Whose number?

These days I get lots of text messages that are verification codes, commonly for 2FA. Mostly I get them when I expect them: I’m actively signing up or logging in somewhere, making a purchase or some other transaction. But a recent one was totally out of the blue: Your Pret A Manger verification code is 624864. This was not expected: though it was indeed lunchtime I had no transaction whatsoever with that purveyor of lunch.

I know just about enough about PAM to know they’re a bona-fide business, though they have no presence whatsoever in my part of the country. I find it plausible they might operate an ordering system involving an app and verification codes. So presumably just a “wrong number”.

But I was mildly intrigued: could it possibly be a scam designed to worry the victim into reacting and getting into something? I fire up the hypothetical app to check I haven’t been erroneously billed, and it turns out that’s the latest vector for installing Pegasus on my phone? Or just tries to confuse me into paying for a scammer’s lunch.

One check I can make is the originating number, shown as “62884”. I googled “62884 Pret a manger”, and drew a complete blank: if they use that number, they don’t acknowledge it anywhere online. But just googling “62884” I see PAM is a red herring. Numerous reports tell of bogus verification codes “from” different businesses. Either a complete scam, or lots of businesses outsourcing to a poorly-designed service.

But if a scam, how is it supposed to work? Just that you reply and it turns out to be a premium rate? It’s not even obvious spam that might elicit a naïve STOP, a trap hinted at by the page linked above. Besides, what prospective victim expects a number sending a “verification code” to be replyable? I’m none the wiser.

OK, this doesn’t matter. Ordinarily I’d ignore it, and I’m not sure why I didn’t. But there are occasions when one wants to verify a business’s number for much more important reasons: for example here and here. Which leads to the suggestion: should businesses be required to list all their phone and SMS numbers used for business (including outsourced ones such as a call centre they might use) on their websites? The only obvious exception to such a rule would be direct numbers for individual employees, with a quid pro quo that their outgoing calls then go through a (public) switchboard number.

If there were such a law, then my first googling could have been considered conclusive when it failed to find 62884 on Pret a Manger’s site. Much more importantly it would have enabled me to verify the Capita number and put a small chink in Virgin’s Kafkaesque anti-customer wall in the anecdotes I linked. And many other cases!

Incorrect Horse Battery Staple

An interesting argument should provoke thought. But if it’s also appealing, it can have an opposite effect: be seen as a solution (to a problem that may or may not be well-specified) and given no further thought.

A good case in point is the xkcd classic Correct Horse Battery Staple. It presents succinctly an appealing argument, and is widely cited as words of wisdom on the subject of passwords. But it seems those who cite it are usually blind to its limitations: if presented as a general solution to the problem of passwords, it’s basically useless.

It’s true that it’s the right solution to a more limited problem: passphrases for cryptographic private keys such as ssh and pgp. As with PIN numbers for your bank cards (a close analogy), you have just one or two to remember. It’s good that the security should be high, particularly where there’s no primary line of defence against brute-force attack (as in the bank suspending your card automatically after three incorrect PIN attempts). But in that context we have always spoken not of passwords but of passphrases: you shouldn’t need xkcd to tell you about them, because you were told when you first followed instructions on using ssh.

However, Correct Horse Battery Staple offers nothing more to the general problem of passwords than the thought it immediately provokes. In the first place, the cartoon’s ideas on what is memorable are perhaps a little disingenuous. So too are the security claims: there are defences against brute force attacks, and 44 bits of entropy is complete nonsense against something as simple as a dictionary, let alone AI that can correlate the supposed memorability of CHBS with its linguistic characteristics.

But far more importantly, it doesn’t scale: how many such phrases can you ever hope to memorise without hopelessly confusing them? No matter how much you might want to argue with my last paragraph, the original problem is still there. I think it’s actually worse!

Great for a passphrase, useless for multiple passwords. What the world needs is password-free cryptographic identity such as PGP and OpenID to replace all those horrible passwords. And without a centralised authority whose own motives and competence might fall under suspicion.

Time for a real plague?

The weather is 28° in the shade, and it’s bright sunshine in a cloudless blue sky. By UK standards – particularly here in the West where the maritime influence is strongest – that’s hot.

Last night I put my rubbish out, as I customarily do on a Monday night. As did my neighbours over quite a wide area. Bin collection here is a Tuesday morning. So that’s all our local streets filled with recycling boxes, bags, and the like.

I went out after lunch expecting, as I usually do, to bring my recycling boxes back in. I was shocked to find them still there: collection hadn’t happened. It still hasn’t happened as I write (16:21). Our streets remain full of household rubbish, festering in the hottest weather of the year. Apparently the collection has fallen victim to the “pingdemic”: too many dustmen told to self-isolate because their bluetooth thinks they’ve been near to a Covid case.

How long before we get a real plague?

O Frabjous Day

Today, July 19th, is Freedom Day here in England, postponed from the originally-announced June 21st. The lifting of most legal restrictions relating to Covid. Music and theatre, eating and drinking out can return to my life. And not least, travel: at last I’m free to get on a bus or train.

Well, up to a point. This is the season when most of cultural life is dormant: the time we needed to be able to do these things was, um, a week ago. As for travel, that would’ve worked very well in June, but now it’s the week school terms end, so the trains will be overrun with family groups. And, no doubt, covid and other maladies. Even in a normal year that makes it one of the worst times (other than Christmas) to try and travel anywhere. So having gone nowhere further than I can cycle for 18 months (albeit not always by bike), I’m not rushing to change that immediately.

And then there’s the general reality, aside from the law. Covid rates are high and rising fast – and will surely be boosted further by the start of school holidays. While dropping the requirement for germ-incubators frees us, many shops still display “please wear a mask” signs, and there’s no way of telling whether that’s a request or just something they’ve failed to remove. So while my visit to the wholefood shop today was the most pleasant shopping I’ve done in a year, I avoided going in to the mask-requesting greengrocer and popped into the Coop instead (the fact that the latter inflicts muzak on us would normally cause me to prefer the greengrocer).

What will be the effect? In the short term it will surely be dwarfed by the effect of all those families travelling on school holidays. But in the medium term? A year ago – when covid rates had come right down – I predicted that bad law would lead to a rise, and put a timescale of end-of-August to see the start of that. This year we may indeed see the opposite. Whereas end-of-last-August covid rates were rising from a very low base, this year they may not yet be in decline, but at least the rate of increase will surely have fallen from its current very high level.

And longer term, it seems the Chattering Classes, and therefore (at least to a point) people more generally, may have learned the importance of ventilation. If only covid had happened a generation ago, I could perhaps have led an altogether more comfortable life, with less conflict over fresh air, and fewer colds! And as I said here in my very first blog post mentioning covid, Coronavirus could leave a really good legacy if knowingly spreading germs could become as socially unacceptable as smoking.

So in summary, a tentative
Calooh, callay.

Living without Life

Back in May, along with the customary joys of the season, came signs of Life returning. Among those, a return of larger-group music making, albeit limited to an outdoor setting. The highlight of that, starting to rehearse for a big pageant: Mayflower 400 (postponed from last year), due to be held today on Plymouth Hoe, with (apparently) capacity for a socially-distanced audience of 15000.

My involvement was in the chorus for a newly-commissioned work “Mayflower”, by Nick Stimson and Chris Williams. Five movements of Incidental Music to the story of the Mayflower. Rehearsals in May started in the Plymouth Argyle football stadium – an open-air venue with ample capacity for a large choir all well spaced out. I liked the venue a lot – particularly since it was an outdoor event we were rehearsing – though of course there’s no way a choir could afford it from our own budget! Life was indeed beginning to return.

The event itself was a lot bigger than just the music. It was conceived as uniting both sides of the Atlantic, including importantly members of the Wampanoag peoples who had lived on the land colonised. We were educated a little on the history – in a similar way to learning of The Real Macbeth before performing in that (Verdi’s opera) some years back. But not to the extent where I could tell you about it, or know more than the bare bones of today’s events. I was very much looking forward not just to my small role in it, but to being a spectator to the whole!

Then on June 16th, email telling us the event is cancelled. The return of life this summer was not to be. We continue to live on in unlife, a close relation to the undeath of fantasy literature. The promised “Freedom Day” next week will do nothing to bring back our lost music.

For the record, today is cold for July, overcast, and here we had a heavy thunderstorm earlier this afternoon. Plymouth – right on the coast – often escapes this kind of thing, so I’ve no idea what the weather might have added to the event. I understand there were indeed contingency plans for shelter (lots of canvas?), but it should’ve been lots of fun even if it meant getting soaked!

RIP O2

Since switching from a small-biz contract to a personal one, the service I get from O2[1] has been unrecognisable as the same provider. The small-biz service worked, never gave cause for complaint, and was always contactable if I needed to speak to someone.

The domestic service still worked, but was devoid of customer service. The first problem was trying to set up a direct debit for it: there’s no online facility, and a dysfunctional ‘phone number. The message is always “busier than usual”. On one occasion it promised a 15-minute wait (as opposed to the usual 45 minutes). I hung on, and found out what comes next: a series of menus that ended with it hanging up on me!

So I’ve been logging on each month to pay, which is a hassle I could do without! Last month even that was a problem: several times I tried, but found their site was down, before I finally succeeded.

Now this morning, two things. First, in my email is a message from them:

We’ve joined forces with Virgin Media.

There’ll be plenty more developments to come. For now, nothing’s changing for you. Your services will carry on as normal – you don’t need to do anything. Our FAQs can be found here.

Uh-oh. Virgin Media is altogether Bad News: an order of magnitude worse than what I’ve hitherto had from O2. And right on cue, I tried to make a couple of calls this morning only to find there’s no signal! Had to fire up my seldom-used VOIP on the other phone instead.

Again, this falls a long way short of the full Virgin experience. Indeed, O2’s status page helpfully explains that a mast in my area is down, and promises an update by June 8th (though its helpfulness is frustratingly limited: it doesn’t, for example, tell me where I might find a map of masts and coverage). But this is surely a clear warning, we appear to be heading that way. My need to bail out as soon as my fixed-term contract ends, or maybe sooner, is becoming more acute.

Shame. I was with them more than 20 years as a satisfied small-biz customer. I originally signed up with what was then BT Cellnet, and stayed with them precisely because it was a generally-good service free of these nightmares. RIP O2.

[1] A telco – one of the main UK mobile networks.

RIP Free Speech Online

OK, I exaggerate a little. Or do I? You be the judge.

This morning I had my second Covid jab. No significant side-effects, but I’ve been taking it easy this afternoon. I had some cramp after my first jab, and am remaining within limping distance of home just in case.

So this afternoon I spent some time on a park bench, reading Private Eye. Where I find a brief note that follows up to things I’ve written in this blog and elsewhere on subjects related to covid, the vaccines, and discussion that deviates from the official line.

Last November I wrote:

At the same time, we hear that governments are going to come down hard on antivax (is that how you spell it? – I don’t want to google). With drastic potential penalties on platforms, it’s inevitably going to be enforced as one of those taboos that may be used to shut down not just nutjob conspiracy theories but also legitimate discussion. That (always) bothers me.

The piece in Private Eye tells of a couple of cases in point, where genuine experts have been censored by fearful platforms. One of those is Professor Carl Heneghan. Googling Professor Heneghan’s credentials, I find he is Director of Oxford University’s Centre for Evidence-based medicine, and and former Editor-in-Chief of BMJ Evidence-Based Medicine.

So why has Facebook labelled an article by Heneghan as “false”? I have no doubt it did so reluctantly, under the pressure from governments I had noted. Heneghan’s crime was an article published in the Spectator, whose concluding paragraph fails to parrot the official line on requiring us to wear germ-incubators on our faces. His conclusion:

And now that we have properly rigorous scientific research we can rely on, the evidence shows that wearing masks in the community does not significantly reduce the rates of infection.

https://www.spectator.co.uk/article/do-masks-stop-the-spread-of-covid-19-

That’s based on the only large-scale randomised trial on covid and masks – the Gold Standard of statistical evidence – to have been conducted anywhere (it was in Denmark). Heneghan also comments that it agrees with studies on “influenza-like illnesses”, and that

The low number of studies into the effect different interventions have on the spread of Covid-19 – a subject of global importance – suggests there is a total lack of interest from governments in pursuing evidence-based medicine. And this starkly contrasts with the huge sums they have spent on ‘boutique relations’ consultants advising the government.

Right. No wonder Facebook was afraid to allow it to go unchallenged! Not old-fashioned censorship, but active suppression from a mass readership. Convincing the masses that it’s a nutjob conspiracy theory is perhaps altogether more effective than outright censorship!

This blog of course doesn’t matter. I speak with no authority, and go under the censor’s radar. When I blogged in July with reasons why the mask law would lead to a rise in covid (as it did – indeed more than I’d foreseen) it was based purely on commonsense, not on scientific evidence. There is still – so far as I know – no rigorous evidence one way or the other on my arguments, and (as Heneghan observes) no appetite for the experiment among those who could commission (or indeed permit) it.

Note: Heneghan’s gold-standard evidence concerns mask-wearers. The study was conducted in spring 2020, and mask-advocates did react – by shifting the goalposts to “protecting others”. No comparable study offers evidence one way or t’other on those goalposts, but my prediction proved true.

Dismal Choices

Thursday is Election time again. Different elections in different parts of the country. Here it’s local councillors and a Police and Crime commissioner.

I’m completely lacking information. I’ve had just two election leaflets: one from the Tories, one from and Independent candidate who fails to impress.

  • For local councillor I’d take the Tory candidate as a person (based on her very effective response the one time I had occasion to contact her – referenced here), but can’t endorse her party, so I have no candidate I’m happy with and I can’t even find information online.
  • For Police&Crime commissioner, this is not at all like the last time I blogged about it, when we had an interesting array of candidates. There are just four candidates, all of them affiliated to political parties: Tories, Lab, Libdem, Greens. Information including statements from all candidates is available online: there’s little if anything there to choose between Tories/Lab/Libdems, while the Green candidate is such a loony-lefty as to look like a self-parody.

Ho, hum …

Cat of Nine Deaths

A regular cat may have nine lives, but Stuttley’s dead cat appears to have nine deaths. Or maybe far more – I haven’t been counting.

Right now we have one timed for next week’s election: namely the scandal (or storm in a teacup, or actually both) of the Downing Street flat (erm, Flatgate?) The leader of the opposition has totally taken the bait, and as a result looks pusillanimous and irrelevant. Which, to be fair, is probably his natural state: I expect he could turn people off caring even about the Cummings row. Anyone influenced by national politics may find the tories a ghastly prospect, but Labour is worse: it’s simply too depressing to vote for. So that’ll be an election triumph, which he’ll of course claim as a ringing endorsement.

Blair may have been the supreme master of fake sincerity. Stuttley has just demonstrated an entirely different mastery: to demolish his opponent exactly when it matters. Even down to a Thespian tour de force of appearing flustered and on the back foot on the subject and of keeping it unnecessarily alive, giving Starmer ever more rope to hang his party’s election prospects.

The classic dead cat, when there are so many other things an opposition leader should focus on. Possibly the Cummings claims, though it’s plausible they too could be – like Gollum’s stabbing Stuttley in the back to rescue him in 2016 – an elaborately-orchestrated setup. Certainly actual instances of free handouts to cronies, of the cruel and ineffective lottery of covid handouts, and actual instances of brexit-bonus ranging from NI troubles through fishing disaster to routine closures like (this week’s announcement) Nestlé‘s UK factories.

The whole Flatgate issue is being de-fanged by an independent inquiry. The announcement of the appointment of Lord Geidt – who appears from press reports to have strong credentials – to fill the Parliamentary Standards vacancy and head an investigation was ideally timed to let Stuttley off the hook. I expect someone on Stuttley’s team knows – if only on Richelieu’s principle – where Geidt’s bodies are buried, lest they should need to exert pressure. Even if something from that or any other inquiry has potential for real damage, it comes long after the election, events have moved on and the media and public are sick of the subject.

Two Standards

I seem to have rather dropped the ball on commenting on double standards in our Establishment. But two news stories both reported today exhibit a contrast too good to pass up. Both concern rich and powerful folks accused of major white-collar crimes fraud and corruption.

Story 1: Trial of Serco executives collapses.

Story 2: 24 foreign individuals sanctioned under “Magnitsky” act.

So that’s two Brits acquitted without a completed trial, and a much larger number of foreigners punished without any suggestion of a trial. The latter haven’t even reached the threshold to face prosecution, they are just guilty until proven … erm … that’ll probably have to be until proven dead, and on no more evidence than the word of the Minister!

Just imagine that standard had been applied to the Serco two!

And as regards the Magnitsky 24, I imagine a lot of wealthy users of London’s money-laundering services will now be re-evaluating their budgets for protection moneyConservative party donations. And those linked to political targets but not in need of such services will be looking to dispose of any assets they might have in UK jurisdiction.