Turning over a new leaf.

 I am going to try and put down my thoughts and feelings about things more often. Mainly using this blog for when they don't fit in the post sizes of microblogging platforms. I find just being generally grumpy cathartic, but it does tend to annoy people other than the ones I want to annoy and can lead to misunderstandings.

As such I have started creating some general purpose footnotes for replies and arguments in response and will use this post to collect them.

Footnote 1

Footnote 2

Footnote 2

I don't get told "Do your research" as often as a lot of other people on the internet, the advantage of not having a wide reach and being a white man I suppose.

But in the case that someone does use this ever so classic non-argument my response is "no".

Basically I am not a researcher, but then neither are they, I am however happy to spend time and the understanding of how research works to evaluate what other people have put out on a subject and rely on that. Now, it maybe that I am posting a video or article about the results of some science rather than the publication itself, for reasons of accessibility. But that doesn't mean that I think all YouTube videos are equal in terms of accuracy, or that a newspaper article is by definition scientific.

I am happy with my position, mainly because I have listened to and read experts on the matter, if you want to change my mind you will need to use actual arguments. I am aware of google^[ref] and other search engines but I'm pretty sure that their indexing isn't peer reviewed. So if you are expecting me to take you seriously then saying that I can just search for things that support your point of view, rather than give me citations, I am going to refer you to the answer I gave a few moments ago.

Footnote 1.

If I ask for information, please don't suggest I Google^† it or present information that you have just googled yourself and have no provenance for. 

I know of internet searches, and consider myself very skilled in them^‡ (at a time when this seems to be a lost art). I may well have already had a look myself and not found anything that meets my needs or is of suitable quality.

One of the reasons I ask the internet for their input is I know or are connected to a lot of very clever people who are outstanding in their fields, quite often to the point where they are not "a" subject matter expert but on occasion "the" subject matter expert. Or at least have a very low equivalent of an Erdős^◊ number to that person but for whatever field we are talking. I also know a lot of people who will know things because of a special interest or having researched it. So I am hopeful that I will get a weighty answer, one that doesn't need checking or comes with a label saying exactly how much you can trust it.

This is a series of posts I am making to point people to as required, because I expect that it will come up a lot over the next few years.

^†Other search engines are avalable
^‡Do not cite the Deep Magic to me. I was there when it was written
^◊Bacon or or Morphy or whatever separation number works for you

Sunshine Sanctuary for Sick Dragons appeal

Goodboy was one of the lucky ones! He was found by the Sunshine Sanctuary for Sick Dragons in Morphic Street, Ankh Morpork. Here he will be well fed, and well cared for.

Terry Prachett's® Guards! Guards A Discworld play® adapted by Stephen Briggs

Wednesday 14th to Saturday 17th February 2024

http://ticketsource.co.uk/midlandplayers

The weather forecast

 Terry Prachett's® Guards! Guards! a Discworld® play adapted by Stephen Briggs 

Sheffield University Drama Studio Shearwood Rd, Sheffield S10 2TD

The show runs from Wednesday 14th to Saturday 17th February 2024 starting at 7:30pm. Doors open at 7:00pm and there will be some pre-show action from 7:15pm so don't be late!

https://www.ticketsource.co.uk/midlandplayers

Herbert Gaskin reports in #terrypratchett

Happy Hogswatch

 Terry Pratchett's GUARDS! GUARDS!

A Discworld™️ play. Adapted by Stephen Briggs. 14th-17th February. Presented by Midland Players at the Sheffield University Drama Studio. 

Buy tickets now

A glimpse into the rehearsal room Part 2

 

Take a peak at what is happening at rehearsals part 1.

 

Terry Pratchett's GUARDS! GUARDS! A Discworld Play #shorts

Adapted by Stephen Briggs, presented by Midland Players at the Sheffield University Drama Studio.

Auditions #short

Open auditions for Guards! Guards!

Please come on Tuesday 10th October at 7.30 pm or Saturday 14th October at 4pm to the Red Deer on Pitt Street 

(you only need to come to one)

There are loads of roles available, from a couple of lines to genuine Discworld legends.

The process is several rounds of being thrown into groups or being asked to monologue with pieces handed out on the night, you get time to prepare your bit and then present it back to the whole room. If sight reading is an issue for any reason please drop me a message and accommodations can be made.

Unfortunately the audition venue and a significant proportion of the rehearsal rooms are up stairs.

Guards! Guards! by Terry Pratchett #shorts

Announcement. The Elucidated Brethren of the Ebon Night, sorry Midland Players and I, are staging Guards! Guards! by Terry Pratchett adapted by Stephen Briggs 

Lots of parts of all sizes[1] audition information and a call for backstage participation coming very soon. Please drop me a line if you want more information.

[1] stop sniggering at the back [2]

[2] actually please don't

Projects I am currently working on (and where they're at):

A Wear OS watch app which keeps track of train journeys, showing a "complication" which shows how long it has left and the platform number of your connection (if applicable).

I think I have most of what I need for this, the data feeds, how to do the complication in Watch Studio, how to get the data from one to the other. I just have a few bits where I can't decide on frequencies and setting up the trigger for updates.

A Wear OS watch app that displays QR code tickets. Starting with cinema (not trains atm because I'm not sure the rules)

An AWS lambda in JS to turn the emails into just key data and the QR code seems fairly easy. I am trying to see if I can get my head around kotlin and the associated android APIs, I'm not currently winning but I'm not ready to give up. I might go back to my original plan of this being an e-ink thing, but the watch has some advantages.

Moving my home automation over to home assistant

It gives me a good framework so I don't have to write the meat of an automation system. And it has stuff built in, or community contributed, that talks to a whole bunch the stuff I already have, I just need to rewrite the stuff that talks to my custom lights built on the Plasma Stick 2040 W

CCTV

Something something off-site backups, something. This has involved a lot of yak shaving, (often held up by systemd-resolved.service being pants). I think the expansion of features on the free Tailscale plan, and the OpenWrt port seeming to be stable may deliver some moderatly pre-shaved yaks.

As ever a combination of factors are at play in how they are progressing, not least that I am not really concentrating on any one of them. Other things include remembering to have local copies of stuff before getting on trains, trying to do things in languages/ecosystems I am learning as I go along (the greatest lie kotlin ever told was sprinkling "fun" through the source ;->) and my star-sign being the opposite to completer finisher (with mercury in retrograde). Drop a comment if you have any questions.

Good news, research shows you can reduce your exposure to arsenic from eating rice.

Firstly: I want to point out that the Food Standards Agency does not recommend cutting rice out of your diet, and there are regulations about how much arsenic there is in our food. 

They do however make a specific point about not using rice milk as a substitute for breast milk, infant formula, or cow's milk for children under 5.

Go to https://www.food.gov.uk/safety-hygiene/arsenic-in-rice for more information. Or watch this explanatory video.

On to the good news.

In a paper published in Science of The Total Environment (Volume 755, Part 2), researchers from the University of Sheffield and UCLA compared four different methods of preparing rice before using the absorption method of cooking whether this was in a pan, rice cooker or pressure cooker.

The four methods were: not washing the rice, washing the rice, soaking the rice and parboiling the rice before discarding the water.

The parboiling method removed 73% of the inorganic arsenic from the white rice.

The procedure in the paper is as follows

• Into a pan put 4 cups of water for every cup of raw rice, and bring to the boil
• Add the rice and boil for a further 5 minutes
• Drain and discard the water
• Using fresh water, finish cooking the rice using the absorption method.

Finally a huge vote of thanks to HAUS OF PETTY who posted a video on TikTok about arsenic in white rice, that lead me down the rabbit hole of looking to see if there was anything you could do to deal with it at home. 

Silence and consent

Terrance Eden has written a blog post entitled “Silence Isn't Consent” it is a tale of someone hammering one of his sites with a bot and the writer of that bot being quite a bit of an arse.

The post left me with two strong things I wanted to say. The first is easy to express, that the use of the term “enthusiastic consent” and the specific linking to a PSHE post on the subject made me feel quite icky. To quote the post explicitly “I know what they meant and, it some contexts, it's an understandable shortcut.” but having your content scraped should not even as a metaphor be equated to sexual activity without consent. 

The second was that this the issue of what people can and can't do with your content is important, and we have a framework for this, licences. Now Terrance doesn't say which of his sites the tool went after. If it was the blog he wrote the post on, he actively claims as much control over the copyright as he can, but if it was openbenches.org that is published under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. So it isn't (I don't think) possible to spot breach of that just by the content being scraped. 

Thousands of tools are released every day. Am I expected to play whack-a-mole and shut down every new one that appears?

Terrance Eden - 'Silence Isn't Consent'

This 100% shouldn't need whack-a-mole, this activity should be covered by licences, this may need extra work, especially if we want to include rate limits in those agreements. And licencing needs to become as much covered by standard machine readable ways of highlighting as search engine inclusion (something in theory you specify once with headers, or meta-tags, or a text file, and everyone obeys.

However this is as much a “Nice to have” at this precise point as Terrance's ask to have an “opt in” to bots, and as for consent, even if you don't make icky equivalences about the web and the really real world, there is a ton of evidence that the vast majority of people on the internet don't understand it, even if reams of guidance are issued. just look at how badly most people implement it for cookies.

Voter Authority Certificate (voter ID)

Under the cover of beating in-person voter fraud, a problem that simply just does not exist, the Tories have introduced a requirement for ID to vote. This will disenfranchise a lot of poor and marginalised people.

If you do not have one of the following:

• UK or EEA Photocard driving licence
• UK, Channel Islands, Isle of Man, a Commonwealth, British Overseas Territory or EEA Passport (valid or expired)
• UK Proof of Age Standards Scheme (PASS) card
• UK biometric residence permit
• UK Defence identity card (MOD Form 90)
• Northern Ireland Electoral Identity Card
• National ID from an EEA country
• Blue Badge
• Government travel pass for older or disabled people Including Freedom pass, or disabled person’s concessionary pass
• Scottish National Entitlement Card

Then you will need to acquire one or apply for a Voter Authority Certificate. 

You need:

• your registered voting address, 
• a recent, digital photo, 
• your National Insurance number

Applying takes around 5 minutes, or 20 minutes if you cannot provide a National Insurance number.

There is a paper form.

There is a different process for anonymous electors.

The Electoral Commission has more information about Voted ID. There is also a briefing from the House of Commons library.

The BBC still have reputational issues due to outsourcing

Ten years after I wrote a story about sub-sub-contractors causing reputational problems for the BBC because the public will look at the big household name on the sign, not the logo on the badge there is another classic example.

After a night of riots in Swansea, someone with access to post to the HIGNFY twitter feed from the VIth form common room, tweeted a joke so old even the Goon Show probably decided they couldn't get away with it even if they lampshaded it. I won't repeat it here, but if you have welsh heritage you can probably guess with a fair degree of accuracy if I say it isn't about sheep or rain.

It's not by the BBC. It's not even by anyone working on HIGNFY. Hat Trick farms out the content of much of the HIGNFY Twitter feed to outside 'content providers'. I'm not a fan of much of it, and have said as much to producers.

— Ged Parsons (@GedParsons) May 21, 2021

The distance this person is from “Sitting in an office at Television Centre” is well known to those in the know, but to the vast majority of people on twitter “the sign above the door” says BBC and i don't really think they need any more reputational damage right now for the hypocrites in the rest of the media to latch on to.

Proofreading help request

This is something I have written for a project I am currently writing. Any corrections/suggestions gratefully recieved.

Advice on setting and managing passwords

This is a selection of advice on setting and managing password when signing up to a site on the internet. The idea is that anyone who doesn't have a lot of experience with the world wide web isn't just thrown in at the deep end.

If you just want the short version: use a password manager and take advantage of not having to remember all your passwords to set a different complex password on every site. Also take especially good care of your email account password.

Password Managers

If you take nothing else away from reading this then I hope you start using a password manager. You may have heard that they are a risk. Yes they are, like all software it is incredibly difficult to ensure they are entirely free of errors however I subscribe to the view that Password managers don't have to be perfect, they just have to be better than not having one^[1]. There are three main options for you:

3rd party password managers

When people talk about password managers, they invariably mean 3rd party software that you use to store your passwords. The full run down on how to pick on and why that one will be the right one for you would take a very long article itself but there are three main questions to ask yourself.

Are you signing into lots of websites and apps across several computers/devices?

If this is the case you'll need to look at the options for sharing the passwords across devices. This may come as standard or as a paid upgrade. Some managers use your existing storage (Dropbox, Google Drive, One Drive etc.) to do this, in that case you need to make very sure that you don't put anything that can be used to guess your master password in that storage.

Are you good at remembering passwords?

It might seem silly to ask this when talking about finding a service designed to remember passwords for you, but you still have to remember one very important one, that gets you into your password manager. As a general principle those password managers that are a web based service themselves are more likely to have account recovery tools, but do make sure to double check.

Will you want to share passwords with other people?

This is easy in some managers although you may need to pay extra for it, while in others you can't do it without sharing the whole set of passwords and giving the other person your master password.

A few that you might want to look into are: Lastpass, 1Password, Bitwarden, Enpass, keepass.

Browser built ins

If you use the same web browser whenever you use the internet then you can just use that to store passwords (it is probably nagging you to do this already). This can even work across multiple computers/devices if you are signed into the browser and it is syncing your data. All the major browsers offer this, although it can run into issues if you don't use the same brand of devices as your main computer. These built in password managers offer encrypted storage and complex password suggestions.

A diary

If you have ever worked in an office you have probably been told that writing passwords down is a terrible thing to do. And they will have been right, when thinking about the risks that exist in an office, which are mainly other employees and those attempting to get private company information to sell to competitors^[2]. In your home life the risks are very different, and for most people that is online ne'er-do-wells trying to get your personal information and bank card numbers, in this situation passwords, written in a book, locked in a drawer is a sensible choice.

Creating a Password

Completely random strings

Now you have been convinced to use a password manager, you can just use the “generate password” feature and away you go (although you may need to fiddle with the settings to deal with different rules sites have about what needs to be in a password).

If you are not using a password manager, or yours doesn't come with a random password generator, try one of these ideas:

Three random words

Otherwise known as Correct Horse Battery Staple after a cartoon, Three random words or #thinkrandom is a way to generate passwords that are both strong and memorable. This is the method the “Generate Password” button uses. I would actually advise against using this function if you have to remember the password as it will always be more memorable if you come up with the words yourself. However if you need inspiration or are using a password manager to remember the password, go right ahead. If you are on a site that wants numbers or punctuation characters, you can add some at the end or swap out letters i or l becomes 1, a becomes 4 and so on, or make up your own.

I see a little silhouetto of a man, Scaramouche, Scaramouche, Will you do the Fandango?

Another way to create memorable passwords that are difficult for someone else to guess is to take a phrase, saying, quote, song lyric or similar and use the initials. So “I see a little silhouetto of a man, Scaramouche, Scaramouche, Will you do the Fandango?” becomes “IsalsoamSSWydtF?” if the password rules require numbers or punctuation characters you can substitute them in, or just use a phrase that has them in to start with “There are 106 miles to Chicago, we have a full tank of gas, half a pack of cigarettes, it's dark and we're wearing sunglasses!”

Other considerations

But this page contradicts what I have been told by someone

For a start, different risks need different levels of protection, this advice is good enough for most websites but might not fly for systems containing large amounts of sensitive, personal, or financial information. It also benefits from not having to line up with lots of external rules and regulations. If you want a good all round read on passwords try “Password policy: updating your approach”.

You've got mail

Even if they have other steps involved like security questions (don't forget you don't have to tell the truth for these, three random words works especially well for them if you might need to use them over the phone) most self-service password reset systems rely on the idea that your email account is secure and you are the only person who has access to it (or at least you trust everyone who does implicitly) so use a strong and unique password for your email (and if you can think about turning on 2 factor authentication).

What if my password is stolen

One of the reasons to not remember passwords yourself is that best practice is to use a different one for every different login. Why? Because when someone gets hold of a stolen database of passwords, they will often try those passwords out on other sites, if people have used the same details there then they can get in. This is especially a problem these days where most sites don't ask you to set a separate user-name, but just use email addresses. There is a service called “Pwned Passwords” that will allow you to check if a password has appeared in one of the many databases that has been stolen and posted on the internet^[3]. This is what we use to check your password before we will accept it. This functionality or similar is now being built into several password managers and similar products. If you are wondering about the name, then just understand that like any group nerds have their own jargon.

How worried should I be if my password is in the pwnedpasswords.com list

It depends. If your password is Fido2018 then it might not be your password but someone else's that is in the list and they don't have the association with your email address. After all how many hundreds of people will have got a dog in 2018 and called it Fido. You should probably still change it just in case it is your actual password (and in this case it is a very poor password). On the other hand if it is unlikely that anyone else has the same password and you have used it on multiple sites then it is probably best if the first thing you do after getting your new password manager is spend an evening changing all your passwords.

---

[1] There are of course people working in high security jobs for whom this doesn't hold true, but I don't expect them to be reading this advice.

[2] Your company risk profile may vary, but whatever it is, it is unlikely to be the cat trying to order Dreamies in bulk which is a multi-million-pound issue in home information security.

[3] There is a companion service called “Have I Been Pwned” that will take your email address and let you know if they appear in any stolen databases that they know of.

[4] This section of a very long blog post about the system explains how we can check a password is or isn't in the data set without either revealing the password to the service or downloading 650 million passwords to search ourselves.

Where is the next big (little) think in home automation?

At some point last millenium I had control over the heating and air condition for a reasonably sized building. There was a GUI or you could telnet into the machine it was running on. At last resort you could go up to the roof where there was a room full of bit switches that made a really satisfying clunk when you threw them (do people still throw switches or has that gone out of fashion).

The system wasn't very sophisticated, it basically knew if a room was supposed to be in use at that time or not and what temperature it was supposed to be if it was (or indeed wasn't).

There were sensors so it knew what the actual temperature was in each room and it could control valves to let hot water into radiators or cold water into HVAC units. What more could you want?

Well the thing is that as companies have tried to bring this sort of thing into the home they have given people systems that learn the times they are in the house and allowed control from anywhere in the world. This has often been done by pulling a lot of the control aspect of the products away from a computer that is attached to the the systems directly and into the cloud.

Which would be fine except that there have been a number of situations where this had lead to the same sort of security flaws as with the Internet of Things or the cloud services being turned off so the hardware in people's houses isn't smart any more.

You still see the 7-day all-in-one controller and thermostat unit, the only visual difference being that they now tend to be white instead of beige and just of a pain to program, although some of them are now wireless. But they still only tend to control one service. 

In boutique hotels and karaoke suites you get multi service automation, one touch button at the door turns everything on/off and puts it into moods, but these are just flipping relays and you can't say "I'll be back at 6:30, make it 22° and run a bath"

Who is taking the best bit of all three approaches, smart(ish do we need things to learn our habits, just tell them, or give them an ical feed), all the processing power in the house so it doesn't get bricked by the supplier going bust or being bought out, multi-service "lights, camera, action", and securely controllable from outside the house. Okay two of those may be contradictory, you need some remote reliance to get the message through but if that is all you lose when it breaks, or indeed if you could replace that service because it is documented not proprietary.

Where should I be looking for the friendly packaged control software in a box, with minimal secure external services, and a decent sized set of interfaces into other systems?

That pulse oximeter scandal

Something has been bugging me since I first saw the story that Pulse Oximeter Devices Have Higher Error Rate in Black Patients other than the very obvious racism.

Say you have decided that the way in which white people decide they are the default and don't bother to do any work to see how the technology they sell affects people with different skin colours is a lesser evil than actively joining the clan.

Say you also accept that not a single one of the companies that makes pulse oximeters managed to see a copy of Effects of Skin Pigmentation on Pulse Oximeter Accuracy at Low Saturation (April 2005) or similar.

In order to forgive oversite in this matter you also have to believe that collectively the companies manufacturing these devices  and/or integrating them into more complex products have at no point seen any coverage of the controversy around Apple Watches on dark skin, which to be frank was everywhere five years ago.

I don't know about you, but as someone working in the technology product space, my first reaction whenever there is a story about a product failing in a similar space to mine is to go and ask the specialists "are we vulnerable to the same problem" because (and shamefully so) in terms of reputation damage, worse than being called out for racism, worse than being in the papers/Private Eye/The Register for your product being broken, is being the company whose product is still broken in a way that everyone noticed five years ago and fixed. After all while learning from your mistakes is very important, learning from other people's mistakes is better.

So either there are loads of product types in medical technology that are failing people because they don't engage with the wider technology space, or they spotted this and decided to keep their head down to avoid costs, or worst of all pulled on white hoods and decided that non-pale-skinned people weren't worth R&D time.

As I said at the beginning, there are those that are happy to dismiss accidental racism as acceptable and I'd be lying if I said I was confident I'd never done it myself, but in this case people are actively not doing their job.

P.S. If I have failed to spot someone more appropriate to make this point posting on it, please get in touch and let me know and I'll promote their writing instead.

American Voting

Happy Election day!

Alongside all the other reasons to be watching the American elections I have been looking at how they implement the actual voting part. In previous years a lot of the coverage in this area has been about voting machines, from hanging chads to hacking. But a number of things this year seem like they are both good ideas in general and implementable in a UK general election.

Early Voting

This is the easiest to endorse, it has even been trialed in the UK (I'll see if I can find the report later). The way the trial worked, a centralised location, marking off voters on the actual paper copies of the electoral roll that would then be issued to polling stations to prevent repeats, fitted in with the british electoral esthetic that in general thinks the most complex piece of technology in use should be a peg.

Kerbside/drive through Voting

One of the really big issues with polling stations in the UK is accessibility. So providing an alternate option that improves access to voting has to be a good thing. Given that there would be limited venues available in order to not require pre-registration it would probably need to also be a pre-election day activity. Also if we were going to stick to the idea that there is "one true copy" of the register then there would need to be a system to avoid allowing people to use both forms of early voting. Off the top of my head, the "inner envelope" part of postal voting, so until the voting lists can be cross checked the ballot can be linked to the voter and destroyed if a duplicate.

Postal Ballot Acknowledgement

A tonne of the commentary running up to the election has been that the postal service has been used as a political football. As a consequence of this there have been a lot of articles around the subject of "What to do if your postal ballot doesn't arrive or is rejected". I was intrigued that being able to check up on this was a thing. And while this would require the use of technology, it is an enhancement (assuming a general low level of ballots missing/rejected) that if broken wouldn't halt the election so it shouldn't be dismissed out of hand. So a simple website that tells people their ballot has been received, signatures matched etc. would allow people to spot rejections and do something about it.

Writing with a pencil taped to a brick

"One way of explaining to somebody why it could make a significant difference if you can do things faster, is to provide a counter example. So, I had them write with a brick taped to their pencil , because it's only a matter of happenstance that the scale of our body and our tools and such lets us write as fast as we can. What if it were slow and tedious to write? A person doesn't have to work that way very long before starting to realize that our academic work, our books - a great deal would change in our world if that's how hard it had been to write."
The Augmented Knowledge Workshop

This quote and photo was posted today by a friend who was talking about the NLS workstation. It immediately resonated with me as a metaphor for how I feel when writing and I wondered if it worked as generalised metaphor for accessibility in digital tools. We have ensured everyone has access to and can use the pencil, are we trying to measure the relative performance users are getting out of the pencil.

One of the things that hands the pencil to me^[1] is a spell checker. What removes the masonry is it actually being any good. This is surprisingly difficult to find trait, for example it is top of the list of things that keeps me paying to use MS Office over some otherwise excellent free alternatives. For those wondering, the difference is in how good they are are trying to work out what the jumble of letters I have input is supposed to be, excellence is the right word being suggested for all but the most egregious errors.  Bad is I have to switch to googling to find the right answer. Terrible (and here I am convinced that the one built into Android has got markedly worse recently) is not getting the obvious one letter mistakes.

I know that this is hardly radical and in terms of my accessibility and usability expert friends I am not so much preaching to the choir but humming Bach to the organist but I feel it is a good reminder for us generalists. I'll now sit back and wait for someone to find a typo.

---

^[1]I am aware that I am in a place of huge privilege here in how low the barrier is to my participation, but I find it easier to write from my personal experience.

Black Lives Matter

Black Lives Matter.

Not much this white guy can add. Although it strikes me that some people^[1] hear "Black Lives Matter" as "white lives don't".

I think in their mind they see the pie chart below, if the local police department stop killing black people they obviously have to kill more white people to keep up to quota on shooting civilians.

Deaths at the hands of police in Washington DC by race. Data for frame 1 from The Washington Post

They should of course be seeing and therefore wanting^[2] this bar chart:

This happens time after time.
False equivalence, inappropriate but near religious worship of the zero sum game, and on occasion just plain ridiculousness.

"Take down statues of people who murdered and enslaved people." Response from some people^[1] "They take one of ours, we take one of theirs, pull down the statues of Muhammad^[3]"

because somehow there needs to be balance in statue removal, or

"Please consider looking at the names of your pubs and beers and remove racist names and iconography" "They'll be banning 'The White Horse' and 'The Red Lion' next"

I don't want to dilute this post with examples from other situations. But it is amazing how often privileged people think someone else getting treated like a human being, and efforts being made to ensure they get the same rights as everyone else, as a loss of some of their rights.

---

^[1] Racist white people mainly.
^[2] Surely everyone wants zero deaths at the hands of police. This is of course means no need for them to have to shoot at people, so no mass shootings^[1]
[3]I shall leave quite how ridiculous this is as an exercise for the reader.

Skypemathics

The first nonabsolute number is the number of people who will attend the conference call. This will vary during the course of the first three emails, and then bear no apparent relation to the number of people who actually turn up, or to the number of people who subsequently join them after another meeting, or to the number of people who leave when they see who else has turned up.

The second nonabsolute number is the start time of the conference call, which is now known to be one of those most bizarre of mathematical concepts, a recipriversexclusion, a number whose existence can only be defined as being anything other than itself. In other words, the given time of arrival is the one moment of time at which it is impossible that any member of the call will log on. Recipriversexclusions now play a vital part in many branches of maths, including statistics and accountancy and also form the basic equations used to engineer the Somebody Else's Problem field.

The third and most mysterious piece of nonabsoluteness of all lies in the relationship between the number of actions in the minutes, the number of people in the conference call and what they are each prepared to be responsible for. (The number of people who actually have any responsibility is only a subphenomenon in this field.)

Numbers written on emails about conference calls do not follow the same mathematical laws as numbers written on any other communications in any other parts of the universe.

With huge apologies to Douglas Adams.

And another thing

On the subject of trains…

The other thing that strikes me is how often the railway debate is seen as binary. As-is verses monolithic state owned-and-run.

This isn't just when talking about the future of the British railways but when citing the best and worst bits of the situation in other countries.

No small changes or mixed models allowed. All mentions of "and this happens where they have a nationalised system" talks of separation of running trains and infrastructure or that private companies can still run services or use of private contractors (I know lots of people are chiming sonorous dirges about outsourcing due to Carillion, but I don't think it will, or should, be going away).

What if a government stopped letting franchises for local services at first? Or transformed contracts to be a different sort of private operation like TfL do with the Overground etc? Has anyone done a comprehensive independent analysis of the options showing the pros and cons?

Is the all or nothing a straw man awaiting the flame or somehow the only two options?

The trouble with trains

As per usual when the January regulated rail prices were announced there was a lot of comment about and around them.

A big theme was asking Labour if they still wanted to nationalise the railways and then writing about why this was a bad idea.

But rather than actually analyzing the concept as a whole, because season tickets and full price returns costs had been the story prompt, lots of the criticism was that cutting these fares mostly subsidized the better off segments of travellers.

The problem with this is
a) assuming that big cuts to these prices would be the first and only change a nationalising government would make to the charging structure.
b) that nationalisation would be an isolated action (which is I suppose a fair enough way to make understanding the consequences easier)
but biggest of all
c) that this is a nationalisation issue in the first place.

These are regulated fares. They are set by rules outside of the train operating companies hands. If an administration of any hue wanted to deal with this issue they could just (yes I know that is a huge just and would probably require a complete cycle of reletting franchises but that isn't that long in governmental terms) change the rules. We could have a whole new pricing structure with very little change to the way the railways work otherwise if there was political will.

There are many other issues with how railway "ownership" works currently and what model would be best (in general, there would always be losers in any change) for the country but every January this one rankles.

Secure messaging for public health

EDIT: That thing where you think you've published a blog post before running out to Thanksgiving dinner, then find it in your drafts.

So the other day I spotted this tweet about the adoption of secure messaging in public health pootling past on my timeline (you may want to glance at the blog post linked to in the parent tweet).

The issue is that WhatsApp (Facebook) have a desire to monetise what goes through its servers in the US and that should concern us if using confidential information. Platforms like Signal might be the answer, or building in house wouldn’t be that hard.

— Daniel McGuinness (@dannymcg) November 12, 2017

and being me stepped in to suggest yes it probably would be that hard. If not much, much harder

There was a bit of a debate, some people suggested that NHS IT projects were only ever difficult and expensive because outsourcing companies ripped off the public sector. I'm not going to defend any of those outfits, but their greed isn't the only reason that such projects are costly. Besides "In House" these days could mean actually properly in house as the NHS seems to be getting serious about digital.

There were some constructive contributions such as

No, it is a routine level of difficulty for people who are available.
Start with GNU and Ross Anderson's department.

— Adrian Midgley (@amidgley) November 12, 2017

Looking into what open source software is out there is always a good idea, as is looking at the research behind the algorithms. As an example the protocol behind the Signal messaging app is available under the GPL. So with appropriate due diligence for ensuring that it is secure, you are using a genuine untampered with version etc it would provide a good starting point. Of course other protocols are available.

So isn't it that easy?

No. For two main reasons. Firstly security. Strangely for all the reasons successive Home Secretaries have been wrong about the "dangers" of end-to-end security the NHS may well consider it a genuine issue. Audit trails, patients rights to personal data, the bus stop problem, safeguarding, and a million other reasons means that private end-to-end encrypted communications between two health professionals could be an issue.

While the protocol you have chosen may have ways to deal with this, an audit server as a compulsory participant in every conversation for example, you then have a lot of traffic that has to be securely stored. As this is being kept for logging and monitoring any metadata products have to both be referenced by participants and subjects^[1] while also being secured to keep anyone from using inference attacks^[2], and so on. Good cryptography is bloomin' hard and the more participants you involve the harder it gets.

And secondly?

If you didn't know before then the rapid spread of WannaCry through parts of the NHS technical estate highlighted quite how fragmented and antiquated that estate is. In fact I would go so far as to say that for the purposes of discussing a project like this there is no "The NHS" even if we, for the purposes of discussion, stick to England the enormity of the number of organisational units is frankly overwhelming. Who needs to be included? Trusts,CCGs, special health authorities, GPs, pharmacists, optometrists, dentists, private sector service suppliers, local authorities, universities? While you can accurately accuse me of hyperbole in having the list that long it doesn't matter.

Even if you just wanted to have this service for Acute Trusts the number and type of devices that would need to be supported is going to be the source of most of the development, testing and roll-out costs. Unlike an informational website where you can make a choice to have it look less polished in older browsers so long as it gets the point across, nobody will sign off "this will be less secure on X, Y, and Z". Although to be fair it is far more likely "It just won't work on X, Y, and Z" as they won't support the features required.

Even if you could put together a dedicated team, formed of literally the best people for the job and magicaly ensure they were uninterrupted and as efficient as humanly possible. Even if not a single minute or pound was wasted. The design phase would take longer than most onlookers would set asside to have the whole thing live.

Hopefully I'll find some time soon to do a post about the other side of the coin, all the exciting things that could be done with a good, well provisioned, secure messaging platform for public health.
Please do challenge my assumptions and/or conclusions in the comments or on twitter.

---

^[1]This sort of thing is going to become increasingly important as we all get more rights to our personal data
^[2]There is no point in using high security methods to protect the text of the conversation about cancer treatment protocols to protect someone's privacy if you use lower standards on the information "oncologist X and oncologist Y talked about patient N"

Is equal "Equality"

On the face of it the face of it you might think that the European Court of Justice ruling "An internal rule of an undertaking which prohibits the visible wearing of any political, philosophical or religious sign does not constitute direct discrimination" was fair and equal. As long as applies to it applies to everything right?

Well no.

Firstly even if you don't believe in a religion[1] then I'm sure you can understand the concepts behind them. There are people who sincerely think that the consequences in the long term (damnation) are worse than now (starvation).

So you can't be convinced by that, next is there are some that even if they decide they think employment is more important than religion can't do anything about it. Culturally they'll be stopped by family, spouses, elders or other leaders. This will be by some form of real or threatened violence. It may not be what we want for people, but it is reality and realistically unfixable.

Next if you look at the context of this against other rules and laws in Europe that have come out over the last few years, this is obviously part of rising islamophobia. It may as much about turbans, yarmulkes, crosses, political party insignia and cameos of epistemologists but look at the coverage everyone knows what it is really about.

Even worse:

“However, in the absence of such a rule, the willingness of an employer to take account of the wishes of a customer no longer to have the employer's services provided by a worker wearing an Islamic headscarf cannot be considered an occupational requirement that could rule out discrimination.”

means that when a company starts pandering to racists it has to screw over the whole workforce.

EDIT: HMG have clarified their opinion on how this effects UK companies.

[1] Doesn't really matter which. If your religion says that bad things will happen, eternal damnation for example, if you don't follow the rules, you should be able to understand someone else's does also. If you can't muster up such basic empathy begone with you.

Time for a new way to do continuous/future payments?

Not perhaps the best day in the year to publish this, but I'm the sort of person where if it doesn't get put down it gets lost.
So, I have a new debit card, not for any terrible reason, the old one just reached end-of-life. But while there is no drama behind it, there certainly is because of it.
This is the era of e-commerce, almost everyone takes card payments online and for the consumer the cheque is all but dead. Unfortunately this does mean every few years that a whole bunch of automatic, settlements fall over. Angry emails come buzzing in: this payment failed, that order canceled, if you don't pay soon your service will be canceled.
One interesting exception was TFL, they allowed my oyster auto-top-up to happen even though the payment didn't go through so long as I settled the outstanding amount with reasonable haste.
So what are the alternatives?

• Direct Debit; while used extensively in the public sector, utilities, and insurance, should there be a campaign to try and get more retailers to use this. Or is it the case that the framework agreement that it is based on provide too much risk?
• Third party solutions; These exist, for example Paypal allows you to set two methods of settling recurring payments. However these sorts of features come at a price and using value added payment services cost more.
• A new way? So is there something the banking industry can do?

What would this new thing look like, it would need to be easy and secure for consumers but not expensive for retailers to use. Is asking for both effectively asking for the moon on a stick? I imagine the biggest issue is can this be done without requiring expensive changes/upgrades to infrastructure on either side. Maybe a virtual card that can have a hundred year lifespan issued on a per site basis. Would it be a system of tokenisation that replaces actual cards in most places?

I really don't know, all I'm certain off is I'm not looking forward to going through the whole rigmarole in three years time.

180° on Labour Coup narratives.

I don't want to comment on how likely the full on coup plans laid out in this and other recent stories is.
What I do want to say is how similar this to an cold war narrative of the right.
This stated that electoral victory for Labour under a more moderate leader like Neil Kinnock would lead to a takeover of the party by hard left forces with a pro USSR agenda.
If you are too young to remember these theories (or have just forgotten) then they were written up as a fictional memo in The Fourth Protocol by Frederick Forsyth. I don't think anyone is planning a faked nuclear accident this time however.
Of course the real Neil Kinnock started the fight against the hard left like Militant that many see Jeremy as harking back to and a lot of the same moderate left wing are again crying "Entryism" at an influx of left wing members as they did back then.
Will Mr Corbyn's tactic of mass rallies be more successful than Neil's and will there be a coup after?