January 2011 – Page 3 – Personal blog of Peter "Sci" Turpin

Twitter Updates for 25-01-2011

@JezzKitty Sorry I didn't see you at the meet on sat btw. :( in reply to JezzKitty 03:25:12, 2011-01-25
Just spotted someone wearing one of my ferret shirts in a youtube vid! 03:40:49, 2011-01-25
Yes yes, going to bed now :P 03:41:08, 2011-01-25
Street-Saints, the homeless, those without CIN (Citizen Identification Numbers). 14:21:26, 2011-01-25
I presume there is something better than CD-quality sound by now? 14:41:16, 2011-01-25
@TimWakeham Aren't there high-frequency fidelity losses due to limits of vinyl grain-structure size? in reply to TimWakeham 14:51:10, 2011-01-25
@JezzKitty Me plz! in reply to JezzKitty 17:26:41, 2011-01-25
@TinyTeaDragon I'm guessing his "discrimination" is actually ladies being treated more fairly, so he has a bit less inherent advantage now? in reply to TinyTeaDragon 17:38:26, 2011-01-25
@nerdsoup Tell me about it, I'm 30 in a fortnight. :( 17:47:53, 2011-01-25
Clearing books & papers out of the workshop. They don't get used much down here. Taking them back into the warm. 17:50:18, 2011-01-25
Just found a biohazard warning sign and some blueprints from Tok Switches. 17:51:27, 2011-01-25
@PeglaSkunk Right, you are now authorised to use the expedited "Short Form". in reply to PeglaSkunk 17:58:34, 2011-01-25
@PeglaSkunk But the people with more money are the only ones that matter to them. Because they're friends. in reply to PeglaSkunk 18:02:06, 2011-01-25
@pandalion The various lossless codecs would still be better & should reproduce CD quality exactly. But what provides a better source? in reply to pandalion 19:10:06, 2011-01-25
CDs, 44.1kHz sample rate. Mp3, 48kHz. FLAC, 655kHz. True Audio, 4000000kHz. Good grief! 19:19:56, 2011-01-25
That's the True Audio codec, not simply audio as we actually hear it. 19:22:50, 2011-01-25
I know they have a biased point of view, but unnerving when active & former soldiers look at the UK & only see civil war ahead. 19:57:08, 2011-01-25
This is not the future I signed up for. 19:57:23, 2011-01-25
@Reaperfox Maybe he was in drag? in reply to Reaperfox 20:11:23, 2011-01-25
@shanaqui There are hacks to allow Valve games to be played without Steam, however wouldn't work for online/multiplayer I think. 21:31:16, 2011-01-25
Are there any conditions where the governments current economic plan is the correct response? Seriously, any? 21:57:27, 2011-01-25
Gonna head in, eat some more, shower and bed. 21:58:46, 2011-01-25
@davidwearing The unanswered question tho; What practical things can we the stinking masses do about it, or do to survive it? in reply to davidwearing 22:09:56, 2011-01-25
@davidwearing Otherwise it's just kinda like "See, we were right, we're all gonna die!" Folk gonna need some guidance soon, not just panic. in reply to davidwearing 22:11:22, 2011-01-25
Even with a beer, ending the day in a down mood. 23:38:12, 2011-01-25
New blog post: HMRC Cock-up Pt3. http://www.sci-fi-fox.com/?p=769 23:51:51, 2011-01-25

HMRC Cock-up Pt3.

Docs went off by signed-for post as intended today, recorded photographically at every step. Thought I’d share the cover-letter I included..

Dear Sir or Madam,

Further to my phone call on January 24th, please find enclosed the offending documents as requested, including original cover-letter.

Note that interleaved as page 2 of the copy of the 2008/09 Tax Return is the page of personal information belonging to XXXXXXXX of XXXXXX, and not myself.

I am aware that this is a serious issue and breaks the UK’s data protection laws, and I am fittingly disturbed that enough information to readily steal someone’s identity could be accidentally released to a 3rd party in such a way.

I am also likewise disturbed that this extra page of information was included in a second needless copy of my requested 2008/09 Self Assessment Tax Return.

When a single figure from it was requested, I understand that information could not be divulged by telephone, but it is incomprehensible to me that it could not be provided through the secure website where it is apparently located for exactly one year after it’s submission before being removed. As the tax returns occur at the same time every year, removing it exactly when it is most likely to require checking seems at best spectacularly unhelpful.

This was thrown further into stark contrast to the actual method by which I could receive it; unregistered and untracked 1st class post, in a poorly sealed budget envelope that arrived with holes already torn from its travels.

You might argue that if it were to be intercepted I would know something had happened to it since it did not arrive and could thus take precautions. But even if that faint shadow of security is acceptable, the logic only works if a known number of the documents are being sent. IE; If I request one copy and five are sent, I do not know anything is wrong if only the single copy I actually requested arrives in my hands.

Can you guarantee to me that these two copies were the only two copies dispatched? Or have more copies I do not know about perhaps been lost in the post? Has my own information been handed over to a 3rd party as XXXXXXXX’s has been to me?

Furthermore I am concerned with the instructions I was given on relaying this leak to the telephone advisor; Simply placing the information back into the same envelope in which it was sent to me and re-posting it back to HMRC. This seems a poor option for several reasons;

The envelope is already used, damaged, post-marked and labelled with an existing post-routing sticker. All these I suspect would conspire to reduce it’s chances of correctly making it back through the postal system to you.

Without a covering letter and addressed to HMRC as a whole, it occurs that it could be easily overlooked in postal-sorting, and simply trigger yet another copy to be dispatched to me under the impression it was a failed delivery and possibly lead to the destruction of the evidence. And additionally it could imply that my address was no longer correct.

The documents enclosed as I understand it are evidence of a crime, and to further suggest that it simply be dropped back into the post under the same conditions in which it arrived seems bordering on negligent.

Though I suspect a note has been made on my file, I was not given any form of call or reference number. Though I will admit I did not ask about one, again it seems odd one was not offered.

I am taking it upon myself to include this covering-letter to explain both the situation and the number of incidents that have occurred along the path to resolving it. It is my hope that this will expedite the investigation and lead in some small way to improving the handling of our citizens information, as well as make plain my own displeasure at the actions and reaction of HMRC so far.

Additionally I hope you will note that this has been sent via 1st Class Signed-For, to ensure its receipt.

As a less important but still irritating side-note, I would recommend you consult an IT professional. Either for additional training or additional features in your data-entry software, as I do not know if it is because of a feature your software currently lacks, or that your staff simply do not use it correctly, but the copies I received were of terribly unprofessional quality.

Speaking as someone with some history in graphic-design and IT, it distresses me that only the document pages I was not meant to receive were printed in perfectly clear black and white (showing the information in an explicitly legible font, arranged in efficiently used tables) whereas the information I actually requested was in the form of a series of bitmap screen-grabs (images not only including the programs tool-bar, but wasting several pages on blank space and unused tables, as well as poorly legible mono-space fonts that were sometimes further compounded by being light-grey on a white background). You patently have the capacity for legible print-copies, but it implies they are only considered necessary for internal use.

To someone with worse reading difficulties than mine, I expect these prints would be near-illegible.

From the layout of the images sent, you seem to be using Microsoft Access (in itself, implicitly revealing the software, and suggesting additional modes of attack to those looking for security holes).

It would not take a database professional more than three days, working with the limited set of data found in a tax return, to produce a query table which would omit unfilled entries from a print-out and arrange them in a clear and concise form which would produce a visually clear and source-anonymised document.

The amount of information in my copy could have been reduced to a single double-sided sheet of A4 rather than the fourteen single-sided sheets I was sent, eight of which contained no information.

It is also worth noting that perhaps if this was done it would be vastly less likely that a page of someone’s information would be lost within the many surplus pages of another’s.

I eagerly look forward to your reply on all matters addressed, as well as the future results of the investigation I have unwillingly been made a part of.

Most sincerely,

Peter William Turpin

Twitter Updates for 24-01-2011

New blog post: Picking up more pieces http://www.sci-fi-fox.com/?p=761 01:27:51, 2011-01-24
"Jedward; where will they be in ten years?" My guess? Hosting "I'm a celebrity, get me out of here!" 03:29:04, 2011-01-24
I liked a YouTube video — British youth unemployment reaches record high http://youtu.be/1Z5NjJohC5M?a 14:08:07, 2011-01-24
@Moshiicake Medicine is expensive b/c only companies that are very large can afford the licensing to sell it, so they have a captive market. in reply to Moshiicake 15:45:06, 2011-01-24
No word from insurance broker yet today. Going to go grab some ingredients for Chicken Diane later, while it's still light out. 15:47:26, 2011-01-24
Grabbing the mushrooms & mustard now means nothing hanging over my head, so can happily get on with workshop stuff. IE: Casting. 15:48:15, 2011-01-24
Anyone able to photoshop a Daily Mail headline that simply reads "AHAHA UR MUM!!1"? #DailyMail 15:51:04, 2011-01-24
On most moderated internet forums, the Daily Mail would have been banned for trolling and harassing other members by now. #DailyMail 15:52:05, 2011-01-24
On the phone with HMRC about the other persons details.. 17:39:25, 2011-01-24
While I'm on hold again, any links for upkeep of abandoned houses? Maybe squatting-related would be applicable? 17:40:35, 2011-01-24
@bobbyllew I'm curious Rob, have you ever visited a HackerSpace? in reply to bobbyllew 17:45:23, 2011-01-24
RE: The documents; Being told to put it back in the envelope and post it back to them so they can investigate. 17:47:32, 2011-01-24
Was told the lady concerned will be informed. However not told to send it to any special department, person, or include any covering letter. 17:48:52, 2011-01-24
Man on the phone did seem rather panic'd and glad to be able to end the call. It got worse when I questioned if it broke data-protection. 17:49:47, 2011-01-24
Sending the docs (aka "the evidence") back to HMRC as a whole rather than a set department, without provable receipt, seems questionable. 17:54:52, 2011-01-24
@meekoblue Seems all advisor's share a printer. Details from last week: http://www.sci-fi-fox.com/?p=746 in reply to meekoblue 18:07:50, 2011-01-24
Do I trust HMRC to actually inform the lady whose details I have? Do I trust the returned docs not to be binned since there's no context? 18:09:58, 2011-01-24
Think the best thing to do is inform the lady myself and ask her to let me know if HMRC actually inform her or not. #HMRC 18:11:33, 2011-01-24
@MikeTonge There are a few: http://hackerspaces.org/wiki/United_Kingdom in reply to MikeTonge 20:04:43, 2011-01-24
@meekoblue Yup, just called her back & gave her my details, & let her know what I'll be doing. in reply to meekoblue 20:12:10, 2011-01-24
New blog post: HMRC Security cock-up Pt2 http://www.sci-fi-fox.com/?p=765 21:09:46, 2011-01-24
Tried seeing if there's a special security department address for HMRC via Google. Am I supposed to see this? http://www.hmrc.gov.uk/agents/ 21:17:11, 2011-01-24
Okay okay, specifically should I be able to see this: http://www.hmrc.gov.uk/agents/agent-security-brief.pdf ? 21:18:25, 2011-01-24
The first step in scamming a system is to know how the system works, & it seems the internal guidelines are online for anyone to see?? 21:19:24, 2011-01-24
Can't stop listening to "Invaders Must Die" recently. 21:50:57, 2011-01-24
@MikeTonge Could always start one? Or put a call out to see if anyone else is interested nearby. in reply to MikeTonge 21:59:56, 2011-01-24
LOL, the "Log-Back Inn". 22:02:22, 2011-01-24
@ShemaLioness You're allowed to experiment with ideas, you don't have to implement them once you're done experimenting tho. :) in reply to ShemaLioness 22:30:31, 2011-01-24
@ShemaLioness Grr! And cheek to put their own copyright on it too! in reply to ShemaLioness 23:04:01, 2011-01-24

HMRC Security cock-up Pt2

Today I finally got around to calling HMRC back. It’s been a frustrating and rushed week with my insurance renewel and some family matters that’s put it off ’til now.

At the suggestion of several friends I called up HMRC rather than the lady whose details they’ve sent me. After 10-15 minutes on hold I got to speak to an advisor, who rapidly put me on hold again when I told them what the problem was. They came back on sounding scared, like they didn’t want to get any more of this on themselves than they could avoid. Perhaps it was my mention that I knew this violated data-protection laws?

They took some of my details, and the details on the incorrect paperwork. Then I was told I had to send it back to them so there could be an investigation.

All well and good? Well, no. The next bit went something like;

Them: “Do you still have the envelope it came in?”

Me: “Yes?”

Them: “Okay, just put it back in there and post it back to us.”

First, the envelope in question is a generic brown windowed envelope, which if I simply replace the documents in will display my address, and possibly be returned back to me again. It is also a used budget-end envelope, with the associated creases and tears from one trip, as well as an existing electronic routing stamp which I worry might furthur confuse it’s transit through the postal system.

Most importantly though, the address I was told to send it to was simply “HMRC” at The Triad in Bootle. No cover-letter, no special department. Just mine and someone elses information being tossed back to them with no reference or alert that it is actually the solitary evidence of their criminal cock-up.

Don’t letters returned to sender as-is usually get binned, or get marked as having been sent to invalid addresses? And with no tracking there’s nothing to stop this sole evidence simply disappearing the moment it’s in the post box.

They assured me the lady in question would be notified of the cock-up, they said, since her information is at risk here. Well let’s be sure of that.

Underwhelmed by their reaction, I called the lady concerned myself anyway to let her know. She fortunately seemed pretty up to speed on these sort of things, and I left her my email and mobile number to contact me on if they do or don’t contact her themselves. I also explained what my own course of action will be;

1) I will photograph the evidence

2) I will photograph my placing it in a new envelope with cover-letter

3) I will send it back to HMRC tomorrow by 1st Class Signed for so I can be sure of it’s receipt.

I will document it at each of these stages, and hopefully this will go a long way to preventing it from being conveniently lost or overlooked.

Will HMRC do things by the book when the proof is most definitely back in their hands? Stay tuned to find out!

Picking up more pieces

I am officially looking for a treadmill to rip apart. I almost had one tonight but went to make a sandwich and got bid-sniped before I got back.

I know, with all I’ve said about just going straight in with your max-bid.. :P

Maybe I just want something new to mess around with.

Thinking of combining several of my existing half-done projects to conserve resources. Like taking the steering rack off the electric kids car, the motor and axle from the golf-caddy and the wheels from the big robot to make an electric go-cart. I can allways re-use it for the robot project later anyway.

Likewise thinking to combine the never-quite-functional robot dog thing with the robot camera-arm to make a sort of Scutter robot.

The treadmill I’m after with a view to fixing up the milling machine more with new head. Would be relatively easy to mount a slender DC motor on the mill’s front compared with a chunky AC motor of similar power. Plus I’d get a nice flat torque curve and less pully-gearing requirements (I anticipate at least 3 “gears” to give additional range. 8000rpm motors will probably only go down to 150rpm before stalling. Proper mills can get to low double-digits).

I suppose they’ll always be these things around, and I should concentrate on more pressing matters. But likewise I want to feel like I’m progressing. And the easiest way is to try and buy progress.

I’m acting no better than those militant Doomers who pile up their homes with survival gear they’ve never used and have no idea how to, just for the safety blanket of feeling more protected.