Broadband blues…

We had a problem with the broadband. I know exactly when because when the storms of 26th June hit the broadband went down and came back at a very slow rate. It went from 15Mb connected (12Mb or so usable) to just 700k, then bounced about and eventually settled at around 2Mb. A line test via the NowTV website told us what we knew – the broadband was slow. Too late by then for their customer services I rang the next day which was a Saturday. They ran a test which actually got us back to 8Mb or so but that didn’t last. Anyway, they arranged for OpenReach to come and check the line. Clearly storm related I had wondered if water had got at the terminals on the pole outside or a duct had flooded somewhere and water had got into the cable, but if the latter you’d expect many customers to be affected.

OpenReach came two days later and discovered that our wire pair had been trapped by the junction box lid. That was fixed and we then got a 16Mb connection, the best it had ever been. That lasted a couple of days.

Then, oddly at around 2.45 each morning the router would reset and the line would come back 2Mb slower. It went from 16Mb to 14, 10, 12 and now 8Mb. Rebooting the router had no effect. And now the line test via NowTV’s website does not even work. After saving the router settings to file I did a full router reboot in case something had gone funny. Bad move! First, I forgot that the router comes back as 192.168.0.0 and our LAN is not 0. When I figured that out I tried to access via the Mac and wifi but the server would not stop sending the wrong IP address (or, rather the correct one which now had no chance of working). Of course I have another wifi hub and it was getting the IP that way. Shutting that down and toggling wifi got me back in so I could change the subnet address and get back in via the wired PC that had the saved router settings file. Ok… so simple, right? Reload the settings and all will be well. No. The router will NOT reload the file! Fortunately there are not many settings so I put those back in by hand. 

Even that had issues though. I do not allow the cameras access to the outside world as I do not trust them and so until they are plugged into an NVR they get blocked. The settings are straightforward, block any access by specific IP addresses. For this, the router allows one to block ‘any (all)’, or ‘any (TCP)’ or ‘any (UDP)’. Logical at least. But wait… it only let me select ‘any (all)’ once, then the option never appears in the list. So I had to do one camera as ‘any (all)’ and one twice, once ‘any (TCP)’ and once ‘any (UDP)’. Oh come on! I want to use my own router…

Time to call customer services again.

Cookies – the good, the bad and the mouldy…

We are now several years into the changes in law which became known as the cookie law. Since then, the EU has enacted the GDPR which has added some urgency to ensuring that websites are compliant in the area of cookies and other stored information such as pixel trackers. The GDPR confirmed the consent requirements and national data protection organisations are taking an increasing interest in this area.

The basic requirements are that websites gain informed consent before storing cookies unless those cookies are what is termed ‘strictly necessary’. These strictly necessary cookies include those set in order to provide a service that the user specifically requested, for example to log into a website or carry out functions associated with shopping carts. It clearly does not include analytics cookies or the plethora of advertising and marketing cookies. Website designers may argue that their website will not function without cookies and where that functionality is a shopping cart I would agree. However, if the functionality in question is so the website can remember my shoe size this is not strictly necessary and I would expect to have to give my informed consent before such a cookie is stored.

Informed consent is key. It means that the user must be informed of why a cookie is being set and must then consent to it being set. And there’s the thing – I can permit the website to set cookies and consent to those cookies being set by advertisers such that they are also accessible to other websites, but I should not be forced to do so, I should understand what it means, and it should not be automatic. One may argue here that five pages of legalese indicating why a cookie is set is not a particularly valid way to inform the user.

There is also the issue of pre-checked options although this is lessened if there is a ‘reject all’ button as some websites have. Websites should not use pre-checked consent boxes but there is give and take here, in particular where the user can actively refuse cookies. However, to take the letter of the law the practice is not legal and you must not use pre-checked boxes in this way.

Cookies in the real world?

If I look at a product in a shop and an assistant comes to me and tells me there is an alternative, or better product then that presents me with no issue. However, if I then go to a different shop I do not expect someone to then show me products like the ones I just viewed in the first shop unless I specifically ask. And there is the difference, I can chose to ask or not. So why are tracking cookies any different?

And I certainly do not expect to go into a newsagents and pick up a paper only to have 33 sticky notes stuck on me from 33 other papers, each saying I do not want them to send me anything. Mind you, I don’t buy newspapers…

You must comply

This brings us to the question of cookie walls. Here, a website forces you to agree to their cookie policy before you can even see the website. In my opinion any such website should simply be ignored. Why, for example should I need to consent to it storing cookies just so I can see their email address or other contact details?

And I do object when I find a website that offers me a choice of some 400 advertising partners and lets me deselect each one, one by one. It’s far easier to just visit some other website. And let’s not get into discussion over the numerous websites which have a privacy and cookie notice hosted on some other website at a completely different URL which also sets its own cookies! One particularly famous website gave me a large privacy notice that I could not get past without either accepting or drilling down through layers of options. It was somewhat amusing to count over 400 partner sites that may get my data, and also drilling down further I got to a different, presumably parent website at a completely different URL. Needless to say this was an example of a US website.

Obfuscated messages

It is not always obvious how one even deselects cookies when consenting. The use of graphical sliders to allow or refuse cookies may be obvious when it is visually clear that green is go and red is not. So why do some websites chose shades of grey, and others just have a black slider with no indication of which way is off? This is not rocket science. Some websites use a simple tick box – surely that is sufficient? Can you imagine the problems in a fast food outlet where you end up with a spicy burger and a sugar laden drink because the options for ‘not spicy’ and ‘diet free’ were just black balls on a grey background?

Fighting back

So, to recap, cookies which are strictly necessary can be set by a website without consent when you visit it but these are a tightly defined subset of cookies which are actually necessary for a website to do what you want, not what it wants. Any other cookie must only be set once the user has given their informed consent. Cookies which store one’s choice here can be accepted as strictly necessary. Thus, a website storing a cookie to save your cookie choices for that website is ok as it is associated with you actually requesting something.

However, some websites, particularly media types take this to mean it is ok for each and every one of their partner sites to also set a cookie to save your choice. To me this is its bad programming – why are you causing my browser to visit each of your partner websites in order for each one to then store a cookie saying I do not want you to send me cookies from them? One newspaper website I visited and immediately selected ‘reject all’ on its cookie notice caused 33 individual cookies to be set.

It is sometimes amusing watching websites fail miserably when cookies are disabled in the browser. Some throw you off and demand you allow cookies, some struggle, some have no issues at all. I found one that displays nothing and constantly reloads itself trying to set a cookie. I suspect someone got their cookie sensing code a bit wrong there.

It is less amusing to struggle through a website’s cookie notice and deselect everything only then to be told I can get no further because I use an ad blocker. But wait, if the ad blocker checker is cookie based and I deselected cookies how come it even works?

Remember that tracking cookies are no use if they are not available when you visit other websites. So, for example you visit website A and you have no cookies set at all. Website A sets a tracking cookie served by website C. You then visit website B and it can read the tracking cookie set by website A and thus data about you can be transferred. But if you delete the cookie before you visit website B then that website cannot know. This is oversimplified but essentially is how you end up stalked by adverts.

Personally, I address this in a specific way. Cookies are always turned off on my phone. Yes, it means there are some things I cannot do because they require me to log in, but if I absolutely have to use the phone for those then I can quickly turn cookies back on, do the work, then delete the cookies. On the laptop I now use an app which allows me to chose what cookies I want to keep from each website I use. So, for example I can allow any login function cookies for the various web-based forums I visit. The app is set to delete any unwanted cookies after a minute or there is a button to delete immediately. Using this, I can visit a website and delete all its cookies right away. Of course, this is personal preference and suits me because I have always been security conscious. And other browsers have other mechanisms. I do recommend that you investigate something which suits you. I would also recommend that you take a look at what cookies your browser has stored, you’ll probably be amazed!

It’s not all bad news. There are some really well thought out websites out there. An example is where a website has a very simple line at the bottom, with cooke options not pre-checked and a button to accept or otherwise. Many, many websites run by organisations with insane amounts of money (and therefore buying power when it comes to website design) could learn from this.

Chocolate chip anyone?

MacOS disappearing Desktop oddment

Had a weird one today. When I opened the MacBook first think there were no desktop icons at all. I checked in Finder and the folder was empty. I looked through the Time Machine backup and the files had all gone some time this morning before 9am. The Mac had not been touched since last night and all was definitely there then.

 Nothing in the waste – I wondered if I’d somehow deleted them all. Nope.

Googling (or, rather duckduckgo’ing – is that a thing?) threw up nothing spectacular so I restored everything from Time Machine. A little further investigation and heavier searching led me to find that there is an option to turn off and on the synchronisation of files between the Mac and iCloud and I guess I turned it all on when the facility became available some time ago.

The way to turn iCloud synchronisation off for the Desktop is via Settings -> Internet Accounts -> iCloud -> iCloud Drive -> Options and uncheck Desktop & Documents Folders. Don’t try this, it’s scary! No way I did that by accident!

Anyway, I turned it back on, at which instant it renamed Desktop to a similar named folder but within Desktop, brought the Desktop folder back from iCloud (which was pretty instant so the files must have already been there anyway), and promptly started to back top the folder it created back to iCloud, all 12Gb of it. I deleted that folder having checked that everything was in place and anyway, I have the Time Machine backup on a large disk that as yet to fill.

But how did it get switched off? I’d blame the hamsters but I know where they were…

More PC blues

I finally decided to rebuild the shack PC given that just about everything was going daft. I suspect this is a result of various software installs while testing new stuff that were not fully deinstalled. Yeah I know I should test in a VM…

Anyway, a complete fresh install of Ubuntu 18.04 with it formatting the disk has got the PC back to normality. Almost. Networking works again with the inbuild (un)helpful config rather than me setting it up by hand each boot via a script. And I remembered to sort Gnome out so I can get the classic view rather than the daft dock setup.

But there are two oddities… first off, the rather annoying way the screen layout changes (un)helpfully (!) when you touch the to left corner with the mouse. This can be disabled but when done so the Applications menu – the leftmost top bar menu – is no longer accessible. No amount of permutations of the toggles via gnome-tweaks will sort that.

But more annoying I have lost almost all decode highlights in wsjt-x. The only ones that work are CQ, tx and my call, nothing else. I’ve tried every combination. It’s not wsjt-x (I installed a previous version just to check, same result) and I am rather stuck with that now. It will be something obvious but I just can’t see it… hmmm.

Dead Pi

Well that’s a first for me. A dead Pi, or rather a dead SD card. I have a RPi 2 in the loft connected to a DVB-T dongle and ADSB antenna which sends data to FlightRadar 24. It’s been up there doing its thing for ages, but last night I received an email from FR24 that it had stopped sending data. As it turns out that was a very useful email because everything else was running fine.

It also logs temperatures from three 1Wire temperature sensors on the central heating pipes. As these are underneath the location of the Pi in the loft it was easier to run a wire down for the 1Wire sensors than cobble together another Pi and find a home for it away from the heat of the water cylinder and pipework. That logging and my network monitor indicated that all was apparently well and I had not noticed the FR24 status data indicated that the ADSB feed was down.

The Pi is fed via a PoE supply as I didn’t want a wall-wart and mains socket up there and it makes it easier to reboot. I logged into the Pi fine ad rebooted it from the command line to see if that cured the ADSB issue in case it had simply lost the USB-connected dongle. But it never came fully back and would not even open the ssh port. It did respond to ping. Power cycling made no difference and by this time it was midnight.

This morning I made a new SD card and got it all back working (actually better as the card is the latest o/s now and the FR24 feed also has the MLAT option built in). So, some interesting and annoying observations:

The Raspberry Pi website now has a download package for the Mac which makes creating a new SD card image a doddle. Simply download and run it, stuff a blank SD card in and choose the options and wait.

Don’t use the HDMI monitor, mouse and keyboard off your desktop PC when trying to get a Pi to work if you need to use said desktop PC at the same time! Yeah…

No matter how good your backups, if you cannot remember the name of an important file the backups are useless by themselves. D’oh.

But most importantly remember that you can mount a Pi SD card on a Linux box (and no doubt other systems) and access the files if the card still mostly works like mine did. Fortunately there were only two things on this Pi, the 1Wire code which is a five-line bash script and the FR24 package which basically installs itself from their download site. QED.

Cookie madness continues…

These guys are having a laugh, but not as much as similar others. This is from a newspaper website after I clicked Reject All on their cookie acceptance form…

The Yes/No column indicates if a cookie is secure. But that’s not the issue I have here, the issue is it still set 20 cookies, including Google and other trackers even though I used the reject option. And note the rather adventurous deletion date of the second cookie, the year 3019.

Their reason for so many is that they claim the following uses of cookies are ‘necessary’: ‘Information storage and access’, ‘Personalisation’, ‘Ad selection, delivery, reporting’, ‘Content selection, delivery, reporting’, and ‘Measurement’. I beg to differ! Oh, and on Google, that is specifically deselected when one presses Reject All and yet their cookies are still being set. Hmmm.

Even more cookie madness

Yup, cookies again. I have started to experiment with an App on the MacBook called Cookie. It seems to be the only one of its kind right now and has a two week free trial period. After fiddling with settings it really seems useful as one can flag those cookies you want to keep and then have it delete cookies on a timer basis as well as other deletion options. All of mine are ticked so it deletes on browser closure, on waking from sleep and others, and I wound the deletion timer back to one minute. So cookies generally clear before I leave the cookie laden website I wanted to view.

It’s cookie screen makes a very useful check. I just visited a newspaper’s website and got the usual cookie popup with no way past until I either accepted or went into the options. I did the latter and clicked ‘reject all’ and save. And the website still set 32 (!) cookies, 7 of which were flagged as trackers. Not only that, but when I closed the site it had managed to set a further two cookies and one of those was a tracker.

Crazy.

Cookie madness

I’m sure we are all aware of cookies these days given we have cookie notices plaster at us on nearly every website, some of which let you get no further until you review all the options, and some which, illegally I mad add refuse to let you past unless you simply accept their cookies.

However, today I came across one that takes this a leap in completely the wrong direction. I browse with cookies turned off on the phone and happened to want to check out a particular railway website. It presents as the usual site, clearly mobile friendly with a menu icon top left. But where’s the cookie warning? it gives me a yellow box along the bottom with an ‘x’ top right to clear it and absolutely no text within that box. You guessed it, the cookie notice itself does not work with cookies turned off! Neither does the menu icon. And that takes the biscuit – see what I did there?

Hotel booking websites

We recently had a short break on another continent and used a well-known booking website in order to book a hotel. Our booking was based on the information provided on, or rather through that website. There was no other source of information on the hotel in question and it seemed to suit our needs according to what information was available to us. So we were a little surprised to find that the hotel was very basic and did not compare well to the advertisement. We have since taken this up with the booking website and the advertised facilities have been changed. Of course, the website itself disclaims everything under the sun, not their fault, etc.

This leads me though to the question of trust. The web has become a rather tenuous place, what with search results generally useless unless you are very clever with search terms. Results are filled with hopeless information that is generally light years from what you want. It seems, then, that hotel booking websites are going the same way. Rely as they may on their disclaimers, where there is no other source of information regarding a hotel one must ‘trust’ what is published on these portals and lay the blame for any unforeseen issues at their door. Or are we destined to only use them for an introduction and after this communicate directly with each hotel? If so, what use are they?

Someone simply looking to book a hotel and find the best deal is going to base their decisions on what is set out before them by the booking website. Surely these websites need to take a lot more care over their advertisements. If a hotel states that it has a continental breakfast one should not expect just a bit of toast. If it says the room has a coffee maker then a coffee maker should be in the room.

To my mind these companies cannot hide behind the same kind of ‘mere conduit’ ideas that protect Internet providers because they are themselves a service. You go to them so they can help you make a choice. The Competition and Markets Authority (CMA) has already investigated the sector and carried out enforcement actions against some of these websites. Their angle is to do with competition so is not relevant in the case I outline here but I do wonder if the Advertising Standards Agency (ASA) may take an interest. I have yet to fully digest the findings as it is not an area of law in which I have practiced. However, the law is not a mystery to me and this is one of those niggling issues that I tend not to drop…

Airline fined over website cookie consent

Pinsent Masons carried a story recently regarding an airline being fined for a poor cookie consent mechanism on their website (1). Although the fine is relatively small it hopefully highlights the fact that authorities are taking note of complaints against websites.

For some years now it has been necessary to declare cookies and have a mechanism to gain consent, but many websites are sadly lacking, some really badly. I’ve ranted about this in the past and when I was still working I always tried to ensure our websites were compliant.

The case in hand (2) is one where the website in question told users how to block cookies but had no consent mechanism. It was pointed out that there needs to be a mechanism whereby cookies can be rejected, as well as options to enable all cookies or to enable just specific ones.

From my own checks on websites some are really good, some so-so, and some down right awful. Among the best I’ve seen are ones that have a very simple consent mechanism at the bottom of the page with checkboxes for each type of cookie, as well as a ‘reject all’ button. Among the worst are those that throw up a large popup which gives little choice other than to accept their cookies with no way into the site without so doing. Some, typically media websites seem to burden the user with vast lists of partners with a ‘yes / no’ button against each. I have to say that when I find these latter types I take a screenshot for reference, and then wave goodbye. I also regularly clear my cookie cache so I don’t get stalked by adverts.

(1) https://www.pinsentmasons.com/out-law/news/airline-fined-over-cookie-consent-mechanism

(2) https://www.aepd.es/resoluciones/PS-00300-2019_ORI.pdf