Tuesday, 25 April 2023

Silence and consent

Terrance Eden has written a blog post entitled “Silence Isn't Consent” it is a tale of someone hammering one of his sites with a bot and the writer of that bot being quite a bit of an arse.

The post left me with two strong things I wanted to say. The first is easy to express, that the use of the term “enthusiastic consent” and the specific linking to a PSHE post on the subject made me feel quite icky. To quote the post explicitly “I know what they meant and, it some contexts, it's an understandable shortcut.” but having your content scraped should not even as a metaphor be equated to sexual activity without consent. 

The second was that this the issue of what people can and can't do with your content is important, and we have a framework for this, licences. Now Terrance doesn't say which of his sites the tool went after. If it was the blog he wrote the post on, he actively claims as much control over the copyright as he can, but if it was openbenches.org that is published under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. So it isn't (I don't think) possible to spot breach of that just by the content being scraped. 

Thousands of tools are released every day. Am I expected to play whack-a-mole and shut down every new one that appears?

Terrance Eden - 'Silence Isn't Consent'

This 100% shouldn't need whack-a-mole, this activity should be covered by licences, this may need extra work, especially if we want to include rate limits in those agreements. And licencing needs to become as much covered by standard machine readable ways of highlighting as search engine inclusion (something in theory you specify once with headers, or meta-tags, or a text file, and everyone obeys.

However this is as much a “Nice to have” at this precise point as Terrance's ask to have an “opt in” to bots, and as for consent, even if you don't make icky equivalences about the web and the really real world, there is a ton of evidence that the vast majority of people on the internet don't understand it, even if reams of guidance are issued. just look at how badly most people implement it for cookies.

Monday, 16 January 2023

Voter Authority Certificate (voter ID)

Under the cover of beating in-person voter fraud, a problem that simply just does not exist, the Tories have introduced a requirement for ID to vote. This will disenfranchise a lot of poor and marginalised people.

If you do not have one of the following:

  • UK or EEA Photocard driving licence
  • UK, Channel Islands, Isle of Man, a Commonwealth, British Overseas Territory or EEA Passport (valid or expired)
  • UK Proof of Age Standards Scheme (PASS) card
  • UK biometric residence permit
  • UK Defence identity card (MOD Form 90)
  • Northern Ireland Electoral Identity Card
  • National ID from an EEA country
  • Blue Badge
  • Government travel pass for older or disabled people Including Freedom pass, or disabled person’s concessionary pass
  • Scottish National Entitlement Card
Then you will need to acquire one or apply for a Voter Authority Certificate

You need:
  • your registered voting address, 
  • a recent, digital photo, 
  • your National Insurance number
Applying takes around 5 minutes, or 20 minutes if you cannot provide a National Insurance number.
There is a paper form.
There is a different process for anonymous electors.

Friday, 21 May 2021

The BBC still have reputational issues due to outsourcing

Ten years after I wrote a story about sub-sub-contractors causing reputational problems for the BBC because the public will look at the big household name on the sign, not the logo on the badge there is another classic example.

After a night of riots in Swansea, someone with access to post to the HIGNFY twitter feed from the VIth form common room, tweeted a joke so old even the Goon Show probably decided they couldn't get away with it even if they lampshaded it. I won't repeat it here, but if you have welsh heritage you can probably guess with a fair degree of accuracy if I say it isn't about sheep or rain.

The distance this person is from “Sitting in an office at Television Centre” is well known to those in the know, but to the vast majority of people on twitter “the sign above the door” says BBC and i don't really think they need any more reputational damage right now for the hypocrites in the rest of the media to latch on to.

Wednesday, 17 February 2021

Proofreading help request

This is something I have written for a project I am currently writing. Any corrections/suggestions gratefully recieved.

Advice on setting and managing passwords

This is a selection of advice on setting and managing password when signing up to a site on the internet. The idea is that anyone who doesn't have a lot of experience with the world wide web isn't just thrown in at the deep end.

If you just want the short version: use a password manager and take advantage of not having to remember all your passwords to set a different complex password on every site. Also take especially good care of your email account password.

Password Managers

If you take nothing else away from reading this then I hope you start using a password manager. You may have heard that they are a risk. Yes they are, like all software it is incredibly difficult to ensure they are entirely free of errors however I subscribe to the view that Password managers don't have to be perfect, they just have to be better than not having one[1]. There are three main options for you:

3rd party password managers

When people talk about password managers, they invariably mean 3rd party software that you use to store your passwords. The full run down on how to pick on and why that one will be the right one for you would take a very long article itself but there are three main questions to ask yourself.

Are you signing into lots of websites and apps across several computers/devices?
If this is the case you'll need to look at the options for sharing the passwords across devices. This may come as standard or as a paid upgrade. Some managers use your existing storage (Dropbox, Google Drive, One Drive etc.) to do this, in that case you need to make very sure that you don't put anything that can be used to guess your master password in that storage.
Are you good at remembering passwords?
It might seem silly to ask this when talking about finding a service designed to remember passwords for you, but you still have to remember one very important one, that gets you into your password manager. As a general principle those password managers that are a web based service themselves are more likely to have account recovery tools, but do make sure to double check.
Will you want to share passwords with other people?
This is easy in some managers although you may need to pay extra for it, while in others you can't do it without sharing the whole set of passwords and giving the other person your master password.

A few that you might want to look into are: Lastpass, 1Password, Bitwarden, Enpass, keepass.

Browser built ins

If you use the same web browser whenever you use the internet then you can just use that to store passwords (it is probably nagging you to do this already). This can even work across multiple computers/devices if you are signed into the browser and it is syncing your data. All the major browsers offer this, although it can run into issues if you don't use the same brand of devices as your main computer. These built in password managers offer encrypted storage and complex password suggestions.

A diary

If you have ever worked in an office you have probably been told that writing passwords down is a terrible thing to do. And they will have been right, when thinking about the risks that exist in an office, which are mainly other employees and those attempting to get private company information to sell to competitors[2]. In your home life the risks are very different, and for most people that is online ne'er-do-wells trying to get your personal information and bank card numbers, in this situation passwords, written in a book, locked in a drawer is a sensible choice.

Creating a Password

Completely random strings

Now you have been convinced to use a password manager, you can just use the “generate password” feature and away you go (although you may need to fiddle with the settings to deal with different rules sites have about what needs to be in a password).

If you are not using a password manager, or yours doesn't come with a random password generator, try one of these ideas:

Three random words

Otherwise known as Correct Horse Battery Staple after a cartoon, Three random words or #thinkrandom is a way to generate passwords that are both strong and memorable. This is the method the “Generate Password” button uses. I would actually advise against using this function if you have to remember the password as it will always be more memorable if you come up with the words yourself. However if you need inspiration or are using a password manager to remember the password, go right ahead. If you are on a site that wants numbers or punctuation characters, you can add some at the end or swap out letters i or l becomes 1, a becomes 4 and so on, or make up your own.

I see a little silhouetto of a man, Scaramouche, Scaramouche, Will you do the Fandango?

Another way to create memorable passwords that are difficult for someone else to guess is to take a phrase, saying, quote, song lyric or similar and use the initials. So “I see a little silhouetto of a man, Scaramouche, Scaramouche, Will you do the Fandango?” becomes “IsalsoamSSWydtF?” if the password rules require numbers or punctuation characters you can substitute them in, or just use a phrase that has them in to start with “There are 106 miles to Chicago, we have a full tank of gas, half a pack of cigarettes, it's dark and we're wearing sunglasses!”

Other considerations

But this page contradicts what I have been told by someone

For a start, different risks need different levels of protection, this advice is good enough for most websites but might not fly for systems containing large amounts of sensitive, personal, or financial information. It also benefits from not having to line up with lots of external rules and regulations. If you want a good all round read on passwords try “Password policy: updating your approach”.

You've got mail

Even if they have other steps involved like security questions (don't forget you don't have to tell the truth for these, three random words works especially well for them if you might need to use them over the phone) most self-service password reset systems rely on the idea that your email account is secure and you are the only person who has access to it (or at least you trust everyone who does implicitly) so use a strong and unique password for your email (and if you can think about turning on 2 factor authentication).

What if my password is stolen

One of the reasons to not remember passwords yourself is that best practice is to use a different one for every different login. Why? Because when someone gets hold of a stolen database of passwords, they will often try those passwords out on other sites, if people have used the same details there then they can get in. This is especially a problem these days where most sites don't ask you to set a separate user-name, but just use email addresses. There is a service called “Pwned Passwords” that will allow you to check if a password has appeared in one of the many databases that has been stolen and posted on the internet[3]. This is what we use to check your password before we will accept it. This functionality or similar is now being built into several password managers and similar products. If you are wondering about the name, then just understand that like any group nerds have their own jargon.

How worried should I be if my password is in the pwnedpasswords.com list

It depends. If your password is Fido2018 then it might not be your password but someone else's that is in the list and they don't have the association with your email address. After all how many hundreds of people will have got a dog in 2018 and called it Fido. You should probably still change it just in case it is your actual password (and in this case it is a very poor password). On the other hand if it is unlikely that anyone else has the same password and you have used it on multiple sites then it is probably best if the first thing you do after getting your new password manager is spend an evening changing all your passwords.

[1] There are of course people working in high security jobs for whom this doesn't hold true, but I don't expect them to be reading this advice.

[2] Your company risk profile may vary, but whatever it is, it is unlikely to be the cat trying to order Dreamies in bulk which is a multi-million-pound issue in home information security.

[3] There is a companion service called “Have I Been Pwned” that will take your email address and let you know if they appear in any stolen databases that they know of.

[4] This section of a very long blog post about the system explains how we can check a password is or isn't in the data set without either revealing the password to the service or downloading 650 million passwords to search ourselves.

Tuesday, 19 January 2021

Where is the next big (little) think in home automation?

Child's drawing of a yellow house
At some point last millenium I had control over the heating and air condition for a reasonably sized building. There was a GUI or you could telnet into the machine it was running on. At last resort you could go up to the roof where there was a room full of bit switches that made a really satisfying clunk when you threw them (do people still throw switches or has that gone out of fashion).
The system wasn't very sophisticated, it basically knew if a room was supposed to be in use at that time or not and what temperature it was supposed to be if it was (or indeed wasn't).
There were sensors so it knew what the actual temperature was in each room and it could control valves to let hot water into radiators or cold water into HVAC units. What more could you want?
Well the thing is that as companies have tried to bring this sort of thing into the home they have given people systems that learn the times they are in the house and allowed control from anywhere in the world. This has often been done by pulling a lot of the control aspect of the products away from a computer that is attached to the the systems directly and into the cloud.
Which would be fine except that there have been a number of situations where this had lead to the same sort of security flaws as with the Internet of Things or the cloud services being turned off so the hardware in people's houses isn't smart any more.
You still see the 7-day all-in-one controller and thermostat unit, the only visual difference being that they now tend to be white instead of beige and just of a pain to program, although some of them are now wireless. But they still only tend to control one service. 
In boutique hotels and karaoke suites you get multi service automation, one touch button at the door turns everything on/off and puts it into moods, but these are just flipping relays and you can't say "I'll be back at 6:30, make it 22° and run a bath"
Who is taking the best bit of all three approaches, smart(ish do we need things to learn our habits, just tell them, or give them an ical feed), all the processing power in the house so it doesn't get bricked by the supplier going bust or being bought out, multi-service "lights, camera, action", and securely controllable from outside the house. Okay two of those may be contradictory, you need some remote reliance to get the message through but if that is all you lose when it breaks, or indeed if you could replace that service because it is documented not proprietary.
Where should I be looking for the friendly packaged control software in a box, with minimal secure external services, and a decent sized set of interfaces into other systems?

Thursday, 24 December 2020

That pulse oximeter scandal

A pulse oximeter on a finger above an apple watch on a wrist.
Something has been bugging me since I first saw the story that Pulse Oximeter Devices Have Higher Error Rate in Black Patients other than the very obvious racism.

Say you have decided that the way in which white people decide they are the default and don't bother to do any work to see how the technology they sell affects people with different skin colours is a lesser evil than actively joining the clan.

Say you also accept that not a single one of the companies that makes pulse oximeters managed to see a copy of Effects of Skin Pigmentation on Pulse Oximeter Accuracy at Low Saturation (April 2005) or similar.

In order to forgive oversite in this matter you also have to believe that collectively the companies manufacturing these devices  and/or integrating them into more complex products have at no point seen any coverage of the controversy around Apple Watches on dark skin, which to be frank was everywhere five years ago.

I don't know about you, but as someone working in the technology product space, my first reaction whenever there is a story about a product failing in a similar space to mine is to go and ask the specialists "are we vulnerable to the same problem" because (and shamefully so) in terms of reputation damage, worse than being called out for racism, worse than being in the papers/Private Eye/The Register for your product being broken, is being the company whose product is still broken in a way that everyone noticed five years ago and fixed. After all while learning from your mistakes is very important, learning from other people's mistakes is better.

So either there are loads of product types in medical technology that are failing people because they don't engage with the wider technology space, or they spotted this and decided to keep their head down to avoid costs, or worst of all pulled on white hoods and decided that non-pale-skinned people weren't worth R&D time.

As I said at the beginning, there are those that are happy to dismiss accidental racism as acceptable and I'd be lying if I said I was confident I'd never done it myself, but in this case people are actively not doing their job.

P.S. If I have failed to spot someone more appropriate to make this point posting on it, please get in touch and let me know and I'll promote their writing instead.

Tuesday, 3 November 2020

American Voting

Happy Election day!

Alongside all the other reasons to be watching the American elections I have been looking at how they implement the actual voting part. In previous years a lot of the coverage in this area has been about voting machines, from hanging chads to hacking. But a number of things this year seem like they are both good ideas in general and implementable in a UK general election.

Early Voting

This is the easiest to endorse, it has even been trialed in the UK (I'll see if I can find the report later). The way the trial worked, a centralised location, marking off voters on the actual paper copies of the electoral roll that would then be issued to polling stations to prevent repeats, fitted in with the british electoral esthetic that in general thinks the most complex piece of technology in use should be a peg.

Kerbside/drive through Voting

One of the really big issues with polling stations in the UK is accessibility. So providing an alternate option that improves access to voting has to be a good thing. Given that there would be limited venues available in order to not require pre-registration it would probably need to also be a pre-election day activity. Also if we were going to stick to the idea that there is "one true copy" of the register then there would need to be a system to avoid allowing people to use both forms of early voting. Off the top of my head, the "inner envelope" part of postal voting, so until the voting lists can be cross checked the ballot can be linked to the voter and destroyed if a duplicate.

Postal Ballot Acknowledgement

A tonne of the commentary running up to the election has been that the postal service has been used as a political football. As a consequence of this there have been a lot of articles around the subject of "What to do if your postal ballot doesn't arrive or is rejected". I was intrigued that being able to check up on this was a thing. And while this would require the use of technology, it is an enhancement (assuming a general low level of ballots missing/rejected) that if broken wouldn't halt the election so it shouldn't be dismissed out of hand. So a simple website that tells people their ballot has been received, signatures matched etc. would allow people to spot rejections and do something about it.

Thursday, 29 October 2020

Writing with a pencil taped to a brick

Someone writing with a pencil with a house brick taped to it.
"One way of explaining to somebody why it could make a significant difference if you can do things faster, is to provide a counter example. So, I had them write with a brick taped to their pencil , because it's only a matter of happenstance that the scale of our body and our tools and such lets us write as fast as we can. What if it were slow and tedious to write? A person doesn't have to work that way very long before starting to realize that our academic work, our books - a great deal would change in our world if that's how hard it had been to write."
The Augmented Knowledge Workshop

This quote and photo was posted today by a friend who was talking about the NLS workstation. It immediately resonated with me as a metaphor for how I feel when writing and I wondered if it worked as generalised metaphor for accessibility in digital tools. We have ensured everyone has access to and can use the pencil, are we trying to measure the relative performance users are getting out of the pencil.

One of the things that hands the pencil to me[1] is a spell checker. What removes the masonry is it actually being any good. This is surprisingly difficult to find trait, for example it is top of the list of things that keeps me paying to use MS Office over some otherwise excellent free alternatives. For those wondering, the difference is in how good they are are trying to work out what the jumble of letters I have input is supposed to be, excellence is the right word being suggested for all but the most egregious errors.  Bad is I have to switch to googling to find the right answer. Terrible (and here I am convinced that the one built into Android has got markedly worse recently) is not getting the obvious one letter mistakes.

I know that this is hardly radical and in terms of my accessibility and usability expert friends I am not so much preaching to the choir but humming Bach to the organist but I feel it is a good reminder for us generalists. I'll now sit back and wait for someone to find a typo.

[1]I am aware that I am in a place of huge privilege here in how low the barrier is to my participation, but I find it easier to write from my personal experience.

Thursday, 11 June 2020

Black Lives Matter

Black Lives Matter.

Not much this white guy can add. Although it strikes me that some people[1] hear "Black Lives Matter" as "white lives don't".

I think in their mind they see the pie chart below, if the local police department stop killing black people they obviously have to kill more white people to keep up to quota on shooting civilians.
Pie chart of deaths at the hands of Washington DC police, starts at the correct 93:7 and ends up 100% white.
Deaths at the hands of police in Washington DC by race. Data for frame 1 from The Washington Post

They should of course be seeing and therefore wanting[2] this bar chart:
This happens time after time.
False equivalence, inappropriate but near religious worship of the zero sum game, and on occasion just plain ridiculousness.
"Take down statues of people who murdered and enslaved people." Response from some people[1] "They take one of ours, we take one of theirs, pull down the statues of Muhammad[3]"
because somehow there needs to be balance in statue removal, or
"Please consider looking at the names of your pubs and beers and remove racist names and iconography" "They'll be banning 'The White Horse' and 'The Red Lion' next"
I don't want to dilute this post with examples from other situations. But it is amazing how often privileged people think someone else getting treated like a human being, and efforts being made to ensure they get the same rights as everyone else, as a loss of some of their rights.

[1] Racist white people mainly.
[2] Surely everyone wants zero deaths at the hands of police. This is of course means no need for them to have to shoot at people, so no mass shootings[1]
[3]I shall leave quite how ridiculous this is as an exercise for the reader.

Friday, 24 January 2020


The first nonabsolute number is the number of people who will attend the conference call. This will vary during the course of the first three emails, and then bear no apparent relation to the number of people who actually turn up, or to the number of people who subsequently join them after another meeting, or to the number of people who leave when they see who else has turned up.

The second nonabsolute number is the start time of the conference call, which is now known to be one of those most bizarre of mathematical concepts, a recipriversexclusion, a number whose existence can only be defined as being anything other than itself. In other words, the given time of arrival is the one moment of time at which it is impossible that any member of the call will log on. Recipriversexclusions now play a vital part in many branches of maths, including statistics and accountancy and also form the basic equations used to engineer the Somebody Else's Problem field.

The third and most mysterious piece of nonabsoluteness of all lies in the relationship between the number of actions in the minutes, the number of people in the conference call and what they are each prepared to be responsible for. (The number of people who actually have any responsibility is only a subphenomenon in this field.)

Numbers written on emails about conference calls do not follow the same mathematical laws as numbers written on any other communications in any other parts of the universe.

With huge apologies to Douglas Adams.

Saturday, 20 January 2018

And another thing

On the subject of trains

The other thing that strikes me is how often the railway debate is seen as binary. As-is verses monolithic state owned-and-run.

This isn't just when talking about the future of the British railways but when citing the best and worst bits of the situation in other countries.

No small changes or mixed models allowed. All mentions of "and this happens where they have a nationalised system" talks of separation of running trains and infrastructure or that private companies can still run services or use of private contractors (I know lots of people are chiming sonorous dirges about outsourcing due to Carillion, but I don't think it will, or should, be going away).

What if a government stopped letting franchises for local services at first? Or transformed contracts to be a different sort of private operation like TfL do with the Overground etc? Has anyone done a comprehensive independent analysis of the options showing the pros and cons?

Is the all or nothing a straw man awaiting the flame or somehow the only two options?

The trouble with trains

As per usual when the January regulated rail prices were announced there was a lot of comment about and around them.
A big theme was asking Labour if they still wanted to nationalise the railways and then writing about why this was a bad idea.
But rather than actually analyzing the concept as a whole, because season tickets and full price returns costs had been the story prompt, lots of the criticism was that cutting these fares mostly subsidized the better off segments of travellers.
The problem with this is
a) assuming that big cuts to these prices would be the first and only change a nationalising government would make to the charging structure.
b) that nationalisation would be an isolated action (which is I suppose a fair enough way to make understanding the consequences easier)
but biggest of all
c) that this is a nationalisation issue in the first place.

These are regulated fares. They are set by rules outside of the train operating companies hands. If an administration of any hue wanted to deal with this issue they could just (yes I know that is a huge just and would probably require a complete cycle of reletting franchises but that isn't that long in governmental terms) change the rules. We could have a whole new pricing structure with very little change to the way the railways work otherwise if there was political will.
There are many other issues with how railway "ownership" works currently and what model would be best (in general, there would always be losers in any change) for the country but every January this one rankles.

Secure messaging for public health

EDIT: That thing where you think you've published a blog post before running out to Thanksgiving dinner, then find it in your drafts.

So the other day I spotted this tweet about the adoption of secure messaging in public health pootling past on my timeline (you may want to glance at the blog post linked to in the parent tweet).
and being me stepped in to suggest yes it probably would be that hard. If not much, much harder

There was a bit of a debate, some people suggested that NHS IT projects were only ever difficult and expensive because outsourcing companies ripped off the public sector. I'm not going to defend any of those outfits, but their greed isn't the only reason that such projects are costly. Besides "In House" these days could mean actually properly in house as the NHS seems to be getting serious about digital.

There were some constructive contributions such as

Looking into what open source software is out there is always a good idea, as is looking at the research behind the algorithms. As an example the protocol behind the Signal messaging app is available under the GPL. So with appropriate due diligence for ensuring that it is secure, you are using a genuine untampered with version etc it would provide a good starting point. Of course other protocols are available.

So isn't it that easy?

No. For two main reasons. Firstly security. Strangely for all the reasons successive Home Secretaries have been wrong about the "dangers" of end-to-end security the NHS may well consider it a genuine issue. Audit trails, patients rights to personal data, the bus stop problem, safeguarding, and a million other reasons means that private end-to-end encrypted communications between two health professionals could be an issue.

While the protocol you have chosen may have ways to deal with this, an audit server as a compulsory participant in every conversation for example, you then have a lot of traffic that has to be securely stored. As this is being kept for logging and monitoring any metadata products have to both be referenced by participants and subjects[1] while also being secured to keep anyone from using inference attacks[2], and so on. Good cryptography is bloomin' hard and the more participants you involve the harder it gets.

And secondly?

If you didn't know before then the rapid spread of WannaCry through parts of the NHS technical estate highlighted quite how fragmented and antiquated that estate is. In fact I would go so far as to say that for the purposes of discussing a project like this there is no "The NHS" even if we, for the purposes of discussion, stick to England the enormity of the number of organisational units is frankly overwhelming. Who needs to be included? Trusts,CCGs, special health authorities, GPs, pharmacists, optometrists, dentists, private sector service suppliers, local authorities, universities? While you can accurately accuse me of hyperbole in having the list that long it doesn't matter.

Even if you just wanted to have this service for Acute Trusts the number and type of devices that would need to be supported is going to be the source of most of the development, testing and roll-out costs. Unlike an informational website where you can make a choice to have it look less polished in older browsers so long as it gets the point across, nobody will sign off "this will be less secure on X, Y, and Z". Although to be fair it is far more likely "It just won't work on X, Y, and Z" as they won't support the features required.

Even if you could put together a dedicated team, formed of literally the best people for the job and magicaly ensure they were uninterrupted and as efficient as humanly possible. Even if not a single minute or pound was wasted. The design phase would take longer than most onlookers would set asside to have the whole thing live.

Hopefully I'll find some time soon to do a post about the other side of the coin, all the exciting things that could be done with a good, well provisioned, secure messaging platform for public health.
Please do challenge my assumptions and/or conclusions in the comments or on twitter.

[1]This sort of thing is going to become increasingly important as we all get more rights to our personal data
[2]There is no point in using high security methods to protect the text of the conversation about cancer treatment protocols to protect someone's privacy if you use lower standards on the information "oncologist X and oncologist Y talked about patient N"

Wednesday, 15 March 2017

Is equal "Equality"

On the face of it the face of it you might think that the European Court of Justice ruling "An internal rule of an undertaking which prohibits the visible wearing of any political, philosophical or religious sign does not constitute direct discrimination" was fair and equal. As long as applies to it applies to everything right?

Well no.

Firstly even if you don't believe in a religion[1] then I'm sure you can understand the concepts behind them. There are people who sincerely think that the consequences in the long term (damnation) are worse than now (starvation).

So you can't be convinced by that, next is there are some that even if they decide they think employment is more important than religion can't do anything about it. Culturally they'll be stopped by family, spouses, elders or other leaders. This will be by some form of real or threatened violence. It may not be what we want for people, but it is reality and realistically unfixable.

Next if you look at the context of this against other rules and laws in Europe that have come out over the last few years, this is obviously part of rising islamophobia. It may as much about turbans, yarmulkes, crosses, political party insignia and cameos of epistemologists but look at the coverage everyone knows what it is really about.

Even worse:
“However, in the absence of such a rule, the willingness of an employer to take account of the wishes of a customer no longer to have the employer's services provided by a worker wearing an Islamic headscarf cannot be considered an occupational requirement that could rule out discrimination.”
means that when a company starts pandering to racists it has to screw over the whole workforce.

[1] Doesn't really matter which. If your religion says that bad things will happen, eternal damnation for example, if you don't follow the rules, you should be able to understand someone else's does also. If you can't muster up such basic empathy begone with you.

Monday, 29 August 2016

Time for a new way to do continuous/future payments?

Not perhaps the best day in the year to publish this, but I'm the sort of person where if it doesn't get put down it gets lost.
So, I have a new debit card, not for any terrible reason, the old one just reached end-of-life. But while there is no drama behind it, there certainly is because of it.
This is the era of e-commerce, almost everyone takes card payments online and for the consumer the cheque is all but dead. Unfortunately this does mean every few years that a whole bunch of automatic, settlements fall over. Angry emails come buzzing in: this payment failed, that order canceled, if you don't pay soon your service will be canceled.
One interesting exception was TFL, they allowed my oyster auto-top-up to happen even though the payment didn't go through so long as I settled the outstanding amount with reasonable haste.
So what are the alternatives?

  • Direct Debit; while used extensively in the public sector, utilities, and insurance, should there be a campaign to try and get more retailers to use this. Or is it the case that the framework agreement that it is based on provide too much risk?
  • Third party solutions; These exist, for example Paypal allows you to set two methods of settling recurring payments. However these sorts of features come at a price and using value added payment services cost more.
  • A new way? So is there something the banking industry can do?
What would this new thing look like, it would need to be easy and secure for consumers but not expensive for retailers to use. Is asking for both effectively asking for the moon on a stick? I imagine the biggest issue is can this be done without requiring expensive changes/upgrades to infrastructure on either side. Maybe a virtual card that can have a hundred year lifespan issued on a per site basis. Would it be a system of tokenisation that replaces actual cards in most places?
I really don't know, all I'm certain off is I'm not looking forward to going through the whole rigmarole in three years time.

Monday, 22 August 2016

180° on Labour Coup narratives.

I don't want to comment on how likely the full on coup plans laid out in this and other recent stories is.
What I do want to say is how similar this to an cold war narrative of the right.
This stated that electoral victory for Labour under a more moderate leader like Neil Kinnock would lead to a takeover of the party by hard left forces with a pro USSR agenda.
If you are too young to remember these theories (or have just forgotten) then they were written up as a fictional memo in The Fourth Protocol by Frederick Forsyth. I don't think anyone is planning a faked nuclear accident this time however.
Of course the real Neil Kinnock started the fight against the hard left like Militant that many see Jeremy as harking back to and a lot of the same moderate left wing are again crying "Entryism" at an influx of left wing members as they did back then.
Will Mr Corbyn's tactic of mass rallies be more successful than Neil's and will there be a coup after?

Sunday, 29 May 2016

On Love

Sometimes the English make wide eyed comparisons with other cultures along the lines of did you know the X have N words for Y?!??!
Some of these are simply fatuous; yes the native peoples of the polar region can accurately describe differing snow conditions, have you seen how many words the British have to describe rain?
While others miss the point. Greek might have more individual words that describe differing types of love, but I'd far rather have Shakespeare taking 4 beautiful lines to say it. The Bard has expressed a great many degrees of feelings better than I can dream to do and he is still my go-to guy for all out love (and lust) but there are still some levels of affection I feel need filling in.

  • You are to me very much like an ancient cat, very near to my heart unless you have just vomited on the carpet again.
  • Facebook's algorithms probably mark 60% of what we message as bickering but you are always the first person I look to see if they're about when I go online.
  • We may not have spoken in months, but you are still my go-to for disposing of dead bodies.
  • When I say, you can ring me day or night, what I mean is your number is in the special section of my phone where it will actually ring at any time day or night.
  • I try my hardest to avoid telling you I worry about you, because I don't want to worry you. But prolonged absence of evidence you are okay vexes me.
  • Would probably be easy to mark this down as avuncular, but I imagine real uncles spend less time working out who to pair you up with. 
  • Awe is a much underrated form of affection, you may well think I am a piffling idiot, it is just me being weighted down by the veneration.
  • You are warm and your jumpers smell really nice.
  • A fundamental and abiding problem that only fate will solve is who is organising the others wake.
  • It would be much easier to express what you mean to me if you were literally fluffy, then I could just quote Agnes
  • One hopefully far off day you will find out what I truly feel about you and at that point you'll probably never speak to me again
  • None pizza left beef with a side of Badger Badger Badger Badger

Tuesday, 19 April 2016

Possibly the nerdiest thing on the internet.

Possibly the nerdiest thing on the internet.

"Wil Wheaton vs. Paul and Storm - Captain's Wife's Lament"


Monday, 29 February 2016

One Man, Two Guvnors by Richard Bean

Described by The Guardian as "A triumph of visual and verbal comedy” One Man, Two Guvnors is a glorious celebration of British comedy: a unique, laugh-out-loud mix of satire, slapstick and glittering one-liners.

Following runs starring James Corden on Broadway, The West End & sell-out national tours, Sheffield audiences can now enjoy this hilarious, award winning and Tony nominated show when Midland Players present the regional amateur premier of One Man, Two Guvnors at the University Drama Studio from March 23rd to 26th.

The play is Richard Bean’s English adaptation of the 1743 classic commedia dell'arte play, Servant of Two Masters by Venetian playwright Carlo Goldoni.

In Richard Bean’s version Venice is replaced by Brighton in the 1960s where an easily confused Francis Henshall ends up in the employ of sadistic gangster Roscoe Crabbe. Despondent, desperate and starving he is also hired by Stanley Stubbers, an upper class criminal on the run after murdering Roscoe… but if Roscoe is dead, who would pretend to be him and why? Francis struggles to keep his wits and keep his two Guvnors in the dark, as events take ever more hilarious turns

Find out why the Daily Mail described One Man, Two Guvnors as ‘Officially the funniest show on the planet’ by getting your tickets from www.midlandplayers.co.uk, or calling (07928) 276383.

One Man, Two Guvnors by Richard Bean, with songs by Grant Olding runs at the University Drama Studio, Glossop Road at 7.30pm from 23rd to 26th March. All tickets are £8. This amateur production is presented by special arrangement with Samuel French.

Soundtrack to the show:

Monday, 18 January 2016

And Then There Were None Trailer

The Company presents "And Then There Were None" Tickets on sale now https://bit.ly/Company_And

Monday, 8 December 2014

An important appeal court judgment on bus wheelchair spaces.

The court of appeal has issued an important and interesting judgement about the extent to which bus companies have to enforce their policies about the wheelchair space. The introduction sets out the scope of the issue:

  1. This appeal has attracted some public interest, so it is important to be clear about the issue. It is not about whether non-wheelchair users should move out of the wheelchair space on a bus in order to accommodate a passenger in a wheelchair. Of course they should if that is possible. Nor is it about whether mothers standing in the wheelchair space with a child in a folding buggy should fold their buggies in order to make way for a wheelchair user. Of course they should if that is possible. Non-wheelchair users, unlike wheelchair users, will normally have a choice about which part of the bus to sit or stand in. Common decency and respect for wheelchair users should mean that other passengers make way for them. What is at issue is whether the bus company must have a policy to compel all other passengers to vacate the wheelchair space irrespective of the reason why they are in it, on pain of being made to leave the bus if they do not, leaving no discretion to the driver.
  2. For the reasons that follow I have concluded that that is a step too far.

The original judge had said "alteration to the conditions of carriage which would require a non-disabled passenger occupying a wheelchair space to move from it if a wheelchair user needed it; coupled with an enforcement policy that would require non-disabled passengers to leave the bus if they failed to comply with that requirement." but First had decided to appeal based on a case in Middlesborough having an opposite outcome and have won.

While this is a failure for the absolute right for a wheelchair user to claim the space what makes the judgement interesting is the reasoning of each of the judges involved. As per usual there appear to be gaps in the legal frameworks as passed down by parliament. There is also the consideration about how far a bus driver can reasonably go in enforcing the company's policy. There is also a lot of associated discourse, for while they all allowed the appeal, each judge wanted to have a say on steps that the bus company could take without a change in the law. Mainly trying to reduce the probability of disadvantage to any wheelchair users and to prevent the policy being perceived as “first come first served” by other users of the space.

So the bus company must take all reasonable steps short of compelling passengers to move from the wheelchair space. We have not had argument on this but provisionally I consider that the bus company must provide training for bus drivers and devise strategies that bus drivers can lawfully adopt to persuade people to clear the wheelchair space when needed by a wheelchair user. Bus drivers have to use their powers of persuasion with passengers who can move voluntarily. The driver may even decline for a short while to drive on until someone moves out of the wheelchair space. There is no risk of liability to such passengers in requesting them (firmly) to move, if they can, because if they cannot safely do so, they will not do so. The bus company should also have an awareness campaign and put up notices designed to make other passengers more aware of the needs of wheelchair users. It might also have to conduct surveys to find out when people are likely to travel and what their needs are so that it can do what it can to provide an appropriate number of buses for everyone.

I am not, at the time of writing, a wheelchair user. I do follow equality issues especially to do with public transport as I often need to take use of priority seats. This sort of judgment could lead to clearer equality law, but as traditional, I’ll not be holding my breath. It is of course a great shame that we can't just rely on "common decency and respect" so people have to fight these sorts of cases.

I recommend reading the full judgement.

Monday, 20 October 2014

This week: Romeo and Juliet

Romeo, Friar Laurence, Juliet
"you shall not stay alone
Till holy church incorporate two in one."
Two bootlegging families, both alike in dignity, in fair Chicago where we lay our scene. With Prohibition biting hard Shakespeare’s tale of doomed love comes to life in a basement speakeasy.

Somehow no matter how much you wish for a happy ending it never happens.

Shakespeare's Romeo and Juliet will run from the 22nd to the 25th October 2014 at the Sheffield University Drama Studio, Shearwood Road S10 2TD.

Tickets from: http://bit.ly/RandJ2014 via tickets@midlandplayers.co.uk or on 07928 276 383

Monday, 15 September 2014

Romeo and Juliet

Two bootlegging families, both alike in dignity, in fair Chicago where we lay our scene.
With Prohibition biting hard Shakespeare's tale of doomed love comes to life in a basement speakeasy. Somehow no matter how much you wish for a happy ending it  never happens.
Romeo and Juliet is one of Shakespeare’s earliest and most popular plays, with timeless tragic themes of love and conflict. Midland Players transport this classic tale of star crossed lovers to prohibition era America; audiences can expect brawling bootlegging families with period costumes and music to set the scene. To meet the challenge of bringing fresh perspective to this tale of woe it is brought to life amidst the hellcat rivalry of the black market. The violence in society plays out under the nose of ineffective authority. As ever it is the tragic loss of young life on both sides that brings matters into perspective for everybody concerned, far too late to matter.
We will be performing from Wednesday 22nd to Saturday 25th October 2014 at 7:30pm At the University Drama Studio, Glossop Road. Tickets cost £8 and are available from www.midlandplayers.co.uk, via tickets@midlandplayers.co.uk or on 07928 276 383

Wednesday, 3 September 2014

Dodgy figure on the cost of London cycleways

Professor Stephen Glaister has given his opinion on the new cycleways in London; apparently he said

“the mayor's plans would cost £100 per Londoner”
Mayor of London unveils segregated urban cycleways - BBC News - 03/09/14

As far as I can tell that is the investment number mentioned in the article, £913m, divided by 9 million ish people in "London".
The problems with that are:

  • That number is the total investment in all cycling programs not just the segregated cycleways
  • It is the budget for a decade’s worth of those programmes, people might think he means this year
  • It isn’t just Londoners that pay for Transport for London

As far as that last point goes, to calculate what fraction they do pay is quite complex:
TFL gets about 1% of the GLA component of council tax from residents, plus a large grant from central government, which while we all pay for. (It may be that proportionally more will come from Londoners due to it having more higher earners.)
40% of TFL income is from fares and similar income, but I haven’t be able to find a sensible breakdown between residents, commuters, other UK visitors and people from overseas.
However any case it is easy to conclude that not all of the £913m will be paid for by residents of the capital.

I’m sure that Professor Glaister, director of the RAC Foundation ("…advocates policy in the interest of the responsible motorist") wouldn’t want anyone accidently mislead by the number as it has been quoted and will be on the phone to the BBC to get this fixed ASAP.

Tuesday, 24 June 2014

The Man of Mode, Romeo and Juliet, and Antigone.

Some things I should have been promoting more, but have slipped recently:

Firstly, The Man Of Mode will be performed by The Company 25th-28th June.

Please buy tickets as it's promising to be a fantastically funny show and £1 from every ticket sold is being donated to charity - a split between Cancer Research UK and Leukaemia and Lymphoma Research UK.

Go to www.thecompanysheffield.co.uk/boxoffice to book.

Secondly, Auditions for Midland Player's production of Romeo and Juliet[1] (show week commencing Sunday 19 October 2014).
There will be two open auditions:

Monday 30 June 2014, 7:30pm at the Harlequin on Nursery Street

Thursday 3 July 2014, 7:30pm at the University Arms, 197 Brook Hill

Everyone is welcome and no preparation is required.
If you are interested in auditioning it would be great if you could let us know which date you think you will come to so we have a rough idea of how many people to expect (and so we know to keep an eye out for you on the night!).

We are also looking for people who may be interested in more technical roles e.g. assistant director, sound, lights, stage management, props, etc. If any of these interest you please let us know or feel free to drop in to a rehearsal to speak to us!

Contact christine_almond@hotmail.co.uk for more info.

Finally, auditions for The Company's October production of Antigone (show week of October 5th 2014) will take place at The University Drama Studio rehearsal rooms from at 8pm on Tuesday 1st and Wednesday 2nd July.

No preparation is necessary and all are welcome.

[1]Directed by me.

Thursday, 20 March 2014

Never stop fighting

If there is one thing we definitely love here on the internet, raising money for charity by making a yourself look like a plonker is it.

The #nomakeupselfie online awareness campaign about cancer has moved through several phases (and probably makes a great social media case study) from women posting selfies without make-up, through the “slacktivism” backlash, the genius move by CRUK’s social media team and now the balancing efforts to raise awareness and donations by tagging men men to post pictures of them in makeup.

A colleague of mine, Natalie nominated me to join in and I said I would on one condition, that doing so directly raised money for cancer research via a friend of mine's Justgiving page. Her mother died just over a year ago and that has driven her to start running to take part in the race for life. I have said that if we raise £50 I’ll get made up and have pictures posted on the internet. This is going to happen next Thursday lunchtime and I'll keep the makeup on until at least the end of the day.

So if you want to see me in full make up donate to Kate’s just giving page with an encouraging message for her and the hashtag #SlapTony

Oh and start thinking of stretch goals we could agree for when this has raised more than £50.

Tuesday, 11 February 2014

Update to "Oh my god, I’ve been hacked"

I have added an extra section into Oh my god, I’ve been hacked so it now includes the links for turning on 2 factor auth for Facebook and Twitter.

Wednesday, 28 August 2013


I use the term ‘Spoony’ sometimes to identify myself, it comes from the much shared article "The Spoon Theory" written by Christine Miserandino. As you'll read if, no when ;-), you follow the link, it is a tale of one person explaining to a friend of their life with Lupus through the medium of spoons. It has resonated with a lot of people, especially those with "Invisible" Diseases and disabilities and I am seeing it used more and more.

I especially like using it because as well as being a useful metaphor of how I have to interact with the world it is great term to use when asking for help/consideration without getting into details of the specific "impairments" I have. That of course relies on how well people understand the term. It isn't yet used widely enough for me to use it in the really real world at the moment, apart from in the company of those in the know. But currently in this fabulously geeky and jargon infested world online it is becoming my term of preference. So I apologise if by using it I have confused any of you and I hope that you feel better informed now.

Wednesday, 3 July 2013

Burglar trapping keys

With people breaking into houses in order to go after car keys isn't there more things technology can do to help short of expensive trackers?
First thoughts include fake keys that set off alarms and/or trigger die packs to mark the hands of thieves.
Easier connectivity between house and car alarms so a silent alarm on a house triggers a car immobiliser.