Author: sven

What is Legal Tender?

After a recent trip to Northern Ireland I ended up with a Bank of Ulster five pound note. In N.I. a visitor needs to be careful which cash machinulster five pointes they use. Some dish out Bank of England notes; others issue local banknotes. They have the same value, but try using an N.I. note in England and you’re out of luck: They’re rarely accepted.

At uni, a Scottish friend would regularly get himself in a bit of a trouble by walking into shops (in Southampton) and trying to spend Scottish banknotes. On refusal, he would argue that they’re legal tender – so should be acceptable in England. He never got very far.

Now, with a banknote from Northern Ireland in hand, I wondered whether these notes are indeed valid for use in England.

It turns out that no, they’re not. As far as I can tell, legal tender is a very specific description which refers to the ability to use certain assets in repayment of debt. If you end up with a debt of some kind, you can use legal tender to settle the debt and the recipient (the debtor) cannot refuse.

With this in mind, my friend at the shop has two issues. First, there is no debt to settle. The shop can simply refuse to exchange the goods for the money so any legal tender argument is irrelevant, since there’s no debt. They can easily turn him away.

Restaurants are a slightly different matter. If you eat your meal then pay afterwards, a debt has been created (you certainly owe them for the meal) so my understanding is they would be obliged to accept legal tender.

On to the second point. Scottish banknotes won’t work anyway since they’re not legal tender in England. In fact, it turns out they’re not even legal tender in Scotland. There are specific combinations of coins and notes which are valid in each country:

In Scotland, only coins are valid legal tender. Scottish banknotes have no legal tender status anywhere. As far as I can tell, this is also true for N.I.-issued notes.

In England and Wales, banknotes issued by the Bank of England are legal tender (provided they’re current – old notes are no longer valid). You can settle any debt with banknotes.

Coins are legal tender throughout the whole United Kingdom, although there are restrictions. You can only settle a debt up to £5 if you only have 10p coins, for instance.

Legal tender is a very specific definition, and seems to be the subject of misunderstanding. My Bank of Ulster five pound note means very little in England, but the novelty of having it hasn’t worn off yet, so I’ll be keeping it for now.

As always, I am not a lawyer, currency expert or accountant so check with a pro before you attempt to settle your debts…

Email Forwarding & SPF

mailA friend emailed me the other day to ask why their hosting company have announced they will stop forwarding.

Roughly speaking, they have an email address joe@customdomain.com which is hosted by said company. This forwards to their Gmail address joespersonalaccount@gmail.com [these are, if you hadn’t guessed, not their real emails].

The company has stated that they will no longer allow forwarding of emails from the custom domain to an external server. Why? my friend asked. It is, after all, a quite normal thing to do with domains.

As far as I can tell – it looks like the reason is down to the way popular mail services filter spam. Google’s GMail, for example, uses a thing called SPF. This is a mechanism that checks whether emails came from a legitimate source.

Let’s say bob@bigcorp.com is sending my friend Joe an email, but they use his Gmail account directly – this is the simplest path:

1. Bob writes the email and sends it. The mail server at bigcorp.com looks up the mail server handling Gmail.com accounts and connects to it.

2. The mail server at Gmail.com receives the email and puts it in Joe’s inbox.

Now, the mail server at Gmail.com is applying SPF. This looks up the public record for bigcorp.com to see which mail servers have authority to send from that address. The mail server that sent the mail to Gmail is indeed legitimate, so it’s allowed through.

Now, Bob sends another email, this time to joe@customdomain.com

1. Bob writes the email. The bigcorp mail server looks up customdomain.com, finds its mail server and connects to it.

2. The customdomain.com mail server realises it’s supposed to forward mail on, so once it has the email it finds the gmail.com mail server and resends the email there.

3. The gmail.com mail server receives the email and puts it in Joe’s inbox.

So, same as last time, the gmail.com server applies SPF. However, this email didn’t come directly from bigcorp.com, it came via customdomain.com. This isn’t on bigcorp’s list of authorised servers, so as far as Gmail is concerned this email could have been forged. It’s quite possible the email will end up in the junk folder.

Worse still, if lots of emails come via customdomain.com Gmail might start thinking the entire domain is spammy. This is partly why I suspect the hosting company want to avoid forwarding. Ending up on spam blacklists is a costly, damaging affair.

This might appear like a weakness of SPF, but there is a fairly reasonable solution to this. I use Google Apps for Work (i.e. I pay for Gmail) and as part of my configuration I can tell Gmail which mail servers are trustworthy.

If Joe did this, he would add his mail server for customdomain.com to the trusted list. Now, when Gmail checks where an email is coming from it will see that customdomain.com is a trusted server, so will look further up the history to the previous mail server. In this case it’ll be bigcorp.com, which is valid, and the mail will be allowed through.

Unfortunately I’m not sure this is available on the freebie Gmail server, nor whether other services support it.

The hosting company didn’t give their reasons for limiting the feature, but this seems like a pretty likely (and logical) reason.

Sidenote: there’s also a bit on Wikipedia about rewriting the envelope sender. Looks a little hacky, but might be a viable alternative for those without whitelisting.

So You Wanna Be an IT Contractor?

As part of my work I mentor and support people looking to run their own businesses, or who want to become an IT contractor. This means I get a fair few people come up to me with excitement, ‘I’ve decided – I want to go contracting.

Disclaimer: I am no accountant, nor am I a lawyer. The calculations below are rough and based on basic research, and there are big differences between sole trading and running Limited companies, so please take appropriate advice.

Update: Self-employed people might be entitled to Statutory Pay for sick & parental leave. For specific advice the above rules apply – speak with an expert about your specific circumstances.

Money

The most common reason is money. Employees see contractors come in, they find out how much these people are paid, and envy creeps in - They’re being paid so much more than me.

The wannabe forgets some important points:

1. The price you hear is most likely the pre-tax price. After all the earnings contractors are going to have to pay National Insurance, employee tax and (in some circumstances) employer NI. They’re also going to have to pay more into pensions, something your employer would likely otherwise help with. Employers usually pay 13.8% NI on top of the employee’s contributions. That’s going to be your problem now.

2. There’s no sick pay. No holiday entitlement. By my rough calculation, if you take just the statutory holiday entitlement of 5.6 weeks with bank holidays rolled into that, that’s nearly 10% of your available working time. To reverse that out, you need to be earning 7.6% more than a full-time salaried person just to cover statutory holidays. That might not sound a lot, but it all adds up – and this is just the bare minimum.

3. Thinking of starting a family? No maternity or paternity pay for you.

4. Insurance. You’re going to need to pay that yourself. Accountants’ fees. Yup, that’s your responsibility as well. Legal costs – you’re going to want a solicitor to check your contracts.

5. Finding work. A good number of people turn to contracting because they’ve found an opportunity. This is fine and dandy for the first few months but you’ll quickly realise why businesses like contractors. They’re easy to get rid of.

Come the end of your contract you’ll need to try and renew it, or find another gig. You need to become a salesperson. For all the time you’re selling; trying to find a new job, you’re not earning. If you’re in a full-time contract that means looking around in your spare time or sneakily getting calls in at lunchtime. If that contract ends and you’ve not found a new one, you will earn nothing, zero, zilch. You get no redundancy pay, and termination clauses on your contracts might bring an unexpected early end to what you thought was a cushty little job.

To summarise: contractors get paid more because they have to spend more. Their liabilities are far greater than employees’. The rate they’re paid is not even comparable to your gross salary, because they’ll have employer liabilities and costs as well. The risks are high, and you need to do your sums carefully before becoming a contractor. It’s likely less lucrative than you think.

Freedom

The second most common reason is freedom. I want to be my own boss.

Contractors aren’t bosses. They’re expendable labourers. Put some effort into your personal brand (yes – marketing) and you can become a consultant, usually with a better rate and slightly higher esteem among your clients, but you’re going to have to work for it and have a higher work turnover.

I might pick up the contractors vs. consultants issue on a separate post, since it’s an issue close to my heart. But it’s not for now.

Simply put, if you want to be your own boss, be very careful about how you present yourself. Contractors fill gaps, have bosses and generally get told what to do. Consultants come in (usually after stuff hits the fan) and get told to figure out how to fix things. Both have limited autonomy, and your decisions can be vetoed, overruled or simply ignored.

So – you still wanna be an IT Contractor?

iOS 8 to thwart Wifi tracking

Apple have recently announced the latest version of their mobile operating system, iOS 8, including changes which might affect tracking systems used in supermarkets and shopping centres.

In the last few years a number of companies have sprung up with the offer of tracking customers for the benefit of analytics. Asda are doing this in the UK, as are shopping centres and plenty of US companies.

What is wifi tracking?

The basic principle is that your smartphone is constantly looking for wifi networks to connect to and – in doing so – sends out a unique identifier (a “MAC address”) which can be used to trace you. With enough network access points it becomes possible to work out where somebody is, based on which points their phone tries to connect to.

The outcome of this data is pretty beneficial for shop owners, estate managers and so on. It tells them how people move around their stores, which areas are hot-spots and which others might be ideal places for promotions.

Apple’s announcement is short on detail, but it appears that they are preparing to scramble the MAC address when the phone tries to search for wifi signal, making it more difficult to track movements between one place and another. The key is how often they do this – if the MAC address is scrambled once a day (for example) the drawbacks will only be for long-term tracking, i.e. watching for repeat visits. If it changes every few seconds the entire capability is gone.

Arguably wifi tracking is an opportunistic service anyway, making use of an artefact of technology that was never designed for tracking purposes. Its utility, however, has been enormous and companies will certainly miss this data if it goes.

Privacy

Are Apple doing this for privacy’s sake? It would seem so. In the right hands, Wifi tracking is anonymous. Try hard enough and – in the right circumstances – it becomes possible to identify people. Most companies won’t try to do this for fear of running foul of data protection laws, but that won’t stop everybody.

In any case, this won’t prevent opt-in tracking such as the Asda scheme mentioned earlier. The offer of free wifi comes with strings attached – they can track and identify you, and once connected to a ‘known’ wifi hotspot your phone will no longer scramble its MAC address, giving the company full access to your individual movements.

Direct selling need not be an option either – shops and districts offering free wifi can still benefit from tracking, but this will likely be forced into terms and conditions. Whether they use that to gather personal information and market to individuals is entirely a question for them and their visitors (the latter always has the option to decline the invitation).

That might see the opening of more free wifi hotspots, as companies will need to offer this to retain the all-important MAC address. I’m not sure if Apple see things this way as well, but it’s certainly an interesting possibility.

The Google/EU Search Removal Issue

Google are starting to remove results when searching for individuals, if that individual requests – provided the result is no longer relevant.

It seems to me that this is simply a logical extension of the Data Protection act – here are the principles that underline the UK act. In particular, take a look at parts 3, 4 & 5. Google, having been established as a data controller for individuals, are obliged to keep the data they hold about individuals proportional and relevant.

That’s also – surely – Google’s goal: to have relevant results, which includes prioritising accuracy and timeliness. Therefore, is the Removal Form simply achieving something Google’s algorithms haven’t been able to do for themselves?

 

Not Smart Enough

We’re still getting post for a former householder who moved out ten years ago (plus daily post for previous owners, 1yr on). Surely they’ve noticed either the lack of response, or my “return to sender” messages aren’t getting through. The former owners had a redirect for a while as well, so the data’s in the system. It’s tiring and wasteful on all parts.

Tom Morris has a long list of things Google thinks he is interested in – except he’s not (he really doesn’t like country music!).

Dave Winer’s dad would be surprised if he got an iPad – as recommended by Apple for Father’s Day – because he passed away several years ago. “With these companies doing such a great job of Big Data, you’d think they could get a clue about this one.” 

Taking Responsibility for Data

One of my early aims for the local election website was to list each candidate, along with party and website, directly on the page. It seemed right that – if I were promoting ease of access – that this should be a basic requirement.

Pretty quickly it became clear that this was an ambitious task - most of the 2000+ wards are in PDF format, some in Word and a tiny minority in HTML. The PDFs are not easily readable (aside – I’d love to know how they fare for disability discrimination tests) so any hope of automating the process went out of the window.

I simply didn’t have the time either. It took two days just to get the links together. A conservative estimate of one minute per document would have me working another week just to get the local elections up.

The bigger problem is liability. While I have rightly disclaimed that there are probably errors, and that users should double-check the council website, trying to present concise summary information based on copy & paste would be risking making mistakes. Disclaimers can probably help protect me against anybody getting nasty, but I neither want the hassle nor the exposure.

With the links as-is, there is a failsafe of sorts. Each linked PDF has the ward and constituency listed at the top of the page. If the viewer sees the wrong name, they know something is amiss.

If I were to put a candidate in the wrong political party, or list the party in the wrong election, the user would have little reason to doubt the results. There is no failsafe.

Had I had more time I might have tried to put something together that enabled a community effort. There are plenty of people out there who support this kind of stuff and would likely donate some time and effort. This additional manpower – mixed with proper QA – could help reduce the risk.

However, I still think a decent dataset from central government and/or local governments would be the ideal solution. They are likely going to take considerable measures to ensure the data is correct, and the candidates will undoubtedly be referring to their lists for completeness and instantly feeding back corrections.

One of the strong benefits of opening data is that the economics can be changed. Effort need not be duplicated; we largely eliminate human error. Time spent recreating these lists is time wasted.

UK Elections in May

Introducing the Elections 2014 site – find local candidates by simply entering your postcode.

Come May 22 this year, many residents in the UK will be going to the polling stations to elect their representative in the European Parliament. Many local councils will also be electing some or all of their councillors, and some areas will also be choosing their mayor or parish/town councillor.

If you are registered to vote, you should receive a polling card through the post. These tell you where and when to go to cast your vote, and which votes you can cast. The polling cards don’t tell you who the candidates are – these are usually finalised just a few weeks before the election.

Some may have already decided who gets their vote. Others will be unsure. I have a party preference based on policies which I broadly agree with, but am by no means a staunch supporter. Voters might also vote nationally for one party, and locally for another – or choose to put their support behind independent campaigners.

Frankly it all becomes a little bewildering, and there doesn’t appear to be a single definitive source of election material. We’ve had flyers from two parties so far and nobody has knocked the door. Websites such as ElectionLeaflets.org attempt to collect flyers from all the campaigns, but they’re by no means comprehensive.

The local council are supposed to provide notice of forthcoming elections on their website, both announcing the election and stating the candidates. In the age of the Internet, this is undoubtedly a good thing – but goodness me, they’re tough to find. Almost all are in PDF, some in Word and more than a few are embarrassingly hard to uncover.

The humble voter – wanting to make an informed decision – is left bewildered. I would dearly love to be proven wrong, but as far as I can tell nobody has created a single source of election candidates. There is nowhere we can go to review the choices and make an informed decision prior to voting.

Presenting my super-duper Election 2014 site. Pop in your postcode, et voila – a list of candidates for local, mayoral and European elections handily presented in (almost) one place.

The caveat is unfortunately something I’m unlikely to be able to fix in a hurry. I would have loved to put all options on a single page but it took nearly two days just to get the links together. Getting all candidates in one big database is going to take weeks of effort, and the elections are little over a fortnight away.

There are a few gotchas. Unfortunately some election boundaries were applied earlier this year and the Office of National Statistics has not yet provided an update (and they tell me it’ll be released ‘around the end of May’ – great). Parish/town council elections are also unlisted but I’ve tried to note them where possible – a high proportion are uncontested anyway.

All in, I think this is a decent step towards my goal. Hopefully other organisations might be interested in picking up the baton in time for the next elections (if they don’t already have plans). At least one possibility is to open the database up to public edits Wikipedia-style, but I think we’ve missed the boat for May 22.

Please, let me know what you think. If you find it useful, interesting or worthwhile please spread the word.

 

Chrome’s Windows 8 Mode

Screenshot 2014-04-09 08.51.06

If you switch Chrome to “Windows 8 Mode” it creates its own little environment, complete with draggable windows, a task bar and a clock. It looks like a complete little operating system. (I’ve never used Chrome OS – but the screenshots look familiar).

This seems utterly daft to me.

Windows 8 mode services a very specific purpose. It’s full- or split-screen apps with no sense of windows. Think of them as panels. This approach – whether we enjoy it or not – is supposed to be consistent.

Chrome comes in, adds its own layer, and confuses the heck out of anybody who happens to click the wrong button. Am I still in Windows? Where have all my programs gone? Why is something different here? Anyone who has helped friends and colleagues with basic computer needs will know that the simplest change - the tiniest disruption – can cause users to lose their bearings.

For what it’s worth I don’t necessarily appreciate Windows 8 Mode either – I find the whole thing a half-way compromise between tablet and desktop that fails both sides. A dichotomy of inconsistent metaphors and actions. It’s a mess, but the last thing we surely want is another company (Google) throwing things even further off kilter.

As a proposition, I quite like the idea of Chrome OS, but as a separate choice only. Chrome in Windows 8 Mode appears to fail to appreciate the good things that Windows 8 Mode brings (yes, there are good bits) and wilfully catapults its users into a confusing, inconsistent environment. It reaks of the 90s trend of building apps with their own confusing controls and windows just because we can – although I suspect Google genuinely has long-term plans for what it’s doing here.

Heartbleed

A vulnerability has been found in the encryption library OpenSSL, used by a huge proportion of web and Internet services. This bug allows malicious users to access bits of memory on the server and potentially read enough information to render the encryption useless.

Worse, having obtained the right data, they could compromise the security of past and future communications allowing eavesdropping, impersonation and stealing of data.

The vulnerability, known as Heartbleed, was found by researchers at Google and Codenomicon. While publicly announced only yesterday (7 Apr), it seems the bug has been present since December 2011, and was part of a release in March 2012.

The various affected Linux distributions have been speedily updated and I updated our servers this morning. We must now wait and see how quickly the fixes will be applied to other servers and systems.

The effect of this bug is serious: it undermines the security protocols used throughout the Internet, and an attack is apparently undetectable in ordinary logs. This means that high-profile websites might be well-advised to renew their security certificates, so that any ‘exposed’ details cannot be used in a future attack.