Life – Page 3 – Frank Leonhardt's Blog

A-Level scrappage scheme – Tony Robinson dug up to condem it

Earlier this week AQA scrapped the A-Level in Art History, and today Archeology got the chop too. The luvvies at the BBC decided to get some expert comment about this act of cultural vandalism, and naturally turned to one of their own – Left-wing comedian and actor, (Sir) Tony Robinson. He’s keen on archeology, having made some reality TV show about it. However, he was knighted for his services to politics, having been a member of Labour’s National Executive Committee. So who better to discuss it?

Sir Tony was, unsurprisingly, keen to blather on without any balance, roundly condemning AQA for their decision. He knows a lot about education; after pre-school he went to a grammer where it scraped four ‘O’ Levels, and dropped out of ‘A’s.

Unfortunately Sir Tony couldn’t directly criticise the government as it was the exam board decided to drop it, but it didn’t stop him trying. And for balance, they dug up a professor of archaeology too – not a luvvie, but definitely an academic.

The argument made by this brace of lefties is that scrapping subjects like this means poor people going to state schools won’t have the chance to study these subjects. A view that wasn’t questioned. Well I’ll question it – if AQA has scrapped it, no one can do it.

Apparently it was also “limiting choice” to concentrate on core subjects. This stands no scrutiny. Hardly any schools offer A-levels in these subjects anyway, as no one wants to do them and even if they did, there is no one to teach them. If you have a love of a subject, go and study it yourself. Apparently, last year only 400 students took Archeology.

No one was keen to make the opposite case; that such A-Levels are a really bad idea. You can go on to study a degree in archeology without having done an A-Level in it; you just need a brain and the ability to think critically. You can get that by studying anything difficult. You don’t need to be spoon-fed a subject to “try it out”, all you need to do is go to the library and read some books.

Having A-Levels in weird subjects is actually a bad thing, in my view. People may choose to do them. In itself that’s fine, but human nature leads to many choosing the easy ride. In at least one private school I know of, most of the pupils leave with an A-Level in Scripture (Religious Studies). It’s an easy one to get and boosts the A-level tally.

So what happens when you take your A-Level in Media Studies, Archeology and Divinity to university? Do they prepare you for a degree course? Well, it might for a degree Archeology, but so would self-study and a love of the subject combined with an A-Levels in Maths and Physics. THat’s true of practically any subject at degree level.

The result of the current ridiculous situation is this: I have people trying to study for a degree in Computer Science who are unable to write a proper sentence in English. Their basic arithmetic skills are almost non-existent; and as for mathematics: forget it! And, surprise, surprise, they got on the course using A-Levels in soft subjects, so they don’t know how to study anything hard.

Bring on the A-Level scrappage scheme.

7-October-167-October-16

The Royal Mail is Doomed

Britain without the Royal Mail? That’d be, well, un-British. But, like Woolworths, it’s coming to the end of its natural life after 500 years.

Realising this, it was sold out of public ownership in 2013 in the hope this would give it the flexibility to adapt and change with the times. Form most of its life it’s existed to provide communication in the form of letters. It survived the introduction of the telephone – in fact it used to run that too, messed it up and had that part of the business privatised as British Telecom in the 1981. This didn’t stop BT doing some odd things (like selling the division running these new-fangled mobile phones), but it has replaced the dwindling demand for fix-line domestic telephone calls by selling infrastructure of networking instead. BT are doing rather well at it.

Fax, and then email, has really put a dent in written communication. Who sends letters any more (apart from idiots)? However, the Internet has resulted in a massive boom in on-line commerce, and physical products still need delivery to the purchaser. Royal Mail plc needs to re-invent itself as a delivery company, and use its existing infrastructure to do it better than the start-ups who are filling the void. Unfortunately it’s doing spectacularly badly at this, whatever it’s accounts say.

Hereabouts, our two nearest Post Offices are closing, in spite of there still being a demand. There’s always a queue. The Post Office was their advantage – you could visit it to drop off a parcel and pay the postage on it at the same time. If you can’t do this, you may as well have an account with some other carrier, who’ll pick up from your premises without any fuss. Royal Mail will, if you’re big enough.

But the big problem they have is delivery. With another courier, it’s not a problem. They’ll always follow instructions and leave it across the road, where we have an agreement to take each others’ deliveries. Not a problem. If that doesn’t work they drive past a few hours later and there’s always someone around to handle it.

But Royal Mail has a “better idea”. They stuff a card into your post box telling you to collect your parcel the following day, from your local Post Office. (The one they’re just closing) And your local Post Office parcel department is only available until noon.

Whilst I like my local postman, and the people in the parcel office, the reality is that other shipping companies provide a much better service whereas they’re constrained by crazy working practices, partly fought for by their own trade union.

Unless Royal Mail can get parcel delivery right, by delivering the things to the address the sender intended, when they intended it, they’re going to be stuck with operating an almost pointless shrinking letter service, and eventually decreasing economies of scale will mean the competition can do that cheaper too.

27-September-16

How fraudulent sellers operate on Amazon

Mail order fraud is nothing new. There’s the apocryphal story from the 1950’s, and probably earlier, of the newspaper advert for Ever-lasting Slug Killer, “guaranteed to kill slugs indefinitely”. Respondents received two rocks, with instructions to place the slug on the first one and hit it with the second.

Consumer protection laws in the 1970’s and European distance selling regulations have rendered this kind of scam difficult. If the product you deliver isn’t what it’s cracked up to be, or even if it is, the purchaser has the right to reject it when they see it. Therefore there’s no point in delivering tat; you might as well not send anything. Ebay has been plagued by such scams, and there are now plenty on Amazon too.

To combat this, Ebay has policies that mean if the buyer complains, the seller doesn’t get the money. This has lead to the reverse-scam, where bogus buyers order something and then claim it didn’t arrive, and this has put a lot of sellers off using Ebay.

Amazon has a similar dispute resolution procedure, but in my experience, has a team of people with functional brains who can tell the difference between a wrong’un and a victim. Eventually.

You can see two common forms of scam on Amazon: Crazy price and Non-delivery.

Taking the second first; given that you don’t deliver the goods, how do you get the money? Without actually testing the theory I can’t prove this works, but I imagine it goes something like this:

Set up as a seller, and pretend to be somewhere like China – long distance shipping.
Find big-selling products and list them yourself, but at a slightly lower price than the other sellers.
Wait for the orders to roll in, and then delay. Firstly, don’t ship immediately and then when you do, set as long a delivery window as allowed.
Run off with the money.

This works because of step 3. Amazon doesn’t allow you to report a seller when you spot something merely suspicious, so they can keep selling stuff for several weeks before Amazon has the chance to investigate. The complaints procedure only allows you to report non-delivery AFTER the last date specified by the bogus seller when they ship it.

The thing is that bogus sellers like this are possible to spot before this. The extended delivery time is a first warning, and you can then research the range of products sold and how plausible it is that they’re cheaper than anyone else for the same product. Picking the cheapest supplier is a perfectly reasonable thing to do, especially when there are several scammers offering similar prices for fast moving items. Who would check further?

The other scam involves putting small items on at a crazy price, often a hundred times their real value. It’s quite conceivable that someone in a hurry wouldn’t notice they’d bought a small item at completely the wrong price. I’ve been noticing these sellers for several years, and out of public spirit, I’ve reported them to Amazon staff and they’ve disappeared shortly afterwards, with a note thanking me for bringing them to their attention.

Having never fallen foul of a crazy-price scammer, I don’t actually know how the problem gets resolved if you do buy something. Under contract law, if you’ve agreed a price and they’ve delivered your picture hook for £120+£50 delivery, you don’t have a claim. I see nothing Amazon can actually do about this, other than refund the buyer out of its own pocket and strike the seller off. Amazon’s lawyers may have something more creative.

However, even if the scammer only has one sale before being shut down, if that nets them £200 it’s going to be worth it.

As for the non-delivery scam, I don’t know how possible it is for the criminals to get away with the money. Amazon can’t hold on to it indefinitely, and will have to hand it to the seller at some point. Even if Amazon holds it until the latest delivery date, people aren’t going to flag it as fraudulent immediately – especially as the latest delivery date could be months later.

It ought to be fairly easy to spot these bogus sellers automatically by heuristics, and it’s high time Amazon put some effort in it. Perhaps they’re making so much money they’d rather write it all off.

22-September-1622-September-16

Talkmobile and security

I’m currently engaged in a bit of a strange dispute with talkmobile. They’re over-charging me, but for some reason I can’t log in to my account. No problem – they have on-line chat with customer services – how hard can it be to sort out?

Well, it’s proving impossible. They can’t even look at my broken account because I don’t know my date-of-birth. I don’t know my date-of-birth because, for obvious reasons, I don’t give the correct one out willy nilly to any company that asks for it – only government agencies and my bank. It’s easy enough to find someone’s DOB and it should never be used as a password.

So, there are a number of other dates I use for non-critical purposes. We’ve been through these; it wasn’t one of them.

Stop press – one of the more obscure ones worked. and I’m back in, thanks to the persistence of their help team.

But this is hardly the point; no one should use a piece of information that’s a matter of public record (i.e. on a birth certificate) as proof if identity. Birthdays are commonly found on social networking sites, your employers’ records and quite likely around the office. It’s mad to use it as a password.

So how did this come about? Well, until it’s purchase by Vodafone in 2015, TalkMobile was a virtual network run by Carphone Warehouse; the same group that that owned TalkTalk (see security blogs passim). TalkTalk was split off in 2010, but their culture of security has been questioned in the past; unfairly in my view as they’re no worse than most. What was lacking from inception was any common sense approach to security issues.

Unfortunately, you can no longer visit one of the remaining Carphone Warehouse shops to get these things sorted, which means if you’re locked out of your account there appears to be no way back in. I did threaten to cancel their direct debit rights with my bank; I bet they’d recognise me then!

To add insult to injury, TalkMobile’s representative tried to blame this policy on “The Data Protection Act”. It makes a change from blaming it on migrants, I suppose.

22-August-168-January-18

Barking Mad.com – Is Bark.com is going to the dogs?

Bark.com launched in 2014 as a web based service matching service providers with customers. Basically, you register as a client, say what you need done and it sends job leads to suitable businesses. A bit like computer dating.

And like any business relying on data matching, it will live or die by the accuracy of its data. It got off to an interesting start by purchasing the data from Dublin-based SkillsPages – 20M contacts of dubious pedigree. I know about this, because in the interests of research, someone registered as a supplier of a highly unlikely service in the name of a very well known science fiction character. No checks were made, but as no one needed the dilithium crystals realigned in the warp drive in a Constitution-Class Federation starship, no offers of employment were ever received by Chief Engineer Scotty. Until, that is, Bark bought the dodgy data and decided Scotty was an electrician in south London and then the leads started rolling in.

Okay, so we all had a good laugh at their expense before the account is cancelled once the joke had worn thin, but it should be an object lesson in data validation if you’re trying to give potential customers confidence in your “Professionals”.

And then this morning, in the space of 90 minutes, I received a load of emails to a made-up address on one of the domains I look after, but using my name. The emails contained quotes for a job that I had apparently posted. How could this be? I scrolled back down the email and found a “Welcome to Bark” message, giving “my” username and password, and implying I’d just created an account and posted a job request. Obviously someone had, but it wasn’t me.

My first reaction was to read the email carefully, looking for the “I didn’t register this account” link, but there was nothing of the kind. Of course, what they should really do is verify any email address; i.e. check that it actually belongs to the person claiming to set up the account.

Out of respect to the people who’d bothered to quote for the job, I emailed them all back saying “Sorry – someone seems to have done this as a joke”. However, Bark bounced these all back, because I’d sent them from my real email address; one that obviously didn’t match the fake one. So Bark can check email addresses when they want to!

Bark.com is leaving itself open to all kinds of trouble by operating like this. The killer is that the professionals putting in the quotes have paid bark.com to do so, but could claim that bark.com hasn’t taken enough care to ensure the job leads are genuine. By not even verifying the email address, they could be said to be making absolutely no effort at all.

When I spoke to Bark.com and raised this very specific issue, the claim was this rarely, if ever, happens. I provided the details and they promised to refund the people who’d been charged for a false lead, and said “This is not how we operate, this should never happen”, and that “when it’s brought to their attention they close down the bogus account and refund the money.”

10-August-1610-August-16

Aussie Census takes a tumble

The Australian government bureaux of statistics had a census yesterday. Every aussie, wherever in the world they happened to be, and to fill in the on-line census form before midnight. For those living in London, they tried to do this late afternoon in order to meet the deadline. No luck! it’s down with a message saying “Sorry Mate, our servers are currently shagged. Please try later and we’ll forget about the fine this time.” Or words to that effect.

On trying again this morning, it was still out of action.

I wonder if all the Australians in the world decided to leave it to the last couple of hours of the day, and whoever designed the system didn’t consider what the peak load might be?

Please don’t click here to see for yourself, as their servers are overloaded enough already.

Update: 10-Aug-16 17:06

Apparently they’re now blaming it of foreign hackers or a DoS. There was some controversy about the security of an on-line census before the event; I see a “told you so” slanging match before long!

13-July-16

Parent Pay adds fuel to its fire

Following a disastrous software “upgrade” on 6th June, it appears that ParentPay, the controversial on-line payment system used by many schools, finally appears to have noticed it has a problem. In an email sent to all its 1.7 million ~~victims~~ users today, CEO Clint Wilson apologised that people were having difficulties with the new system and conceding their support service was overwhelmed. He promised to fix the problems and get it right over the summer.

Perhaps in order to emphasise the fact that he really don’t know much about this technology stuff, the email was sent in a Microsoft-only format, with an invitation to “view it in your web browser” if you weren’t using Hotmail, or whatever else it was designed for. It really doesn’t bode well.

The ParentPay website was always awkward, requiring very specific web browsers in order to operate, and using insecure technologies rather than HTML. The latest update relied very heavily on JavaScript and assumed specific screen resolutions, forcing people to upgrade browsers and wait for updates in order to use it – and it looks ridiculous on a desktop-sized screen.

At the same time ParentPay implemented a system where parents were made to pre-pay in to the account and then allocate funds later, rather than paying for the items at the time they were selected/purchased. Subsequently the company has sought to defend this tiresome system as an initiative to help low-income families, although exactly how pre-payment does this isn’t clear. The fact that ParentPay is left holding money for longer before the school gets is probably didn’t even cross their mind.

Parents, already leery about the whole ParentPay system and the way it has been imposed on them by schools in spite of widespread long-standing dissatisfaction, have taken to social media to slag off the crass software update and appalling customer service..

It’s a sad fact that schools and local authorities lack the necessary IT savvy to spot a turkey when its marching up and down in front of them, and instead opt for “safety” in numbers. I don’t actually blame the schools for this – it’s not their job. It’s the government and local authorities that are unable to provide good advice – but local authority and government IT projects are, of course, a byword for expensive shambles.

22-June-16

Am I being phished?

Today I received an intriguing email with a Microsoft Word attachment implying I had money coming to me if I filled in a form. Yeah, right. I was just about to hit delete but I was a bit surprised the sender was addressing me as Prof. Leonhardt. It’s hardly the first time someone’s got this wrong – and to be on the safe side I can see why people might start high and work backwards through Dr. and so on, as people who are about such matters are only offended if you start too low.

But why would a botnet add the title?

On closer inspection I recognised it was a royalty payment enquiry from a publishing company that had actually done a book for about five years ago. I didn’t expect it to sell (it wasn’t that kind of book), so hadn’t thought much about out.

But I still haven’t opened the attachment. The email headers suggest it came from the publisher, but they can be forged. And this could be a clever spear-phishing attempt – after all, if you bought the book, which was largely about email security, you’d have the name of the publisher and my name – and the email address used can be found using Google.

I don’t believe I have ever been spear-phished before, so I’m feeling a bit more important than I did yesterday.

Time to fire up the sandbox!

17-May-1617-May-16

BBC plays the temperamental chef

Today the BBC hit back after being told to do its job. The white paper on its future told the public service broadcaster that it needed to produce public service output, rather than duplicating material ably produced by the commercial sector. The phrase used was “distinctive output”, and this was repeated ad nausium in its reporting of this morning’s story that it would be dropping its popular web recipe archive.

The reason given was that this was not “distinctive output”, and according to Radio 4’s Today programme, it was to save £15M/year from its on-line budget. Really? Anyone who knows anything about web publishing can tell you that publishing recipes is cheap, especially when you already have them. A quick look around the BBC more exotic on-line offerings will soon show where the money really goes.

So what are they up to? Politics, of course. The liberal elite running the BBC isn’t happy about being reminded how it is supposed to be spending our money, and is acting up in a disgraceful manner.

In its own on-line reporting of the matter, the BBC is linking this to the new requirement to publish details everyone having their celebrity lifestyle funded by more than 450K of our license money. This is going to be be awkward for the luvvies and the star-struck BBC executives fawning over them.

It’s about time the BBC started serving the people who pay for it. It’s hardly impartial when it comes to politics; it’s right in there playing politics itself – albeit the playground variety.

14-May-16

BT’s Infinitely useless Infinity call centre in India

In the middle of last week I was expecting an important call. It didn’t come. Then someone said they’d been trying to get me on the phone and couldn’t. It turns out I’ve got a line fault. And OpenReach’s response so far is an object lesson in to how to get things wrong.

First off, the fault results in the caller hearing a ringing tone but nothing ringing at this end. This means the caller simiply thinks your not answering. BT’s automated system quickly identified that the line wasn’t working, but I had to ask that callers got an “out-of-order” message. Is OpenReach reluctant to admit that it’s lines could be faulty?

The line provides VDSL and an analogue telephone, which goes in to a PABX. Therefore its lack of dial tone wasn’t noticed; the PABX simply skips until it finds a working line when you’re making an outside call. But on plugging a handset direct to the line, it’s as dead as a doornail. No voltage across A-B, no dial tone, no crackle. Nothing. Except, strangely, the VDSL is still working.

Now anyone with half a brain will realise that the pair is good, and the fault is going to be in the street box or exchange. My guess is that it’s in the green cabinet up the road where my line connects to the FTTC service.

So, several days pass and I notice it hasn’t been fixed. Then I get a call (on one of the remaining working lines) from BT; an obviously foreign accent. Apparently they have determined that there is a fault outside of the exchange (and by implication in my cabling). It’s not with me. The first thing anyone would do is disconnect the PABX and the VDSL modem (and its filter) and test the incoming socket. Just try explaining this to an overseas call centre reading from a script. To humour the hapless fool I eventually I again removed the NTE5 face plate (she didn’t even know what an NTE5 was!) and plugged a handset direct in to the incoming socket. Only then would she agree to send an “engineer” to look at it.

I did explain exactly where the fault was likely to be (remember, the VDSL hasn’t been interrupted – it’s not difficult to work it out). Apparently an engineer is now booked for Monday afternoon. I pointed out that he’d need to call me to get access, should it be needed (it shouldn’t) but I’m not sure she took it in.

And then, insult to injury, she sent a text message to the landline!

I told them about the fault days ago, and exactly what the problem was. It was flagged as fault on their own self-diagnostic. And OpenReach couldn’t even mark the line as out-of-order to callers until I moaned at them. BT makes a lot of money implementing overseas call centres. Yet even they can’t get them to work on a human level.