A cron job that I run every day to screen scrape some figures from a financial services provider recently broke and upon investigation it transpired that it was no longer able to login to my account. On it’s own that isn’t particularly unusual but it was when I started investigating what had changed and needed to be fixed in my script that things got a bit weird…

The login process involves submitting a form consisting of a username, a PIN and a password over a secure https connection. The PIN and password are sent in plain text, but that is fine as the connection is secure.

An initial investigation of what was now happening when the login form was submitted showed that the PIN and password appeared to have been obfuscated in some way, so I grabbed what appeared to be the relevant javascript and ran it through a beautifier, revealing this:

$("#obfuscatedPin").val(CryptoJS.MD5(Value("originalPin")).toString(CryptoJS.enc.Base64).toUpperCase());
$("#obfuscatedPwd").val(CryptoJS.MD5(Value("originalPwd").toUpperCase()).toString(CryptoJS.enc.Base64));
Continue Reading ...

In light of the recent stories about first Wonga, and now the Student Loans Company, pretending to be other people when collecting debts I thought I would point our that British Gas certainly used to do much the same thing.

Back in 2007 I was in dispute with them, because I had moved supplier but they had decided to ignore my final meter reading and try and bill me for gas that I should have been paying my new supplier for and in the course of that dispute I received this letter from “Central Recoveries” saying that my account had been “passed to them”:

Central Recoveries Letter

If you look closely at the small print ringed in red you will see that they are in fact a “Centrica business” and appear to be just another name for British Gas Trading Limited.

As much as I would have loved to see them in court and ask them to explain why I should pay them for gas that somebody else had supplied me, my new supplier decided that they would credit me what British Gas was wrongly demanding so I unfortunately had to let the whole thing drop.

I’m sure there’s some logic somewhere in the offer that Amazon just presented to me, it’s just not entirely clear to me what sort of logic…

All I need now then is an option to have them hold the CD until I have something else I want that will put me over the free delivery limit!

It has been well documented in the US that one thing movie studios have been demanding in new rental contracts is a time delay between films being released for sale and being made available for renting, based on the frankly bizarre theory that if they stop us being able to rent a film for a few months we will all go and buy a copy instead, thus making them more profit.

It was always my suspicion that such a demand was behind the long impasse that prevented Universal films being available on LOVEFiLM for the last couple of years, although I have no actual evidence to support this.

That impasse was recently resolved, and at much the same time some films started appearing on LOVEFiLM with a statement at the top that reads:

The studio have licensed us to make this title available to rent on the release date below.

When that message appears the rental release date is normally shown as roughly two months after the sale release date - in other words just the sort of delay the studios have been demanding.

Continue Reading ...

One thing that consistently annoys me is when seemingly reputable companies decide for some reason that the rules on unsolicited marketing communications, that is to say, in the United Kingdom, the snappily titled “Privacy and Electronic Communications (EC Directive) Regulations 2003”, don’t apply to them for some reason.

The latest organisation to suddenly conclude it has the right to send me such unwanted communications is LOVEFiLM which has recently decided it should send me regular SMS messages full of some banal nonsense.

The first such message I received was two weeks ago, on 18th December 2011, and when I then checked my account settings on LOVEFiLM I was surprised to find that all the various “LOVEFiLM Marketing” preferences where unchecked apart from one labelled “by SMS” which I am quite sure I would never have checked, and certainly not while I was refusing much less annoying things like email marketing.

Continue Reading ...

So I recently cancelled one of my credit cards - it was an American Express card with an annual fee that I had only ever intended to hold for one year to get the signup bonuses, and once the fee for the second year came due I cancelled it.

Today I got the final statement which, because of the refund of the fee for the second year, showed a credit balance. Rather than enclosing a cheque for the balance though, or indicating that they had repaid it to the account that I had been using to pay the card bills, the statement had this curious message:

What I want to know is, how many people exactly don’t want a refund, and would instead prefer to hand their credit balance over to American Express?!?

Of course their secure messaging system insists on me selecting a card before I can send a message, and won’t let me select a cancelled card, so sending them a message to ask for my refund turned into a bit of a palaver as well…

Apparently my bank had some important information to share with me. I know this because they put an extra page in with my statement headed “Important Information for you” which I reproduce here:

Lloyds TSB had some Important Information to share with me...

I wonder how many million of those they’ve just sent out…

Recent versions of rails 3 have started spitting out a new deprecation warning:

String-based interpolation of association conditions is deprecated. Please use a proc instead. So, for example, has_many :older_friends, :conditions => ‘age

#{age}’ should be changed to has_many :older_friends, :conditions => proc { “age > #{age}” }.

Now call me confused if you like, but isn’t the suggested replacement still doing just as much string interpolation as the original?

In the second part of his critique of OpenStreetMap Justin O’Beirne discusses various issues surrounding labelling of cities in OpenStreetMap’s cartography, specifically in our default mapnik rendering of the US.

The issues he highlights can be broadly divided into two categories: problems with our stylesheets and rendering technology; and problems with our data, and in particular with our US data.

The issue which I intend to address here is the one he tackles first – that of label density which is something that stems largely from data quality and, more importantly, consistency issues. Specifically, although the post talks about cities, the real question is about what is tagged as a city and what is tagged as some lesser type of place.

Continue Reading ...

Two weeks ago I travelled to Saltaire with my uncle to hand over a number of items of historical interest from my grandfather’s papers to the Saltaire Archive.

The most significant item in the collection was a personal diary for the year 1897 which carried an inscription on the flyleaf of “John Unwin, Fanny Street, Saltaire”.

In itself the diary is a fascinating piece of social history and that is certainly the main reason for including it in the archive for the benefit of future generations. The diary is of interest to my family for a second reason however, which is the mysterious way in which it came to be in the possession of my grandfather.

Continue Reading ...