. Despite the range of encoding\modulation schemes and the number of frequency bands and channels almost all 802.11 devices revert to a couple of basic communication modes. This makes it easy for devices to connect to each other, and it’s what makes public WiFi hotspots practical. However it also makes configuring a device to monitor WiFi traffic trivially easy – the hardware does all the heavy lifting and the standards don’t really do anything to stop it happening. An important feature of WiFi is that, even though the payload encryption standards can now be pretty robust, the data link layer is not protected from snooping. This means that the content (my Google searches, the video clip I’m streaming down from Youtube etc) can be pretty well kept away from prying eyes but, at what the Ethernet folks call layer 2, the logical structures called frames that carry your encrypted data transmit some control data in the open.

So even with WPA2’s thorough key management and AES encryption your WiFi traffic still contains quite a bit of chatter that isn’t hidden away. The really critical thing for me is that the layer 2 addresses, the Media Access Control (MAC) addresses, of the sender and receiver (generally your PC\Phone’s WiFi adaptor and your Access Point) for each frame are always visible. And remember that MAC addresses are globally unique identifiers by design. Individual WiFi networks are defined by another identifier, the Service Set Identifier or SSID – when you set up your home WiFi AP and call the network “MyWLAN” you are choosing an SSID. SSID’s are very important, you can’t connect to a wireless LAN without knowing the relevant SSID, but they are not secure even though they can be sort of hidden they are never protected and can always be seen by someone just watching your wireless traffic. Interestingly SSID’s are not globally unique – there’s generally no real issue so long as my chosen SSID doesn’t match that of another network that’s relatively close by.

So SSID’s are possibly visible but MAC addresses are definitely visible, and MAC addresses are unique. While driving along a street or sitting in a coffee shop, hotel lobby or conference room your WiFi adaptor will see dozens if not hundreds of WiFi packets all of which will contain globally unique MAC addresses. It is possible to hack some WiFi hardware to change the MAC address but that practice is rare. Your PC has a couple (one for the wired Ethernet adaptor which isn’t important here, and usually one for WiFi these days), your Wii\PS3\XBox-360 has one, so does your Nintendo DS, iPhone, PSP … you get the picture. Another feature of MAC addresses is that it is very easy to differentiate between the MAC address of a Linksys Access Point, an iPhone and a Nintendo DS – Network protocol analyzers have been doing that trick for decades.

So the systematic scanners out there (Google, Navizon, Skyhook and the rest) can drive around or recruit volunteers and gather location data and build databases of unique identifiers, device types, timestamps, signal strengths and possibly other data. The simplest (and most) benign use of that would be to pull out the ID’s of devices that are known to be fixed to one place (Access Points say) and use that for enabling Geo-location.

It’s not a big leap to also track the MAC addresses that are more mobile. Get enough data points over a couple of months or years and the database will certainly contain many repeat detections of mobile MAC addresses at many different locations, with a decent chance of being able to identify a home or work address to go with it. Kim Cameron describes the start of this cascade effect in his most recent post, mapping the attendees at a conference to home addresses even when they’ve never consented to any such tracking is not going to be hard if you’ve gone to the trouble of scanning every street in every city in the country. With a minor bit of further analysis the same techniques could be used to get a good idea of the travel or shopping habits of almost everyone sitting in an airport departure lounge or the home addresses of everyone participating in a Stop The War protest.

And remember that even though you can only effectively use WiFi to send and receive data over a range of a few 10’s to maybe a 100m you can detect and read WiFi signals easily from 100’s to 1000’s of metres away without any special equipment.

The plans to blanket London with “Free WiFi” start to sound quite disturbing when you think about those possibilities.

To answer my own title question – MAC addresses can tell far more about you than you think and keeping databases of where and when they’ve been seen can be extremely dangerous in terms of privacy.

What about Bluetooth?

Bluetooth is a slightly different animal. It’s also a short range radio standard for data communications but it was developed from the ground up to replace wires and the folks building the standard got a lot of stuff right. It doesn’t appear to be all that bad from a privacy leakage perspective – when implemented correctly nothing is sent in clear text (the entire frame is encoded, not just the payload) and the frequency hopping RF behaviour makes it much harder to casually snoop on specific conversations. Bluetooth devices have a Bluetooth Device ID that is very like a MAC address (48 bits), with a manufacturer ID that enables broad classification of devices if the ID can be discovered but most Bluetooth devices keep that hidden most of the time by defaulting to a “not visible” mode even when Bluetooth is enabled. When actively communicating (paired) all data is encrypted so the device ID’s are not visible to a third party. Almost all modern Bluetooth devices only allow themselves to remain openly visible in this way for a short period of time before they revert to a safer non broadcasting mode. The main weakness is that when devices are set to “visible” the unique identifiers and other data can be scanned remotely and used in just the same way as scanned WiFi MAC addresses. That’s not to say that Bluetooth doesn’t have its share of security problems but they made an attempt to get some of the fundamentals right. It does also show that there is a practical way to approach the wireless privacy challenge which is good to see.

Kim Cameron takes on Google’s StreetView

2010-06-06T22:38:00.001Z

I’ve been following Kim Cameron’s increasingly critical analysis of Google’s StreetView WiFi mapping data privacy debacle with some interest of late.

Some background might be in order for those interested in reading where he’s been coming from – start here and work forward. He’s been quite vocal and directed in his criticism and I have been surprised that his focus has been almost entirely on Google rather than on the underlying technical root cause. My initial view on the issue was that it was a stupid over-reaction to something that everyone has been doing for years, and that at least Google were being open about having logged too much data. I’m still of the opinion that the targeting of Google specifically is off base here, although I think Kim is right that there is a fundamental problem here.

Kim is probably the pre-eminent proponent and defender of strong authentication and privacy on the net at the moment. His Laws of Identity should be mandatory reading for anyone working with user data in any sort of context but especially for anyone working with online systems. He’s a hugely influential thought leader for doing the right thing and as a key technical leader within Microsoft he’s doing more than almost anyone else to lay the groundwork for a move away from our current reliance on insecure, privacy leaking methods of authentication. Let’s just say that I’m a fan.

For obvious reasons he has spotted the huge privacy problems associated with the practice of gathering WiFi SSID and MAC addresses and using them to create large scale geo-location databases. There are serious privacy issues here and despite my initial cynicism about this perhaps it’s a good thing that there has been a huge furore over what Google were doing.

Note that there were two issues in play here – the intentional data (the SSID’s, MAC addresses and geo-location info) and the unintentional data (actual user payloads). I’m only going to talk about the intentionally harvested data right now because that is the much trickier problem – few people would argue that having Google (or anyone) logging actual WiFi traffic from their homes is OK.

The problem that I see with Kim’s general position on this and the focus on Google’s activities alone is that he’s not seeing the wood for the trees. The problem of companies or individuals harvesting this data is minor compared to the problem that enables it. The technical standards that we all use to connect wirelessly with the endless array of devices that we all now have in our homes, use at work and carry on our person every day are promiscuous communicators of identifiers that can be easily and extensively misused. Even if Google are prevented by law from doing it, if the standards aren’t changed then someone else will.

First some history is in order. Google aren’t the first to do this not by a long shot. Google are the first to admit that they have harvested more data from these signals than just the base identifiers but you can be certain that all the other players did too, and many are probably still doing it. Skyhook were the first to exploit the idea commercially as far as I can tell and they have been partnering with Apple (and Yahoo amongst others) since at least 2008 to provide the fruits of this data to iPhone users. The geo-location capability of iPhones that was available prior to the release of the 3G, and that is still used when GPS data is poor, uses that data. Navizon provide Microsoft Live with their data – conveniently described as crowd sourced – which has a similar dubious provenance. All three systems use a combination of WiFi SSID\MAC and Cellular Phone Base Station IDs to provide geo-location in the +-100m range. Cisco provide techniques for companies to leverage their WiFi infrastructure to do something similar in reverse – their WiFi management consoles allow administrators to track the physical location of individual devices (ie people) within large sites with a high level of accuracy – IIRC Cisco claim to be able to give location data down to the sub 5m range. This is a common surveillance technique and an excellent covert tracking mechanism that is certainly in common use. Wardriving tools (like Kismet that Google modified for their StreetView scanners, AirScanner, NetStumber..) have been around since WiFi first became practical. That the technology enabled these sort of uses is not a sudden revelation. None of this is to claim that any of this is OK mind you, just that it is a blatantly obvious side effect of the technical standard and it will be used like this as a result.

Kim very rightly points out that just because Skyhook and others did it before them does not absolve Google of responsibility if what they did was an invasion of privacy. It would help if he pointed out that all the major OS vendors are using exactly the same techniques though and they are all equally guilty of the same crimes here. That Google have patent applications based on novel [ab]uses of broadcast WiFi signals is no real surprise – I know Intel have had similar things in the pipeline in the past and I’d be shocked if all the other major companies had missed out on that trick.

Anyway the reason all of these companies have used this data is because the 802.11 (and 3GPP\WCDMA\EVO cellular) standards make no attempt to secure these things. In fact the current software\hardware stacks go so far as to actively discourage users from disabling the broadcast features. Kim’s employers flagship end user OS, Windows 7, goes so far as to warn you that you are taking a security risk if you set up an access point that does not broadcast its SSID.

Wireless technologies work by broadcasting data. WiFi uses frequencies that have an effective range of tens of meters in congested dense buildings and tens of miles in open air. That in itself is no excuse for unauthorised third parties to intercept that data but if the standard is implemented so poorly that a blind chicken cannot fail but to have the data presented to them then there is no use telling anyone not to make use of it, if it is problematic then the technology should not enable it in the first place. While laws can prevent the likes of Google and Skyhook from harvesting this in countries that care to be strict about such things that is no solution to this problem. Kim makes a sincere point about this that totally misses the point in my view – under the strict reading of some fairly outdated legislation anyone logging their neighbour’s WiFi SSID could be guilty of a criminal offence in some jurisdictions. That may or may not be true, I’m not a lawyer, but in any event the fundamental problem is that it is not possible for me to prevent you logging that data even if I wanted to without denying myself the benefits of using the technology I’ve paid for. And a law that says you shouldn’t is no way to protect me from you.

Kim’s hypothetical Child molester can stalk a child using a WiFi adaptor’s MAC address because the people who wrote the operating systems and defined the WiFi standards allow the device to leak that data over the air to systems that are untrusted. Google’s [alleged] misuse of the data is a minor issue compared to the failure of those who invented and ratified the standards.

The reasons why this is the case are not trivial. It’s not simply that the people involved didn’t know how to make things secure, or that they didn’t care. The reality is that the WiFi standard we have now is a trade off where those security aspects were not a priority. It’s probably about time that we made them one, and I’d be very happy to see the current crusade move on from focussing on just Google and going after the IEEE and the 802.11 standards body.

New Server Gadgets

2010-04-08T19:52:00.001Z

iPads? Who needs ‘em, I’m a fan of bigger things. Apologies for the poor quality, I just grabbed a quick iPhone shot of the server’s Task Manager when I noticed just how crazy it looked.

See all those little boxes under CPU Usage History – that’s a lot of cores – 48 real cores to be precise on a 4 socket AMD Magny Cours (12 Core Opteron 6100) box that I was using today.

That’s all in a very sleek 2U server that is remarkably quiet. The main memory bandwidth on that is able to move about 20 DVD’s worth of data a sec (that’s a guess but there are 16x1066Mhz DDR3 channels on it so in theory it could push about 130GByte/sec).

The 32\64 Core Intel Beckton (Nehalem EX) based R910 that has just been released looks even crazier as it has 32 Hyperthreaded cores to go with its 32 real cores, and even more insane RAM.

We’re clearly well into the multi-core\multiprocessor era now. While this box isn’t cheap (probably about €15k-20k in this config) it’s still a fairly standard off the shelf product. We probably wont be seeing 48 core desktops in the next year but we will have 12 Core systems by the summer (if they aren’t out there already) and we will have 48 core home systems within a few years. Seems crazy to be able to say that when I’m still using the first multi core PC that I ever bought and it’s not even three years old.

That is provided this whole iPad fad wears off – after all what sort of computer is it if you have no idea how much RAM or CPU it has and how much of that is actually being used? :)

Should we have let the banks just fail..

2010-04-01T00:04:00.001Z

Last year I wasn’t sure, I certainly thought we should have let Anglo go bust but wasn’t sure about the rest. As someone with almost no assets I’d certainly be no worse off if any of the major banks were to go to the wall but I can see how simply abandoning AIB, BOI and the rest would have been bad for pretty much everyone. However the numbers we’re seeing now really are saying to me that we should have just let them all sink.

The argument that we’re being given is that we had to bail out and recapitalise all the various banks and financial institutions involved in the celtic tiger pyramid scheme because the consequences of letting them fail were too severe. Well were those consequences that we were so afraid of?

For starters we have all the folks who lose a lot of cash they have on deposit. That would be tough alright but that money was deposited with certain guarantees which did _not_ include full protection in the case of the banks being run by incompetant gombeens who couldn’t organise a piss up in a brewery. Interest was paid in return for accepting some (fairly remote) risk, but there was a risk. Still I would feel bad about all of you losing cash and those losses would really grind the economy to a halt. I’d also remind folks that the Government guarantees were not intended to protect your money in these banks so much as reassure the large bond holders that they would be protected. If push came to shove the government would let your money burn, and shrug about it the same way they shrug about the 50% depreciation in the value of your house.

Then we have those institutional investors. Frankly they do this sort of thing for a living and I could care less about them losing money and so should you but he Government seems particularly keen not to let these capitalists face up to some free market realities – you win some and you lose some. They certainly know that banks go bust on occasion and [should] factor that into their thinking. Those losses would have limited direct impact on the economy but would probably wipe out a fair few pension funds. They would make it very hard for the banks to borrow in future but we’re planning on letting them go bust so that’s no loss. Shame about your pension and it’s quite possible that those potential losses weighed quite heavily in the Governments decisions.

Moving on to the main claim by the Government on why the bailout must happen. In this case there is no sovereign debt default problem (the government isn’t involved at all really) so I can’t see how that should impact Irish Government borrowing but lets assume that markets are irrational and it does mean that international markets treat Ireland Government bonds like those from Greece, or Argentina or any other sovereign in real trouble. At the moment Greek government bonds are trading at 2-3% higher than Irish Government bonds because they are so dodgy. Assume that in this worst case alternative reality we simply retained our pre-existing national debt (€65bn as of July 2009) and had to pay 4% extra for 10 years to finance all of that. This wouldn’t be the case, of course, most of that debt is already fixed at nice low ~3% rates or such but lets leave it at that to account for debt growth and re-issuance of bonds to cover those that have matures.. Over 10 years the difference in our cost of borrowing as a nation would cost us €43bn more than it would if things had remained static at 2009 levels. That’s assuming we could have actually kept the total debt reasonably under control which seems to be working right now (apart from bank bailout\NAMA funding) even with all our other problems. That’s a pretty pessimistic outcome but it serves as a guideline for “what are we trying to avoid”..

So that’s what we’re trying to avoid. Back in the real world where we have bailed out the banks we’ve kept our borrowing costs under some control but, while we’re not in Greece or Argentina terrain, we have actually taken a 1-1.5% rate hit on the cost of funding our deficits. In addition we’re going to add about €80bn by the end of next year to our extended national debts (forget the off balance sheet\promissory note\deferred blah blah nonsense, someone has to pay to fund these things somehow over the next decade). That comes to around €36bn in interest over our 10 years assuming the extended capital protections for the banks and NAMA disposals break even and are structured in a way that ensures the debt used to cover them does not grow significantly and they are actually eventually paid back in full. Assuming our basic bond rates continue to demand a 1-2% premium then the financing of our pre-existing “normal” national debt will cost us about €6bn more over 10 years. Basically this is costing just as much as the worst case disaster we were trying to avoid and every spare cent we could ever imagine putting together has already been used up on the banks.

Clearly I’ve been quite simplistic here but I think the ballpark numbers are close enough to be well within the margins of error given that all of this depends on fluctuating (and hyptothetical) market rates.

So as I see it right now the bailout is going to cost us almost exactly as much as simply letting the banks fail and having the worst possible things happen as a result would have cost us. We’re still ahead because we’ve protected private and institutional depositors and bond holders within the country but that’s about it. As I see things we’d have been far better off sacrificing Anglo and one or two of the smaller outliers and focusing on protecting core depositors in AID\BOI rather than the protect everything forever approach. Right now I’m certain that the final cost of this bailout will significantly exceed what we would have had to pay to deal with the effects of simply letting Anglo\AIB\IL&P and the rest go under.

Seems like the wrong choice to me.

Ignorantia legis omnia excusat

2010-01-24T23:33:00.001Z

You know what they say about living in interesting times. I thought I’d seen it all over the past year or so but our establishment have outdone themselves with this latest example of how the privileged are building a mechanism to ensure they are above the law.

The whole Jim Flavin\Fyffes\DCC insider trading thing was serious at the time but chump change in light of all that has happened recently. The Shipsey report is mind boggling though, especially in the context of the times we live in. Matt Cooper has a good rant about it in today’s Sunday Times but frankly I don’t think he is nearly outraged enough.

Paul Appleby, the head of the Office of the Director of Corporate Enforcement (ODCE), the man responsible for ensuring corporate entities here in Ireland behave themselves said - “There’s no way that any court would sanction a director for having followed the company’s legal advice”. Well ain’t that just peachy – I suppose we should just get rid of the courts entirely then, and leave it all up to the lawyers to tell us what to do. Having looked at the ODCE’s “Strategy Statement” I’m wondering if someone hasn’t become confused by the fact that “Sanctioning” (Strategic goal 4) is an autoantonym – I’d have thought it should mean “punishing” in this context but clearly “encouraging and allowing” seems to be how it’s being interpreted.

Anyway I’m proposing that we ask them to ditch the “Strategy” statement and adopt this blog post’s title as their motto as it seems to be the line they are taking.

Eircom Netopia 2247 and IPv6

2009-11-21T18:24:00.004Z

I've had a problem with IPv6 on my home network for a long time. With Vista\Win7\recent Ubuntu releases I found that ipv6 aware applications (like Firefox) would slow to a crawl and spend ages "resolving" addresses that I could use nslookup to resolve without an issue. Some digging pointed at IPv6 name resolution and I found that disabling ipv6 at the OS level or disabling ipv6 internally in Firefox using the network.dns.disableIPv6 setting in about:config fixed the symptom.

I've been playing with Chrome OS in a VM today and I found that it was spending an insane amount of time (apparently) resolving addresses so I started to look around and see if there was any way to disable IPv6 DNS lookups in Chrome\Chrome OS as that seemed to be a likely suspect. It appears that the developers are taking an ideologically purist approach to this and are deliberately not including a user switch to disable IPv6 because they feel that if they mask the problem at the user level then the incentive for providers to fix their buggy IPv6 infrastructure will be seriously diminished. That's a reasonable policy I suppose so I had to dig further into the IPv6 problems at my end.

The root of my problem turns out to be the Netopia 2247 DSL router that I got from Eircom. By default it sets itself up as a DNS proxy and it doesn't handle IPv6 AAAA requests well. The Netopia's web based GUI doesn't have any obvious way to disable this "feature" and all clients that get DHCP addresses from it end up with the router address as their single DNS server address. It does have Telnet management interface that gives you much finer control of the config though.

To fix the problem telnet into the Console - (download Putty if you're on a newer Windows OS that doesn't have a native Telnet client). Login using the same credentials you use for the web interface (the defaults are Username: Admin, Password is not set, just hit return). Then use the following commands:

configure

set dns proxy-enable off

save

restart

The router will reboot, this will force all clients to reconnect and their new DHCP settings will now point directly at whatever DNS servers it has been configured with rather than the router itself.

Chrome OS now boots and authenticates rapidly and there's no lag at all now while it tries to resolve addresses so I think I've finally found a proper fix for the problem.

You know you’re a sad Geek when..

2009-04-25T14:25:00.001Z

Following some links about the new Gnome Network Manager included in Ubuntu 9.04 I found a blog by Dan Williams who was responsible for much if not most of the underlying work that has made it such a pleasure to use with 3G network devices.

This article where he complains about the firmware on one of the new Huawei 3G cards brought a smile. Been there dude! I often had exactly the same reaction when testing my own cellular device discovery code against various hardware. Then I realized just how sad it was to be able to fully understand and sympathize with a comment like:

…the response to AT+GCAP is simply “+CIS707-A, +MS, +ES, +DS, +FCLASS”. No, it’s not prefixed with “+GCAP: ” like every other modem on the planet that I’m pretty sure the relevant standards (TIA/EIA/IS-131, TIA/EIA-602, and V.250) require..

I need to give this new Network Manager a proper try out on some diverse hardware now as it seems possible that it finally gets Ubuntu up to a level where it is as good an experience as that seen on the best Windows systems.

Everything you ever wanted to know about VMware vSwitches

2009-04-18T15:51:00.001Z

I just came across a fantastic series of blog posts from Ken Cline at “Kens Virtual Reality Blog” that ties up pretty much everything you will ever need to know about configuring networking in ESX 3.5 \ ESXi. No doubt there will be some significant changes in ESX 4 but even so this is a great resource. There are 5 parts to this so far, all the earlier items which explain all the background detail are linked from this fifth part where Ken makes some hard and fast recommendations around how to tie it all together to create robust and effective ESX network design decisions.

The Great vSwitch Debate (Part 5).

He covers everything from the basics of creating vSwitches and Port Groups, VLAN tagging – clearly explaining what VGT\EGT\VST tagging variations actually mean and how they are enabled, load balancing options and their usefulness (or not) especially in relation to 802.3ad \ LACP\PaGP, NIC failover especially with regard to Beacon Probing and Link State Tracking on your physical switches, security options (Forged Transmits\MAC Address changes, Promiscuous mode) and a lot more. Definitely recommended for anyone who either builds or wants to understand ESX installations.

Blue Sky Engineering

2009-03-16T23:15:00.001Z

Koenigsegg, those mad Swedes beloved of Top Gear make supercars that arguably demonstrate some of the most incredible real world engineering skills on the planet, seem to have lost the plot somewhat and started drinking some serious hallucinogens.

They’ve just announced an electrically powered “eco” supercar with the rather oddball name of “The Quant”. Possibly they’re making some in joke swipe at their usual customer base and this is just an early release of an April Fool’s joke but the numbers linked to this magical beastie are pure fantasy - “Blue Sky Engineering” as its called in the space business.

Some key "performance” claims and characteristics of the components they claim they have developed or that are near completion:

Top Speed 171mph, 0-62mph: 5.2 seconds , Range 312 miles, Power 381kW/512bhp / torque 715nm / 527 lb ft. Mass 1780kg.

So far so good. Those are probably doable in something shaped like a supercar although it’s definitely not getting 312miles doing 171mph speeds but they don’t specifically claim that so we’ll let them off.

The battery\energy storage system they claim they will use is called the Flow Accumulator Energy Storage (FAES) from some crowd called NLV. This amazing widget will provide the energy storage to facilitate the aforementioned 312mile range. Interestingly it also claims that it has a volumetric energy density of 600 Wh/l and can store a full charge in 15-20 minutes. The amount of energy it would take to hit ~300miles is going to be as near as makes no difference to the amount of productive energy produced by a petrol engine in a similar standard car with the same range. Let’s say that would be about 40 litres of petrol which has a volumetric energy density of about 9600Wh/l. Petrol engines are pretty inefficient so only about 25% of that potential actually gets converted to useful energy so that sort of range requires something like 90,000 Wh. To put 90,000Wh into a storage system in 20 minutes you have to push in 3 times that amount of Watts ie 270kW. That’s a lot of juice – even with industrial grade 380v 3-phase power you need to push almost 240 amps of current into it. Frankly I can’t see how you would be able build a power handling system into a car sized system that could handle that without using something like 5kV input voltage and that brings its own serious safety issues (not that 380V 3phase is exactly safe either but 5kV is distinctly dangerous especially when it would still be delivering 15-20A of current). On the plus side if they actually have that miracle power system then they should be able to store that amount of energy in something like 200litres of battery which is nice – most current electrical cars currently need 5 times that volume.

Impossible? Probably not impossible but quite unlikely and certainly totally impractical today.

The part that sets my alarm bells going though are the “invisible..high efficiency Pyradian thin film solar cells” that (according to el Reg) has a conversion efficiency between 38 and 50%. I don’t think so folks. The very best hand made multi-junction monocrystaline PV cells barely hit the bottom end of that range and they cost a fortune by any measure. Thin film tech is currently languishing around with conversion efficiencies in the mid to high teens and I’ve never seen any evidence of serious work on multilayer (presumably multi-junction actually) thin film PV. Assuming they have this other wonder material though what good would it be? They say the whole car is covered with it, so at 4.8*2*1.3m that’s about 25m^2 of PV cells that could (in theory) yield about 1kW of power on a reasonably clear day in summer time at these latitudes. Even under ideal conditions (Sun directly overhead in California in Mid Summer) that would be worth about 3kW. That would make some sense – give it 8 hours in the California sun and you’d have enough juice to drive 100miles or so. Unfortunately, as I said, the PV conversion capabilities of thin film PV is less than half the claimed number and even in California you don’t get 8 hours of peak sun per day so the actual amount of power such a system would give you would probably only give a Quant owner a useful range of around 30-40 miles under ideal conditions and more like 5-10 miles per day in most places (on a good sunny day too).

I’m hopeful that I’ve got some of the numbers wrong here because I’d love it if this was all real but I suspect that it’s basically a better version of the Tesla, possibly with some technical improvements but without any of the tectonic technical advancements that are being claimed for them.

Better Management and Getting stuff Done.

2009-03-14T21:16:00.001Z

I spent about four years as a manager at one stage in my career and it’s one of those things that I’m very glad I’ve done, as it was very rewarding in the end, but I’m even more glad that I don’t do now because it was probably the hardest, or at least the most stressful thing I ever had to do.

In my case (as I recall at least) – I generally scored average on internal managerial skills reviews. For a couple of years I tried to modify my behavior in response to my manager’s feedback in order to improve those reviews. That helped a bit (my manager was happier at any rate) but the improvements were small. I had pretty much accepted that I was an average manager and I’m not happy with average so I decided to go back to being an engineer, something I knew I could be great at. In the six months my transition back to being an engineer took I gave up on looking after my manager (and his manager and so on, hierarchy is a bitch) and decided to focus on working for my team. My final managerial skills reviews just before I left showed a dramatic improvement. That will be no surprise to any good managers out there, I’m sure.

Anyway the key thing in all this was that I learned a useful managerial trick that year – I spent my time looking after my team not (just) my boss, we all got a ton of really great stuff done, morale was way better and everyone (including my manager and the company) was better off. I also learned (finally) that you can actually learn to be a better manager, although I still think that really great managers need traits that can’t be taught.

This has all been a roundabout way to lead in to a great article I came across today that makes this very point and provides a very succinct set of guidelines on how to be a good manager. Truly great managers probably can’t be made from total muppet starting material but for the most part anyone having to “manage” people in anyway can become very good at it by following the advice here. For everyone else you should start demanding that your managers follow advice like this – life will be better for everyone if they did and a lot more stuff will get done.

Non Hierarchical Management – Aaron Swartz.

That reminded me of an earlier link I found. It’s basically an over the top call to create a culture of adventurous achievement by doing one simple thing – get stuff done rather than fucking about. It flies in the face of bureaucracy, “process”, safety and stability but bloody hell the world would be a much more interesting place if we adopted its basic idea – get stuff done. Wouldn’t it be great to work in a place where this was the “mission”?

Cult of Done Manifesto: – Boing Boing.

10 Angry Men – Anglo’s “Golden Circle”

2009-02-23T02:16:00.004Z

[Re-posting this - I wrote it in early 2009 and took it out when I thought the blog had gotten too political but I thought todays news warranted resurrecting it given the trouble the Quinn Group is now in and also to reminisce a little about how small these sums now seem to be in light of NAMA]

Before I start ranting let me just say that when I started digging into this I thought this was a clear case of conspiracy to commit fraud but that doesn’t seem to be the case now that I’ve really looked into it. I’m pissed off that along with every other taxpayer in the country I may have to cough up a couple of hundred Euro to clear the debt these clowns got us all into but to be honest I now doubt that there’s anything illegal in what we’ve learned about so far. However the issue regarding the write off of the unpaid part of the debt is a huge issue for me – I think we all need to demand that it is either paid in full by those involved or that they are forced into personal bankruptcy if they fail to clear it completely with no exceptions.

The basics of what happened is not quite as bad as the Anglo\Irish Life & Permanent scam which I still believe was nothing short of fraud but on general principle it seems clear to me that having a bank try to artificially bolster its share price on a massive scale by issuing loans for the purchase of its own stock is a very bad idea even if it is not illegal. Given what we now know about the fundamentals of Anglo’s financial status in the middle of last year it was certainly quite bad form on the part of Anglo to get the “Golden Circle” involved in this deal but they were all financially savvy, rich and successful business people so that side of things is between them and David Drumm, presumably they wont be inviting him over for dinner so often in future.

Anyway on to the meat of the thing. Here’s how we Irish taxpayers ended up with a €375m debt because a bunch of guys decided to help a friend out when his company was in danger of having its share price collapse.

The saga started with Sean Quinn. Quinn had dug himself a huge financial hole by July 2008 on the order of a Billion Euro or so by using long Contracts-for-Difference (CFD’s, something I will be ranting about at some point in the future) to help fund the acquisition of a significant chunk of Anglo. He had taken out CFD’s on something in the range of 15% of Anglo over the previous year and a half. Quinn’s gamble had gone badly pear shaped by mid 2008. He had acquired the CFD’s when Anglo averaged about €16 per share but by July 2008 they had dropped to €4 per share and he was now being forced to meet margin calls from his CFD provider (Credit Suisse). In order to meet those calls he would have to buy the shares from Credit Suisse and then pay them the difference (between the €4 buy price at the time and the average €16 of the CFD contracts). In order to cover those losses (estimated at between €600 and €900m at the time) he would have to offload about 10% of Anglo’s shares very quickly. Since Quinn had made his problems publicly well known in July 2008, Anglo knew that a very large block of its shares would end up being dumped on the market at a time when Anglo were the target of serious negative sentiment so there was an undeniable risk that Anglo’s share price would completely tank if Quinn tried to sell such a large block of shares all at once.

To be fair to Anglo that was a very big problem and it’s not at all surprising that they wanted to prevent that happening.

The idea was that they would find a bunch of “long standing clients” (now called “The Golden Circle” for reasons that escape me) who they would help buy up the 10% of Anglo’s shares Quinn needed to offload in order to prevent them simply hitting the market and sloshing around massively depressing the stock price. The “Golden Circle” would put up 25% of the stake (€100m or so of their money), Anglo would loan them the remaining 75% and the customers would then use the total to buy up the 10% of Anglo that Quinn was offloading. We are currently being told that their names can’t be disclosed because they are entitled to the confidentiality that covers banks dealings with their clients. While that maybe so, I think that the rest of us have some other rights that should trump that confidentiality and if not then we should have, like being able to recognize people who should not be trusted with significant amounts of our money for a start. More on that later.

So the 10 coughed up their cash and Anglo used the miracle of fractional reserve banking to turn some of that (probably only €30-€40m given their reserve ratio) into the €450m or so of shiny new money that was used to cover the 10% of Anglo that Quinn needed to unload. Not only had they got a way to buy the shares but they got some additional reserves too – score! Anyway the “new money” was used to buy shares, presumably on the open market, that might have come from anyone who was holding Anglo shares and wanted to sell them at the time but certainly most of that money eventually went to Sean Quinn as he disposed of his 10% share. He presumably then used it to clear some of the losses on his CFD contracts with Credit Suisse. I’m assuming all that happened more or less in the open, if it didn’t I suppose there may be problems with that but I’ve no reason to think that part of the whole exercise wasn’t pretty much above board.

Note all of this was then used to buy Anglo Shares at around €4 per share. The “Golden Circle” now had a 10% stake in Anglo and while the money used to buy those shares was money loaned out by Anglo that had just created it out of thin air, the “Golden Circle” seems to have parted with €100m of their real money in the process (I’m not 100% sure of that to be honest, if not it only makes the whole thing worse). Unfortunately for all concerned the plan made little difference and Anglo’s shares tanked so much that the government took over a 75% interest in November and it was eventually fully nationalized in January 2009. By the time that happened the “Golden Circle’s” 10% stake in Anglo had collapsed in value to something in the range of €20m. Since it has been nationalized the shares are now worthless so they’ve pretty much lost their own €100m stake outright. Apparently €83m of the total loan has been repaid at some stage but Anglo supposedly can’t (or wont) chase them for the other €370m because that is mostly underwritten by the now worthless shares. I’m curious about the limitations of that liability – surely the bank could (in theory) just go after its former saviours and see if it could force them to liquidate some other assets. It would be very rude, of course, but basically it seems that they really should be able to. If I defaulted on a mortgage the bank in question would come after me for the shortfall after repossessing and disposing of the house underwriting the loan, even if I’d originally taken out that loan after having been persuaded to by one of their aggressive mortgage specialists so why should this particularly large underwritten loan be so different? And if they can’t be chased then the rest of us should certainly be looking for those sort of loans in future.

The €83m of the €450m total loan that has been repaid raises its own questions. It’s odd as it means at least some of the 10 probably disposed of the shares they bought before they tanked completely in November. I suspect that it means that almost all of the shares in question were disposed of and that was all they were worth at the time. If so then it would mean that they were probably sold sometime in September when all the other shenanigans with IL&P and global financial meltdown had just started and it seems likely to me that those in Anglo who had thought up the plan had to have been fully aware that this disposal was going on. I wonder if the 10 had been given any indication at that time about how the remainder of the debt might be treated and if so whether our financial regulator was aware of the status of those loans especially since it is now a non trivial part of the toxic Anglo debt Irish taxpayers have taken over. I’m very curious to find out more about that as I can’t believe that any of the “Golden Circle” sold any of their shares without Anglo being aware. Still it is possible that no shares were sold and that some of the “Golden Circle” just wanted to clear the debt and get as far away as possible from the problematic aspects of the deal as they could. Either way there’s a lot that we have yet to find out about that part of the story and it’s unlikely to make anyone involved look good.

So here we are now as taxpayers furiously getting to work with the bailing buckets. Anglo has this €370m or so bad debt on their books now that is (hilariously) a toxic debt because the asset it is backed by is the bank itself and so is worthless. We poor Irish taxpayers have to cover this debt because the money that Anglo created in order to fund this scam was used (mostly) to pay Sean Quinn for his 10% of Anglo (in August\September or whenever) and he used it to get Credit Suisse off his back. Hopefully that whole exercise helped keep him solvent, because I’d be gutted now if he still ends up totally screwed while we owe money due to his personal financial carelessness, albeit indirectly.

So in an effort to help out their good buddy David Drumm 10 business men have lost quite a lot of their own money in a very short period of time but it is important to remember that they were, and probably still are, very rich people experienced in matters of high finance who took a risky bet that failed. They were in a position not to be stupid with their money but they made a very bad call and they lost (quite a bit of) money. That’s unfortunate but that’s capitalism and so I don’t think we should worry too much about that part, if they’d made a killing on the deal they wouldn’t be giving any of it to us after all either. And you can be sure that they thought they would make a killling when they agreed to the deal. The big problem is that this exercise has now left the cozy circle of Anglo and it’s “Golden Circle” and the rest of us now actually have to deal with the €375m of additional debt that, frankly, I never asked for. Despite the fact that they may be technically entitled to some privacy regarding the loan deal I think it is very important that we all know who the fuck they are so we can keep an eye on them in future and make sure they don’t get a chance to screw something else up so badly that we end up acquiring yet more debt that we didn’t ask for at some point. The whole exercise demonstrates just how woefully incapable they were of making sound financial decisions at a difficult time and their error means every last one of the rest of us has to eventually pay a couple of hundred Euro to cover their error and we deserve to know who it is that has taken that money from us.

Finally with regard to the recovery of the remaining €375m I heard some interesting stuff this morning regarding personal bankruptcy in Ireland. Apparently we have some quite archaic bankruptcy laws:

When a person becomes bankrupt all of their assets are transferred to an Official Assignee who then handles the disposal of those assets in order to clear as much of the debt as possible and those assets can include the family home.
They are restricted in terms of availing of any form of credit and specifically cannot get credit over €630 without declaring the fact thay they are bankrupt.
They cannot act as a director or participate in the management of a company.
If they are employed then their salary can be ‘attached’ in favour of the Official Assignee for use in clearing outstanding debts.
Any new assets (including property) acquired by the bankrupt after being declared bankrupt must be handed over to the Official Assignee.
Bankruptcy status (ie the above constraints) will not be discharged until 12 years has elapsed since the date of the bankruptcy order.

I think that we should offer all those who still have outstanding debts in Anglo (including the 11 above and the 15 others who have more than €500m outstanding each) the option of either coughing up the cash post haste or initiating the process of having them declared personally bankrupt. Seems only fair to me. I suspect that if faced with that as an alternative a lot of people would suddenly discover they actually could cover those debts.

Some background links:
The UK Sunday Times names 4 of the 10 members of the “Golden Circle”
http://www.timesonline.co.uk/tol/news/world/ireland/article5781014.ece

Irish Independent – July 16 2008, Quinn says he will “convert” his 15% CFD stake into ordinary stock. Since he had a long stake CFD in Anglo the margin calls meant that he had to buy the stock outright but in order to cover the loss he would then incur he needed to sell two thirds of them in order to cover his losses. Hence the large volume of shares hitting the market that had Anglo worried.
http://www.independent.ie/business/irish/quinn-to-plough-on-with-anglo-despite-83641bn-loss-1433770.html

Contracts-for-Difference
Basically you put up a stake (anything from 1 to 30%) of the total value of a block of shares, agree to a financing charge to cover the ongoing funding of the difference between your stake and the total cost of the block of shares, and you bet either long (the shares will rise) or short (the shares will fall) and you then get the difference in value between the contract price and the current price as profit if the shares move in the direction you bet or have to cough up the difference if you’re wrong. If the difference exceeds a maximum amount the contract provider can make a margin call which basically forces you to buy the shares at the contract price. That’s what happened to Sean Quinn as far as I can tell.
http://en.wikipedia.org/wiki/Contract_for_difference

iPhone App Store Hits 500 million Downloads

2009-01-17T16:46:00.001Z

Apple are now advertising that the App Store passed the 500million download mark recently which is a pretty impressive number no matter how you look at it.

I’m always suspicious of these sort of claims because (naturally) any company will try to put as positive a spin on numbers like these as they can so I dug a little bit to see if they give a breakdown of what the number actually means – unfortunately Apple don’t really publish enough data to really figure out what that 500million actually means but there is just about enough other data out there to work it out for ourselves.

There are various estimates in the Blogoshphere of 16-18 million iPhones sold to date. That seems reasonable as there’s solid info from Apple that there were 4 million total to date at the start of 2008 and TMO showed that at least 10 million were sold or in the distribution channel by the end of September 2008 so 17 million seems like a good estimate of the total. There is very little info on the total number of iPod Touch sales but there are some hints – notably that the iPod Touch now outsells the iPod classic and that the average selling price for all iPods is in the $150-$160 range with a total volume of around 40million units for the year. A reasonable total number from that would be 6million or so iPod Touches for the year and something like 8 million in total. So overall we’re looking at about 25million potential iTunes App store users as of the end of December.

That would give us 20 downloads per user which is a remarkable number. Power users on high end Symbian\Windows Mobile phones would have downloaded some apps but on average a typical mobile phone user rarely downloads and installs any applications at all, for Apple to have created an ecosystem where the average user downloads 20 apps over a period of 6 months is incredible.

Looking at my own iPhone I have a total of 53 separate apps downloaded. Digging a bit deeper that breaks down into 18 paid apps and 35 free apps. Looking at the invoices from the iTunes Store it appears that I have a total of 74 downloads recorded which means that in addition the the basic downloads for new apps I’ve had 21 update downloads. That seems a bit low to me but it’s possible that it’s right and it’s definitely not significantly off the mark as most apps never seem to get updated. I’ve spent a total of €65.22 on the 18 paid apps. Now I’d say that I’m probably more likely than most to pay for apps so let’s assume that the average user (with 20 downloads) breaks down to 15 apps in total, 3 of which are paid apps with a total cost of ~€10 at an average cost of around $3-$4 each.

That should then mean that the App Store would have pulled in about €250m in 2008 with 30% ($75m) of that going to Apple. Those numbers are in the middle of the range of the $50-$100m estimate from Silicon Valley Insider at the start of December which was based on total downloads of 300m. I think they overestimated the percentage of paid apps (at 33% versus my guess of about 20%) but the average price is certainly right at $3 per paid app.

It’s useful to compare this reality to Eric Schonfield’s June 11 2008 TechCrunch article on projected iPhone App Sales for 2009 where he was tearing down a prediction of $1.2billion revenue from iTunes Apps in 2009 by Piper Jaffray’s Gene Munster. Schonfield correctly predicts that at least 70% of apps will be free and that the average price will trend towards $3 or less per paid app. He then also correctly estimates that the total number of iPhones by the end of the year will be around 16million and estimates the total iPhone sales for 2009 will be 25million at most. In fact the seems to think that the cumulative iPhone numbers by the end of 2009 will be somewhere between 25 million (ie 10 million new sales in 2009) and 50 million (the more optimistic but still realistic upper end estimates from other analysts) and implies that total revenues from the App Store are therefore likely to be between $150m and $300m. What he got dead wrong is that the average user appears to be downloading at a rate of around 30 apps per year and paying for around 6 of those. There’s no shame in that to be fair, I don’t think that any rational commenter at the time thought the App Store would be as popular as it has turned out to be.

I also think that he failed to factor in the iPod Touch which appears to be a very significant factor for the App Store and I personally I think the total number of iPhones\iPod Touches by the end of 2009 will almost certainly be close to 55m (the existing 25 million + about 30 million new sales in 2009). As we now have strong evidence that the average App sales number appears to be about $10 per device over 6 months (and it’s accelerating remember, not slowing down yet) so that total revenue projection of $1.2bn for the App Store for 2009 actually looks like a good bet right now, despite the recession.

More On Windows 7

2009-01-14T22:52:00.001Z

So after three days using Windows 7 in anger in a consumer sense I’ve got to say that it’s a fairly impressive offering for a Beta, it’s certainly going to become my default OS at home and probably at work too now that I have the option to switch to it.

I’ve been using it on my XPS M1330 at home in full Windows 7 mode, Aero interface with all the eye candy turned on and also at work in a VM where Aero doesn’t work. The difference in usability surprised me – I’ve always found Aero on Vista to be pointless overhead but in Windows 7 the eye-candy is actually useful and the UI improvements with Aero-7 make it a must have for me.

Speed wise and memory footprint wise it’s as fast as and maybe quicker than Vista on the same hardware (full boot+login to a usable desktop takes ~43 seconds from cold on my M1330 (2.2GHz Core Duo\4GB RAM), Vista takes ~44). Memory footprint for both Vista and Windows 7 on this hardware is about 1GB RAM with a pair of browsers (IE8 & Chrome) open. On the VM on my work laptop (a Dell Latitude D630 with a 2.2Ghz Core Duo and 2GB RAM) Windows 7 boots in about 60 seconds including logging in but uses only about 500Meg RAM of the 1GB assigned to the VM with the same two browsers running. Interestingly VMware Workstation 6.5’s “New VM” Wizard handles Windows 7 seamlessly giving a completely zero touch installation that took about 35 minutes to install from the DVD.

No crashes so far on either system and the only glitch has been that I can’t find a way to disable “Tap to Click” on the touchpad on the M1330.

There’s quite a nifty blog entry here from Tim Sneath at Microsoft that lists a bunch of the new features which includes a couple of things I’d missed on Monday – most notably the CTRL+WIN+Left/Right arrow for moving maximized windows between monitors on a multi monitor display, ALT+CTRL+TAB for tabbing between windows within a single app, CTRL+Shift while clicking on an icon to launch with elevated privileges, WIN+Space for peaking at the desktop, Shift+Right click on a folder in Explorer adds Open-in-New-Process and Command-Prompt-Here.

Digging deeper I went scratching around for further changes within apps and came up with the following initial list for those curious about the command line environment that Windows 7 delivers. There are a few but on reflection the number of changes are quite small.

Robocopy: Additional switch options not present in Windows Vista Version.

/EFSRAW :: copy all encrypted files in EFS RAW mode.
/DCOPY:T :: COPY Directory Timestamps.
/SECFIX :: FIX file Security on all files, even skipped files.
/TIMFIX :: FIX file Times on all files, even skipped files.
/SL :: copy symbolic links versus the target.
/MT[:n] :: Do multi-threaded copies with n threads (default 8).
n must be at least 1 and not greater than 128.
This option is incompatible with the /IPG and /EFSRAW options
Redirect output using /LOG option for better performance.
/FFT :: assume FAT File Times (2-second granularity).
/DST :: compensate for one-hour DST time differences.
/XJD :: eXclude Junction points for Directories.
/XJF :: eXclude Junction points for Files.
/BYTES :: Print sizes as bytes.
/UNICODE :: output status as UNICODE.

Netsh: Additional contexts not present in Vista version

branchcache - Changes to the `netsh branchcache' context.
dnsclient - Changes to the `netsh dnsclient' context.
namespace - Changes to the `netsh namespace' context.
trace - Changes to the `netsh trace' context.
wcn - Changes to the `netsh wcn' context.
wfp - Changes to the `netsh wfp' context.
wwan - Changes to the `netsh wwan' context.

Ipconfig: Additional ipv6 options, drops “compartments” concept

Diskpart: Support commands for Virtual Disks (Attach, Detach, Expand, Merge..)

Sc.exe: Adds support for service triggers \ trigger queries

Setspn.exe: Register custom Service Principle Names in DNS

Tzutil.exe: Enables scripted timezone changes

New Apps / Features:

Isoburn.exe: Compact GUI app for burning an iso to a CD\DVD

PSR.exe: Problem Steps Recorder.

Resource Monitor: Significantly enhanced version of the Resource Monitor that was previously available only from within TaskManager->Performance tab but is now also in the Start Menu.

Includes additional summary features for each heading using a tabbed interface in particular providing a very useful Physicial Memory utilization graphic.

Private Character Editor: Roll your own customized characters\fonts.

Admin tools now has a more logical home in the Start Menu -> Maintenance menu in addition to being buried inside the Control Panel.

Aero Shake: Pretty nifty clutter clearing – minimizes all other windows when you grab a window title bar and “shake” it. Additional gestures are supported elsewhere – left click+hold and then an upward “swoosh” gesture on the taskbar opens the right context menu (it’s more intuitive than it sounds and great on a touchscreen)

Smart Maximizing\restore\tiling by dragging a window to the top of the screen it automatically maximizes, by dragging it to the left or right edge it grows to fill a tile that takes up half the screen set flush against which ever side you drag it to. Dragging the title bar away from the edge restores the window to it’s former size.

Fonts Subsystem has been given a whole new look, no more windows 3.1 Add fonts dialog. Yaay.

Windows 7 Public Beta

2009-01-13T01:01:00.001Z

I’m an unapologetic fan of Vista so I’ve been following the whole Windows 7 thing with interest but without feeling a desperate need to get a copy using any means necessary. The whole [very] public Beta appealed to me though so I duly downloaded it yesterday, hacked out a 30GB partition from the system drive of my M1330 (using a GParted Live CD, Windows Vista still can’t reliably shrink a system volume that has been in use for any reasonable length of time) and installed it.

First impressions were pretty underwhelming. I thought the look and feel was a bit flat and didn’t notice anything significant apart from the tweaked Task Bar.

After some digging I found that the installer had left me with a “customized” theme that basically turned off a lot of the UI enhancements. Once I switched to a full Windows 7 Theme it started to look pretty good and then I got digging in earnest and actually found some stuff that I quite liked. Seems like a very nice set of bumped up features at this stage without too many downsides, although this is after just a couple of hours nosing about so I’ll be revisiting this in a week or two to see what I think of it then.

There are some nifty improvements:

The new style Taskbar is actually quite nice and seem like a sensible UI improvement. Items on the takbar have more intelligent context menus and Win 7 aware apps display a lot of extra info in both the taskbar icon itself (e.g download progress in IE, Presence status info in Messenger) and awareness of tabs within the mouseover previews.
The “mouse over the end of the taskbar to temporarily display the desktop” trick is simple but useful and effective.
“Sidebar” is gone but gadgets now have a proper place to live – on the desktop, shich is conveniently now easy to get a quick look at.
There seem to be quite a few extra “Windows Key + X” shortcuts - Win+P brings up a tab ribbon for handling connectivity to a projector, Win+Arrow keys tell the current window to maximise,minimise,dock to the left or dock to the right. Win+G brings all the Gadgets temporarily to the foreground. Win+T cycles through the Taskbar items. Things like Win+E (Explorer), Win+D (Desktop), Win+F (Find), Win+R (Run) remain as useful as ever.
Powershell V2 is included by default ( finally )
There’s quite a nice quick shortcut in the Start Menu that directly brings you to a new “Devices and Printers” control screen that sort of kind of makes it easier to get to most of the setup screens for your “add-on” hardware.
UAC seems to have been given a major dose of common sense – user initiated tasks that require elevation no longer trigger a UAC confirmation but program initiated actions do. Seems like an excellent balance to me.
WLAN’s are detected during the OS install and immediately used to download patches and updates. That’s a good idea.
The concept of file system “Libraries” is introduced – these are collections of files and folders that are presented and used as a single unit without needing to move the underlying files around. Finally we’re getting towards a sensible way to add proper classification structure to collections of files. I very much like this idea.
We still have dear old Edlin.
All of the hardware on my laptop was detected and got up to date drivers installed (that includes the Video driver for the Geforce 8400M GS, Intel 3945ABG WLAN, Ricoh SD\XD\CF Card Reader, Creative Labs Webcam, Touchpad..
The install was quick (20-25 minutes at most) and required very little interaction.
There appears to be a new higher security layer (facilitated by the Homegroup services) added in to the network places structure by default to ensure that some level of protection is applied to all those easily hacked into Home Networks out there.
There’s now an option to link your Windows login with an online account. This is a very interesting development and should enable more seamless utilization of online services and sharing\sync across machines. The option doesn’t do anything yet but I’ll be keeping an eye on that feature for certain.
Once again we have the ability to create a System Recovery Disc (as we did in Vista SP1 Beta but not in the full release of Vista SP1 for some reason)
We finally have the option to create a full system (Image) backup natively with a Windows OS.
All saved credentials seem to be stored in a single location called the Credential Vault that can be selectively backed up and restored. Individual items within it can be selectively removed too. Very, very good ideas.
Location Sensors (GPS) and location awareness are now configurable as a standard item via the Control Panel.

Performance wise it seems to match the existing Vista install pretty closely apart from having a noticably slower hard drive – but that is entirely due to the fact that I’m using the last (and thus slowest) 30GB of space on this drive for the Windows 7 boot partition.

Everything I’ve tried to run so far runs without a hitch (My XP\Vista portable apps collection all works fine, Firefox 3, Google Chrome, Dropbox Sync + its Explorer plugin, Shockwave\Flash, GTalk’s video plugin).

On the negative side (comparing to Vista remember):

Finding things like the Advanced Display Settings dialogs, or the properties of a NIC or where to change your TCP/IP Settings and so on remain just as obnoxiously awkward as they are in Vista.
That default Theme I ended up almost turned me off the thing right at the start – maybe I caused that but it really did give me a very bad first impression.
Contrary to rumour it doesn’t have a smaller footprint at least on this system but I would only expect that to be evident on very small\low powered sytems if it is true and this is not one of those systems.
IE8 is pants, nuff said.

So overall it seems like far more pluses than minuses and there are some very, very interesting things hinted at in the features that have been exposed at this stage.

Top Gears Electic Car Tests

2008-12-15T22:44:00.002Z

I was very happy to see Clarkson & Co get stuck into testing some real electric cars in last Sundays episode of Top Gear but like many I suspect I was disappointed that the Tesla failed to withstand their thrashing on the track. To be fair though I was impressed that the Stig managed to get it to post a time that beat the 911 GT3. We're still on the bleeding edge of electric vehicle technology but it seems that good electric cars might now actually be possible even if they aren't quite there yet.

I was rather disappointed with the final segment where James May sang the praises of Hydrogen Fuel Cells without actually taking the time to be the nit picking pedant that I know he can be and in the process failed to identify the major flaws in the arguments being put forward by the Hydrogen Economy evangelists. I'd love it if they were right but frankly I can't see H2 being the answer to our fuel problems. Fuel Cells are wonderful technical marvels but those that use H2 are hamstrung by the fact that H2 is godawful stuff from a mechanical and practical perspective.

So while I appreciated the praise of Fuel Cells in the segment I can tell you now with 100% confidence that we will never see Hydrogen as a common vehicle fuel in our lifetime, it will certainly never be used as a direct replacement for petrol\diesel in an internal combustion engine (H2 combustion is fine but suffers from the same Carnot cycle inefficiencies as all other internal combustion engines so it's a dead end IMO) or (as is the case with the Honda) as a fuel source for direct electric conversion fuel cells.

My initial reaction to the aricle was that I was disappointed that they didn't dig into how much the Honda's fuel-cell\H2 containment system cost\weighed and how long it could store it's full tank of fuel because I suspect both answers would have been very disappointing. Also while the Tesla might take 16 hours to charge, at least you can get electricity in most places - H2 fuel pumps exist in about 4 places on the planet so good luck if you are an early adopter outside of SoCal, Iceland or Germany. That detail was entirely glossed over.

And then (as I tend to, I got carried away ranting to myself) so in case anyone is still reading here are my arguments against Hydrogen as a vehicle fuel.

Hydrogen may be ultra clean, carbon free and able to fill a pressurized fuel tank in three minutes but it has a couple of insurmountable or damn near insurmountable problems:

1) Density and by direct correlation Energy Density. Pound for Pound (or kilo for kilo for the metric inclined) it's more energy dense than (say) petrol by a factor of just over three (so three kg of H2 has as much potential chemical energy as 1 kg or so of petrol) but in terms of volume it requires a _lot_ of space. A kg of Petrol takes up about 1.3 litres of space, a kg of liquid hydrogen takes up about 14.5 litres of space. The problem with liquid H2 is that it needs to be either cryogenically stored or stored under immense pressure. The best pressure\cryogenic H2 fuel storage systems weigh about 10x what a fully loaded tank of petrol weighs that would contain the same amount of convertible energy. That additional weight and volume alone make H2 uneconomical.

2) H2 does not transport or store easily. Look at any rocket on a launch pad - the plumes of vapour that comes off those is a combination of the O2 (at -173C) and H2 (at -250C) boiling off because it is just not practical to keep them well enough insulated or pressured to avoid boil off. Petrol\oil evaporates at room temperature but at about 1 billionth the rate that O2 does and about 100x less again than H2 does.

3) To make H2 you still have to have power in the first place and creating H2 from cracking water is not an efficient process (25-40% at best) no matter how efficient your initial energy generation is. It's a hard thing to do, hard in the sense that it wastes energy that ends up not being recoverable from the Hydrogen that you produce so it's vitally improtant to tackle this part of the system honestly. Ironically almost all of the commercially produced hydrogen today is produced by steam reformation of hydrocarbons so basically at the moment most hydrogen comes from oil that has the Carbon removed (and vented as CO2\CO into the atmosphere) by combining it with steam produced by (you guessed it) burning oil, coal or gas which gives it about 2-3x the carbon footprint of just burning petrol in the first place. Interestingly some nuclear power plants can actually generate "clean" H2 rather than electricity but then all of us nucleophobes will have to change our minds about nukes to embrace that method of generating fuel for cars (mind you, mine is pretty much changed already, sorry Greenpeace).

4) Compressing H2 into a liquid (or freezing it, it's basically the same process) adds a not insignificant additional power burden to the process because of the difficulties in reaching -250C or 700-1000 atmospheres of pressure _and_ keeping the damn stuff in that state while you store it and move it across continents.

5) An accident involving a H2 fueled vehicle has a non trivial chance of being an instant bomb. It is quite simply not a safe fuel. Sure much has been done to make more robust fuel tanks but right now I would no more get into a car on a public road with a H2 tank in the boot than I would play Russian Roulette with a revolver with 6 full cylinders. Especially on roads full of the sort of people who need to be reminded that objects in their mirrors may be closer than they seem. Safer H2 fuel tanks == stronger tanks == heavier tanks == more expensive tanks and no doubt they are making huge progress there but all of those efforts detract from efforts that should be being made into making the fuel delivery and conversion processes more efficient. And most importantly those safe but big,heavy and bulky fuel tanks make the vehicles they serve significantly more inefficient at the point where it matters most - on the road.

6) James May claimed that in the glorious fuel cell'ed future he foresaw of the car with no moving parts (eh? what about the wheels? suspension? high pressure\cryogenic fuel pumps?!!) would need no servicing but any vehicle that has a high pressure (700 atmosphere) fuel tank containing the smallest molecules in the universe (and that are explosive when leaked into our atmosphere) is effectively a dormant bomb and as such will need very, very careful proactive maintenance on a very regular basis in order to avoid turning into an actual bomb.

7) Long distance (more than a couple of km) bulk H2 transportation systems leak about 70-90% of the initial H2 because the molecule is so bloody small and the pressures are so high that it just leaks out of every single joint, valve and connection like water through a leaky tap. Stored H2 in cylinders escapes at about 10x the rate that more normal gases (like CO2\N2\O2 do), the tanks have to weigh more and are so burdened with transportation restrictions due to safety concerns that I cannot see that anyone will ever produce an economical H2 version of our large scake existing petrol distribution mechanism. The physical challenges involved in storing and transporting liquid H2 are not the sort of things that lend themselves to massive changes due to innovation and unless it can be made 10x or more easier (ie cheaper) it will not be efficient enough to be realistic.

That said I do think that the Fuel Cell car idea is the right track but the "clean" power source of the near term future is far more likely to be Fuel Cells powered by methanol ( which is basically just another hydrocarbon). In the fuel cells themselves it runs to about 30-50% the efficiency of pure H2. The fuel handling mechanics are vastly simpler - there's no need for cryogenic\high pressure storage at any stage in the proiduction\distribution chain and the fuel can be stored\transported as simply and for as long as petrol. The challenge is producing methanol cheaply from air - again all you need is power at the front end (to convert 2 CO2 and 4 Water molecules into 2 CH2OH molecules and 3 O2 molecules just add enough power) and you have an energy storage fluid that is totally "clean" given that you got the components from the atmosphere in the first place. From the numbers that I've seen methanol will always be 2-3x easier to produce from scratch than H2. Note in both cases the "fuel" is really just a transportation mechanism for energy produced elsewhere so where that initial energy comes from is the real green challenge in any case.

Another couple of source fuel options for fuel cells are either Hydrides (in some liquid or fluid powdered form) or Hydrated Clathrates (ie somewhat frozen slushies of some material with lots of H2 dissolved in them) that might beat out petrochemicals but given that liquid petrol (or methanol) contains about 50% more hydrogen atoms (at 116g of H atoms) per litre than pure liquid H2 (at about 70g of H atoms per litre) I honestly cannot see anything better than the evil petrochemicals at storing energy that will be chemically extracted from Hydrogen. And again the clathrates\hydrates need some practical source and distribution mechanism for the raw H2 that they contain and so share many of raw H2's drawbacks. They dont look like winners to me but at least they have some good answers to the worst of H2's problems.

Finally the FCX Clarity that James May waxed lyrical about has a total H2 storage capacity of 5kg of compressed H2 (about 171 litres at 350 atmospheres pressure) in a car weighing 1.7tons. The fuel cell generates 100kw (134 horsepower) although it does so with a conversion efficiency about 3x a typical car's ability to turn petrol into power so the 5kg of H2 is equivalent to about 45 litres of Petrol. The Fuel Cell alone though is insufficient to power the vehicle in a sustained sense so it too includes a couple of hundred kg of the LiION batteries to store additional juice so that it can actually climb hills and actually accelerate so in that sense it is hampered by the weight of those fat batteries that the lads had so much trouble with in the Tesla. I've tried to find out the total mass of the fuel storage\handling\fuel cell of the FCX but Honda haven't made that easy to find, I suspect it's more than 60% of that total mass though. By comparison the the Tesla can convert energy to deliver about 248 hp (185kw) at the wheels and weighs in total about 1.1 tons.

Personally I don't see that the difference between the two is as much of a quantum leap as the lads made out - what it needs is a runabout scale DMFC to replace about 25% (say 50-60bhp) of those batteries, a battery improvement of about 25% in efficiency and possibly a bank of improved ultra-capacitors to capture a higher percentage of regenerative braking power to turn it into an actual practical car running on a practical fuel which the FCX will never be while at the same time being a reasonable sports car. And of course a drop of 75% in the price tag will have to happen whether we're talking about the FCX, the Tesla or any of the others in the current array of first generation genuine electric cars.

Even without any major improvements in efficiency a DMFC (Direct Methanol Fuel Cell) would be about 2-3x less energy efficient at the fuel cell point (20-30% vs 40-60% for an efficient pure H2 Fuel Cell) but H2 has the transport and storage losses that are as I've said somewhere from 70-90% whereas methanol has transport\storage losses measured in the fractions of a percent over continent wide delivery distances and months of time so unless someone comes up with a magic way to handle H2, something like Methanol will easily beat out H2 as long term sustainable fuel. And it's just as safe as petrol and can be delivered using the same infrastructure too.

Just my 2cents. Well 2002 cents I suppose. Now I need to get back to reading about SAN storage and earning a living.

More on the Porsche VW Corner

2008-10-30T00:46:00.001Z

The BBC has a very succinct description of why those holding VW Short positions found themselves up the creek without a paddle:

What is upsetting the hedge funds is that if between 10% and 15% of VW shares were on loan to be shorted and only just over 5% were available in the market, it is likely that many of the funds that shorted VW had borrowed the shares from Porsche.

It meant that because Porsche had not declared the proportion of VW shares it controlled, traders may have been indirectly and inadvertently borrowing shares from Porsche, selling them to Porsche, buying them back from Porsche and then returning them to Porsche.

The Porsche Corner

2008-10-29T23:45:00.001Z

I first got wind of this from Brad DeLong’s comment on those who don’t learn from history are forced to repeat it.. Very true.

Porsche have managed to pull off quite an amazing stunt on the financial markets. They have been trying to take control of Volkswagen for the past few years and have been steadily acquiring more shares with a stated objective of gaining control of 50% of VW. This has been well known and Porsche’s execution of their plan was no particular secret. What was not known until earlier this week is that Porsche clearly went into overdrive recently and by the start of the week they had control of ~74.1% of VW’s shares (30.1% were in options they had acquired without anyone noticing). Of the remainder, 20.1% is owned by the State of Lower Saxony so this only left about 5% of shares actually available to anyone. Meanwhile quite a number of Hedge funds had taken significant short positions in VW (totally somewhere between 12.5 and 16% of the total volume of VW shares) assuming that their share price would be falling given the imminent recession, current market conditions and all the other perfectly valid reasons for thinking such things. Unfortunately they weren’t watching Porsche (or the overall net position of VW options either) closely enough. Once Porsche announced that they either owned or had controlling interest in over 74% of VW the holders of those shorts realized that 16 into 6 doesn’t go and had to scramble to acquire the shares they needed to ensure they could close out their short positions as quickly as possible – and since there weren’t enough to go round VW’s stock price took off like a rocket – it rose by 348% in just two days going from €278 to over €940. That latter price made VW briefly the most valuable company in the world as measured by Market Capitalization (at $376bn). Clearly that was an artificial situation but it’s pretty incredible that a relatively small company like Porsche (market Cap about €10bn) could be the owner of almost 3/4 of the worlds biggest company just by pulling off a stunt (albeit a very shrewd and well prepared one).

And now for the best bit. Today Porsche indicated that they might settle 5% or so of the 31% of VW’s shares that it holds options on in order to “increase the supply of shares”. VW’s stock price plummeted to €517 on that news which is no surprise as the previous days closing astronomical price was solely caused by lack of supply forcing the Hedge funds to bid up in order to limit their losses. Still that 5% will probably more than cover the entire cost of the exercise for Porsche. And also note that that only covers about half those with short positions so in order to close out the shorts a lot of those shares are going to have to change hands subsequently amongst those holding the current short positions. Talk about Porsche having their cake, eating it, then making you pay for it and forcing you to pay for it again.

There are lots of folks crying foul over this – not least all the Hedge Funds that have been burned to the tune of a collective €100bn or more. Then again they really should have done their homework better. I notice that apart from the pure Hedge funds there are also some familiar high profile actors from the recent broader financial drama that are also prominent players on this particular stage – viz Societé Generale, Morgan Stanley and Goldman Sachs. Those guys are really having a bad year.

More details here:

http://delong.typepad.com/sdj/2008/10/the-wolfsburg-c.html (a follow up from Brad DeLong)

http://www.bloomberg.com/apps/news?pid=20601100&sid=ahJ1LlQc4gKs&refer=germany

and earlier

http://business.timesonline.co.uk/tol/business/industry_sectors/engineering/article5033654.ece

http://biz.yahoo.com/rb/081028/business_us_financial_banks_volkswagen.html?.v=1

and some history from last year with a fairly technical article that shows how well planned this Porsche assault on VW had been

http://seekingalpha.com/article/57504-porsche-ag-s-volkswagen-takeover

It’s especially interesting to see how Porsche have mostly funded this entire exercise through trading VW options. That they were able to consistently make money doing that and at the same time create a climate where they could corner the market without all the other market experts noticing is nothing short of brilliant.

European Banking teeters on the edge

2008-09-29T22:14:00.001Z

I came across interesting (in the chinese sense) numbers on Leverage Ratios for European banks in an article at Vox last week (the original is here ). The highlight quote is:

The key problem on this side of the Atlantic is that the largest European banks have become not only too big to fail but also too big to be saved. For example, the total liabilities of Deutsche Bank (leverage ratio over 50!) amount to around 2,000 billion euro, (more than Fannie Mae) or over 80 % of the GDP of Germany. This is simply too much for the Bundesbank or even the German state to contemplate, given that the German budget is bound by the rules of the Stability pact and the German government cannot order (unlike the US Treasury) its central bank to issue more currency. The total liabilities of Barclays of around 1,300 billion pounds (leverage ratio over 60!) surpasses Britain’s GDP. Fortis bank, which has been in the news recently, has a leverage ratio of "only" 33, but its liabilities are several times larger than the GDP of its home country (Belgium).

Fortis got hacked apart yesterday, who’s next?

For a view of something closer to home (for my two Irish readers) Bank of Ireland’s overall leverage was around 27 as of last year sometime and AIB was around 18. So they’re not quite as bad as some of the worst in Europe but if they were to go catastrophically bust it would sting quite a bit. BoI lists its total “assets” as being $251bn (say €180bn at the going rate) or thereabouts. If I’m understanding such things correctly (and I may not be, feel free to correct me in the comments) then their leverage ratio means they have about €6.5bn in actual liquid capital with about €174bn hanging out in the wind in various financial products if they were to start to unwind. That’s coincidentally close to the GDP of Ireland but at least we have the ECB to help bail us out if something goes badly wrong. Thankfully the Europeans like us because we’re such good Europeans, oh hang on a tick didn’t we just vote no on something to do with that?

Also note that I’m amazed that even though the ISEQ is just continuing down a 2 year long slide from it’s peak of around 10K to its latest close at around 3200 that our glorious local stock market has evaporated 68% of its value in a mere 24 months. Makes Wall Street and the Dollar look like ace performers at the moment.

iPhone 2.01 Firmware Update

2008-08-20T00:52:00.001Z

So just as I get ready to recap on my iPhone 2.0 firmware review with some comments on whether the 2.01 release was any good, Apple comes out with version 2.02. Anyway I’ve decided to hack away with my impressions of 2.01 and I’ll come back in a week or so with a more comprehensive look at 2.02. Basically I noticed some improvements in 9 of the 15 areas I’d tagged as buggy in 2.0 which isn’t a bad hit rate for a 0.01 point release. I still have some problems though and 2.02 hasn’t fixed the worst of them for me at any rate.

The Good:

EDGE Performance. This might just be due to O2 improving their network but EDGE download speeds have definitely improved. Overall latency\responsiveness of web pages doesn’t appear to be improved but I just downloaded a 1.6Meg Excel Spreadsheet and it only took about 60 seconds (say 200kbps, possibly helped by being nicely compressible) which is way better than I’d expected. I can’t say when exactly this happened but four weeks ago I was seeing 50-100kbps when I checked. Latency still sits in the 100’s of milliseconds range so most web pages take an age to handshake through all the ads no matter how fast the download rate is but 200kbps is a respectable rate for EDGE.

SMS\E-Mail Typing Speed. Fixed ! Yay! Well mostly fixed at any rate, I’ve seen it happen again but I suspect that was due to the app installer problem detailed below.

Sluggish Contacts. Mostly fixed – there is still a 2-3 second start up delay if you have Exchange Contacts enabled but the general bowl of jelly effect is fixed.

Network Roaming – haven’t been able to test international roaming but my iPhone has been much better at handling cell-cell handovers since V2.01. That might be O2 improving their network but I think it might be the iPhone. Either way I’m happy.

General System Speed. I think this has been improved a bit but it’s a subjective thing and I can’t be certain.

General System Lock ups. Definitely rarer but not eliminated. At a guess we’re back to V1.14 firmware levels of stability which is a step in the right direction.

Safari Crashes. Full crashes don’t appear to be as common. Basic Safari page Amnesia behavior is unchanged.

App Crashes. Rarer but that may be the updated versions of the apps and not 2.01. The crashes may well have been entirely due to the app developers to be fair.

Push Mail Battery Life. I haven’t exhaustively tested this but it does seem to be better – getting more than a full working day from the iPhone now.

The Bad:

2.01 was only a bug fix release so it’s no surprise that the major features that were missing as far as I was concerned, are still missing: Cut and Paste, Contact Groups, Password\Credential Management, SIM Card Contact Export, Background apps, landscape view for built in messaging apps.

WiFi Hotspot Compatibility. No real change but the release of a helper app for Eircom WiFi Hotspots might go some way to resolving this for me and others in Ireland.

Time Zone Detection: No change, but this is a minor problem.

The Ugly:

App Store – Installation is now significantly worse. Apps lock up during the “installing” phase and can take anything up to 5 minutes to transition from “Downloading” to Installed. I’ve seen a handful of resets happen during installs too which is very poor. Overall the iPhone Application Installer has to be the worst example of a platform software management service that I’ve ever come across – Windows 1.0 did a better job of it. God help you if you need to make or receive an urgent call while an app is installing. Note – just checked this with 2.02 and it looks like I still have an issue - Bejeweled 2 (8.6Meg) took 30 seconds to download over Wifi and has now been “Installing” for 20 minutes with no sign of any genuine progress, I suspect I will have to “reboot” the poor beastie yet again.

General App Store\App Management issues remain.

Sync Speed – No change, total pants.

iTunes 7.7. Well that hasn’t changed and it’s still a pig. That said when combined with the TuneUp plugin I was able to clean up and polish my entire music library so that everything is now sorted, correctly named, displays with the appropriate art work, fully tagged with accurate metadata in mp3-tags and all the dupes have been removed. So while it is a pig, and an unforgivably slow pig at that it’s got some good points.

Additional things about the iPhone that bug me, a lot.

Yet again I have to emphasize that I love my iPhone but you have to be open and honest with the ones you love and well the iPhone, it has some warts and I was reminded of a couple more since my last post

E-Mail Attachments. You can view a range of attachments (Word, PDF, Excel, Powerpoint (?), MP3, AAC, TXT, HTML …..) but you can’t do anything with them beyond look. I got sent an MP3 that I wanted to use as a ring tone and all I could do was play it within the e-mail client, I couldn’t even save it into my music library for later playback as part of a play list. You have no way of saving an attachment for later use, or for making any real use of any attachment apart from viewing it while it’s still in your inbox. That’s just basically ridiculous.

[Not] Running apps in the Background. Apple may have an argument against leaving apps run CPU or other resource intensive threads in the background but I’m getting really sick of having to completely re-launch apps just because I wanted to quickly check a new e-mail, answer a call or some other typical activity that I need to do quite often. Good old fashioned DOS used to handle this better. This behavior makes the Windows Mobile way of doing things (ie never really shut anything down) look inspired, and while I hated that approach when I had to work with it I have to say it is vastly superior to the iPhone’s policy of killing anything that loses focus. I’m certain that virtually all iPhone app developers are screaming with rage over this, I know that as a user I’ve begun to stop using some apps because they just take too long to restart after being unloaded due to my needing to attend to an incoming e-mail or call.

Ringer Volume. Can’t remember why I forgot this before – I often miss calls because I don’t hear the iPhone ringing even when it’s on max volume+vibrate. The 3G apparently fixes this and it’s probably a hardware issue.

Reboot Time. I did this a good few few times because the whole phone appeared to have died during application installs. As it turns out the phone wasn’t completely hung, it was just that the app installer takes forever to do its thing and it basically prevents you doing much else while it’s busy. Anyway a “reboot” AKA a soft reset takes anything up to 5 minutes on my iPhone and that is so bad it’s laughable. I’ve never seen any other personal computing device take anything near as long to boot when it was healthy. Hell, I can hard reset and fully rebuild most Windows Mobile devices with an array of applications from scratch in less time.

WiFi Security Defaults. The iPhone’s WiFi work very well and are so good that you tend to forget about them but they are awfully promiscuous if you are not careful. You can turn them off but frankly I think that its WiFi should be a lot less “open” to connecting to what it thinks are “friendly” WLAN’s. The recent DefCon conference had a special call out wall for iPhone users who’s credentials were stolen by the various “unfriendly” but entirely open WLAN’s that were specifically set up at the conference to snarf victims who were careless enough to leave WLAN enabled devices running in any sort of open mode, and the iPhone was top of that list this year. Now the iPhone’s WiFi stack is amazing for the most part – it’s the best WiFi client for usability that I’ve come across on any computing platform of any type and it’s superbly power efficient – but it needs to be a bit more cautious about its approach to open networks, especially since Safari’s handling of cached credentials is so poor.

Safari. Selecting links has one behavior and it’s stupid by default – your focus is stolen and a new “tab” is opened so you sit staring at an empty page for 30-60 seconds while it downloads. This needs to be controllable and it must be possible to select a link (or links) and have them spawn and populate in the background so that you don’t lose focus and can keep yourself entertained while the links download. That said the current version of iPhone Safari appears to be able to complete the download of tabbed content even when they don’t have the focus so this does appear to be halfway to where I’d like it to be.

Also I really like to be able to download and save arbitrary files to local storage. Seriously Steve, I don’t care if you don’t want to save CrispyFries.MXR on your iPhone but I’d like to be able to save a copy on mine if I choose to, thanks all the same.

World Clock. Why can I set a time zone for Cork (population 200 thousand ) but I can’t set it to “Johannesburg” (population 10 million) ? Is it that hard to do an online lookup ?

Living with the iPhone 2.0 Firmware

2008-08-06T21:35:00.001Z

I love my iPhone so the following complaints need to be read as the constructive criticism of an avid fan but that being said there are some major headaches with the initial release of the iPhone 2.0 firmware. I’ve had to rely on my iPhone heavily as both a phone and as my only connected computing device over the past 10 days and by and large it has performed the job superbly, far better than any other phone I’ve ever owned could have I should point out but some of the issues have begun to seriously get under my skin.

Glaring Omissions:

The lack of “Cut and Paste” and basically any significant text editing capability (selecting large blocks of text for deletion or other actions) is just plain stupid. I’ve been reduced to using a pen and paper to make use of phone numbers sent to me by text message, and had to resort to the same stone age approach when trying to make use of other data sent to be via e-mail when I needed to use it elsewhere (passwords for my eReader account and Funambol for example).

The lack of structured contacts that correspond with the structured e-mail account layout. If you set up Exchange E-mail then your private contacts will be deleted unless you have jumped through some hoops first to make sure that you can recover them.

The lack of Groups (Distribution Lists) within Contacts…

The inability to save contacts to your SIM card or to somewhere else. Funambol have sorted that out pretty well but it’s a major flaw especially since the iPhone carrier here in Ireland, O2, provide a contact back up service for all phones apart from the iPhone.

The lack of a landscape view in any of the messaging apps, the places where a larger keyboard would be most useful.

Password\Credential management. My iPhone has about 50 of my username\passwords for web pages stored somewhere in it now but I have no way of checking out which ones they are, selectively or entirely deleting them, or any way to set a master password for the browser to prevent someone with access to the phone itself from accessing the places those passwords control access to. The only option I have is to set an overall password for the iPhone itself which I don’t want to do as it seriously impacts usability.

Apps that can run in the background. Apple’s excuse for this is feeble and they clearly don’t allow it because it might enable classes of applications that would impact Apple’s own product offerings or those of some of their partner carriers. I think it’s very poor form on their part not to admit to that.

Bugs.

General System Speed. 2.0 is noticeably slower than 1.4 at almost everything. It feels as if the device has had it’s CPU slowed down by about 25%.

General system lock ups. These were always an intermittent problem but thankfully I’ve seen only a handful on the original firmware over the three months I used it. With 2.0 I see a total system lockup once every day or so and they are a major pain to clear as the iPhone attempts to restore it’s working state when you shut it down completely and restart it.

Safari now crashes more than it used to. Safari has always had a tendency to just disappear if it hits a page it dislikes, and had major problems remembering your history if you drilled down through a sequence of links. This was most obvious, and most irritating, in Google Reader where Safari would forget the contants of your Reader view if you clicked through a link to read a full article or just follow an embedded link. Once you return to Reader you find that the article you were reading has now disappeared since Google reckons you’ve read it and Safari has forgotten you had it open so it just reloads the current state from Google.

The Safari crashes that I’m now seeing are more severe though – it locks up totally regularly and I’ve seen a situation twice now where the small thumbnail view used for browsing between actively open pages gets stuck permanently as an overlay. This can only be cleared via a full reset.

Application crashes. These are probably the app developers fault more than Apple but since Apple provide almost no diagnostic capability with regard to what’s running on the iPhone at any one time it’s hard to tell. There you are either launching or using an app and suddenly it disappears. In some cases it appears that the app has simply vanished into the background but in most cases it has completely died.

Push Mail battery life. Apple have managed to implement a push mail capability that delivers mail exactly as instantly as it should but it murders battery life even when you are receiving no e-mail in a way that the native Direct Push capability on Windows Mobile does not. Microsoft’s approach of keeping a session open by creating a huge TTL on the connection between the phone and the server while at the same time allowing the GPRS\UMTS\CDMA radio to suspend itself has clearly not been shared with Apple and it means that the Push service is not really usable. I get about six-eight hours of battery life with Push mail enabled without using the phone for anything and with no email being delivered, if I make a few short (<10 minute) calls and get a handful (say 20) e-mails then that time drops down to about 5 hours. Very poor.

The app store and application delivery. Apple had major problems with the Store when it started but those have now been resolved and it works the way they want to now. While it’s easy enough to use in its most basic sense it’s nearly impossible to find stuff within it as the Search function fails to see many of the applications for some reason. Once you have found what you want it downloads and installs apps cleanly the first time but if you have to reinstall them (say after deleting them or because the developer has released an update) it can get confused very easily. A series of updates to my apps got stuck because I lost WiFi connectivity and then refused to restart after I sorted that out. A full reset didn’t help and it took a sequence of steps where I deleted all apps and then reinstalled them in batches of five to get them all back. The real bummer about this is that once you have said that you want to upgrade an app the iPhone immediately disables the existing copy so I ended up losing access to my favourite apps for about two days when this happened.

Managing Apps. Application Management is very crude – you basically have a single flat list of all of your downloaded and installed applications and you have no way to set up any structure within that.

Sync Speed. Oh my God. Even with no music on the phone and only a handful of apps Syncing with iTunes was taking many minutes. Add in a few gig of music, a decent selection of larger apps and an average contact list and the default sync was taking 10-15 minutes – and it wanted to do that every time I connected the phone to my PC. Very poor.

SMS\E-mail typing speed. From time to time the text entry in SMS messages (and e-mails I think but I’m not 100% sure) slows to a complete crawl – when this bug kicks in it takes about 2-3 seconds for each letter typed to be acknowledged. You can actually continue typing ahead as fast as you like (up to the point where the letter highlight feature on the keyboard starts to get in the way) and it will remember all the keystrokes but it can take minutes to enter a short SMS when this happens.

Sluggish response from Contacts. Contacts seems to be permanently slowed down if you choose to enable Exchange E-Mail. There is an initial 5-15 second delay when you open Contacts up either in the phone, within an SMS or in an E-Mail and once it is open the responsiveness to touching the screen in order to navigate feels like you are trying to stir jelly. If I remove Exchange E-Mail the problem goes away.

Network Roaming. I’ve been doing this quite a bit lately and I have to say that the iPhone handles this very badly. It’s slow to realize that it’s in a new country and occasionally it flat out refuses to connect to any network unless you (once again) turn it completely off and start it up fresh.

Compatibility with WiFi Hotspots. So far I’ve found a sum total of one Hotspot provider (BitBuzz here in Ireland) where my iPhone actually worked and was usable.

Time Zone Detection. Despite having the phone set to automatically detect it’s time zone it completely failed to do so while I hopped across zones recently. On other phones it’s fair to say that this is a fault with the service providers as not all of them correctly send out the automatic Time Zone settings that are usually used for this but frankly a device with a built in location service that works that can’t use that information to correctly set it’s own time zone when the cellular network fails to deliver it is an embarrassment.

iTunes 7.7. What a pig of a piece of software. For some reason it refuses to import my music properly – it seems to barf when presented with a directory structure more than one level deep (I like to keep my music structured in folders by Artist and then Album). Once I get over that it has it’s deathly slow synchronization process which I just can’t understand. It seems to be impossible to easily migrate it from once PC to another (I wanted to shove iTunes into an XP VM all on it’s own and it flat out refused to give me a way to do that that didn’t involve dedicating an entire day to the process). The lack of effective keyboard navigation within the App Store in particular makes it quite annoying to browse around looking for stuff. And on top of it all it insists on making its own copies of my music for some reason even though I’ve asked it repeatedly not to – this may have been my own fault for wanting to keep my own music folder separate from Vista’s defaults but I’m determined to do that as Vista’s home directories (Music\Pictures\Videos etc) are seriously problematic for me because of the way they are built on joined directory structures that make it very difficult to back them up using tools like Robocopy.

All of the above referred to the 2.00 firmware release. I’ve just upgraded to the 2.01 firmware release and I’ll give it a few days to see how many of the above have been fixed.

iPhone 2.0

2008-07-19T23:10:00.001Z

The big tech story of the last couple of weeks has been Apple’s release of the iPhone 3G and the accompanying upgrade of the iPhone OS to V2.0. I haven’t had a chance to compare the new hardware with my existing 1.0 iPhone but there are only a handful of differences and none that are compelling for me, yet at any rate.

The 2.0 OS upgrade is a very different matter. The changes are significant and bring huge improvements to the platform – there are still some rough edges to be honest but the iPhone \ iPod Touch can actually now truthfully claim to be a computing platform, rather than just a (very) pretty phone or mp3 player with a good web browser.

For me there have been two significant changes that made the upgrade to 2.0 an absolute must.

3rd Party App Support. Apple are determined to stick to their walled garden model and the initial big bang launch of the App Store in iTunes had a lot of issues, especially for those of not in the US. They seem to have got a handle on things over the last few days and now that the most serious teething problems have been sorted the upside of Apple’s approach is pretty clear. Finding and deploying applications is simple enough for almost anyone to use. iTunes on either a Mac or PC provides an interface that any iTunes music store user will be instantly comfortable with and the 2.0 firmware comes with a built in App store browser that is even easier to use. The quality of the apps so far has been mostly average but the process works well, is easy for users and will hopefully provide a solid platform for third party developers to use for both commercial and free apps.

Exchange Push Mail Support. Exchange mail now works and is simple to set up (provided you or your company have already configured your Exchange Service for Push Mail support). Even better Apple provide an iPhone Profile generator for both Mac and PC platforms that allows anyone to package an entire phone configuration (including Certificates, Exchange Server Setup, WiFi profiles (including 802.1x security options), VPN and device access (PIN) policies) into a compact XML file that can be distributed to users’ iPhones either via e-Mail or from a web site. As a configuration process it is very similar to the WAP\OMA DM Provisioning protocol that I’ve used in the past to provision Windows Mobile devices but the device side integration is much tighter. The end result makes it very simple for small to medium sized business to deal with limited iPhone deployments with the out of the box Profile generator provided but larger organizations are likely to want to build their own as the protocol is pretty easily to automate. Using the documentation provided by Apple I was able to build sample configuration profiles myself and the process could easily be integrated into the sort of authorization and approval processes that larger or more security conscious organizations require. Remote device wipe is supported and can be user initiated via Outlook Web Access in the same way that is used for Windows Mobile remote wipe.

From a usability perspective the iPhone Exchange Push mail implementation is pretty good in terms of performance – like Windows Mobile devices it tends to receive inbound mail slightly faster than my Notebook’s Outlook client but the difference is only a fraction of a second. Battery life when Push Mail is enabled seems to be poorer but I still manage to get a working day from my phone – then again I don’t use it as a phone a lot at the moment so a busy user would probably struggle to get a full day from it. Calendar integration works but the features are basic and the UI lacks an option for a week view which I find particularly annoying. The big problem area for me is Contacts – on first syncing with Exchange the iPhone deletes all of your current contacts, without warning. I shit thee not as they say in the movies, had I not read about this in advance I might actually have lost all my contacts as I hadn’t backed up my contacts to my PC since I last rebuilt it and I would have been seriously annoyed had that happened. It’s a very odd problem as both Calendar and Mail both support multiple accounts so failing to provide the same multiple identity capability for something as important as Contacts on a phone is a major disappointment. At least they managed to integrate GAL right off the bat – that was a glaring gap in Microsoft’s own initial Push Mail offering with WM5. Other significant Outlook features that are not supported (for now) are: Folder management, opening embedded links to Sharepoint hosted documents, task synchronization, managing “Out of Office” settings, creating meeting requests and flagging mails for follow up.

One serious complaint that I have about the iPhone’s rev 1 Enterprise feature set is the nature of the support for client side x.509 certificates. The provisioning XML protocol allows administrators to embed full Certificate/Key files so it is possible to deploy full client authentication certificates however that’s a very poor model for secure Enterprise certificate deployment. Ideally one wants client side certificates to be generated using a secure requesting protocol ( PKCS#10 ) that keeps the private keys on the device and submits the request to the CA which can then authenticate the request and then return the (public) Certificate back to the device (in PKCS#7 format) where it is linked to the keys. This type of certificate deployment (or enrollment if you prefer) avoids the security nightmare that goes hand in hand with deploying full credentials in easily copied files. As it stands I can’t see that any organization that cared about security enough to want to use certificates for client authentication would choose to use this deployment mechanism for any significant volume. I’m quite surprised about this but I'm hoping that the reasoning was that this helps small outfits solve the problem of deploying certificates easily while there are better options available within the iPhone SDK that will allow serious Enterprise customers to build a proper certificate enroller.

Yet more on the Debian OpenSSL bug

2008-05-16T14:17:00.001Z

OpenSSL's Ben Laurie posted a lengthy comment about the bug and the various issues pertaining to it that clearly annoy him significantly. I'm not really qualified to comment on most of his points but this one is a real killer:

...my objection to the fix Debian put in place has been misunderstood. The issue is not that they did not fully reverse their previous patch - as I say above, the second removal is actually fine. My issue is that it was committed to a public repository five days before an advisory was issued. Only a single attacker has to notice that and realise its import in order to start exploiting vulnerable systems - and I will be surprised if that has not happened.

The spike in OpenSSH attacks that DShield detected earlier in the week indicates to me that he is dead right here - it now seems very likely to me that someone with malign intent did notice the unexplained patch and was attempting to exploit it. Posting a patch for a vulnerability as serious as this without publishing an advisory about it is pretty reckless IMO.

Debian PRNG Update

2008-05-15T09:26:00.001Z

As is to be expected brute force attack tools are beginning to be rolled out. The really nasty aspect of this is that (as I said yesterday) any cryptographic material that was created on an affected system is now compromised so in addition to the obvious SSH vulnerability servers that use or have used SSL certs issued by an affected platform are no longer secure and any SSL traffic that has been captured can be decrypted, secure mail ain't secure or even authenticatable and signed code is suspect . I don't think that this is likely to affect any high volume commercial sites but I might be wrong in assuming that providers of such certs would not be using a software based crypto provider.

Metasploit's HD Moore has a detailed write up and already has downloads of tables of all possible 1024, 2048 and 4096 bit RSA keys available.

The Debian OpenSSL\OpenSSH PRNG* bug

2008-05-14T08:50:00.001Z

Debian announced that they had a major crypto bug yesterday. Two years ago a patch was introduced into the Debian Linux distribution that was intended to eliminate a class of bug (use on un-initialised memory in a buffer) that was highlighted by a security analysis tool ( Valgrind ). In general you don't want to do this and such memory should rightly be regarded as "tainted" as it could be used as a launch pad for a bunch of injection style attacks but for a random number generator seeding function such un-initialised memory is (potentially) a useful (or at least not harmful) source of entropy. While removing this item from the code a similar line of code in another function was also removed that severely reduced the amount of entropy provided to the random number seeding algorithm and this restricted the range of random values used to generate OpenSSL keys. I haven't been able to get a definitive analysis yet but it appears that affected systems are limited to producing only 262148 pairs of distinct keys. If that is the case then this is a really serious bug. I'm intrigued by the fact that this came out just after a significant spike in SSH brute force attacks was detected by DShield (amongst others) over the past week. I'd be very interested to see if these SSH attacks were attempting to use any of the list of known suspect keys prior to the public announcement, although now that this is out in the open they are almost certainly doing that.

Most of the discussion has revolved around OpenSSH which is fair enough as that is what the vast majority of these keys will be used for but OpenSSL X.509 certs issued by any Debian based system are almost certainly also affected and if so there may be some very important cases where dodgy Debian keys are in use by people who have no idea that they were issued by a dodgy Debian distro. It's very, very unlikely that this affects any of the mainstream Certificate providers but any cases where people are using certificates issued directly by a service provider are potentially at risk.

Larry Osterman provides (as usual) a succinct and very fair explanation of the issue on his blog here.

Updated to add the obligatory XKCD cartoon:

* Updated again to point out that I've just noticed that the Debian announcement uses the phrase "predictable random number generator", PRNG always breaks down to "pseudo random number generator" in my head but "predictable" is a much better way of putting it when you think about it. :)

BBC Sub Editors' Headline of the Month

2008-04-17T06:12:00.001Z

"Psychics Face Uncertain Future"...

Well it gave me a right giggle, I just heard it on Breakfast TV and it doesn't seem to be up on the web yet but I'll link to it if and when it does; apparently the Gummint in the UK plans to introduce some regulation for those charlatans who claim to be able to divine the future. I can't wait to see how they propose to achieve that wonderful goal - perhaps practitioners will be required to actually make successful predictions in order to remain licensed?

Yeah I know it's an old sub editing classic but I was delighted that the BBC was prepared to roll it out...

Microsoft fixes Windows Live Hotmail access on Windows Mobile 6

2008-04-07T10:51:00.001Z

A couple of months back I complained about the fact that AT&T had removed the Windows Live Services components from their Windows Mobile 6 ROM upgrade for the BlackJack. The net result of this was that it became almost impossible to set up Hotmail access on the BlackJack which I thought was pretty stupid. AT&T weren't alone in this so many Windows Mobile 6 users were unable to make use of Microsoft's own online services which seriously hampered the take up of Microsoft's Live Mobile services.

It appears that Microsoft has taken note of this and done the right thing - the Windows Live for Windows Mobile components are now available as a download so users can now fix this cleanly and legitimately.

The direct download of the cabs for all versions of Windows Mobile 6 is available here. Thanks to Jason Langridge for giving us the heads up.

The cost of Mobile "Broadband"

2008-04-06T12:18:00.001Z

I was just listening to some Vodafone PR rep on Today FM's Sunday Business Show and was fuming at the mouth at her compete failure to forthrightly answer the questions that were raised. I was even more irritated by the questions being put by the host and the other guests - nobody seems to have a handle on the scale of the extortionate scam that is being run by the cellular operators.

Their claim is that they have a mobile broadband experience available with national coverage and that it is affordable and even cost effective\competitive. In Vodafone's case they claim "88%" cover for 3G services but will only explain what that means if the person posing the question really nails them - in this case the SBS didn't push the question sufficiently. It's not just Vodafone though - the others aren't significantly different although in some areas their competitors really are showing them up,

Now for starters I am a fan of cellular broadband and I want it to succeed but these sort of claims are clearly rubbish and need to be exposed so that consumers can understand what they can get and feel happy to pay for it if they want to use it. The providers also need to be pressured into actually delivering the quality of service that consumers deserve at better pricing. It's incredible that Vodafone and O2 can charge lower rates across the board in the UK when they parted with tens of billions Sterling to purchase their UK licenses and had to pay nothing for the same licenses here in Ireland. At the time it was estimated that the costs of those licenses would amount to something close to £100-200 per subscriber per annum for the lifetime of the 3G technology. I would love to see our regulator putting them under the microscope for that - the decision not to charge a license fee was supposed to lead to lower prices and it clearly has failed to do that.

Anyway on to the claims made by Vodafone. Their current claim of 88% coverage for 3G services refers to the percentage of the population covered, I believe. In practice it means that baseline 3G services (ie 384kbps down and 64kbps up) are only available within about a kilometre of large towns and cities. If you find yourself in an area that is even vaguely "in the country" you will fall back to the GSM (2G) voice and the GPRS data network with its 50-60kbps downlink and 16kbps uplink data rates. High speed 3G (HSxPA) services (with 1-3+ Mbps downlink and 64-1Mbps uplink) are only available in very limited large urban areas at the moment. The HSxPA roll out will extend to cover the existing 3G services base over the next year or so but Vodafone do not currently have any near or medium term plan to replace the bulk of their geographical are cover with 3G services because they have a significant technical and financial problem in doing that: there are no (or not enough) appropriate 3G frequency bands that are cost effective for large rural coverage right now and that will remain the case until the 900Mhz GSM band can be re-allocated to 3G. A 900Mhz 3G base station is in practice capable of covering 4-16x the physical area that an 1800Mhz cell can cover using transmitters and handsets of the same power. Vodafone have a major problem moving their GSM services from 900Mhz because of all of the (mostly rural) telemetry services that they provide over their 900Mhz network to electricity, water, gas and other utility providers who all jumped on cellular telemetry solutions from Eircell way back in the mid 90's. I don't think any of the other Irish cellular providers took a significant part of that market but until Vodafone is in a position to replace that GSM 900 network they will certainly find it nearly impossible to extend their coverage significantly past 90% of the population (ie <<20% of the geographical area of the country) and if they can't compete in that market O2 are probably not going to bother either. Neither 3 or Meteor are in a financial position to fill that gap so for now, I'm afraid, rural mobile cellular broadband remains a distant dream.

Vodafone also claimed that 1Mbps is available for most users today [ note they didn't claim 88% had 1Mbps available just that 88% were covered by 3G] and 3Mbps will follow soon. I don't think that the 1Mbps claim is true in the way most people would understand it but if the initial HSDPA rollout has progressed to cover all of the large cities in the country then it might be arguably true. Assume it is true for a minute.

Right now if you buy a 3G data capable mobile phone as a consumer the basic Vodafone tariffs give you the ability to buy a data bundle for €10 per Month (15Megabytes) or €15 per month (25 Megabytes). The killer is in the marginal price per meg of €2.50\€2.00 for any data in excess of the bundle. [This has halved in the last couple of weeks, it used to be €5 per Megabyte for any data in excess of the bundle]

If you wanted to watch a movie on this "Mobile Broadband" service you would be sucking down somewhere in the order of 1Gigabyte of data. Now that might be a bit mad on a phone but if Vodafone do actually live up to their promise and deliver a 3Mbps service sometime soon you could (in theory) download a 1GByte movie file in about 45minute - 1 hour which isn't that bad. At a cost of €2 per Megabyte for each meg over 25Meg though it would cost you €2000 for the privilege, which is crazy money to be charging for what is relatively little data in this day and age.

If you buy a Vodafone 3G data modem for your PC you get 5GB of data for around €40 per month so you could actually use it to downlaod and watch some movies [a reasonable expectation from a "Broadband" product] but again any data above that gets charged at the ludicrous marginal rate of €20 per Megabyte - so your sixth movie download would cost you €20,000. Thanks to Brad for correcting me on this, it's 2c/meg which is far more reasonable, sorry for that folks.

O2's charges used to be even worse but their iPhone data plan gives me 1Gigabyte of data for free and all excess data is charged at 2c/Meg [that's 100 times cheaper than Vodafone's marginal rate] so I could get one movie download for free and any additional one would cost me about €20 [including the hypothetical sixth one which would then have been 1000x cheaper than it would have been over a Vodafone 3G modem]. The problem with the iPhone [currently] is that it only supports EDGE data rates which are around 100kbps at best so a movie would take a full day to download at best and probably would take 2-3days to download in practice. It's pretty obvious that almost nobody will ever download significantly more than 1GB / month on a current iPhone so O2 Ireland's decision to cap it at 1GB was a bit stupid - they would never lose any money on it and they have taken a lot of pointless criticism over that minor point since nearly all other iPhone suppliers have just given the users an "unlimited" data plan. Personally I could care less - I've been using it heavily from my perspective for three weeks and I've only used 30Meg of EDGE data in total and have yet to incur a single additional charge of any sort on my monthly bill. That's all well and good from a cost perspective but the iPhone's limited cellular radio cannot be described as mobile broadband under any circumstances.

And in all of this I haven't even started on the craziness around international mobile data roaming charges that are so arcane that Vodafone once had the nerve to tell me that until they actually run their monthly accounts they could not tell how much a particular roaming data connection was going to cost. That was total nonsense, of course, but a senior Vodafone exec insisted it was true and I would assume that cellular execs will continue to make such claims until they are publicly ridiculed about how incompetent it makes them look.

Clearly none of the Irish providers are actually anywhere close to delivering a useful and cost effective mobile broadband experience and any time anyone of them claims that they are they should be smacked down.

iPhone Update

2008-04-02T08:57:00.001Z

I've been using it for a fortnight now and I have a few additional thoughts. Overall I think I like it more than I did when I got it but there are a few annoyances.

As a basic phone it has proven to be better than I'd hoped - making\receiving calls is quick and reliable

Battery life is slightly better than I expected. Under my normal usage profile it's probably good for two to three days between charges but that drops rapidly down to less than a day when I make extensive use of data. I don't make many calls so for someone who spends a lot of time talking it is probably only good for a day or two at most between charges but on average it is better than any other "smart" phone I've ever used (and I've used a lot). What surprises me the most is that battery life is worse when using Edge\GPRS rather than WiFi for data.

The WiFi stack is excellent - the whole networking stack is better than any other device I've ever used.

The hardware mute key is something that every phone should have. This isn't new or unique to the iPhone, all the Palm Treo's have it as do some other phones, but it is universally missing from Windows Mobile devices and I'm not aware of any Nokia\Motorola\Samsung phones that have one.

The touch screen's ability to recognise finger tips and filter out all other interactions is amazing. It's a simple idea that you don't really notice at first (which makes it even more amazing) but it's done very well and it transforms the touch screen interface from a kludge to something that is a huge advantage.

Despite the brilliance of the touch screen for general UI purposes the on screen keyboard is a very poor substitute for a real QWERTY keypad. It's usable if you are stationary and focused entirely on the device but there's no way you can use it while walking or distracted in any other way. The BlackJack's keypad is a vastly better input method.

The lack of the A2DP Bluetooth profile (high quality stereo audio) is stupid. You can have the full iPod experience integrated with phone functionality out of the box via the wired headphones but you can't have that with Bluetooth.

The camera is just average but the whole integration of the camera with e-mail works perfectly so I've taken to e-mailing pictures to myself rather than go to the trouble of syncing via a PC and I am delighted that I can now just take snaps and send them to people the way I should always have been able to on camera phones in the past but never did because the user interfaces were always so poor or the transmission mechanism (MMS) was so lousy. Despite this the camera interface on the iPhone is too basic and desperately needs a dedicated hardware shutter button - for one thing it is virtually impossible to take a picture of yourself (or yourself with someone else) which is something that I tend to want to do occasionally.

The lack of extended applications, whether they are from Apple or third parties, is a major pain. I want a proper e-Book reader and some games for a start and while the "iPhone Web App" concept makes a stab at that it is, frankly, a lousy user experience.

It looks gorgeous and feels great to hold initially but it is too shiny and slippery overall. I just know I'm going to have it slip out of my hands at some point. At a minimum it needs some sort of rubber\textured grip around the edges. Fingerprint smudges on the screen don't appear to be a problem.

It doesn't make enough use of the internal accelerometer\tilt sensor as a UI feature. Where it does work (when switching from landscape to portrait mode in various applications) it works well but it should be used much more.

The SMS interface is great. The simple and consistent implementation of a conversational chat layout for historical messages is wonderful.

The contact manager needs to add the ability to implement and manage groups. You sort of get this capability after the fact if you mail or send and SMS to multiple contacts but it really should be implemented up front. The Contact Manager should also be on the front page of the UI.

The Recent Calls application should also be part of the front page of the UI.

Device Management from a basic user perspective is poor. For example you can clear cookies\history from Safari but you can't manage remembered passwords. Cleaning up old messages in SMS or e-mail is a painful one at a time process (although this is fixed in V2 I gather).

What I've been Reading

2008-04-02T07:52:00.001Z

I've been a bit slack posting but I intend to rectify that to some degree as I'm reading a very entertaining book at the moment that is giving me lots of ideas about interesting things to write about.

In the meantime here's the latest update on my reading efforts.

In Flight:

Nassim Nicholas Taleb: The Black Swan. This is the very entertaining book that is giving me so much to think about. It's basic premise is that humans pattern matching brains are poorly equipped to deal with the unexpected. I will be posting about a lot of his principle ideas but I'll pull out one quote that captures the basic idea of the book

The unexpected almost always pushes [projects] in a single direction: higher costs and a longer time to completion.

At a simplistic level this seems logical and inevitable but on the other hand it is a damning reflection on modern humanities inability or unwillingness to honestly assess risks and the "planning" profession in general. He's just as scathing about almost every other profession too which is partly what makes it so entertaining.

The book is full of annoyances and Taleb is outrageously arrogant however I have to give him the benefit of reading the whole book before I decide whether he is unjustifiably arrogant or not, I sincerely hope it is the latter as I'm enjoying this book more than any other non fiction that I've read in years.

Finished:

Jon Ronson: "The Men Who Stare At Goats". It's funny and interesting but it really failed to grab me and I don't think that Ronson made as much of the material that he seems to have had at his disposal as he could have. Part of the problem is that he was writing a funny book and he tries to hard to make the characters he encounters comedic stars when many of them are at best sad and deluded and at worst insane and dangerous. 4/10.

Arthur C. Clarke: "The Songs of distant Earth" and "Rendezvous with Rama". Clarke's recent death led me to dig out these two for a quick read to see if his writing still holds up to my memory of it. In short, it does. He was an excellent story teller and both of these stories are great SF yarns that haven't dated badly in the decades since they were written. 7/10

Terry Pratchett: "Strata". This is one of Pratchett's two early SF novels. This one is particularly interesting as part of the plot revolves around a "discworld" that is built by some mysterious alien civilization. It's a pretty good run of the mill SF book but it's main attraction comes from seeing Pratchett's early ideas about how such a discworld would have to work in a universe that (sort of) played by the rules of our own. I liked it a lot but it is probably only a book that compulsive SF addicts or complete Pratchett fan's should read. 5/10.

Looking Forward To

Charlie Stross: Saturn's Children

Alastair Reynolds: The Prefect

Alastair Reynolds: House of Suns

Terry Pratchett: Nation

So I got an iPhone Last Week

2008-03-25T10:51:00.001Z

And it is almost as good as the fanboys would have you think it is. Eddie suggested that I may be a bit smitten by the shiny-shiny-ness at the moment and that I may become more critical of it over time so I think I'll kick off a couple of blog posts about it so we can all see whether the reality distortion field's effects are persistent or ephemeral.

I've ranted at length to anyone who'll listen over the past few days about the hassle I got from both Vodafone and O2 when I indicated that I wanted to buy an iPhone and switch over my number. Now to be fair to both companies they were acting sensibly from their own perspectives but it left me feeling like neither one really cares much about their actual customers. Vodafone's staff were reluctant to let me know that I could cancel out of my contract cheaply (at a cost of around €40) is understandable but it took me an hour to extract that from them after I fended off a number of frankly daft suggestions that would have either cost me far more money or required me to abandon my existing number. O2 then had me hand over practically every piece of personally identifying information that exists about me - if their internal data security protocols are ever compromised I dread to think how fubar'ed my privacy will be. Finally the iPhone registration process required me to give a similar degree of personal data to Apple so basically I felt about as happy at the end of the purchasing process as I would have been after a visit to a proctologist.

Anyway that trauma aside my initial impressions of the iPhone are:

The user interface is stunning. It's highly responsive (far, far faster than iTunes on my PC for example and it leaves all WinMobile devices in the dust). It's (almost) entirely internally consistent which is a major relief after Windows Mobile which changes spots at every other step. Simple things like the flick to scroll gesture used to handle any display item or list that extends beyond a page and the pinch-to-zoom concept are wonderful to use.
Safari works far,far better as a viable web browser than anything I've used before. It is nowhere near being a viable replacement to something like the PC versions of Firefox or IE6/7 but it makes all versions of Pocket IE, Opera Mobile and Netfront look miserable. It's lack of support for Flash is a major deficiency, as is its inability to handle any form of streaming media that I've tried (apart from the dedicated YouTube app) but it is slick and fast enough to make browsing fun despite the limitations of the screen size (more on that later)
The lock in to a provider means that set up is pretty much all done for you but there were a few odd quirks. Most notably the Alarm and Calendar app time zones were left at the US Apple default (Cupertino). Setting up WiFi is simple and straightforward but I suspect things would have been different if my home network wasn't running on 802.11g with WEP (I know that is not secure but I, frankly, don't mind - I need to keep it because I like having my DS linked to my WLAN).
The data network management interface is almost entirely hidden but that's actually not much of a problem as it works exactly the way it should. It detects WLAN's and allows you to set them up if you are trying to do something that requires a data connection and a WLAN is visible, thereafter it just remembers it and stays connected. No messing about. It switches invisibly to WLAN and back to EDGE when it needs to and you never get bothered by it. From a usability perspective it makes even my PC's Wireless network management look lousy and in particular it makes Ubuntu's issues with WLAN look pathetic. The only real options available to the user are to turn off all radios (Flight Mode) or to turn of WLAN (which presumably will save some battery life). So far battery life with WLAN enabled and heavily used has been very good - I've spent sessions of over three hours browsing that burn up about about 30- 40% of the battery. That's 2-3x better than the best Windows Mobile device I've ever seen.
Battery life when using Cellular data (EDGE) is not as good but I can still get approximately 3 hours continuous heavy use before running out of juice.
E-mail setup using G-Mail via IMAP is straightforward. It works, it's not "push mail" but it suits my needs.
Importing Contacts is a pain. Perhaps there is a better way to do it but the best option available to me was to use the Windows Contacts system to manually capture my contact details from my old phone. If I had Outlook set up that might have been simpler but I really wish Apple had an actual contact manager built into iTunes .
The Camera is alright but frankly little more than a gimmick. I don't use phone cameras for much apart from taking pictures of the occasional pint and emailing them to people I want to tempt into the pub but this one seems at least as good as the average, possibly better.
I've never had an iPod but the iPod mode seems to work pretty well. I can't understand the fanaticism that people have about them to be honest. It's an MP3 player, it sounds good and has an acceptable interface. Personally I'd like more capabilities on the device such as being able to build play-lists based on searches and the like but I'm not complaining really. Time will tell if it grows on me.
The touch screen keypad is much better than any other touch screen keypad I've used but it's still vastly inferior to any half decent thumb pad such as those on the Blackjack\Treo.
Battery life is good when you just use it as a phone or when you have a WLAN nearby but its cellular data radio chews up a surprising amount of power. In general I'm charging it every night though , and more often than that if I'm using WWAN data which makes it about on a par with an average Windows Mobile device overall.
The phone dialling \ in call options, ring tone\ alert tone management stuff seems to be good to excellent so far. No sign of the dreaded five seconds of silence that the Blackjack suffered from at the start of many calls for example.
There are just enough buttons to get the job done - a Home Key to back out of apps or wake up the device, a sleep\reset key to shut down and lock the screen, volume up\down buttons and most importantly a physical mute switch which is a godsend.
I was worried that 16GB of storage would be a bit limiting but it turns out that I actually only have about 10GB of music so that's more than enough for me.

Things that are not so good

The aforementioned lack of Flash and streaming media formats in the browser.
Where's the Cut and Paste folks? ?? Monumentally stupid decision not to have it.
How do I select a block of text and just delete that? Seems to be related to the Cut n' Paste issue and is just as stupid.
The lack of a Storage card Slot and a replaceable battery are craptastic anticustomer decisions IMO. I still bought the device even knowing that so clearly it doesn't matter that much but both are still very poor design decisions.
The pseudo GPS Cell tower\WiFi location system doesn't work at all which is a let down. I expected this to work at least as well as it does with the Windows Mobile GoogleMaps app on the Blackjack.
Calendar doesn't seem to integrate with anything, kind of makes it useless for me but since Google Calendar SMS's me for all important events it's not all that vital.
The custom iPhone port is a bit lame - what's wrong with USB? Why bother reinventing the wheel for very device? Well apart from using it as an excuse to extort money from customers looking to replace the sync\power\av cable that is.
Safari crashes a couple of times a day. In general that appears to be related to the so-called iPhone WebApps but it's still poor. It recovers pretty well, and in fact you might even miss it happening if you weren't paying attention but they were definitely crashes because iTunes repeatedly asks me if I wanted to send the crash dumps to Apple.
Safari tends to "forget" the session state of some open tabs periodically. This may be related to the crashes. It's mostly just annoying but it could be really harmful if you were switching away briefly from something that you wanted to keep (like a post into a message board\blog comment etc)
The entire phone locked up twice the first day I got it. Both times happened just after I plugged the phone into my PC. Recovery required the iPhone equivalent of a Windows Mobile Soft Reset. It hasn't happened since but I haven't done much syncing since either.
iTunes Store support on the phone. It's sort of kind of there and you can buy some stuff directly from the phone but you can't grab a podcast with it for example which is just plain dumb.

Things that I'd like to see

A more stable browser,
Flash support
Either a real thumb pad (A slider design should work) or good haptic feedback for the onscreen keyboard
Real GPS
User replaceable battery
Better support for streaming audio feeds.
HSxPA 3G support would be nice.
A better screen resolution. The screen is excellent but it's not widescreen and at ~160dpi it's no where near best in class when compared to the best of the opposition (the VGA\XGA Windows Mobile devices). If I were voting I would be pushing for at least a 720x405 (16:9) but 1280x720 (ie 720p native) would be ideal.

Overall though it is even better than I'd hoped and despite the negative online comments regarding its cost (€499 for the 16GB model / €45 per month) it is certainly a cheaper option for me than Vodafone over the 18 months that I'm now stuck with it. I've already used about 20MB of data which on its own would have cost me €100 from Vodafone.

iPhone to be Launched in Ireland by O2 Today

2008-02-28T09:22:00.001Z

I heard this on the radio this morning and apparently O2 are finally launching the iPhone officially in Ireland on March the 14th. Pricing will be €399(8GB)/€499(16GB), €45 per month package including some unspecified amount of built in call time and 1GB per month of data.

Since the best deal I've been able to get from Vodafone is currently costing me over €100 per month just so I can get some data this actually looks like a good deal.

I have lots of reservations about the iPhone but frankly I think that it's positives should more than compensate for it's deficiencies especially since I'm not too bothered about the capacity - I'd prefer a 30/60GB data capacity but I'm not an iPod junkie who needs to carry my entire music collection with me and in terms of other data (e-books etc) I'm getting along fine at the moment with my BlackJack with a 1GB MicroSD card.

Thoughts?

Full Disk Encryption DRAM Attack

2008-02-22T14:25:00.001Z

Ed Felton never fails to deliver interesting things but his announcement yesterday of a viable attack against full disk encryption products by using the fact that DRAM isn't actually as volatile as we thought it was is a doozy. Memory scraping has been used before, for example it was the method used to lift the encryption keys that led to the first successful attacks on the HD-DVD\Blu-Ray AACS security system. Most of the previous uses of memory scraping that I've come across required that the attackers worked within the constraints of the active OS and that meant that software based defences could prevent these attacks provided developers (of the OS and the applications) were careful. Windows Vista for example protects encryption keys and other secure data in memory and prevents other processes from accessing the keys. The specific problem here is that even when a Trusted Platform Module (TPM) is used the OS doesn't use the TPM to handle the actual decryption of the disk data. In Vista's BitLocker, for example, the drive is encrypted with an AES key called the Full Volume Encryption Key (FVEK). That key is stored in encrypted form on the hard drive and it is encrypted using a key called the Storage Root Key#. In the simplest model that key is generated within the TPM and never leaves*. This means that the the SRK is very secure. However the FVEK must be available to the OS as it needs that to decrypt the drive data on the fly. This means that even with a standard TPM module protecting the keys, the FVEK must remain unencrypted in memory in some accessible form. In practice it will be stored in a predictable data structure and Felton's team have found that it is not very hard to locate if you have access to a copy of the physical memory from a running system.

It should be noted that Microsoft explicitly called out the potential for this class of attack in their BitLocker documents ( e.g. on slide 16 of this BitLocker presentation from 2006) where they note that the physical PC must Memory Overwrite on Reset in order to prevent physical memory attacks and that is a feature of the Trusted Computing Group's client platform specifications but I'm not aware of any systems that actually implement it. The problem with Overwrite on Reset is that it's only a protection in the case where the attacker reboots using the same BIOS. It definitely makes the attack much harder though - without it USB key and PXE Boot based attacks are perfectly viable.

The attack works because the TCG's trusted platform specifications (and the various software based full disk encryption products) do not require the use of cryptographic hardware to handle the decryption of the actual drive data. If the FVEK was never decrypted to RAM but was instead retained within a cryptographic hardware module then all the drive data would have to be channeled through that module in order to be decrypted and that would be a serious performance problem. Current DRAM technology has throughput speeds in the range of 2-5Gbit/sec and hard drives are typically in the 400Megabit-1Gbit/sec range. The typical TPM of the type used in consumer PC's (e.g the ATMEL AT97SC3203 ) are too slow (Atmel chip has a 100khz serial data interface) and doesn't provide support for streaming bulk decryption and so could never be used for this sort of task in any case. The hardware to carry out decryption at the sort of speeds that hard drives operate at is available and given that HD-DVD, HDCP and Blu-Ray all require decryption speeds in the range of 400Megabits/sec so it should be available but overhauling PC architectures to integrate this would take time. Felton's team's paper identifies some other options - the simplest of which is basically making tamper proof memory. In any case whatever the implementation it will require a bit of care and attention to detail in order to be genuinely secure. Bunny Huang's attacks on the original Microsoft X-Box attacks showed why it's dangerous to separate cryptographic functions across a connecting bus that isn't encrypted although the capability to do this sort of active attack is not trivial. My gut feeling is that the best eventual solutions to this will be cryptographic modules built into the core cpu that provide high bandwidth decryption, key management and the rest of the TPM functions so that no unencrypted keys ever end up either in RAM or moving between modules over a snoopable bus. Intel had plans to do this but I don't know if it's actually made it into production hardware yet beyond some of the Bulverde mobile CPUs that were sold to Marvell.

Overall this is a very interesting demonstration of what had been a mostly theoretical attack. It's not a new "class break" in the sense that it was a known potential vulnerability and memory scraping is a common technique but their demonstration of the persistence of sensitive encryption data in DRAM following a reset is certainly going to give the security community (and the hardware hacking community) lots of new risks and opportunities to ponder.

# I'm not a Bitlocker expert so forgive me if the terms are wrong - I've seen some documents discuss the Bitlocker trusted boot process that refers to the Volume Master Key (VMK)that appears to be what I'm calling the Storage Root Key (SRK). The principle remains that there is a master key protected by the TPM that eventually decrypts the actual AES key that decrypts the disk data that is stored in memory.

* This is not the case when using some of the Bitlocker key recovery options. Whether the SRK is attackable or not doesn't change the fact that the FVEK ends up more or less in the clear in physical memory once the OS has booted.

What I've been Reading

2008-02-17T14:21:00.001Z

In Flight.

Jon Ronson: "The Men Who Stare At Goats". Just getting started on this and not sure where it's going but we'll see.

Finished:

Craig Murray: "Murder in Samarkand" . A must read for anyone who is genuinely interested in the true cost of the west's abandonment of the principles of liberty and natural justice in the execution of their "War on Terror". I've seen events like those described by Murray unfold before when I was somewhat close to the political action during South Africa's transition to democracy but in that case the efforts of the British, Americans and the EU at large (especially the Danes as I recall) were, by and large, directed towards fostering genuine democratic change and nation building. It must be said though that that represented a change of heart for most of the parties involved as many of the suddenly very friendly types I met regularly in the early 90's had spent upwards of twenty years either encouraging the former Apartheid Government's various anti-communist "wars" or supporting and training their various formal and informal opponents. That included (for example) facilitating the supply of Nuclear Weapons material and technology to the South African Government in the 1970's despite the fact that doing so was in breach of the NNPT and training many people (on both sides) of that particular fight on methods of terror. The fact is that realpolitik has always meant that countries' "diplomatic" actions have often been morally suspect and for my part I've never doubted that the morality of these people (Diplomats and their political and military "Advisors") is something that I would always have thought was dubious at best but I was still chilled by this insider's description of what appears to be a complete state of moral rot at the heart of the British Foreign and Commonwealth Office under Blair's New Labour Government.

There's much to doubt in the story, it is just one person's account of a political\personal conflict that involved many, but it has far more than a grain of truth in it, especially with respect to the attitude of the British Government towards a seriously questionable "ally". His story does lead me to see him as an arrogant and wilfully careless man in a personal sense and one that was frequently culturally arrogant to such a degree that I often felt that he actually got into less trouble than he deserved for his behaviour. Despite this, and maybe even because it strikes me as being honest in a "warts and all" sense, I think that his account of the events surrounding his time as British Ambassador to Uzbekistan is about as close to the truth as we're ever likely to get from anyone directly involved. We now know that many of the claims that Murray makes, which were strenuously denied initially by the British Government, are almost certainly true and I suspect that very few of his more serious accusations are far wrong. I suspect that some of the opposition that he almost universally saw as political was actually just personal but overall it is still almost certainly true that he was nailed because his stance against the Uzbek Government was politically unacceptable and this lead to him being targeted because he was unwilling to follow the (New Labour) party line in supporting the post 9/11 wars in the Middle East.

Given the fact that the the ruling faction in the US establishment is making every effort at the moment to justify its acceptance of torture as an interrogation technique, that the Police and Government in the UK continue to try and make "Thought Crime" a reality, and the fact that no matter where we live we all continue to suffer extensive and egregious loss of personal liberty as a result of the security theatre surrounding the "War on Terror" this book is a welcome, if disturbing, description of just how easy it seems to have been for those who describe themselves as protectors of liberty to have thrown away almost everything that that used to stand for.

As a work of literature it's probably not much over a 5/10 and maybe even less so you have to work at reading it but as an expose on the reality of politics in a post 9/11 world it gets 9+/10 .

Iain M. Banks: Matter. Banks returns to the Culture with a classic. I'm sure there will be many critics complaining that this is "just another Culture" story but I was delighted by it. I would have read this in one sitting had I been able to stay awake long enough last night, I found it absolutely engaging and a pleasure to get lost in. It's paced well and in the end the storylines converge into what may be one of Bank's best closing scenes ever. I would still love to see Banks try his hand at something Sci-Fi but closer to home (in the way that Vinge did with "Rainbows End", or MacLeod with "Execution Channel") but if he kept churning out Culture novels like this one I'd not be complaining at all. Excellent, 9/10.

Looking Forward To

Charlie Stross: Saturn's Children

Alastair Reynolds: The Prefect

Alastair Reynolds: House of Suns

Terry Pratchett: Nation

It's The User Experience, Stupid

2008-02-15T16:17:00.001Z

I haven't used an iPhone yet but it's pretty clear that at least in terms of its internet browsing experience that it does deliver on the user experience that it promised. Having had a lot of experience with the alternatives - Palm, Windows Mobile, Symbian and a shed load of other minor hand held platforms - I don't find it in the least bit surprising that Google has found that the iPhone crops up in their access logs 50 times more than the next most popular mobile platform. The browsers on all of the other mobile phones are awful and users are simply not using them because the experience is unpleasant.

The other problem is that with the vast majority of carriers your average Joe Public user hasn't a hope in hell of figuring out what "browsing" will actually cost. That situation is one where the US is now significantly further ahead than the rest of the world - it's still a poor service by comparison with full blown broadband but at least flat rate data contracts are available and understood there - those of us in our highly regulated European markets are not generally as lucky as I've ranted on about before.

So I'm amazed when the industry say they are surprised when an outsider manages to create a device that users actually choose to use despite realising that its success is almost certainly due to it's intuitive usability and transparent cost.

It's also hardly surprising that other mobile phones don't get a look in when (for example) you can't even get to Google's home page directly on a Vodafone* consumer phone that is configured for their "mobile internet". You can get to it but you have to switch over to their ISP internet service and then you will pay handsomely for the privilege. Switching over isn't hard per se but it requires a non trivial amount of research that effectively prevents the vast majority of their subscribers from ever even trying.

O2 Ireland's recent announcement of a partnership with Bebo joyfully proclaims that their users can now get to Bebo for Free! (up until November 30th after which it will cost €1.50 per week, offer subject to conditions, the value of your investment may fall as well as rise, yadda yadda yadda). What's clear here is that the absence of anything like network neutrality in the mobile sphere means that the providers are determined to ensure that they will get to retain ultra fine levels of control over traffic and will certainly charge more to carry traffic to more popular web sites. Vodafone do something similar for Exchange push e-mail and I'm certain that they all do - the ability to differentially manage traffic is seen as a huge revenue spinner. I don't particularly blame them for making money from it but I think that in choosing to do things this way they are seriously limiting the size of their market and they are acting as a major roadblock in the development of new mobile data services.

This could be fixed fairly easily and I think the end result would be increased revenues (and far happier customers) for the mobile providers that chose to do it right, it certainly should be a windfall for those that chose to jump first. Make it easy for users to understand their costs (ie make data access flat rate), abandon the walled gardens and optimise your networks for the stuff that is popular (Google, YouTube, myspace, bebo, facebook, IM, Flash games ...) and then get hammering on at the handset manufacturers to make kit that has a good user experience for those things. You will get a flood of new customers once they actually begin to see real people using them in the wild - they have been duped by claims of "Mobile Internet" that is in reality no such thing for so long that all such marketing claims from Cellular companies are now simply ignored and almost nobody buys a phone yet for its internet data capabilities. The exception to this is, of course, the iPhone which has continued to succeed past its over-hyped launch because it actually delivers those type of capabilities to real people. Deliver something like that and a cellular provider will have a compelling feature that will give them a good enough reason move and they will abandon their existing providers.

That's obvious right? You'd think so but the fact that I can't buy a phone today with a half decent browser and a data plan that allows me to browse YouTube today that will also let me use tomorrows next new thing just as well tells me that the providers don't want that to happen. Not yet at any rate and their surprise at Google's iPhone usage stats is not very convincing.

* Vodafone Ireland at any rate.

OpenID Developments

2008-02-14T00:28:00.001Z

The OpenID Foundation recently announced that a significant chunk of the premier league heavyweight tech companies ( Microsoft, Google, IBM, VeriSign, and Yahoo ) were joining their board. This follows hot on the heals of Yahoo and Google's initial implementations that in theory mean that all of their current account holders either have, or can fairly easily have, an OpenID compliant authenticator. There's a long way to go before OpenID based authentication actually becomes mainstream but these announcements mean that OpenID's chances of succeeding are a lot better than they used to be.

A number of us have been wondering when we would start to see a viable hardware based authenticator that would work with OpenID - now at least one vendor has begun to do just that and is selling what appears to be a simple to get and simple to use hardware based token for OpenID. This could be the start of the really interesting stuff. OpenID on it's own does little to resolve phishing style attacks and is no improvement at all over standard username\password authentication in situations where the network is possibly compromised. OpenID tied to CardSpace\InfoCard closes these holes reasonably effectively but both are still quite fragile (in my experience), somewhat tied to specific platforms and hot portability is a bit of a problem (it's definitely a high risk behaviour when it involves un-trusted local hardware).

This type of hardware based authenticator could, if implemented correctly, solve many of the shortcomings listed above. It should share CardSpace\InfoCard's protections against DNS hijacking\Evil Twin type network interception attacks and hash table attacks against intercepted authentication sessions. In addition it should be portable enough that you could use it on any and all systems of your choosing and it should be very resistant to local interception\snooping so that you could possibly use it safely on totally un-trusted local hardware such as PC's in Internet Cafe's.

I also believe that hardware authenticators are likely to be perceived by the public to be much more trustworthy than software solutions, even in situations where both are technically equivalent. This is only based on personal anecdotal evidence but my experience with users of hardware based authentication tokens in the past has been that people trust them far more than software solutions that are technically more robust, and continue to do so even when the weaknesses of the system are demonstrated.

Of course a lot depends on how well designed the specific hardware implementation actually is. For my part I've ordered one of TrustBearer's usb key devices so I can see whether it does deal with these things properly. I'll be posting some more on this once I've had a chance to put it through the ringer a bit.

I've seen the future - and it's very cool.

2008-02-12T09:39:00.001Z

Eddie got a really cool toy yesterday - the Celestron Sky Scout. It's a really clever handheld device that uses GPS and some internal electronic accelerometers to figure out where you, what you're pointing it at and it then tells you what that thing is. It only tells you about astronomical things since it's entire purpose is to act as an electronic star chart and that might seem pretty dull to those who have no interest in that sort of thing but I reckon that even those totally uninterested in astronomy and star gazing would find it addictive. It's very quick and that combined with an intuitive interface means that you get carried away looking at the sky in a whole new way, at least for those of us who haven't taken the years it takes to actually memorize it the tedious old manual way using paper charts and binoculars. You can point it at something in the sky and it will tell you what it is or you can pick something from its internal database and it will direct you to where it is in the sky. Its list price of around $500\€500 depending on where you live makes this a pretty expensive gadget which is the main reason I never bought one but Eddie managed to pick his one up, new, on E-Bay for about half that which is definitely worth considering. It has a bunch of connectivity options to allow you to connect it to a PC to update the internal database of objects that should allow it to be used for satellite tracking although I don't know for certain (yet) if that's true. In any case it really is a revelation to use and shows how a fully location\orientation aware device can be fantastically useful.

Coincidentally I read an article on Google Blogoscoped this morning about a more intuitive approach to mobile search that describes something that is practically identical in broad concept to the Sky Scout - simply point this (hypothetical) device at something you are interested in and it will tell you exactly what it is and possibly a whole bunch of other stuff about it. Alternatively it could give you spatial clues (as opposed to the directions that standard GPS systems provide) to allow you to find something within your field of view.

Having seen how the Sky Scout totally changed the way I saw the sky last night when I had it I am certain that we are going to see a host of these type of systems released over the next couple of years that use similar principles to provide people with devices that tell them a host of useful things about what they are looking at and enable them to find interesting stuff around them. I can't wait.

"Mobile Internet"

2008-02-11T11:08:00.000Z

It's in quotes for a reason. Vodafone do not provide the service that I need and I want to figure out what my options are. They charge me €5 per megabyte to use the only service that I can find that they provide that works for the connectivity that I want to use and I find that to be exhorbitant*.

They claim to offer a 500Meg per month "Mobile Internet" package for €9.99 per month which would actually suit me perfectly for now but their "Mobile Internet" requires me to use their live.vodafone.ie GPRS APN and that does not allow me to access any of the services that I want. I would expect something being described as "Mobile Internet" to allow me to get to http://www.google.com , for example. On my Windows Mobile 6 based Blackjack it doesn't work and whatever it actually does do is not Internet connectivity of any sort in my book. Their isp.vodafone.ie APN does work (more or less) but that results in the aforementioned €5 per megabyte charge.

So what are the alternatives? A quick search through the competition has demonstrated that none of them clearly provide a service that is obviously a genuine mobile internet data connection (for a phone that is) and those that appear to provide something are not obviously cost effective.

I'd love to see some evidence that there was genuine competition here. Since the market is heavily regulated (necessarily in my view) and the primary area of competition is for their voice and text products I would actually have expected that data would be one area where there would be genuine differences in the scope and cost of the services offered. I honestly thought when I opted for Vodafone that that was what their €9.99 bundle meant but I have been very severely disappointed by that. So if anyone reading this has any suggestions, or better yet some hard data from experience, please post a comment.

* I initially had this phrased differently because I have handed over the best part of €300 to Vodafone over the past three months for a total of around 60Meg of data that I believe should have cost me no more than €30 and that upsets me no end. Clearly I should have paid more attention to the terms and conditions but lads, I hate getting screwed and the way this was pitched means that I was screwed as far as I'm concerned even if you are perfectly protected by your very comprehensive terms and conditions. Congratulations on the €300 win but for me when I feel that a company screws me I get heavily encouraged to never give them any more business.

What I've been Reading

2008-02-08T10:38:00.001Z

Niall Ferguson: "Empire". I picked this up on a whim while browsing the special offers selection at Borders sometime back in August I think. When I brought it home I was tempted to find some reviews online but decided that it would be interesting to read it and form an entirely personal opinion of it before I let other people's views colour mine which I've managed to do despite the four month hiatus in the middle caused by moving house.

My general impression has been that it is an excellent overview of the rise and fall of the British Empire. It's necessarily shallow throughout as there is simply no way that something as complex a subject as this is can be dealt with in detail in a single 400 odd page book. Despite that, I think Ferguson manages to capture many, if not most, of the important events and driving forces that led to the creation and demise of the what was certainly the largest Empire the world has ever known and he does so in a very appealing and entertaining way. He is at his best when he attempts to explain the likely motivations of the principle actors while putting them in the context of the day. He doesn't avoid dealing with the many horrors that enabled British Imperialism to gain and keep control of many of its subjects and by and large seems to do a good job of putting them in a context so that the reader gets a credible impression of how the Zeitgeists of the Empire at large and the British Homelands developed over time.

My own personal understanding of British Colonial history has been informed mostly by an exceptionally biased standard Irish education, Irish cultural norms and what I picked up in my 10 years in some other former Colonies, (South Africa and Botswana) and which has given me a relatively patchy understanding of what the British Empire really was about and almost no ability to understand how it actually managed to become what it was.The brevity of the book meant that I was surprised by how little of the history of the countries that I was familiar with made it into his story but I can understand why he needed to be selective and I think that the overall value of the book is not hampered by the fact that Ireland gets no more than a handful of pages mostly concerned with the original Elizabethan Plantations, and the lead up to independence while South Africa is almost entirely focused on the economic and ideological fallout from the South African War (the Boer War as it is known here). It seems reasonable to assume that the same can be said about how he chose which parts of the histories of the other ex colonies and the key events in Britain to include and which to avoid.

This book filled in a lot of detail onto the broad outline of British Imperial History that I had and in particular it put some good arguments forth for why it succeeded when it did and failed the way it did. What I found really interesting was his understanding of the decline from 1914 through to the rapid unwinding of the colonies post WWII and his positioning of the emerging economic and ideological imperialism of the United States as key factor.

He makes a good (maybe even compelling) argument that some of the fundamental principles of British Imperialism made it a good thing (eventually) for many of those countries that at one time or another were part of it. He is at times too dismissive of any alternative paths but he is right in claiming that countries that today can claim that these principles still apply to them are, in general, better places to live than they would be without them. In particular he points out that by and large the British Empire tried to introduce some features into the societies that it conquered that are generally now believed to be a good thing:

Secure rights of private property.
The framework for effective contract law.
Stable Government that plays by clearly known and understood rules
Honest Government and public service.
Moderate levels of Government - small in size (relatively speaking), efficient and with low taxes
Free trade (at least within the club)

These claims are to me unarguably correct and pretty obvious when you travel through the former colonies. What the Empire failed to do by its very nature was to build a universal foundation of representative democracy. Where it did do that it has stuck well but that has happened reliably, for the most part, only in the White Dominions. The other major failing, to my mind, is the one that those of us who grew up in post colonial societies most despise the empire for: Its singular failure to introduce universal rights of personal liberty. Arguably you couldn't have built an empire on those grounds, at least not at the time, but Ferguson certainly seems to think that, well, you've got to break a few eggs to make an omelette so that's OK, right? Some might not be so sanguine.

The book seems to me to have suffered badly right at the end due to its timing, in particular his concluding chapter positions him as a sympathizer with, or at the very least not an opponent of, the post 9/11 "new world order" ideology of a new imperial hegemony of the western powers. He certainly believed at the time (2002/2003) that the military actions that had started (Afghanistan) and were likely to come (Iraq) would follow the pattern of mid Victorian British Imperial Gunboat Diplomacy and be successful in the same sort of ways. Certainly my current opinion on the complete lack of moral and ethical motivations that lie behind the "War on Terror" lead me to be dismissive of anyone who appears to be sympathetic to the jingoistic reactionary mood of the first years of the millennium but his rather fawning description of Blair's 2001 "re-order the world" call to arms speech at the Labour Party Conference just after the 9/11 bombings appears to be very simplistic in the light of the damage done to Liberty in the west by those who heeded that call and led their countries into seemingly interminable wars. Ferguson's admiration for the benefits of empire despite what he sees as occasional collateral damage is clear throughout the book but I wonder whether he really believes that a present day empire could survive having to do the sort of things that would be necessary to impose its order on the world as it is today. He fails to even begin to address those issues in his conclusion despite clearly positioning the United States as the new Imperial power if it would just decide that it wanted to take on that role actively. An Empire might be a grand thing when it's all up and running but if you have to decimate populations (or the leadership structures of populations) across the globe to get there that seems to be something that would present a problem given the way the world works today. Or at least so it seems to me, possibly some people still think you can actually just kill enough people and then everything will be fine but I rather doubt it works in a world where everyone can see it happening almost immediately.

Present day ideological problems aside, the one other area where the book left me feeling let down was in his dealings with the unwinding of the empire at its end. He wraps up the chapter on the decline of the Empire right at the point where the rapid de-colonising program was unfolding and he fails to delve into the consequences for those countries almost entirely. He notes than in many cases the de-colonization process was hurried but doesn't attempt to analyse whether there was any correlation between the post colonial failure of some countries and the care (or more specifically the lack of care) taken when they were being "handed back". The speed with which the empire had grown in the late 19th and 20th Centuries meant that many colonies had had little time to develop a society that accepted the cultural norms outlined above and those were repeatedly corrupted, stolen or simply abandoned in cases where the imperial departure was careless. Much of the torment in Africa and the Middle East today can be directly linked to the failure of the decolonising Europeans to establish a sustainable or equitable transition for the states put in place. Not all, to be sure, as it didn't fail in many cases but where it has it has been very bad indeed.

Overall though despite the obvious ideological differences that I have with the author it's a very worthwhile read especially for anyone who's exposure to history has been as biased and censored as my own was, or someone who simply wants a succinct overview of the British Empire written by a fan and it is immensely readable. I'll be looking for more by him. 8/10.

Postscript: Now that I've finished my own opinion I went and looked for others. It appears that he's a fairly controversial but well respected figure within history circles. His Thatcherite leanings are certainly plainly evident throughout this book but I was heartened to see that despite having been a supported of GWB when this book was written he had changed his mind by 2004 so perhaps he is not as ideologically alien to me as I'd feared. In any case it seems that I will have to add "The Pity of War" and "The War of The World" to my reading list now.

What I've been Reading

2008-02-05T11:42:00.001Z

In Flight:

William Gibson "Spook Country". I will have to restart this I'm ashamed to say. I started it in September and got distracted and I can't really remember what its about. Unlike every other Gibson book I've read this one didn't immediately grab me so I didn't get very far and was still a bit lost as the plot was finding its feet.

Niall Ferguson "Empire". This is turning out to be an excellent story about the evolution of the British Empire and the varied paths that British Imperialism and its colonies took as the Empire grew and then declined over the past four centuries.

Finished:

Colin Tudge: "The Secret Life of Trees". It's a great book for getting a quick overview of what Trees really are. You will learn, for example, that much of the commercial use of timber uses names that are really only accurate in terms of broad appearance (Pine for example of very often not really Pine) and he does an excellent job at describing the genuine diversity of Rainforests vs the simple abundance of life that is a feature of the various temperate forests. I ended up feeling that the book was way too short which is not a bad thing really as I hope it will prompt me to go and read (heck even study) some more detailed books that dig deeper. Overall this was an excellent read although the list nature of the first 50% of the book might seriously dismay some readers. 8/10

Richard Dawkins: "The God Delusion" . I had to take a break from reading this because of all the other stuff that was happening over Christmas (oh the irony) but once I got back to it last week it became a proper page turner. "The God Delusion" is a thoroughly lucid and engaging effort to get people to start thinking rationally and humanely about what Religion really is, what it claims it is and what that means. This is a much better written (or possibly edited, who knows) book than "The Selfish Gene". Dawkins never gets caught up in the style of detailed technical argument that was necessary in some of his earlier popular works and he has developed a significantly more approachable tone since he wrote "The Selfish Gene" in 1976. The result is concise and engaging prose that keeps the book accessible and (at least for me) entertaining. His destruction of the arguments for belief are comprehensive and powerful. Clearly I'm not someone Dawkin's needs to convert so I can't say how convincing these arguments would be to a believer but from my point of view he demolishes almost all of the viable counter arguments to rational atheism that I've come across. In particular he eviscerates the arguments for belief like "Well you can't _prove_ God doesn't exist, he might you know", "Religious belief is necessary for morality and to make us good" and (my particular pet hate) "Religion makes people feel spiritually better and sure what harm is there in that". 10/10.

Oliver Sacks: "The Man Who Mistook His Wife for a Hat". I picked this up at a friends house out of suriosity and read it in one sitting at some point in mid 1980's and I've wanted to re-read it ever since but just never got around to getting my hands on a copy of my own. Returning to it was a revelation in a number of ways. For those who are not familiar with it, it's a fantastic collection of stories based on fascinating examples of the bizarre effects of neurological damage. Some of the stories are terrifying when you consider what must be happening in the minds of those that he describes but for the most part Sacks has chosen stories that show how incredibly adaptable the human mind can be even when it is the victim of severely destructive trauma or illness. The stories remain fascinating and Sacks recounts show him to be an incredibly caring medical practitioner, were something to happen to you like has happened to any of the characters in his case studies I thing you should hope that those who ended up treating you were similarly driven to care for their patients' well being. Two other things stood out for me on re-reading this after two decades. The one thing that most surprised me was just how heavily obscure much of Sacks' prose is - he just dumps neurological and psychological terminology onto the reader in a heap and leaves it up to you to research the terminology or plow on regardless. In addition to that he is equally obscure in much of the prose that he writes. I don't tend to have a dictionary nearby when I read and only very rarely look stuff up as that tends to upset my reading style but I was hard pushed with this book. I had no recollection of that aspect of the book but at the time I read it I was reading stuff by Camus and Balzac for fun so that may be no surprise now that I think about it. The final thing that struck me was just how intrusive I found the religious overtones in the book are, I definitely didn't see it that way when I read it first - a small sign of progress in my own mind I suppose. Overall this is a 9/10 book for me though despite ( or maybe because ) it actually made me work harder than I expected.

Cormac McCarthy: "The Road". I've never read anything by Cormac McCarthy before and the only reason I bought this one was that somebody described it as a non Science Fiction Post Apocalyptic story which I couldn't quite get my head around. The description is perfect although it doesn't even begin to do justice to the book. It's quite short, you'll read it in one good sitting if you have not much on on a weekend. The psychological pressure is relentless, the story is terrifying from the very start and everything about it is depressing so don't go near this if you're having an existential crisis but in the end its something that I think everyone should read and most will enjoy. The writing is awesome but since I spend most of my time reading fairly run of the mill SF and Fantasy that's not very surprising. I suspect though that despite the fact that I am un-qualified to judge that McCarthy is something very special. 9/10.

Charlie Stross "Glasshouse". I forgot to blog about this after I posted my comments on Stross's latest work "Halting State" a couple of months back. It's an interesting enough far future SF tale that explores the concepts of identity within a society where minds and bodies can be easily replicated and changed. The story takes place within a Big Brother style experiment where groups of volunteers have opted to participate in a reconstructed "Dark Ages (ie 20th Century-ish America ) within the eponymous "Glasshouse". It's a good idea and pretty well executed but I thought that it lost its way somewhat in the middle and to be honest I was far more interested in the potential of the universe within which the Glasshouse experiment was running rather than the storyline that unfolded within. For me Stross has done better work and given my bias towards Space Opera I hope he returns to the style that featured in Singularity Sky and Iron Sunrise although another Accelerando or Halting State would be fine with me too. 6/10

Kim Stanley Robinson "60 Days and Counting". In short, disappointing. GrrlScientist has a pretty accurate review of it over at "Living The Scientific Life". The story started out pretty well in "Forty Signs of Rain" began to go a bit astray in "Fifty Degrees Below" and this just capped it off as a lost cause. It's very unfortunate as I've really liked some of his other stuff ( his Red\Green\Blue Mars Trilogy is excellent ). 1/10

Kim Stanley Robinson: "Icehenge". Just before I picked up "60 Days and counting" I got this on a whim as I'd heard nothing about it and assumed (correctly) that it was an early exploration of the sort of ideas that Robinson would go on to bring to fruition in the Mars Trilogy mentioned above. I was pleasantly surprised to find that despite it's age (it was first published in 1985 or so) it managed to age pretty well considering the fact that it's set in the nearish future. Some aspects of the story line are a bit jarring (the complete absence of interpersonal communications technology even on planets, the almost complete absence of personal computing resources, the continued human drudgery and manual labour) but the story works well enough and it made for a good bit of escapist SciFi with just enough of Robinson's thoughts on politics and sociology to make an entertaining story genuinely interesting. 6/10

Yet To Start:

Robert Harris: "Imperium"

Craig Murray: "Murder in Samarkand" ( thanks to Daithi.)

Jon Ronson: "The Men Who Stare At Goats"

Looking Forward To

Charlie Stross: Saturn's Children

Iain Banks: Matter

Alastair Reynolds: The Prefect

Alastair Reynolds: House of Suns

Terry Pratchett: Nation

Windows Live Mail on Windows Mobile 6

2008-01-31T13:00:00.001Z

I have a Samsung Blackjack that I recently upgraded to Windows Mobile 6. I like it a lot and I want to use it for more stuff. I also have a pretty nice Windows Live mail address that is 10 characters long including all the @'s and .'s which was a pretty good trick I thought and it is a good enough e-mail address that I'd actually like to hold on to it for as long as possible and heck, you know, make use of it on my phone. Since Windows Mobile and Windows Live both got major releases\udates last year there was a good opportunity for some collaboration between the Live Services folks and the Windows Mobile folks to get something like "Push Mail for Hotmail" working and my understanding all along is that once I got WM6 running I could dive in and get cool integrated stuff, easy as pie.

To be fair to the Windows Mobile and Live Services guys they seem to have delivered what I'm looking for. You get this wonderfully integrated client with the WM6 platform called Windows Live for Mobile. As you'd expect you enter your credentials into it and you have Search, Mail, IM and maybe more all working hyper snappy because the client is designed to deliver content perfectly on small screen devices over relatively low bandwidth links. Apparently, I believe. I can't say whether it actually does or not because my Windows Mobile 6 device doesn't include this helper app and that appears to be a common problem, at least with AT&T supplied devices. Because of the way the WM platform is engineered and the fact that OEM's and Telecom Carriers get to decide what is actually included in the package many of the WM6 devices that end users are buying have specific Microsoft supplied components removed. To make this even more of a pain you can't (easily* or legally**) get a copy of the missing bits and install them yourself manually. If optional OS components are not delivered by your Carrier\OEM then tough luck, you just ain't getting them buddy.

What's worse is that I can't even use POP\IMAP to sync Live Mail with the built in e-mail client on my phone because I don't have a premium account. The only option available to me on my phone is to use the http://mobile.live.com interface over Pocket-IE. That works and it's a pretty well streamlined web app optimised effectively for mobile phone use but it's nowhere near as slick as a native e-mail client would be.

In stark contrast to this I am able to set up and configure my Gmail account to work with Windows Mobile's built in e-mail client. The process even has an automated setup where the Windows Mobile E-Mail client automatically handles all the nasty POP\IMAP\SMTP server configuration stuff and the result works perfectly well me.

I understand that Microsoft has an operational strategy for Live.com that has led to the limitations on POP\IMAP access so that only paying subscribers get access to offline mail through third party app's and I understand that Windows Mobile has had to allow OEM's (and Cellular Telco's in particular) to remove some features they see as competing with products of their own. However the end result is the absolute lunacy of a situation where this degraded Windows Mobile 6 mail client provides me with a (far) better service from Gmail on Windows Mobile than I do from Microsoft's own Windows Live product.

I'm not without resources as far as the Windows Mobile Platform is concerned and since I got a bit irritated as I finished that last paragraph I decided to see how hard it would be to fix this. I pulled a copy of the relevant files from a WM6 platform setup which gave me the "Windows Live for Mobile" installation bits. I was able to install it on my phone just like any other app and now I have a the nice compact Windows Live client with my Live Mail configured. Configuration is just as it should be - username and password only and off you go. So it would be possible for Microsoft to provide a one shot installer and config utility for any (application unlocked***) WM6 phones if someone was to really want to do it.

Anyway I have it working after a little work (and it works excellently) but I can't help but think that this is not a good way to go about increasing market share.

* For your average punter - clearly if you know about *-developer.com it will be fairly easy for you.
** See above, it might be pretty easy but it's certainly legally suspect and in breach of someone's TOS
*** Most are these days by default but if not the net provides sufficient info on how to unlock most that aren't.

What's On Your Keyring

2008-01-31T10:18:00.001Z

I'm a sucker for gadgets and Jeff Atwood's recent blog post about the stuff he keeps on his keychain had an effect on me that I can only describe as being just like the way a moth is forced by genetically honed instincts into spiraling into a candle flame. I know I should just take a look, admire the toys, and move right along but unfortunately I just keep coming back. I think I searched for that post to go back and read bits again about 10 times until I finally cracked and bought one of the toys.

So having succumbed to the flame I'm now the proud owner of a Fenix L0D RB80 60 Lumen LED torch. It's tiny - about the diameter of an AA battery and 1.5 times as long. This thing is bright enough to dazzle and leave you seeing spots in broad daylight if you're dumb enough to stare directly at the beam (Doh!). It throws out about as much light as a 10 watt traditional incandescent bulb which doesn't sound like much but I'm amazed that the technology has advanced so much that a light like this can run at that intensity for about an hour off a single AAA battery, and for many hours at its lower intensity levels.

Here's a shot of it with a few other toys sitting on my mouse pad to give an idea of scale:

From left to right: Logitech VX Revolution - the best working (as opposed to gaming) mouse I've ever had, Samsung Blackjack, Fenix L0D RB80, Peter Atwood Bottle Bug and my trusty old Victorinox SwissTool which is coming up to 8 years old and still as good as ever

Yeah I know I shouldn't be allowed near shiny things but what can you do. :)

Google tests QR Codes

2008-01-30T13:35:00.001Z

A minor story is doing the rounds on the Interwebs about Google's experimental adoption of the 2D Barcode for use in their print advertising. Google's 2D Bar Code info page is pretty thin on information but they make it clear they are using QR Codes* which have gained some some momentum in Asian markets over the past few years. Joel Spolsky reckons they are just as stupid an idea as CueCat's barcode palns were when they tried something similar 7 years ago. He was definitely right then and CueCat definitively lost that battle but I wonder if he's as spot on as he usually is with this one.

He makes one important claim that is central to the use cases that QR codes (and Semacode from which it is derived) are supposed to enable - "typing URLs is not hard".

I beg to differ. Typing anything on almost any handheld device is a hassle. Yes the iPhone has a good virtual keyboard and my Samsung Blackjack has a very good QWERTY Thumb-pad but entering any sort of complicated or long string of data into any mobile device is painful. Yes it's possible but it's not intuitive and the lack of fundamental capabilities like cut\paste on a large percentage of mobile platforms makes it even worse.

Typing http://www.google.com is not very hard even on a 12 digit standard phone and it's certainly pretty easy on my Samsung Blackjack but something like http://www.amazon.co.uk/MANFROTTO-MN190PROB-PRO-TRIPOD-BLACK/dp/B000MQFQU6/ref=pd_bbs_sr_1?ie=UTF8&s=gateway&qid=1201606992&sr=8-1 certainly presents a nearly insurmountable obstacle in terms of usability. The general use case for these codes is to provide a simple mechanism for users to lift usable data from a physical object (which might be a display screen) nearby that may be time consuming, hard or damn near impossible to enter manually into a handheld device in the time available. In terms of use cases think for example about a user on an escalator in a metro system seeing an interesting advert for a concert they might want to check out wanting to capture the relevant details as they pass, or a user at a trade show wanting to get more technical data on an item on display. You can certainly take the time to accomplish these things by hand but the idea is to make it easy enough so that the potential number of people acquiring and making use of the data is increased significantly.

The above fairly tricky URL for a Manfrotto Tripod on Amazon UK becomes the following QR Code:

(There are quite a few online QR Code Generators - I used this one to generate this)

That captures reliably on my Samsung Blackjack in about 2-3 seconds. I haven't bothered to try and type out the full URL but even on a PC I'd be hard pushed to enter that in under 20 seconds even if I chose to navigate by going to Google and searching for "Amazon Manfrotto MN190ProB" so the convenience and usability arguments have some merit.

I used the QuickMark QR Code reader for Windows Mobile Smartphone to test that code. It's available for free (once you register) and it's small (255kb) and quick to install. They support a pretty wide range of platforms and at a quick glance appear to support a pretty comprehensive selection of the most popular handsets. QuickMark's reader is pretty snappy - I can unlock my phone, navigate to the reader, launch it and read the above code in about 10 seconds. QuickMark also understands some additional meta formatting so it will give you a link to the URL if the encoded data is a URL, or prompt you to add the data to your Contacts if it's a contact card format, send and SMS if the format is SMS and a whole lot more. Apart from QuickMark there are a few other offerings, Google themselves have put some work out on Google Code to encourage folks to build an Android QR code Reader and there is also a sample QR code reader under development for the iPhone.

Microsoft started some limited experiments with 2D Barcodes using the QR Code format via Windows-Live Barcodes which was open to the public to play with briefly in late 2006 but it seems to have gone into lock down at some point since then and I get access denied pages when I try to link to it's current (supposed) home at http://confucius.live-int.com/.

There are some limitations - the most obvious one is that mobile phone cameras are pretty pathetic and even though the QR code standard supports codes containing up to 3-4K of text the practical limitations of camera resolution (fairly low quality 2 megapixel) prevents my phone reading anything more dense than 145 character codes. That prevents some interesting use cases at the moment but it is more than sufficient for linking a phone to a fairly complex URL that can then do a lot more - especially if the link contained geo coordinates for example.

Anyway I'm clearly a fan. I've played with QR codes a lot in the past and I've done a lot of work with Barcode scanning equipment and believe that the reasons why barcodes are so useful in a commercial\industrial context (reliability,convenience,speed, context control [scan that particular box, read the code on that particular bag ..]) could apply very easily to consumer contexts if there was a sufficient critical mass of consumers equipped with devices that made it easy to consume them.

That last point is a big problem though, while I now think that a majority of the current generation of mid range consumer hand held devices are capable of supporting a 2D barcode reading application today only a very, very small minority actually have one installed and working. Unless the manufacturers and vendors pile onto this almost universally (as happened in Japan) then it's simply not going to get the momentum it needs to take off.

So unlike Joel I am quite glad to see that Google has joined Microsoft in doing some experimental work with them as that might be a sign that we will start to see a significant enough percentage of devices becoming available that support QR code scanning by default. Once that happens then maybe we will all join the Japanese in having our phones tell us about the nutritional content of our burgers.

* QR code is trademarked by Denso Wave, inc.

My Latest Toy

2008-01-25T19:17:00.000Z

Last year when I was visiting my sister I got to play with a fantastic toy that belonged to my youngest nephew Jim (aged 5). The Nerf Maverick as it's called has simply got to be the most awesome toy gun ever made. Now I hate guns, the real kind, with a passion but I always had a soft spot for the toy variety and this thing is like something that has come to earth from a universe where outlandish weapons like Deckard's hand cannon from Blade Runner or Judge Dredd's Lawgiver really exist.

I was keeping an eye out for one (for me) whenever I was shopping for toys for my various younger relatives but I never found it for sale here in Ireland. Late last year I found that ThinkGeek had them for sale for the excellent price of $9.99 each. They have a very funny video demonstrating that you can (if you are sad enough) use them to star in your very own Live Action Doom Movie.

Anyway I went and bought two last week and they arrived yesterday - here's one of them on my laptop to give you an idea of how outlandish they are.

OK that could also be used to show how small the M1330 is. :)

As if they weren't enough fun as they are a couple of folks have taken the base units and modded them to improve the range and increase the barrel spin speed. There's even a market for pre-modded Mavericks.

Anyway - I'm quite happy with my $19.98 purchase, the cats however now hate me :)

Samsung i607 Blackjack Windows Mobile 6 Update

2008-01-25T00:15:00.001Z

I love my Blackjack but I have to say that Samsung really need to reconsider their approach to end user applied firmware updates - this sort of upgrade process is nuts. Their previous effort was even more complex but this WM6 update is still way out of line in my opinion. If they want help building better versions in future - I'm available and I build far more user friendly Windows Mobile configuration applications than this.

Anyway - all joking aside this sort of stuff should never have been let go further than the engineers who hack the platform stuff together. First the user has to load in a bunch of oddball USB drivers before attempting to start the update. The user then has to enter some top sekret codes into the update launcher before it will launch. Then to get the phone into a flashable state it has to be started up using some demented finger yoga to get the USB client bootstrap loader to launch rather than the OS (although this is not hugely unusual for Windows Mobile Devices to be fair). Once the update starts it proceeds through three different firmware update stages using a different USB communications mode and driver at each stage before finally rebooting and returning as a Windows Mobile device (using yet another USB driver).

On top of all this the stupid procedure does not work under Microsoft Vista which meant I had to jump through a whole bunch more hoops to get the above process to work in a Virtual Machine running XP, as I mentioned earlier.

The good news though is that the update worked and I now have Windows Mobile 6 Standard on my trusty old Blackjack. I haven't had time to dig into the changes in detail, I assume that they follow the typical WM6 Standard vs WM5 SmartPhone features, however one stand out improvement for me is that Google Maps for Mobile's cellular signal location awareness capability (My Location) now works as it should, this had been terminally DOA under WM5 on the Blackjack and had caused a lot of negative sentiment on the GMM discussion forums. Sweet.

Virtual PC's

2008-01-24T23:22:00.001Z

I've had a couple of things that I needed to do over the last few days that were made a lot more practical through the use of Virtual PC's of one flavour or another and I got to try out the main players on offer for us low budget souls. I initially checked out some VM solutions to see if I could find a quick and compact way to set up a Linux\Apache\MySQL\PHP (LAMP) test box and then today I discovered that Samsung's Windows Mobile 6 update for my i607 Blackjack will not install via Windows Vista so I needed to set up a Virtual Machine to run XP. I was quite disappointed with my initial efforts but eventually one of the offerings came to the rescue.

Microsoft Virtual PC 2007. It's neat and slick but it complains like all hell when installing on Windows Vista Home Premium even though the only logical reason for it to do so is to discourage casual use. Frankly either make it simply not install or shut up about it folks, the warnings make you sound really lame. Anyway it works fine but the OS interface feels a bit treacly, boot time was fairly slow and a bunch of things were missing - most importantly for me there was no way to handle USB pass through and that was a deal breaker as the Blackjack Update that I needed the Virtual PC to run has to be carried out via USB. I also found it a bit odd that there was no obvious way to save snapshots of the OS state. Adding the Virtual Machine Guest OS Extensions improved the video performance but the mouse responsiveness never felt great.

VMWare. I didn't get very far with this but played around with the Virtual Appliance Marketplace looking for an appliance that would serve as a test bed for the LAMP stuff I'm working on. Maybe I just didn't understand the point of the whole packaged appliance thing but I couldn't figure out how to save an appliance once I'd configured it to suit my needs. It's probably something obvious but it ticked me off a lot that I couldn't seem to do it so I jumped ship.

Finally I returned to Innotek's VirtualBox. I say returned because I actually started out with it but had abandoned ship because I was unable to figure out how to change the base screen resolution when building an Ubuntu VM. That problem didn't seem to arise with the XP install I needed for my Blackjack WM6 upgrade and VirtualBox supposedly handled USB pass through too so I gave it a whirl. Once XP was installed and I had added the Guest Additions I had my first pleasant experience - VirtualBox has a fully integrated mouse mode so that the VM integration with the Host OS is seamless. Like VPC2007 the Video integration is very slick once the required drivers have been installed via the Guest Additions - you can resize the guest window just by dragging it, the Guest XP OS adjusts the desktop resolution on the fly. Guest snapshots are available - I didn't really test them out but they seem to be pretty fast and reliable. The best news (for me) was that the USB pass through mode works very well. It's not flawless and I had one or two headaches with the Blackjack update as the device switches between four different USB drivers during the OS Update procedure but it is simple enough in principle and it should work for most devices without any trouble. Once you have connected a device it becomes visible in the VirtualBox Guest OS VM Shell's Devices->USB Devices menu and you can click to toggle whether it remains visible to the Host OS or intercepted and passed through to the Guest. Overall performance seems to be better than VPC2007, certainly there's none of the treacliness. I'll be holding on to this XP VM for a while though Virtual Box has definitely become my new favourite app.

One final point I tested both VPC2007 and VirtualBox with hardware virtualization support enabled and disabled and for the life of me I couldn't tell what difference it made. My PC (a Dell XPS M1330) definitely has hardware Virtualization support and it is enabled in the BIOS. Can anyone give me a compelling explanation in a couple of lines?

Some real life CFL data

2008-01-15T12:33:00.001Z

My rabid objections to Minister Gormley's proposed mandatory imposition of energy efficient lighting on us poor slobs in Ireland can be found here and here and here. I have calmed down somewhat now and worked out the numbers. Overall I still think his carbon footprint numbers are still a bit high but his cost saving data for consumers actually looks reasonable. There is a clear benefit for me in switching to CFL or LED in terms of cost and carbon footprint, and I suspect that the same would be true for the vast majority of Irish householders despite my initial skepticism.

When we moved into the new apartment in September we had to fit out all of the light fittings so I have a handy starting date to use for some real world life time data on bulb lifetimes and I'm going to keep track now that we've got to a point where a significant number of them have blown and need to be replaced (5 out of 16).

All of the data is in the spreadsheet that I've shared here for the propeller heads if there are any apart from me. The headline numbers are below.

Daily Incandescent power load - 2.435 kWh
Daily CFL power load - 0.426 kWh
Net Daily Saving €0.20 / 0.48kg CO2

This takes into account the (minor) loss in heating resulting from the switch. So for us we can expect to save €72 per annum and prevent 176kg of CO2 emissions.

You can buy cheap CFL's but I wouldn't at the moment and I don't think anyone should, you'll still save money with the better ones. The first bulb to blow in this apartment was just such a cheap CFL that I put in our storeroom despite its 6000 hour life claims. Reasonably decent CFL's can be bought for around a €5 to €7 a pop that actually produce light that is (at least initially) reasonable to live with. We have 16 bulbs in our apartment so replacing them all with CFL's will cost us about €80-€120 initially and the ongoing replacement cost will be about half that every three years. In general good CFL's should give you many years of life but my experience makes me dubious about the common claims of 6-10 years. They certainly do degrade before failing and my experience is that those that are switched multiple times per day have a usable life of about 3000 hours vs the 1000 hours or so that has been my experience with typical incandescents in busy rooms. Incandescents are quite cheap but nice ones are not all that cheap and you will spend €1 on average at least across the typical bulbs in a house or apartment, and you will replace them 3 or more times as often. The actual cost of switching to my more expensive choice in CFL is closer to €2-€3 per bulb than the up front cost of €5-€7.

Overall then the choice of switching to CFL breaks even for me in terms of cost alone in about 6 months give or take a month or two and should yield a saving of €150-€180 over the course of the expected lifetime of the most heavily used lights. In general I think it's reasonable to assert that such a switch should save about €30-€40 per person per annum - given that there are two of us in this apartment and I think our consumption is probably typical.

The Carbon footprint effect is slightly more straightforward. We could reasonably expect to save around 90kg of CO2 per annum with this switch. If that is typical for the population as a whole then the annual saving could be in the order of 360 million kg. That's not quite the 700,000 tons of emissions that Minister Gormley talked about in the budget but it's twice as much as I had initially estimated and this number does take into account the loss in heating angle and to be fair to him the margin for error in this is at least 50%. One detail that I haven't factored in is the difference in the energy required to manufacture them but I can't see that it could be significant enough to make a serious difference, I will follow up on this when I can find any real data about it.

I still hate the light that CFL's produce so I'm going to do some research into LED's which are a much better technology all round - they produce much nicer light and I believe they are a lot less nasty to manufacture and dispose of.

Logo Fun

2008-01-05T09:37:00.001Z

Daithi noticed that I'd been having some fun with the Peccavi Logo. I came across some comments about web application piracy made by the author\owner of CoolText.com , Brian Livingston, and decided to see why his application might be good enough for some scum bag to try to rip off and found that it's a hoot.

What I've been Reading

2008-01-02T22:39:00.001Z

I haven't been reading much of late but I'm hoping that the new year changes that as I've got a ton of stuff that I really do want to get to. As usual my yet to start list is getting longer and I keep starting books that I don't plan to but that's half the fun.

Finished:

Bill Bryson: "Shakespeare: The World As Stage" I prefer Bryson's more serious stuff and like "The Mother Tongue" and "A Short History of Nearly Everything" this is a thoroughly enjoyable and refreshingly frank summary of what is known about Shakespeare and of his contribution to our language. It's pretty short and quite light reading but it is highly recommended.

In Flight:

Colin Tudge: "The Secret Life of Trees" One of its review blurbs describes it as "One of those books you want everyone to have already read". I wouldn't quite go that far as I think you have to have a significant tolerance in order to keep interested in a book that is more than 50% one big long list of the various types of trees. Fortunately I am one of those and I'm revelling in it - especially since he seems to think that Kapoks really are magnificent (like me). He's just slightly too flakey for my liking but I can't really hold that against him - he clearly loves his trees and it is a book that I wish I'd had when I was young enough to realise that I should have always paid more attention to the trees I came across.

Richard Dawkins: "The God Delusion" I'm a bit ashamed to say that it has taken me more than a year to get around to reading it but I had a lot on last year after all. It is every bit as good as I'd hoped - not only is it substantially better written than some of his earlier books (which are excellent ideas books but those I've read were not as well written as this) but more importantly his core argument is very compelling, well thought out and coherently presented. It's definitely a book to make you think clearly - provided you are reading it in a frame of mind willing to do so.

Yet To Start:

Cormac McCarthy: "The Road"

Robert Harris: "Imperium"

Craig Murray: "Murder in Samarkand" ( thanks to Daithi.)

Jon Ronson: "The Men Who Stare At Goats"

Oliver Sacks: "The Man Who Mistook His Wife for a Hat"

Is it a Security Issue?

2008-01-02T12:28:00.001Z

One of the Blogging Old Guard, Dave Winer, has been complaining vociferously about what he regards as a huge security issue for Apple.

My initial reaction was that he was out of line. The computing professional in me would say that if he relies heavily on any computing resource for his livelihood then he should have [a] frequent, reliable, tested and comprehensive backups of his data and [b] Backup hardware that he can switch to on demand and [c] all of his sensitive data should be encrypted. He handed his drive over to Apple without ensuring that it was safe to do so and that means that the mistake was his.

On reflection though that attitude of mine reflects a fundamental problem with the overall approach to security that is endemic among "IT Professionals". It should be reasonable to expect that you can avail of a warranty repair or vendor supplied service without worrying about who might end up with your credit card details, e-mail account access or (as in Dave's case) proprietary source code.

You can't of course and Dave's complaint is the sort of thing that needs to happen in order to make the various vendors involved (Apple, Microsoft and the IBM, Dell and the rest).

With a little more reflection I am beginning to think that Dave doesn't go far enough. It seems to me that he just wants to get his old hard drive back so that he can dispose of it thoroughly and prevent anyone stealing something from it in the future but he's already handed control of it over to Apple so from a purist InfoSec perspective he's already lost the data and that's the bit that needs to be fixed. He should be able to give a broken hard drive to anyone who might be able to fix it for him without worrying about losing control of who gets meaningful access to the data on it.

There is an opinion that Bitlocker [style] full disk encryption is the answer but I'm not so sure it's either sufficient or necessary. I think there is a need for full disk encryption in some cases but that an "un-mounted by default" secure store for "all things sensitive" is a better approach - that would include user profiles (and cookies\passwords) for web browsers, cached credential stores for network resources\e-mail\web services... as well as the more typical sensitive documents like letters to your bank and so on. You can hack together solutions for this today that are moderately safe but for normal consumers to benefit properly it would require some OS level re-architecture work and new versions of critical applications to work with the new architectures but I see in this the foundations for a compelling approach to making "secure by default" a desirable Operating System feature for consumers and small businesses.

Latest on Gaming Blues

2008-01-02T11:12:00.001Z

So as I reported before Christmas Dell eventually sent a technician out to fix my problem by replacing the motherboard and the NVIDIA 8400GM discrete graphics adapter.

This replacement fixed the problem that I was having perfectly. The machine no longer tanks when playing Direct X games and I've played all of the various engines that trigger my issues for a couple of hours each now so I'm definitely convinced that the problem is resolved. Specifically Unreal Tournament 3, Half Life 2 Source Engine games (Portal, TF2, HL2) are all fine and 3dMark 2003 now completes.

I was initially impressed that Vista(32) accepted the motherboard change without a hitch but it became apparent shortly afterwards that there was a very serious and fundamental problem with the OS even though there were no errors being reported. After the hardware swap I was unable to access certain system components - the Control Panel and most of its subsidiary parts (like the Display Properties dialog). I was able to access the NVIDIA screen properties dialog, the Device Manager and the Windows Event Viewer (which reported no relevant errors even though there clearly were things going badly wrong, go figure) but not Windows Update or the Add\Remove Programs dialogs. Some digging led me to this post on the NVIDIA support forums which helps resolves problems with the Software Licensing subsystem after hardware upgrades. This made some sort of sense given the hardware change and WGA's problems with that and there clearly were problems with the two Software Licensing services on the machine. I was unable to get them both running correctly so I eventually decided that I had to reinstall Vista again. I had already prepared for this before Dell arrived and had everything either running from portable storage or backed up so the decision was pretty easy.

The reinstall allowed me to completely remove the multiple backup\restore\media partitions that Dell chooses to install that I have no use for. I had also messed up the partitioning a bit early on when I'd installed Ubuntu 7.10 and allowed it to do its own thing on the drive. Fixing this was a bit of a pain as Vista's installer had lots of problems removing some of the partitions, in the end I had to restart the install about 5 times to get it to a point where I had a completely empty drive that Vista's installer was able to recognise and after that there were no particular issues with the install. Thankfully I'd kept a copy of all of the latest Dell drivers and application updates that I'd downloaded so reinstalling them was pretty painless.

I then hit Windows Update immediately to let it do it's thing and it went merrily about its job until it ran into this problem with KB929777 failing to install with error code 8000FFFF. The recommended manual uninstall and manual install worked but I was surprised that a general release hot-fix would be that poorly behaved.

Once I'd reinstalled all Windows Update encouraged me to update the NVIDIA drivers to v156.69 from the Dell supplied version 156.55. That resulted in Portal (based on HL2's Source engine) failing to launch but had no impact on anything else so I downgraded back to the Dell drivers.

Finally I went to restore my data. Now I generally keep all of my data in a "portable" directory rather than use the default Windows data structures but this time I'd opted to use the default document folders for some stuff and I used the native Vista Backup to back this stuff up. Silly me. Now I didn't lose any data in the end which is something to be grateful for but Vista's native Backup application is abysmal, take my advice and don't ever use it. I've reverted to keeping my data in a folder structure that I understand and can backup with a single Robocopy. I think I'll be keeping things that way for good.

It's turned out fine for me in the end but I can't help thinking that this has taken far too much effort to resolve.

Dell To The Rescue

2007-12-19T14:10:00.001Z

Following up on my posts about the problems I had playing DirectX games on the M1330 (Gaming Blues and More Gaming Blues) I finally caved in and actually called Dell last Wednesday rather than continue to wait for the Internet based ticket issuing system to actually work. Dell requested a little more diagnostic work ( facilitated by Mr Cronin, thanks Pat ) that involved swapping the hard drive out with that in a similarly configured M1330. That pretty much proved that the problem was with the hardware and Dell eventually arranged for a technician to come and replace the motherboard and graphics card. The delay was pretty much all my own doing in the end and to be fair to Dell once they accepted that the issue required a hardware swap they had a technician out to do the job within a day.

Dismantling one of these things completely is a reasonably complicated task - all in all it took the technician just over an hour to take everything out and put it all back together again, and he really did know what he was doing. Now that I've seen it I think I'd have about a 50:50 chance of repeating the exercise but I don't think I'll ever try.

Anyway the good news is that the swap has (so far) completely eliminated the problem so I can now happily waste hours playing TF2, Portal, HL2 and UT3.

The other good news is that the network adapter that I was disappointed to discover is only a 100Mbps part is a very easily replaceable (and upgradable ) part and the WLAN antenna cabling is kitted out to support 802.11n. So two of my (minor) beefs with the machine are fairly easily fixable should I choose to do so.

Edit: Just adding a link to my final update on this here.

PayPal's Single Use Virtual Credit Cards

2007-12-17T11:54:00.001Z

I was delighted this morning when I found this press release from Orbiscom and read that PayPal had finally opened up their Orbiscom derived PayPal Plug-In single use Credit Card system to their entire user base.

Anyone with a PayPal account can now download and install the Plug In however it appears to be preventing me from activating the one time Credit Card feature unless I can provide it with a personal credit card with a US billing address. I suspect that when this press release talks about "entire user base" they really mean just the US users which is a pity.

I'd be delighted to find out that I'm making some mistake here though as I really miss the security of the old O-Card that I used to have from Orbiscom since my bank discontinued the service last year.

New Moves in Authentication

2007-12-17T11:46:00.001Z

I noticed that Barclays are starting to deploy a two factor \ one time password authentication mechanism for online banking called PINSentry. It's an interesting step that should make it pretty hard to launch brute force attacks against consumer banking accounts but it is no better at defeating man in the middle attacks than any of their previous mechanisms. I've made the point before and will make it again - without full mutual authentication using very strong authentication protocols the whole online banking and payment system remains fragile.

This is significantly better than Verified by Visa for example which still leaves me scratching my head as to its usefulness to me (as a card holder). When paying using VbV you first enter all of your card details onto the vendors website - they now can take as much out of your account as they please and if they are stupid ( like these people ) they will not protect those details so that criminals can steal them and use them to steal from you at a later date. After the vendor has been given all of the sensitive data that you might like to protect they then ask Visa to authorize payment and at that point Visa force you to go through an entirely unnecessary (for you) authentication mechanism. This authentication step protects the transaction between the Vendor and Visa so both of those parties benefit from getting you to do this but since you have already given the vendor all of your details you remain exposed to the risk of fraud. In fact as far as I can tell the only difference that VbV makes to a card holder is that it will be very difficult to challenge a payment that has been authorized through VbV - bear that in mind when you choose a password for it.

To be fair to Visa and Barclays though they are making some attempts to move forward and it is very,very hard to implement change in the area of consumer payment schemes.

All is not bleak however. A couple of us in Intel had a patent idea declined last year that was almost identical to this juicy bit of news. F-Secure's recent report from the Information Security Forum's 2007 conference in Cape Town discussed a demonstration by Jolyon Clulow from Deloitte of a new class of banking card that includes an embedded keypad so that the user authentication process can occur within the (user) controlled card's physical enclosure.

It's not clear yet whether this new card will be part of the foundation of a properly mutually authenticated system where individual transactions get the sort of unique authentication that I believe we need in order to make these systems sufficiently robust but it definitely takes one of the steps that must happen before we get there. If nothing else cards of this type can dramatically reduce the risk of card skimming type attacks, well they will provided certain back ward compatibility risks are managed effectively by the banks. It's no good implementing chip and pin here in Ireland if a skimmed copy of my cards magnetic strip or card number can be used by a thief in Bali without being challenged (for example).

The end state that I want to see will need card readers for this type of card present in all types of device where we wish to carry out online authorization's. This sort of thing is not limited to banking either but at least with banking there is a good commercial reason to do it now, once it's in place the banks can start to earn some less grubby revenue by selling trust services to consumers.

All of these things could deftly link into the OpenID, InfoCard or CardSpace structures that are being built out at the moment. OpenID's big gap is that it still relies on passwords in almost all its implementations. CardSpace's big problem is that it is locked into the core Windows OS architecture(s), although that does give it some significant anti-tampering strength, and the other InfoCards suffer because they are pure software only credential stores sitting on effectively untrustworthy hardware and operating systems. All of these systems could benefit hugely from being able to delegate interactive user authentication to a compact hardware token that is extremely hard to compromise.

What Do You Think Of Your Mobile Phone Company?

2007-12-16T18:22:00.001Z

I ask because mine thinks I'm a complete moron and I think they are scumbags.

I recently privatised my mobile phone - by this I mean I took over ownership of it rather than losing it as Intel would no longer be paying the bill. To be fair to the Vodafone they have provided me with a decent enough service for years and they were happy to transfer ownership of the account and number to me fairly painlessly. I was given a (paper!) application form that I had to fill in and fax (! again) to one of their account people. As it happens I was allowed to scan it in and email the image instead but the whole idea is so anachronistic that I don't know whether to laugh or cry about it. After all I'm now paying them to keep someone employed who's job is basically to transcribe forms that customers have filled in into a system that frankly would be far more efficient if they just let us do that ourselves. Anyway I asked to be signed up to their cheapest "Bundle" deal that also allowed me to continue to make use of GPRS data since on reading their web site it appeared that their rates for data under this bundle were something like:

€2.00 for the first 50Mb of data per day
Excess charged at €5 per Mb

The first part of that is a lot more than I'd like to pay but it's better than the "standard" €5 per Meg that otherwise would apply. Since I had access to 3 years of billing detail and I knew that I never use more than 50Mb on any day so this at least would cap things at a sort of affordable level. (Sort of ) Happy days.

My bill arrived earlier this week and lo and behold:

Call charges €0.00
Roaming Call Charges: €1.22
Messages: €0.36 (for a couple of messages while in the UK)
Data: €48.41 ( 11.5Meg across various sessions on 19 days)

Like WTF? It appears that I'm being charged the full €5 per meg after VAT for all data. They apparently didn't register my selection for signing up for Mobile Data when I signed up. So I should have checked that, right? Only problem with that is that the way to check that is to sign into their web site and log in using some details from your bill. So you can't check if your initial billing is set up correctly until you get your first bill.

So there is a mistake and surprise, surprise I'm the one who pays the price for it. I'm very sorry folks but when things like this happen they are not mistakes. The system is designed so that if any errors are made they will always benefit the company and not the customer. I am certain that if I check on the couple of dozen other people who transferred their phones at the same time as me we will find >90% of them in error and the beneficiary in each case wont be the customer.

I will be giving them a piece of my mind on that problem in due course but now that I see that I have a problem I go to fix it. The details on the data packages have changed and It appears (but it isn't totally clear) that what I need to do is sign up for their Mobile Internet package:

Does this make sense to anyone?? Like how much does a browsing session that pulls down 75K of data cost? 0K ? 10Mb? What about 5Mb every day for 10 days? 20 days?

The only other data rate information that I can find at the moment are these alternatives:

Again I ask with tears in my eyes - does this make any sense?

So anyway for the moment I'm going to hope that the €9.99 per month package will effectively cost me less than €5 per Meg so I've signed up. At this point I notice that I'm being told that my selection of this "Add On" is "Pending" and will only take effect after my next bill.

Clearly they think I'm both stupid and a sucker. They are right on the second part of that but only because their competitors appear to be even worse than them but at this rate of going I am sorely tempted to tell them to take their service and stick it where the sun doesn't shine.

Some day I hope I will be able to find a Cellular Provider who can deliver a reasonable service at a reasonable price but at the moment I am forced to continue to remain convinced that they are scumbags.