The saving culture

http://news.bbc.co.uk/1/hi/health/7214709.stm

Elderly and disabled people in England are increasingly being denied social services, a report says.

The Commission for Social Care Inspection said councils were tightening their criteria which determines who is eligible for care.

The watchdog said the situation meant there were 275,000 people in need of help receiving none while another 450,000 suffered shortfalls in care.

The BBC have on this topic run a 'have your say' section so people can put forward their thoughts. Most have complained that the government should do more to look after old people, and how they have paid their taxes etc.

While I think it's right people complain (and they should, to bring attention to such issues), from what I have read the problem from the post war years is that the proportion of the population that are elderly is increasing as we are leading longer lives with medical advances.

The big question seems to be - who should be responsible for looking after an individual when they reach an age when they cannot look after themselves? Should it be the state? Should it be their family? Or should they have saved over their lifetime to provide finance for their care in old age?

My own belief is that in the UK the great thing that is lacking is the saving mindset. Those that are financially successful longterm tend to have the saving mindset, and those that end up depending on state benefits tend (on average) to not be so good in this area.

For myself I have been lucky in this respect ... firstly for being brought up by my parents as a saver, and secondly having their financial support. I guess as everyone 'comes from somewhere' it makes it hard to have unbiased views on the topic. But objectively speaking I find it sad that some of my friends that run into financial difficulty, are in a sense 'addicted' to spending what money they do have.

Over a lifetime, in a vaguely capitalist system, I believe that people should be encouraged to save and build up their savings, so that they can form a buffer to look after themselves and their loved ones in difficult circumstances. The most unfortunate thing, coupled with the mindset problem mentioned earlier, is that governments (particularly the UK government) routinely penalize people for saving.



People who have very little and depend to a certain extent on extra benefits are hugely discouraged from saving. The moment they start to put away money each month for their longterm benefit, the government will correspondingly reduce any state benefits they receive (childcare etc). This means in practice that saved money is wasted money - the individual sees no advantage. Instead if someone has 200 pounds left over in any given month, they are better off spending it on a TV set or some asset, because this is not 'counted against' the individual in the decision as to state benefit rates.

Hence you get the bizarre situation where thousands of people living off benefits have council houses stocked up with the latest hi tech gadetry, playstation 3s, xbox 360s, plasma TVs, sky etc etc... to the extent that they have more gadetry than many middle income self supporting familys!! It is bizarre but makes total sense, given the benefit system.

Another example of such a problem is the situation faced by many single mothers. They can end up in a situation where financially they are better off not working, than working! Many examples I have found where single mothers do work, is not in order to increase income, but in order to feel as though they aren't dependent on a state handout. Indeed often until a single mother is earning quite a considerable amount (well over 20K) there is no significant financial benefit to working!!

While state benefits should provide a backup solution to help people in need, there is clearly something very broken in the UK system, where individuals see no personal advantage in getting themselves off the breadline. Capitalism works only when people will see a reward for their effort. If you want to get the millions on the breadline making some contribution to their own welfare, you simply have to make it worth their while.

Straight A's no longer enough for top universities

I see they are introducing a new 'A*' grade for A levels, because so many pupils are getting A that the universities can't select on that basis:

LONDON (Reuters) - Achieving three A grades at A-level will no longer be enough to ensure a place at a top university, academics warned on Wednesday.

From September sixth-formers will begin studying A-level exams which will include a higher grade of A* for those getting marks of 90 percent or above in their papers.

http://uk.news.yahoo.com/rtrs/20080123/tuk-uk-britain-education-exams-fa6b408_3.html

Of course it's not anything to do with the schools being ranked on their grade performance, obviously teaching has got orders of magnitude better than when we were at school *sarcasm*. Such a magnitude of change is unlikely to be due to genetics, so must either be due to the environment, or the marking system.

It's almost inevitable that this will continue to happen, given that schools are 'marked' in league tables on this basis. What they should do (in addition perhaps) is introduce a mark similar to the IQ mark:

While IQ tests vary considerably, there is a built in 'normalization' for the result. That is, if you give 10,000 people an IQ test, the average mark will always be 100, BY DEFINITION. If it's an easy test, you'll STILL get the same people tending to score above 100, and similar people scoring below 100. So the actual mark in the test is passed through a mathematical function which compensates for the population result, to give a more standardized result (the IQ).

The same process can be applied to any exam, and if applied to A level results would give a clear, fair and consistent means for universities to select. An additional benefit is that this process could be used to correct for the inherent 'easyness' of some subject choices over others.

Thus the current A, B, C etc scale could be used as an ABSOLUTE measure of performance (poor as it is), and a normalized scale similar to IQ could be used as a RELATIVE measure of performance (more suited for selection).

Tesco Online Website

Tonight I'm going to talk about a subject dear to my heart. The tesco online website.

Oh dear.

Those of us in the UK will be familiar with Tesco, one of, if not the biggest UK food superstore chain. Many of us in the UK shop often shop online for our food rather than going to the store. Alright I'm lazy .. but I also don't drive, and carting back a huge shopping haul on a bike is not pleasant. So I am more than happy to pay the 5 quid or so delivery charge to have someone do this for me.

I first started using sainsburys online service, and was quite happy with it. However, I find sainsburys tend to be a bit expensive overall (for myself, I'm not so bothered about paying for premium quality) so I moved over to tesco.

I am usually very impressed by the way tesco picks my food in the store for me and delivers it with nice drivers, doing what can't be a super pleasant job. I am very happy with the service, apart from in one area - the website!

The tesco online website is SO BAD, it's almost beyond belief. Alright it looks very nice, but the problem is, it DOESN'T WORK. Now I'm not a complete newbie to website design myself, I've written several, and have a reasonable knowledge of web technology such as html, css, php and sql.

I am currently stuck tonight with no food, having for the umpteenth time spent over an hour attempting to shop at the website. My main web browser is firefox (like 20% or so of web surfers), and I have a totally up to date install and disabled all plugins (to give tesco online the benefit of the doubt).

If I'm lucky, I can login to the site. However, when I click on a link, for example to show 'my favourites' in order to place my order, 99% of the time the website just hangs. If I click the link again sometimes the site gets very confused indeed, and tries to download an .aspx file to my computer. No, I don't want an .aspx file, I would like to see the website, thank you very much.

After 15 mins trying this and getting nowhere I give up and fireup internet explorer, which I keep for situations like this. I have version 6 of IE (perhaps this is where I am slipping up, not being interested in updating more microsoft bloatware). With all the security turned down to minimum, internet explorer fails to even load the front page :( . Sometimes I have got further with IE on the tesco site, but not tonight.

I went back to firefox. By a stroke of luck I managed to be able to add some items to my shopping cart. My prebooked delivery slot had long since disappeared, probably due to me having to log in multiple times, and delete my cache repeatedly to get anything to load.

So my message to Tesco, the company would be simple. Whoever is in charge of your website, fire them. They are guilty of gross incompetance. A child could build a more servicable website. The problem is probably in part due to the use of .NET type microsoft software in combination with incompetant website design. If you please could, given the huge amount of profit you make every day, please please please hire some competant web designers to make you a working website.

I would advise writing one that doesn't rely on proven unworkable technology, and instead opt for something more commonly used and proven to be scalable. If you really can't do it, I'd probably write the website for you, free of charge, or gladly instruct your website team on the basics of software development.

Here's hoping.

P.S. I may end up having to go back to sainsburys or a competitor who has a website that works. I know this means nothing in the grand scheme of things, and probably tesco online sales are a very small proportion of their operation, but I really like the rest of their system, it just makes me incredibly sad that a large corporation with so many resources can get something so horribly, horribly wrong. :(

Filesharing and the Information Age

I see here in the UK the government is attempting to put pressure on ISPs to do something about filesharing:

triesman_isps_legislation_timetable

The music publishers and movie industry have been continually putting pressure on governments to attempt to get them to toughen legislation against filesharing. In a way, I don't blame them, they are businesses, and seek to maximise their revenue.

The problem (for them) stems from the way once the internet was established across the world, basically designed and built as a means TO SHARE INFORMATION, then the old monopolies on putting value on information are breaking down.

In the documentary, 'Steal this film 2', this new paradigm is explored in some depth.

In the last century, information was a precious commodity, perhaps largely due to the difficulty of making copies. Copying out information by hand, and later via the printing press, was a costly enterprise, involving equipment, material, transport, shelf space, advertising costs, warehouses, etc etc.

The internet totally blows this old paradigm away. Making a digital copy of information is, in most instances, totally free, and produces a perfect copy, every time. In addition to this, the internet allows free advertising - information can spread in a viral fashion and other means, at no cost.

This means for the end user, if they can duplicate information from a friend, then they can have access to that information for free, whether it be an mp3, movie, game, application, or the design of a spaceship. The industry argument is that the end user is 'stealing' the music or film. However the end user argument would be, if they were not going to buy the information anyway, then there is no loss to the content producer, because they were never a potential customer.

The industry would claim the user is 'stealing' the film or music. However, in a way as there is no physical loss involved, steal is maybe not the right word, and legally speaking the action is a copyright infringement rather than stealing... it is also not dealt with by criminal law but by civil law, where the recourse of the content producer is to sue the end user for damages. However, in reality, the legal recourse in the simple case has no bite, because if you were to sue an end user for copying a movie, the economic loss would be the price of a movie ticket. The only way for industry prosecutions to have any 'bite', is for them to sue on the basis of an end user also being a file sharer, i.e. they publish the content on for other users to download. It should be obvious that it would be possible to claim greater financial damage for this act than for downloading.

The UK government is under pressure to give the impression of making some effort to preserve the status quo of copyright protection. This latest move seems to have the idea of passing the responsibility on to the ISPs, to prevent all those naughty people enjoying all that free information.

Although anti-piracy organisations can currently take advantage of the non-anonymous nature of several peer to peer protocols, in the long run, this approach will not work. It is based upon a fundamental misunderstanding of how the internet works.

The Difficulty of Eavesdropping

The internet works by sending little 'packets' of data around, from computer to computer, through wires, routers, switches, fibre optic cables etc etc. Each packet contains some basic information, like the address of the computer it should be delivered to. The rest of the packet, is arbitrary.

This means on a fundamental level, if a whole load of bytes are being transferred between one computer and another, it is very difficult (pretty much impossible) to determine what these bytes mean, once they have been encrypted. At the moment, most internet data is unencrypted, and it's pretty easy to 'packet sniff' simple packets conforming to well known protocols such as web page requests and other web browsing data.

If every packet floating through the internet was unencrypted, and had a nice header on it saying 'I am legitimate web browsing data', or 'I am illegal file sharing data' with the name of e.g. a movie in plain text, it would STILL be enormously difficult to monitor this data.

Consumer broadband connections typically could provide between 75k - 2000k per second of data. Now multiply this up by millions. That's a exceedingly large amount of data for any ISP to attempt to monitor.

Now the actual problem is FAR FAR more difficult than this. The problem for any 'snooper' is, that illegal filesharing traffic is not marked with a special flag to say 'HELLO EVERYONE!! I'M ILLEGAL FILE SHARING TRAFFIC!!'. Herein lies the problem with this whole approach. An ISP could capture all the data passing to and from a PC, send it to a team of IT forensic professionals, and STILL have absolutely no idea what the user was transferring. Fair enough if you already know you are looking for a certain DIVX compressed movie and have that data on file to monitor against, you could conceivably try to match each packet against the comparison file (although it would be horribly inefficient and take ages). And because you wouldn't know WHICH bit of content it was a priori, you'd have to compare it with EVERY PIRATE BIT OF CONTENT AVAILABLE in order to have a hope of getting a match.

Now that gives some idea of the extent of the problem for an ISP to try and monitor a SINGLE user. Now consider that that user is filesharing using, e.g. uTorrent, and decides, 'Hey, you know what, I don't want my ISP to know what I'm downloading, it's none of their business!!'. They go to their options and click a little tickbox which says 'ENCRYPTION'. With one move monitoring attempts are effectively screwed.

With unencrypted content it's INCREDIBLY difficult to monitor a users data flow. Once it's encrypted, it's pointless.

Here's an example of a filesharing packet captured in wireshark. Is it legal or illegal? How would you know? How would you prove it was illegal in a court of law?


If monitoring attempts to 'home in' on particular types of packets, coders will just modify the file sharing source code to make it mimick other packets. If you go simply on volume, there is no way to prove that a user is downloading a movie, versus for example a service pack update for their operating system. And if you want to just start disabling users because they have high traffic, well you might just as well switch off the internet.

Rather amusingly, in addition to this whole process being completely futile, there is another reason why ISPs REALLY don't want to start monitoring users data. That is a legal reason. At the moment there exists a provision where ISPs are not held responsible for the data that flows over their network, BECAUSE they cannot monitor it. This is known as the ISP defense. If ISPs do start monitoring data, then it opens the door for any content provider to sue them. Why didn't the ISP do anything about a user stealing their image? etc etc.

The Bittorrent Flaw

However, while all this is true on a theoretical level, there currently is a large security flaw in many peer to peer systems, particularly in run-of-the-mill bittorrent. It is this that will probably be taken advantage of, until anonymous protocols become widespread. The way the flaw works is this:

While it is currently very difficult to determine the contents of encrypted streams by 'eavesdropping on the wire', the enforcers don't actually have to. All they have to do is fire up their bittorrent client (or modifed version), choose to download a movie / mp3 that they own the rights to, then choose to examine the list of peers in the swarm. Yes, that's right folks, when you have a file available via bittorrent, the people who are downloading from you (in your swarm) can see your IP address, and along with a timestamp, that's all they need to track down your internet connection.

This has been the situation for a long time, and users have depended on safety in numbers ... i.e. the difficulty of prosecution. However there are moves in the UK whereby legislation may make prosecution easier for rights holders, so this is one to keep a watch on.

The Future

Ultimately what will happen in this 'arms race' is that users will simply move over to a more secure protocol / system. Already quite decent solutions are available for truly anonymous peer to peer traffic .. through networks such as I2P and TOR. However the reason the current anonymizing solutions have not become mainstream is that there is a cost to their anonymizing : It lowers the efficiency of file transfers, because the packets (as I understand it) have to travel through one or more intermediate computers in order to 'hide' the source and destination IP addresses from the two end points.

There are also other side effects - In order for those systems to work, and maintain plausible deniability, your PC must route through it traffic which has been requested by other PCs in the anonymous network. While this could be something perfectly innocent, it could also be something pretty heinous, and there have even been cases of people being charged for routing packets through TOR without their knowledge of what they contain. However, one should realise that this is the very nature of the internet. All the time routers and cables carry information that they have no knowledge of their content. Why should routing packets unintelligently through a PC be any different?

Passwords

I was going to write a post full of swearing and expletives, but thought better of it.

I have just spent the past hour trying to find out how to log back into this blogger account. The problem is, every website on the web wants you to have your own username and password to use it. Now that would be fine if there were just one or two websites. However once you find yourself using, say 10-20 websites, you have to start reusing usernames and passwords to have any chance of remembering your login.

So I (as I suspect many) have a rotation of 3 email addresses I use for registering at websites that I don't trust, such as google, where they can spam me with as much spam as they want (because I don't read those emails). I also use a rotation of 3 passwords corresponding to these in order to log into websites. Maybe someone will hack in, but frankly, I don't really care. These are throwaway emails, I'm not stupid enough to use my main emails.

Now this is great, but google want to have a 'google version' of my email and password to log into blogger. But the thing insists that I can't use any of the passwords that I already use that are easy for me to remember.

Oh no, that would be far to simple.

Instead I have to come up with some convoluted password, just in case osama bin laden himself tries to login to my account and use it to plan attacks on the free world.

And of course the upshot of this is, I naturally forget said password (and login details).

Cue spending 1 hour searching through my password books (I write them down so they are easier for thieves to steal) but I can't find it. I eventually by trial and error track down which email address (out of 7 I have) to use, then use blogger to reset the password.

Really there has got to be a simpler solution to all these password protected sites. It seems for most people about 100x more likely that they will lose their own password than it would be some 'hacker' would target them and try and login as them.

Really google what I'd like is, if we have a retarded short easy to guess password, let us use it for gawd's sake instead of insisting on fort knox security for the equivalent of our fridge. Why don't you add retina scanning and biometric face measurements while you are at it which screw up every time I get a haircut.

Thank you, rant over.