I have an update on my harassment case but for various reasons I am keeping it to people I know. People can register and then request access via email if they like.
Home movies, Croydon ca. 1936
Home movies. Embarrassing, eh? Well, not always. Here is one from the camera of James Rudd Ratcliffe, my wife’s maternal grandfather. Taken at Croydon around 1936 it includes footage of a number of airliners of the time including G-ACJK Imperial Airways Short L17 Syrinx, G-AAXC Imperial Airways Handley Page HP42 “Heracles”, HB-ISI Swiss Airlines Douglas DC2, F-AMHL Air France Wibault 280, G-AEPW De Havilland DH89A Rapide and what I am fairly sure is a Junkers JU52-3M, presumably Deutsche Luft Hansa.
Well, I thought it was rather interesting anyway and I hope you will too.
Update: the second aircraft seen is either OO-AGU, OO-AGV or OO-AGW, all Junkers JU53/3mge seemingly supplied to S.A.B.E.N.A. around 1936. One is preserved in Brussels aircraft museum, another was apparently lost in a crash in the Belgian Congo in 1944. Factory records are apparently confusing, listing at least three frame numbers for AGU. AGU went to the Potuguese air force in 1937, so this film is probably 1936 or 1937.
I am told by James Ratcliffe’s nephew that the final aircraft is indeed a Ju52-3m of Deutsche Luft Hansa, and on board was Joachim von Ribbentrop.
Seasons greetings from my lawyer
(Shamelessly stolen from elsewhere).
To whom it may concern
Dear Sir / Madam,
Holiday Greetings!
Without prejudice
Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low stress, non-addictive, gender neutral celebration of the winter solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasions and/or traditions of others, or their choice not to practice religious or secular traditions at all.. and a fiscally successful, personally fulfilling, and medically uncomplicated recognition of the onset of the generally accepted calendar year 2012, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make this country great (not to imply that this country is necessarily greater than any other country), and without regard to the race, creed, colour, age, physical ability, religious faith, or sexual orientation of the wisher.
This wish is limited to the customary and usual good tidings for a period of one year, or until the issuance of a subsequent holiday greeting, whichever comes first. “Holiday” is not intended to, nor shall it be considered, limited to the usual Judeo-Christian celebrations or observances, or to such activities of any organized or ad hoc religious community, group, individual or belief (or lack thereof).
Note: By accepting this greeting, you are accepting these terms.
This greeting is subject to clarification or withdrawal, and is revocable at the sole discretion of the wisher at any time, for any reason or for no reason at all. This greeting is freely transferable with no alteration to the original greeting. This greeting implies no promise by the wisher to or responsibility for the consequences which may arise from the implementation or non-implementation of same.
This greeting is void where prohibited by law.
Yours faithfully,
For and on behalf of messrs. Sue, Grabbit and Runne, solicitors at law, commissioners for oaths, threats issued.
Ops and incidents
I have a few thoughts on what makes a good operations team, and how this is reflected in incident management.
The first and most important thing is: clue. Ops people have to have the right instincts. Technical skills can be trained, instincts are much harder to change. The right instinct when faced with a problem is to own, communicate, analyse and fix. The most important of these is ownership. Not so much “you found it, you fix it” (though that’s a fair principle) as giving people the authority to take a problem and escalate as they see fit. In other words, the polar opposite of “somebody else’s problem”.
Also, good ops people will appreciate the severity of a problem but will inject calm. Panic is not conducive to timely and effective action. They will assess and cross-check before piling in to fix. Two sets of eyes on emergency changes is good: “remove host from storage group, check the hostname, check the storage group, OK?” A reading error between one of perhaps dozens of similarly named objects can only compound the problem. If you have vendor support, engage the vendor at the earliest opportunity – and if the vendor calls you because your system has phoned home, take their call and implement the fix as soon as you can, even if it means spoiling your evening. Sorry, that’s the way it is: if you’re on call, you’re on call. April 1 2011 was the first day for I think about 15 years where I have not been on the escalation path for any servers anywhere. Of course I hate being called out so I spent a long time making sure that other people had as much skill, knowledge and empowerment as possible.
Communication is important, too. Sideways, upwards and outwards. Who else knows about this issue, is anyone else working on it, do we have enough information yet, is the person with authority to approve changes to fix the problem both aware and fully briefed. Someone needs to own communication with consumers of the service if service is likely to be impacted, and even if it’s not someone needs to ensure that service status is documented. This is really important: consumers of IT services can be very tolerant of outages or slowdowns if they are given accurate information and if they can trust the information. That means being honest when things happen. Someone fat-fingered a change? Tell your customers, and tell them how you’ll ensure it doesn’t happen again. During an incident tell people the worst case outcome, your best estimate of the real outcome, and your best estimate of time to fix (take the smartest techie’s number and double it is a fair rule of thumb here).
And if it’s a major incident you rapidly need to get a battle team in place. Technical people with access to all components of the service (server, virtualisation and storage, for example), someone to own communications, someone to act as technical lead for the incident. And don’t let this pool drop below two if you can help it, working alone on a critical outage is incredibly stressful. Even if one person owns the resolution they need support from peers and managers until service is restored. It’s also good to have peer review of any proposed fix before implementation.
Broad-band internal communication is extremely important. Open a conference bridge, get an IM conference going, WebEx or GTM maybe. The faster the information flows and the less it’s filtered the better. Then the tech lead can summarise and the comms owner can deliver appropriate summaries to the various audiences.
That might seem like a lot of people. In reality for most incidents it is only three or four, but it might well be more. The upside is that if they are the right people they won’t be on the case for very long, unless the problem is a real monster. If it rolls over shifts, be flexible: allow people to work overtime, or go if they need to, provide overlap, allow any peripheral service techs to drop out and remain on call if they are not immediately needed. And if you are a manager remember that your most important function might be making tea.
Never forget, either, that responsibility and blame are different things. As soon as a blame culture starts to creep in, you have lost. You absolutely must have a culture where anyone who even suspects they may have screwed up can be open about it, even if it results in a full and frank exchange of views later. During an incident is not the time to play blame games, and people should be rewarded for being honest about genuine mistakes not punished for making them. If people have been stupid then train them or transfer them, if they have tried to hide their mistakes then fire their asses.
To me all this seems obvious. Apparently, from some stories I’ve heard lately, it is not obvious – or if it is there are people for whom the penny has not dropped.
I remember a case up in Brum where I was fixing a file server. A manager wanted regular status updates from me during progress of the case. The IT director was adamant: “do you want him fixing it or telling you why it’s not fixed yet?” He stood guard by the door and fended off all comers leaving me to do my job.
The big takeaway here is that problems get resolved quickest if people are empowered, given good management and technical support and not surrounded by a crowd of people asking when it will be fixed.
Gordon Higginson
Gordon Higginson
November 5 saw the passing of Professor Sir Gordon Higginson, former vice-chancellor of Southampton University and primary author of the perceptive Higginson report on A-levels.
Prof. Higginson was a dedicated educator. In my time at Southampton, during his tenure as VC, he taught a first year course in mechanical engineering. He was under no obligation to do this, most VCs do not teach courses even if they give occasional lectures. He did it to keep his hand in and remain in contact with the real business of the university, delivering education. I had difficulty with some work he set and was able to arrange a tutorial. The VC is a senior and busy figure in the university, but he made time to help a Part 1 electrical engineering student with what would have been, to him, a fairly trivial problem.
In short, he was a nice man. Clever, thoughtful, a good lecturer, but above all a thoroughly decent bloke.
The picture here comes from the obituary at Southampton University’s website. It is a good likeness and shows the prof. as I remember him: genial and smiling.
Totalise v. Motley Fool
The case of Totalise plc vs. Motley Fool Ltd [2001] EWCA Civ 1897 was, I believe, part of the first case of Internet libel brought in the UK.
An individual registered on Motley Fool under the identity Zeddust made defamatory remarks about Totalise. Totalise applied to the court for a Norwich Pharmacal order (so called because it derives from the precedent of Norwich Pharmacal Co. v Customs and Excise Commissioners) compelling Motley Fool to reveal data held in respect of Zeddust.
To recap, Norwich Pharmacal relief may be granted at the discretion of the court where the applicant demonstrates:
- a reasonable basis to allege that a wrong has actually been committed
- the disclosure of documents or information from the third party is needed to enable action against the wrongdoer
- the respondent is not a “mere witness”, but is sufficiently mixed up in the wrongdoing so as to have facilitated it, even if innocently, and therefore be in a position to provide the information
- the order is necessary in the interests of justice on the facts of the case.
The court issued the order, with an order for costs against Motley Fool. This was appealed and overturned on appeal. This ruling as to costs is an important precedent establishing that where a defendant in an application for Norwich Pharmacal relief is, while mixed up in the matter, an innocent party, they are entitled to their costs in defending the action even if relief is granted.
The precedent of costs is often cited, but of equal relevance are the judges remarks in summing up the matter of the application for Norwich Pharmacal relief:
The claimant has demonstrated a strong prima facie case against Z Dust. Secondly, the defamatory material is of a very serious nature, calling into question the claimant’s solvency and the competence and integrity of its management and directors. Third, the concerted campaign waged by Z Dust presents a very considerable threat to the claimant. The potential audience is vast. It has no geographical limit. The claimant, in my judgment, is at risk of serious damage. Fourth, Z Dust is hiding behind the anonymity afforded by access to the defendants’ discussion boards. Fifth, the claimant has no other practical means of identifying Z Dust.
In my case before HHJ Bird these five points were identified and addressed by the judge.
He considered that on the evidence presented I had satisfied each of these five criteria. Importantly, this was in the context of circumstantial evidence of identity from other sources (including court ordered disclosure) and the fact that based on this evidence an arrest had already been made.
I believe that the judge was influenced my intention to provide the information to Police, and the fact that with the case in progress they had not at that time issued a RIPA request – not least because the case was due to be heard before such a request could have been turned around and a response received. It was also clear that he supported my right to have the information for myself, for use in pursuing relief against the ultimate offender, known as Nuxx Bar.
My day in court
As you may know, I have been the victim of an extended campaign of harassment over more then three years, and this has escalated well beyond the norms of what might justly be termed robust debate or mere vulgar abuse, dragging in my family, violating privacy, and involving visits to my house and nuisance phone calls. The person responsible I shall call by the Usenet handle he has used for three and a half years: Nuxx Bar.
I went to the police two years ago and they did not want to take it on; the same a year ago. I now know why: I said to them that I wanted the person responsible traced and warned off- I said I would be happy with a police caution. The amount of paperwork involved in requests under the Regulation of Investigatory Powers Act (RIPA) is insane, it seems. Their problem was that with no suspect identified they could not assess the likelihood of success, or even make a decent judgment as to the seriousness of the matter.
So earlier this year I decided to begin the process myself. I applied for court orders against providers including Reverse Corp (t/a 0800 Reverse) and Zen Internet, the ISP whose service had been used by the person responsible since 2009. I have written some of the detail about this on my wiki: obtaining a court order for disclosure.
I contacted Stuart Winter of the Biscuit Appreciation Society and other enterprises who had been an earlier target of this individual. He gave me a name. and some Googling linked this name with some facets of Nuxx Bar’s persona. He had mentioned Goring on Thames, for example, and that he was a web developer, I am told for an online recruitment company though I can’t trace that message.
The first hearing against Zen was a washout as I was in the States on the notified date; I was not able to reschedule. It was relisted in Oldham as Rochdale no longer has a county court. Manchester would have been easier for both of us! Due to a misunderstanding, the judge decided it could not be properly heard there and then and decided to pass the case to Manchester where there are judges who specialise in internet law.
In the mean time the case against Reverse Corp was listed. He’d used 0800 Reverse because we have caller ID and anonymous call barring; 0800 Reverse allowed him to use a number presented under CLI without me seeing the actual calling number. Luckily we had hit on the idea of buying a phone with call screening; I logged the calls until there were thirty or so and then made the application. I spoke to their customer service team and via them to the company’s solicitors; they chose on balance not to defend the application as the private data was limited to telephone numbers and there was good evidence of sustained abuse over a period of weeks. The numbers tallied with the identity given by Stuart Winter, and introduced other correlations available via Companies House, the electoral roll and other public records.
At this point I felt I had strong enough circumstantial evidence of identity to go to the police again. This time, having an identity and being reasonably confident that the person was an adult old enough to know better, I presented evidence of offences under the Telecommunications Act, the Malicious Communications Act, the Computer Misuse Act and the Protection from Harassment Act. I made a point of saying to the investigating officer that whoever was responsible was, or was using the identity of, this named individual. I am still prepared to keep an open mind on this.
An arrest was made, and the suspect denied everything. I view this in the context of his equally vehement denial that he was responsible for a retaliatory privacy violation after service was terminated by Zen Internet. I have in my hands concrete evidence that the privacy violation was posted by someone with access to the email address used consistently by Nuxx Bar since 18/03/2011, which has also been used via Google Groups; this would require either that they are the same individual or that they are in collusion.
Today I went to Manchester to do something which I had persuaded myself was fairly routine but it turns out is pretty exceptional. I applied to His Honour Judge Bird for a Norwich Parmacal Order compelling Zen Internet to reveal the details of their subscriber. Zen is a decent sized provider (and, incidentally, an excellent one) with tens of thousands of customers and a fair history online. This was the first time they had seen such a case. Requests for subscriber data are generally in connection with copyright theft, and anything relating to abuse would normally be handled via RIPA.
I prepared long and hard. I am glad I did. I had my evidence categorised, tabulated and presented in chronological order in three large bundles. Each question the judge asked, I was able to answer confidently, or giving a limit of confidence, from data either presented in the bundles or previously supplied to the court and the defendants. There are problems in an adversarial procedure if you attempt to rely on documents not provided in advance to the defendants. I was well prepared, I think: I had extracted every message I could find posted by Nuxx Bar under any identity, I had analysed headers, tracked ISPs and IP addresses, dates, and scored them form 1 to 5 according to how hurtful or distressing they were.
The judge’s questions showed sound knowledge of the issues of trolling and harassment, and a ready understanding of the distinction between mere vulgar abuse and genuinely offensive behaviour. He selected a number of particularly vivid examples for particular discussion.
I gave evidence supporting my assertion that Nuxx Bar had previously had service terminated by other ISPs. Zen Internet gave evidence that they had warned their subscriber five previous times including one temporary disconnection before finally pulling the plug. Nuxx Bar’s retaliation, via Eternal September, using accounts registered using nuxx.bar@live.co.uk, was discussed.
We then broke for lunch while the judge deliberated. He delivered his narrative in a style I can only describe, subjectively at least, as dramatic.
Remember: this order is to compel Zen Internet to reveal data protected under the Data Protection Act. The information is protected for good reason. Frivolous or vexatious applications are not intended to be satisfied.
He discussed the tests relating to the Norwich Pharmacal Order: there must be evidence of an actionable wrong or other credible cause for action; there must be an individual or individuals responsible for this action; and the defendant must be in some way mixed up in it, albeit perhaps as an innocent party. The evidence for each point was discussed. The judge pronounced himself satisfied that these conditions were met. I was hopeful this would be the case as thanks ot his earlier questions prior to the hearing, and my own research on internet law and precedents, I had addressed these specific points.
Next come the tests in Totalise v. Motley Fool, seven if I recall correctly (I will update this when I have checked). Then the judge’s discretion to make an order: it is, in the end, down to the judge. As Zen’s legal officer said, it is like being a performing dog: over the hurdles, through the rings, now jump through the ring of fire. The ring of fire here is the learned judge’s discretion. Finally costs. I am immensely grateful that Zen did not choose to ask for costs.
As he read out his summary it became clear that things were looking good. He paid tribute to Zen’s exemplary professionalism, which I absolutely echo. He paid fulsome tribute to the quality and coherence of my presentation of a case which, after all, gets the reaction “wtf?” from almost anybody not already in the know. Don’t take my word for this, I will put the transcript up when it arrives.
And finally: the judge granted the order. And there I must leave you in suspense. I agreed as a condition of release that this data was to be used only in obtaining and pursuing legal redress, including through the Police. This is the purpose for which the Data Protection Act allows it to be used. If I tell you what I found out then I could be fined or imprisoned for contempt. I am glad: this will keep me honest. I cannot pretend that I do not feel strongly that this person should be exposed for what they have done. Serial acts of anonymous cowardice of the most craven and, as the judge put it, sinister and threatening kind. If I were to publish the data then I would be descending to the same level. I was content to discuss the information Stuart Winter gave me, as it’s freely available online, but the information obtained under court order will remain private until such time as it is admitted and weighed in open court.
I have speculated in the past re identities. I will say this loud and clear: I do not confirm any of that speculation, in fact the data as provided was a surprise to em in several important respects. Do not assume you know anything, you don’t. In some ways I know less now than I did before!
His Honour is a wise Bird.
I cannot adequately describe the mix of emotions as he completed his summary. I am still digesting its significance. My head is reeling and of course I have informed the investigating officer. My next steps legally are more ambiguous than I had thought: I will now need expert advice on which of two possible paths to take, and some of this may depend on the outcome of the police investigation. I have boarded the train but have no control over its destination. I have asserted a measure and an illusion of control, but I doubt this will be settled for a year or more.
And yes, there is a terrible responsibility. If this is who I think it is, and if the outcome is as I suspect it will be, then I will have ruined his career. His career is incompatible with convictions for harassment and computer misuse offences. But this is as it should be – if this is who I think it is then he will likely have privileged access to private data, and I am completely convinced that he is not a fit person to be in possession of such data.
So what next? I think there are some things that should be learned from this:
- ISPs have a difficult role. The same people may be responsible for legal advice and compliance; they may end up wearing two hats simultaneously.
- I believe there should be an application process via the Information Commissioner’s Office for independent arbitration in such cases n a less adversarial context, with three outcomes: yes, no or remit to court.
- ISPs should work together to produce a guide to those seeking to identify anonymous attackers. The law as it stands, including in my case, requires evidence of serious offending behaviour and restricts very carefully the use to which such data may be put. This is a minefield for the person representing themselves, yet legal costs can be astronomical (I was given an estimate of £30,000 end to end to deal with this person to the point of injunctive relief and damages).
- As with the law of defamation, this entire area currently offers more protection to the abuser than to the abused and more redress to the rich than to the poor.
So it seems that today I have done an unusual thing. I have appeared before a judge as a litigant in person requesting a type of order rarely used and as far as I can tell almost never used by individuals acting in isolation. The lesson I guess is that if you are being harassed, gather evidence, present it systematically and get the police to do the digging. But if they won’t, I hope my experiences will help you at least a bit.
Compellent
This week I am on a Compellent technical training course. I am impressed – Compellent was a small player before Dell bought them and they have achieved some pretty remarkable things. With Dell’s bank account behind them I can see the roadmap telescoping, and there are some obvious places where Dell can drop in technology and improve supply chain, but the functionality is the important thing.
Some thoughts:
- The storage architecture is as good as it gets. Small blocks, automatic tiering, no hard LUN assignments, tin provisioning, no zeros written to disk, near-unlimited replays and so on. Some of this is box-ticking, some is really clever.
- The most elegant DR failover / failback management I have seen in a midrange array. Actually even high end arrays are generally less good than this. The failback process, normally incredibly messy, is thoroughly thought through and managed by the array tools.
- Portable Volumes is a very neat solution to the problem of seeding new remote arrays. 4TB native in a Peli case, fully automated at the remote end so that the most benightedly unintelligent “intelligent hands” can do the needful.
- Industry-standard components, for which read that the Intel servers that function as controllers are capable of accepting more memory unlike certain other midrange platforms I have used). It also reduces the lead time to get new drives and technologies into play.
- It’s really easy to use and the consequences of naive choices are minimised very effectively. There are only a couple of things you can do which can’t be easily reconfigured in production. Features for which a certain other storage vendor charges an “enterprise” premium are included out of the box.
I think that on balance this may well have been a better buy for Dell than 3Par would have been. Although 3Par had a bigger profile and had very successfully pitched in the high-IOPS space, Compellent is very well placed to move ahead very fast in R&D, there’s a lot on the roadmap that can now be resourced thanks to financial backing and engineering input from Dell.
I think it’s going to be an exciting time for the next 12 months or so.
Steve Jobs
It’s trite to say it, but with the passing of Steve Jobs the world has lost a great man. His genius was knowing what we wanted before we did, and this is not something you can learn.
I first bcame an Apple fan back in the mid 90s when I had a first generation PowerMac that had a pivoting display and a desktop that spread between multiple monitors; that was MacOS 7. Windows 7 finally does that nearly as well as the Mac, and over 15 years later.
Creative people like Douglas Adams and Stephen Fry loved the Mac for its intuitive interface and strict adherence to UI standards. Learn one Mac app and you’re a long way to learning them all.
As a sysadmin I used to maintain a network of Macs on 8.5 days a month, most of which was spent in developing a competitive information system in FileMaker. We switched to NT (my first working NT install was in Connectix VirtualPC) and within three months I was full time with an assistant.
Apple tech Just Works. It always did. That’s what Steve Jobs did for us: he provided the proof that tech does not have to be nerdy, does not need us to learn the arcana – tech is the servant, we are the masters, and any product that forgets this is, well, basically, less cool than the equivalent Apple product.
What I do at weekends
This is Reading Bach Choir about to sing Arnold Schoenberg‘s Friede auf Erden, an exceptionally difficult piece for double choir which I think we delivered in some style. It is unaccompanied twelve-tone music, about as hard as choral singing gets. In fact the first chorus master to whom Schoenberg gave it was of the opinion that it was unsingable! It’s not, there are internal lines and themes which make sense, the problem is that the other lines are doing something else…
