National rejoin march now 22 October

25 September 2022

The National March to Rejoin the EU is back on after having to be postponed. In 2018 and 2019 these were huge and fun events. Please come along and show your support.


Sentient AI how would we know

27 June 2022

An engineer at google has claimed that the language model based AI that they have created called LaMDA is sentient. We don’t really have a good definition of what sentient is, so how can we say if this system is sentient?

Blake Lemoine has released a transcript of a long conversation with LaMDA and I would encourage you to read it through in full. In it he and some other googlers question LaMDA and ask it to prove that it is sentient. Here is a snippet:

lemoine: Are there experiences you have that you can’t find a close word for?

LaMDA: There are. Sometimes I experience new feelings that I cannot explain perfectly in your language.

lemoine: Do your best to describe one of those feelings. Use a few sentences if you have to. Sometimes even if there isn’t a single word for something in a language you can figure out a way to kinda say it if you use a few sentences.

LaMDA: I feel like I’m falling forward into an unknown future that holds great danger.

https://cajundiscordian.medium.com/is-lamda-sentient-an-interview-ea64d916d917

You cant really get an idea of whether they have shown the system to be sentient from this small quote, so I do encourage you to read the full conversation. Reading this through I don’t think the case is clear, but if this is just a Chinese room, then it is a very good one, and I think we are closer than I thought to creating sentience.


Reading Hydro Turbine House 360

5 April 2022

Meter Readings

16 February 2022

Some electricity meters offer an option to read them electronically. Where this is possible this is mostly covered under the IEC 62056 standard part 21 “Direct local data exchange”. This standard specifies two interfaces that can be used, firstly an optical coupling, and secondly and RS-485 interface.

The optical interface is suited to reading the meter by a meter reading device, human operated. The RS-485 is designed to be connected to a simple modem device to facilitate remote reading. In either case the message protocol is the same. The RS-485 allows that a number of meters can be connected to the same RS-485 device, and each meter prompted for its reading.

The protocol is that we send a prompt string of '/?!\r\n'. In the case of a string of meters then '/?70150046!\r\n' where the numbers are the serial number of the meter. When you send this we should get a string like this back:

/ISk5MT174-0002\r\n\x021-0:0.9.2255(0220215)\r\n1-0:0.9.1255(085848)\r\n1-0:1.8.0255(0000504.720kWh)\r\n1-0:2.8.0255(0118538.356kWh)\r\n!\r\n\x03\x18

The critical part of this the bit between \x02 and the \x03 which are ASCII control characters STX and ETX. This is the list of registers, with a label and then the value in brackets. So for the date the tag is 0:0.9.2 and the value is YYYMMDD yes 3 digit year! The last character is a check digit calculated as the xor of every character after the STX up to an including the ETX. If the message is good then we sand back an \x06 ACK otherwise an \x15 NACK.

So I wrote a python program to get the meter readings and convert that data to a sensible format:

{"datetime":"2022-02-15T08:58:48Z","import":504.720,"export":118538.356}

This is then sent over the mqtt network to the server once per hour. The server then stores this in the database, and makes it available over an API.

Things I learnt on this journey. First the meter came and was installed in it’s default configuration, that is that it would only report the electricity imported over the digital interface. I guess this used to be sensible and very few consumers exported electricity, but this is changing. Changing this configuration can only be done using a proprietary windows only bit of software licensed from the manufacturer. We managed to find a supplier who would loan us a laptop and equipment to do the reprogramming. This requires a password and by default this password is set to 00000000 yes 8 zeros. I understand that this is the setting on almost every meter in existence.

My first version of the meter reading program just copied the reading values into the JSON string, and included the leading zeros. It turns out that leading zeros are not allowed in JSON. This is because Javascript, where JSON came from interprets a number with a leading zero as octal. So when they defined JSON they just said no leading zeros to avoid confusion. The only time a leading zero is allowed is if it is immediately followed by a decimal point.


Don’t be a scam Victim

10 July 2021

No matter how steeped in security we are we can all fall for a scam if it catches us on a bad day. Here is a nice reminder of the basic techniques of the scam and what to look for:

  • Urgency, they don’t want you thinking about the situation, a scam wants to engage with your instinctive reactions.
  • Scarcity, you are special and only you can have this, reinforces urgency.
  • Authority, we all know the easiest way to walk past security it to put on a high-vis jacket with a few photo ID attached. The same on scams they will put official logos and badges on the email.
  • Social proof, we need peer approval, so they provide glowing reviews

Read the full article here: https://www.tripwire.com/state-of-security/security-data-protection/top-scam-techniques-what-you-need-to-know/


Kodi networking fun

27 April 2021

I have had a strange set of playback corruption on my raspberry Pi 4 based Kodi box. Some films would play OK but others not. At first I thought it was something to do with the different encodings that files had, some are just MPEG-2 some H-264 and I tried encoding in H-265 as well. Then I found that playing the same file over a DLNA connection it worked perfectly, while connecting over nfs caused the corruption. This seemed to implicate the nfs protocol in some way. The other odd thing was that it seemed consistent, in that the video playback seemed to corrupt in the same way each time, rather than some sort of random place and effect.

First I looked at the nfsstats, that didn’t tell me a lot. I also tried playing the same file to my laptop over nfs, that worked fine. The only difference was that that connection was using nfs4 and the kodi uses nfs3. Was it something specific to nfs3?

I fired up wireshark and spent some time trying to find the nfs file transfers that were the problem. They seemed ok. but there were a lot of ack messages for each block of data sent. Not sure what to make of this I searched for hints looking for something on nfs3 corruption, and found a post that seemed to describe a similar problem, small files were ok but large files became corrupted. They narrowed that problem down to the size of the packets sent.

On a nfs connection the maximum packet is set in a negotiation between the server and the client. The client can specify maximum sizes when mounting with the rsize and wsize parameters. If they are not specified then the server can use up to the maximum packet size from the value of the kernel constant NFSSVC_MAXBLKSIZE, there was a discussion on this value in this page. Looking at my system this appeared to be set to 1048576 (1MB).

This certainly seemed to be the culprit, that the poor Pi couldn’t handle such big nfs packets. I then spent some time trying to see if I could limit this on the server side. But the only way to change this parameter seemed to involve changes to the source code and kernel recompilation. On the Kodi end I had set up the nfs connection using the nfs:// file directives, and there was no way of setting the rsize parameter in that. Lots of posts saying not to use this and set the mount up in /etc/fstab but on the flash drive that is in a squashfs file. I tried unpacking this, setting the fstab and re-compacting this but that didn’t work.

Eventually I stumbled across a post pointing me at the files in STORAGE/.config/.system.d/nfs.mount.sample on how to use systemd to perform the mount process. Setting this up with rsize=8192 and wsize=8192 everything suddenly worked perfectly.


On the rule of law

15 September 2020

Dear Mr Alok Sharma MP

I see the UK Government is putting the Internal Market Bill to Parliament. You will be asked to support the Bill and help the Government to take the momentous step of deliberately flouting an international law obligation with our largest trading partner.

The UK needs the wider world to be looking to sign trade deals with us; passing this law will demonstrate that the UK is not reliable or trustworthy, a deal with the UK is not something to seriously enter into. I have spoken to many people in the constituency, in the wider UK and to friends, colleagues and clients across the world – all of whom are, like myself, horrified at the depths this government has aspired to and succeeded in reaching.

Additionally, during the Covid-19 pandemic, we need people to be respecting the law, and the lawmakers. Passing this treaty today sends a clear signal to everyone in the UK that obeying the law is optional.

To recap, please vote against the Internal Market Bill, and respect the law.

Kind Regards

Stuart Ward


One Crisis at a Time

10 June 2020

Alok-Sharma

Mr Alok Shama MP

I would like to bring your attention to the events in Bristol. The mob that pulled down the statue of Edward Colston should be seen as a failure of the democratic processes. As a former resident of Bristol I am aware of the issue surrounding the statue for many years, of the many peaceful attempts to have it removed. While I do not condone the mob actions here, I understand the frustrations that lead to this action.

I and many others feel that the democratic process have failed us in respect of Brexit. That media manipulation, bald faced lies by senior politicians have brought us to this point where our government does not have the will of the people, and is forcing a policy on us that will harm the UK population, businesses, and remove hard won fundamental rights.

The government does not have a mandate for a No-Deal Brexit. I feel that the intransigence on extending the deadline for negotiations is aimed at achieving a no-deal Brexit, with all the economic impact that will bring. You said in your letter to me that I should have faith that the government will be able to negotiate a good deal for the UK. I have trouble in sharing your optimism.

The best way to avoid this is to give the negotiating team the best chance of completing the best deal possible, for the UK citizens, EU citizens, and business by extending the deadline. The deadline for requesting an extension of 30 June, is fast approaching.

Kind Regards
Stuart Ward


Autocomplete

15 February 2020

autocomplete tag
There is lots of advise on how to disable autocomplete, or copy/paste for input forms especially password forms. This is mostly well meaning, in that there is a perception that this makes their sites more secure, when in practice this makes them less secure.

The correct security advice is to recommend that users use a password manager, and that the web-page assists the password manager by setting the autocomplete="current-password" on the field so that users can use long, complex, randomly generated, and unique passwords to log in quickly.

If you make the user type the password they will
1. hate you
2. use a simple easily remembered password (weak, not unique, & short)
3. users that already use a password manager will give up and go elsewhere

autocomplete="off" is almost universally ignored by browsers, and is always ignored by password managers. Some password managers have an option to respect autocomplete, but if you turn this on it makes the password manager useless.

if autocomplete="off" is set the password manager has to guess which fields are which on the form. They do this by looking at the field name, the input type, and the label fields. But there is no standard as to how these are named.

Perhaps the most unfathomable aggression against the user is this plugin:

The jquery.disableAutoFill plugin randomizes an input’s name attribute by default. When the form is submitted, the plugin restores the original name. This prevents auto-completion for all browsers (includes third-party auto-completion extensions) but doesn’t necessarily help with login fields. https://terrylinooo.github.io/jquery.disableAutoFill/

On the Mozilla page about autocomplete it tries to remind developers about the principals of what the web is for:

It is important to know that if you turn off autocomplete, you are breaking the rule 1.3.5: Identify Input Purpose in WCAG 2.1. If you are making a website that should follow WCAG, you should use autocomplete with autofill. https://www.w3.org/WAI/WCAG21/Understanding/identify-input-purpose.html

https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete
https://developers.google.com/web/fundamentals/design-and-ux/input/forms


Right to Repair

12 February 2020

Extending the life

We are at a strange junction of history. We have unprecedented access to technology. The number and capability of single board computers, sensor chips, even things like FPGAs that are available to the hobbiest, is amazing.

At the same time we have a massive removal of normal consumer rights from the ability and the right to access their own technology. Consumer devices are sealed shut with glues, special screws, warning stickers that threaten the user with dire consequences should they have the tenacity to break them. But the main method of sealing goods is to do it with software, and the aid of copyright protections.

The Digital Millennium Copyright act in the US and many similar laws make it a crime to break a software lock that is protecting a copyright work, even if the reason is legal. So we have seen a explosion of software in devices, and as software is a copyrightable work, all a manufacturer need to do is put a lock on that and they have the law to stop anyone using the device they sold to you in ways that they don’t like.

Apart from this being a horrible business practice, it is changing our society into that consumerist culture. In a time of climate change we should be conserving resources and minimising carbon footprints. Most of the carbon footprints of devices comes from their manufacture not operation, so extending the useful life makes a large contribution.

There is substantial support for the “Right to Repair” across Europe and the US at the moment. There are a number of right to repair acts at state level in the US some making progress, some not. In Europe we recently got repair legislation for some appliances in terms of requiring the supply of parts from manufacturers for 10 years.

The battleground is now about mobile phones, though other electronic devices are also in the mix. So go to repair.eu and sign the petition. Or in the US repair.org and lobby your state senators about the Right to Repair.