The European Commission has acted on the roaming charges charged by the mobile operators for calls when you’re abroad but very little discussion has centred on the data roaming charges which are even more extortionate.

Vodafone has been charging £4.25 (ex. VAT) per MB when roaming abroad on ‘partner’ networks and over £8.00/MB on non-partner networks, although I note that they now suggest all networks are at the lower rate.

Within the UK, the entry level Vodafone Mobile Broadband plan costs £25/month and includes 3GB (i.e. 3000MB) per month of usage (still subject to a fair usage policy). This is about £0.008 per MB), making international access about 500 times more expensive than UK data rates.

Vodafone has indeed appeared to have realised this is unsustainable (at one point I paid £10 to check my e-mail) and they have now launched a £95/month plan which includes 200MB abroad, a mere £0.475 per MB, only 60 times the cost of UK traffic (assuming it was all used abroad).
This is still far too expensive to properly use 3G abroad and sooner or later the mobile network operators will need to realise that this is hindering use whilst travelling, with many opting to use Wi-Fi networks where possible, whereas in the UK I would often use Vodafone’s 3G service instead as it’s low maintenance and less hassle. I also have a pay-as-you-go SIM card in one country I visit regularly, something that a few years ago couldn’t be used for GPRS/3G but now can. Also, the availability of 3G roaming agreements leaves a bit to be desired for.

I tend to be a very ‘hands on’ person when it comes to helping customers and I’d like to think my companies’ service levels are considered very high.. I’d use the word fanatical but I think Rackspace already use that term.

We have customers to use both our services and those of other providers be it co-location, servers, connectivity, e-mail, web hosting or something else and I’ve noticed two things:

1. When a customer joins us for the first time, and they have a problem with their server for example, they call us and ask whether we have a network problem (or “is the Internet down?” in laymen’s terms) to which the answer is usually “No. If we had a network problem, I’d hope we already knew about it before you :-p” (the smiley explains the tone). This happens a few times until they realise if there’s a problem, it’s probably not with our network.
2. When a customer has a problem with something that isn’t caused by us, if they think it even might be, they call us first, because we are ‘accessible’.. i.e. They can get through to us.. Other companies might not offer phone support, might charge premium rates for it or might just not give the right answer (or dare I even say, might claim it’s our problem). This gets annoying because it’s offloading the costs of their support on us (as it often takes us time to check it’s not actually us having the problem).

We have customers who truly understand the value of the service, and I find those are the ones who I even have to talk out of buying something I feel they don’t need. I like them because they listen to my advice (whether it gains or loses us revenue) when making decisions, and rather than always going for the lowest cost service, they welcome the list of options and then make an educated decision (and sometimes, that may be not to buy the service at all).

I have also found most sales enquiries we get are from customers who either don’t understand their own requirement (which is fine, we’re here to help) or, and this is very common, over-specify their requirement by a large factor (100% or more usually). If a customer insists on buying a service they don’t need, then so be it, who am I to complain? What concerns me is when other companies quote for the service they think the customer needs but pretend it’s what the customer actually asked for. We tend to explain to the customer why we think another solution is better (and often cheaper), but they feel they are getting less, when in fact they’re not wasting resources on services they don’t need.

The supplier-customer relationship is a two way process driven by supply and demand and the interaction between the two agents. It should not only be a customer-driven process.

The customer is not always right.

My workstation started acting oddly at the end of May signalling memory errors during boot-up. Obviously as a technically minded person I tested the memory, and as there was nothing I could find, I sent an e-mail to Dell. They replied, and as the problem hadn’t re-occurred I ignored it until last week, when my PC started rebooting all of a sudden without warning. After this happened a second time I was getting concerned.

I spoke with Dell Technical Support who asked me to through various bits of diagnosis. I had by this time swapped out half the memory at a time to make check it wasn’t anything simple. They were going to get me to re-seat the voltage regulator module (VRM) as this was one of the error codes displayed on the chassis during problems (Dell systems have green/orange lights with A B C D written on them to indicate what the problem is if the system can’t tell you on the monitor), but in the end they asked me “Do you know what a capacitor is?” which I found a bit odd. I replied “Well I’m not an electrician but yes I know what they look like”.

They asked me to see if the capacitors were ‘flat’ or bulging out. At first I looked at them and they looked normal, but then looking a bit more closely, I thought they were slightly rounded at the top:

This is what they should look like (from a system with a similar motherboard):

I felt a bit nervous saying categorically they were bulging out without comparing them to another system (the second picture) but the Dell engineer was very confident that the motherboard needed changing the following day. And indeed, following a very courteous visit by a Dell engineer, the problem has been fixed with the replacement motherboard.

The 3-year warranty will be running out in just over a couple of months, so a new system may be needed soon

There is a Wikipedia article on Capacitor Plague that explains this phenomenon (thanks John!)

I have been working on the implementation of a small security system based on the PAC Access Control System (www.pac.co.uk) and came across a major security vulnerability which if found on credit cards, would see banks answering very tough questions. Before anyone criticises the choice of PAC, this was due to legacy reasons not related to this issue.

PAC is an access control system which operates on (among other technologies) proximity card/tokens as identifiers for access. Almost everyone will be aware of these as they are used in most offices nowadays and are similar in use to the Oyster card. Most PAC readers are simple black boxes you present your tag to, and after checking with their controller, they grant or deny access and unlocking the door as appropriate.

The company also supplies a “PAC + PIN Reader”, a special type of device which also requests that you type in a four-digit PIN code after presenting your token to the reader. This is another level on the security ladder, the tag being “something you have” and the PIN being “something you know”. There are however two major problems with this system:

1. Each PAC token (a card or key fob in this case) has a token code which identifies it to the reader (e.g. 20184201AD). There is then a formula which uses this code (dropping the first ’20′ bits) to generate a PIN (a hash of the token code). This means that anyone who knows your token code (i.e. anyone who has run your token past a reader, and the standard read distance of a few centimetres can I’m sure be extended with enough thought; or anyone who has access to a system on which you are registered if you happen to use multiple systems) can work out your PIN code just by using the PAC EasiNet software. This means that the PIN code is no longer ‘something you know’.. it’s just a code written on the PAC token but “in ink only visible under ultraviolet light” in comparative terms. Anyone who knows this just brings a UV light and they have your PIN (i.e. using PAC EasiNet Software)
2. The communication between the PAC PIN reader and the controller appears to only send information when the PAC has been presented and the PIN has been typed correctly. If you type the PIN incorrectly, it is the keypad itself which blacklists you after three attempts but only from that keypad. This means there is no security logging of failed PIN attempts (not that this should happen in any organised attempt to subvert the system due to the first problem). I have not studied the communication in detail so it is possible this is just not visible in the software I was using, but it does seem to be handled by the reader itself.

I think PAC may be offering user-set PIN codes in newer systems. PAC do have a fingerprint reader (“something you are” on the security ladder, also known as biometrics) and a non-biometric Mifare-based smart card system which is a more secure form of RFID proximity access. Nonetheless ever releasing a system which is based on such flawed security basics is worrying.

Whether you are in a contract negotiation or you are trying to come to a consensus within a group as to a way forward, strategy & tactics often come into play, the so called ‘politics’ of human interaction which waste time but serve to make all the parties feel content (whether to themselves or their stakeholders) in having contributed to an outcome which is more favourable to them than it would otherwise have been.

From early on in life, the ability to compromise is very important in any aspect of life, whether it is the ability to share a toy with a friend, agreeing how to share a car between siblings, or haggling for a price in the market. There is however a side effect which I have over the years found frustrating that encourages strategically extreme views in order to achieve an outcome that is more advantageous to your position.

As a simple example, many traders will mark up the retail prices in the expectation that customers will haggle, and feel they are getting a bargain when they negotiate a discount. When you buy something at 50% off you feel like you’ve achieved something.
In negotiations between multiple parties it is strategically advantageous for each party to make their initial positions further extreme to ensure that the final ground for ‘compromise’ is not lost. Participants often adopt such positions naturally to defend their territory rather than thinking about the game theory behind it.

Let’s assume we have two people, A and B who have a range of views on a particular issue which can be scale from 1 to 10 across a line:

|--------------------A-------x-------B--------------------|

In the above example, the ‘middle ground’ (where presumably A and B will end up if both compromise to the same extent) is marked ‘x’. Now the incentive is for each one to start with a position which is more extreme than their actual desirable outcome.. If B does this (marked ‘B2′ below), the middle ground (after compromise) is marked ‘y’ below:

|--------------------A-------x----y----------B2-----------|

As you can see, the outcome ‘y’ is far closer to B’s original position as a result of B shifting its initial position to B2. Obviously if A moves their position to A2 (by adopting a more extreme position, we’re back to the central point of agreement being in the middle:

|-----------A2-------A-------x-------B-------B2-----------|

This is precisely the same model as haggling on a price if you imagine the scale from zero to infinity. Obviously knowing where true positions lie is part of the art of negotiation (or science as some will argue). Problems can also arise where A and B act differently. In some cultures, negotiation is expected whereas in others it is more of a taboo–If one party takes a more extreme position in preparation of compromising, they may feel the other who is holding out is not playing fair whilst they picked a starting position more tuned to their target outcome rather than strategically positioned to result in the outcome.

Things can be further complicated by bringing in a third party C (and D, E, F, G, etc.) who can influence the position.. If A or B have a greater degree of influence over these additional parties, it can fine tune the resulting compromise into one more aligned with the wishes of the said party.

This is one of the reasons why I don’t like sales people–It’s nothing personal.

I have been frustrated quite often about the inability of many individuals to understand the value of domain names. I’ve just had a discussion that went something along the lines of..

“I’ve just registered my domains with Company X because they allow me to use PayPal so I don’t have to give my credit card details to an unknown U.S. company”

I have intentionally left out the name of the company as this issue is not about the company (who I know nothing about) but about the perceptions of users as to the value of their domain. This particular user (who is very typical) feels uncomfortable giving their credit card details to an unknown company, yet they would trust the said company to manage their domain name. A well developed website is likely to be worth far more than the credit limit on many cards, and in any case credit card fraud costs are not directly borne by the victims.

Don’t assume that the domain cost (be it £1.99 or £99) is actually the same as the value of the domain, and treat it based on its value, not its initial cost.

I’ve just come across an interesting technique for spamming, although I’m not sure if it’s new as I recall seeing something similar back in the late nineties.

Firstly for anyone who doesn’t know what “whois” is; It is a tool/protocol which allows you to find out information about for example domain names or IP addresses including who they belong to. There are multiple layers in WHOIS and the server and the one operated by Verisign’s registry service is callers ‘whois.crsnic.net’. If you have a .com or .net domain it will have such an entry which points to whichever registrar you used to register the name which in turn provides details of the domain registrant and other contacts.

The registry also stores ‘host records’ which are a specific kind of record used for nameservers. Because of how the domain name system works, if you have a domain (e.g. seb.me.uk), you need to point that domain to some nameservers that know where to direct you to if someone types www.seb.me.uk or sends an e-mail to something ending in seb.me.uk. However, you first need to find the nameserver–If this is within the same domain (e.g. ns0.seb.me.uk) then it needs a ‘host entry’ (sometimes referred to as a ‘hint’) to find the nameserver, which then will give more information about the domain.

These host records are registered at the registry by the registrars and inserted into the DNS zone files. What seems to be happening, is some companies insert host records for server names with for example “someoneelse.com.www.theircompany.com” which then comes up when you search for someoneelse.com even though this is just a host within the theircompany.com domain.

I spotted this today for bulkregister.com, promoting dndialog.com:

Server Name: BULKREGISTER.COM.RESPECTED.BY.WWW.DNDIALOG.COM
IP Address: 81.177.3.240
Registrar: MONIKER ONLINE SERVICES, INC.
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/whois/whois.jsp

The legitimate record which is also returned, is:

Domain Name: BULKREGISTER.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 16-feb-2007
Creation Date: 08-sep-1999
Expiration Date: 08-sep-2012

I guess preventing host parts with “com” in the middle might help (along with other TLDs although “ns” is a common suffix I suspect.

I’ve written before about security problems in online banking systems, being quite disappointed that financial institutions have been slow to step up security using even the simplest of tools, especially for personal and small business customers.

A couple of months ago, PayPal introduced security tokens in the form of RSA SecurID key fobs, quite an interesting move I expected one of the high street banks to be implementing first. I was however pleased to now see Barclays introducing a pin pad device which will generate a similar code, although this one in conjunction with a chip-and-pin card. This has the potential of being very useful if it can be shared across all cards, although personally I would much prefer a key fob, although as I have stated before, this does suffer from the problem of carrying around many of them, but to be honest I wouldn’t be carrying around a pocket calculator either.

It would be great if banks allowed customers to define their own security levels within a certain framework. For example, I would be quite happy with slightly less security for smaller transactions, and those to payees who I have paid before, and require specific chin-and-pin + pin pad authenticated transaction when making a payment which is quite large or to a new payee. However, banks usually only do something new when they are forced, rather than to try and improve their service, so I guess I’ll be waiting for several years more for this and some XML interfaces.

It’s eight months since I started SLR photography again, this time with a DSLR, a passion I’ve had since childhood. I spent quite a considerable amount of time and money on buying nice kit and I thought I’d do a round-up on my experience of the kit I’ve been using.

Canon EOS 350D Body

This is the cheapest low-end Canon SLR body which I purchased with a bundle including the BG-E3 battery grip, EF-S18-55 f3.5-5.6 II kit lens and EF55-200 f/4.5-5.6 II USM lens. I’m relatively happy with the camera after 6,000 shots which is about a 24-roll of film equivalent each day, something I clearly couldn’t afford with a conventional (non-digital) camera.

The kit lenses went out pretty much straight away. Their crafting quality was so bad I almost thought about going back to the Sony F828 point-and-shoot which is an excellent camera with 28-200mm equivalent zoom range in the built-in lens.

EF70-200 f/2.8L IS

This was the first separate lens I bought, a huge investment but definitely a worthwhile one. It’s a good telephoto lens (but you don’t need me to tell you that) and having a fast f/2.8 aperture with IS is just a killer combination for walkabouts. I’m quite comfortable walking around with just this lens in the countryside.. Here’s some recent results with it in Oxfordshire:

Photos taken on EF70-200 f/2.8L IS Lens
(click on the photos for larger view)

EF17-40 f/4L

This was the second lens I bought trying to balance the need for wide angle against my newly acquired 70-200 piece of glass. I know a lot of people praise this lens, but I am personally disappointed. Don’t get me wrong–The lens is fine, but I regret buying it because if I had the choice now, I’d buy the EF16-25 f/2.8 instead.. It was half the price which was the key reason, but it lacks the speed I need to work in darker conditions. This is the lens I use most infrequently. I will stress my photography is not that much about landscapes so the use for a wide angle is a bit more limited in portrait etc, which I prefer the 50mm prime for.

EF24-105 f/4L IS

This is the second lens I have some second thoughts on. I decided to go with this rather than the more popular EF24-70 f/2.8L for three reasons: It had a longer focal range; It was cheaper; Most importantly however, it had IS. I worked out that with IS, assuming non-moving subjects, this lens would beat the 24-70 f/2.8 in speed terms. I’m unsure as to whether I’d prefer the 24-70 but it would be nice to have some more control over depth of field at the narrow end. I can’t say however that I am disappointed with it, as it is an excellent carry-around lens.

Photos taken on EF24-105 f/4L IS Lens
(click on the photo for larger view)

EF50 f/1.4 USM

This is my first prime lens with a very fast f/1.4 aperture giving very advantageous shooting conditions in darker situations. It’s a brilliant indoor lens and very sharp. This is probably the one I most keep on my camera. It’s certainly made me a prime fan so I’ll looking at 35mm, 85mm, 135mm and maybe even long telephotos (although price becomes prohibitive on very long lenses).

Photo taken on EF50 f/1.4 Lens
(click on the photo for larger view)

Accessories

I have also purchased an EF12 extension tube which allows me to bring the focus a bit closer for macro-like photography. This is useful but no replacement to a macro lens. I also have an EF2x II extender which attached to the 70-200 lens to double the focal length. This is nice, but it has resulted in softer photos. I’m not sure if this is simply due to the time of day I’ve used it (lacking some light), the fact I’ve hand-held those shots (even with IS) or design but it’s not ideal. I think the EF1.4x extender will be on my list soon as it faster performance for the lens but gets that little bit closer. I also have the Speedlite 580EX flash.

Looking forward

I have been resisting the urge to buy more photography equipment although a new high quality tripod will no doubt be on my list relatively soon along with a second Speedlite or a transmitter which allows me to take mine off the camera and try some interesting effects.

In the long run, I look forward to higher resolutions like that offered by the Canon EOS 1Ds MkII at 16.7 megapixels, however that camera is way overpriced (at least for my hobby) and doesn’t have enough other improvements which would make me consider it. However another camera, the EOS 1D MkIII has just been released in the UK which does 10 frames per second (as opposed to 4 fps for 1Ds MkII) and costs about £3,000 (or $4,500 which is about £2,400) with new dual DIGIC III processors with images of 10.1 MP. It also has a crop factor of 1.3x which is probably a bonus for someone like me who prefers telephoto (EOS 400D with 1.6x is better from this isolated point of view of course). It’s unlikely I will go near this camera with a £3,000 price tag however for quite some time. Some friends have switched from the 350D to the 400D but aside from some aesthetic changes around the screen, it’s only slightly better at 10 MP which isn’t enough for me to justify a new one. Similarly, I feel the benefits of a 20-30D aren’t great enough.. and whilst the 5D boasts full frame 12.8 MP it’s too close to the price tag of the 1D MkIII so that’s out.

My next lens will probably be a 135mm f/2.0 prime which may even work with my extenders so could prove very useful. Longer telephotos interest me but it will probably be some years before I could consider the expenditure they would require.

A CYNICAL VIEW–The Internet is a very powerful enabler of communication and social interaction between existing and new groups of individuals. It affords niche specialities and interest groups the opportunity to interact and collaborate toward their common goals.

The “Web 2.0″ effect is all about users taking control and participating on the web, rather than just being passive readers. This is a truly empowering aspect of the Internet and should not be dismissed. However this is sometimes mistaken for democracy.

The opinion of Internet users isn’t democratic, for the users of the Internet, and more specifically any specific site, is self-selecting. On a simple level, there are accessibility issues both for those who can’t afford it, can’t have the same access to high speed services and always-on browsing, or for example those who can’t access parts of it because of a disability. Also, some people are too busy to take part in extensive web discussions and debates and as such some key stakeholders are excluded from many web interactions.

The motives of users on the internet is hard to determine. Although this isn’t exclusively an online problem, the network of trust is still developing online and it’s therefore difficult to know which reviews, opinions or ratings are more ‘useful’ than others.

Some have argued that the introduction of citizen journalism is lowering standard of reporting and thus making accurate news reporting with professional standard harder. Just because many people believe an article is good, doesn’t make it an accurate reflection of the facts. It may be possible to get a high rating for an article simply because it appeals to the populist expectations of the participating audience.

I am not in any way suggesting that the web 2.0 revolution is a backward step. It is a positive next evolution in the future of the Internet. Over time, it will improve the quality of participation and overcome many of these issues and it will be the next era of the Internet as active participation is no longer reserved to the technical elite.