Yelpsters

There's been a lot of opinion expressed on both sides for this topic - most of the feedback is overwhelmingly negative but there's a substantial number of positions which are quite positive.

However looking at specific examples I've been able to witness first hand seem to weigh in on the former, although in reading up on this one there's been some comedic uses of the review sites - such as a bistro in the US offering a discount to customers providing negative reviews. There's an unknown amount of trade for former "SEO Consultants" who are now plying their trade to review site optimisation too, inferring that there's a sizeable economy surrounding these platforms.

Not only did it make a mockery of the review system on Yelp specifically but it highlights how abusive some of the platforms can appear. For example we got a local tradesman to fit the new carpets in our home and whilst talking to him he specifically asked us to read his reviews on Facebook, not Yelp.

Of course a comment like that is going to peak my natural curiosity so I dug a little deeper whilst the carpets were being laid, uncovering all sorts of fun & games (and stress) had trying to deal with the Yelp reviews. Having a quick look at his business Yelp page I can see what he means.

Of the 23 reviews that I could see at the time, 12 had been removed by Yelp as violating it's "terms of service", and 9 were "not recommended". This left two valid and "recommended" reviews - as far as Yelp itself were concerned - that were viable views on the business involved.

I couldn't understand the criteria match involved as the two remaining reviews were from Qype user accounts, and Qype hasn't existed as a platform since it was absorbed into Yelp in October 2013. To my mind more recent reviews over the previous twelve months are more likely to be representative of a business than something logged about a problem in three years previously.

For example, a restaurant can change hands and improve it's quality of service as a result; or a museum changes exhibits regularly providing differing levels of engagement over a longer period of time. TripAdvisor solves this problem by refusing any reviews over 12 months old - although they may still be visible their priority and importance in the overall business rating are lowered slightly too. On the face of it that makes more sense to me and allows business to atone for any past mistakes (as well as ensuring they don't rely on previously high ratings to boost their search rankings).

Yelp does not do this from any of the business reviews I've seen. It tries to hide the majority of reviews with a greyed link at the bottom of the page (enlarged in this image for ease of reference).

Suspect Carpety Reviews

The rest of the reviews - which are almost all positive from what I've read - are hidden in a "...reviews that are not currently recommended" moniker, and labelled essentially as irrelevant.

Yelp makes the following statement about this logic: 

Yelp statement on "Not recommended" reviews page

Now there's a few interesting sentences in there I'd like to focus on which don't seem to tie-in with a common-sensical approach. The first (highlighted yellow) seems to indicate that the reviews are assessed on quality and reliability combined with user activity. I don't understand how that's possible in Pete's case as there are a number of reviews in the last twelve months from people who have created a Yelp account purely to commend Pete's carpeting ability. 

But the two reviews which are being counted also indicate those users only ever made one review, and are from 2013 - neither those reviews or most of those on the "not recommended" page have any Yelp "friends" which may be the algorithm metric involved. Doesn't seem to tally. So the Qype user reviews giving Pete 5 stars are "not recommended", but the Qype reviewers panning Pete are on the front page.

Pete doesn't advertise on Yelp and rejected their sales teams suggestions that he buy a business account, shortly afterwards he says the problems really started. Customer reviews got moved away from the front page and his Yelp star rating shown alongside the search result dropped to a one star. Of course Yelp vehemently reject any suggestion that the two events are linked but Yelp only have a 2 star rating on their own website.

After Pete fitted the carpets I added my own review for his business on Yelp - creating a new account in the process. I also added a review for another business I'd used in the previous six months just to see if that was the deciding factor but, as if by magic, my review went from the front page to the "not recommended" page within 24 hours.

So going back to the Yelp statement the blue highlighted note about advertisers getting preferential treatment cannot really be proved or disproved without actually seeing the underlying algorithm first hand. However the majority of positive reviews for this specific business would nominally give Pete a  4.8 out of 5 (4 star service). The reviews de-listed because they "infringed the terms and conditions" would provide a small increase over that.

Should business owners like Pete care about Yelp? I'm not so sure - we did a lot of searching on other platforms such as Check-a-trade and social media; on both of those areas Pete scored highly based on recent customer reviews. Everyone gets to make up for past mistakes.

I also recently had an interesting conversation with another platform provider - Trustpilot.co.uk - who apply reviews of businesses and websites. I thought I'd try something related to my anti-spam activities and lodge appropriately negative (but entirely honest) reviews about two data trading businesses. The two businesses involved are AdView and UK Staff Search - both trading brands of Roxburghe / Dash Marketing who scrape job seeker details from jobs boards such as Jobsite.co.uk, pretend to operate in the US and then sell the personal data to various unsolicited marketing firms back in the UK.

The review went something like this:

Actually not as detailed or specific as it could be

The review omits details about how the company broke the law (DPA & PECR) but notes the basic facts.

Both business lodged a complaint about my reviews, and Trustpilot were of the opinion that despite AdView illegally acquiring my data and then spamming me I didn't qualify as a customer. Despite that being the very definition of an Adview customer they deemed my review in breach of their terms and conditions. And also despite AdView staff writing most of their reviews themselves. Perhaps if word of this post gets to them this review will also be removed by Trustpilot but I was completely unimpressed with their reasoning and position.

However the USS review stood and today someone marked it as "Helpful". That's the real purpose behind these platforms - finding good opinions and using them to choose the right product or service.

Overall I'm going to continue taking all reviews and opinion with a pinch of salt and actually talk to people to see if they know their trade. It's crazy but it might just work.

Trial Result: UK Apollo Group

In a surprise ruling, the judge decided that I could not prove the claim against Apollo.

The reason? I'd forgotten to include in evidence the documents that showed UK Apollo group scraping email addresses from the rest of job seeker data in my bundle. This was necessary as the initial spam was sent to an encoded email address (e.g. jobsite.<date>@<domain>).

So essentially it was not the case where the defence was robust and proven, it was simply an error on my part which failed to cement the facts of the case. UK Apollo would not be able to refer to this year long legal entanglement as a 'victory' as a result, and they also disclosed a lot of facts in a court of law - facts that would be of interest to regulators and in future SARs.

Furthermore, the judge refused to accept evidence of spam emails received after the submission of the date of the claim, which included readily identifiable email addresses. He also noted - but failed to act on - the fact that the first defence was submitted unsigned, and an alleged re-write of the defence was never served to the claimant.

In fact the trial was the first time I'd heard that Apollo had even adhered to the application to strike / re-write judgement.

Despite a number of breaches of CPR by the defendant (duly noted but not enacted by the judge) the defence - such that it was - was allowed to stand, despite a submission related to Denton & others. I even submitted a revised bundle for the second trial after the court ushers directed me to the wrong floor in the first trial - but the judge claimed not to have it in front of him. Good thing I got delivery receipts then.

Very interesting - almost as interesting as the very personal remarks made by the defendants rep, Keith Taylor. He was very angry! He couldn't actually apply a robust defence at all and I'll share the highlights of the comedic vitroil once I get the trial transcribed. You shouldn't laugh too much in a court. At one point he claimed that ICO was getting the law changed to help his company continue to spam people. Of course, no evidence was presented to substantiate any of these statements.

Keith even claimed he charges his time at £1k per day, although judging by the posted accounts none of the companies seem to be charging for many of his consultancy days. Most of the people associated with Apollo appear to have many other jobs too....

Also of note was the defence at one point admitting liability at two points, saying "just find me guilty, m'lud and fine me￡200 so we can all go home.". In court, on record.

However because the district judge excluded the emails following the initial claim document they are not considered part of the claim that has now been judged by the court. One of those spam emails was to an account I have listed as <firstname>.<surname>@<domain> - which is personal data in itself.

I think I can see why the judge did what he did and I've decided not to appeal for a number of reasons (not least the additional costs liability if I get something wrong). So I sent Apollo a shiny, brand new SAR last week - they've read it twice but are yet to respond. He awarded a £55 cost for the defendant - which should cover his petrol home.

UK Apollo Group (Further Updates)

In an earlier post I talked about some particularly flagrant spammers and data traders, UK Apollo Group a.k.a Taylor CVs, run by Keith Taylor.

After a mix up at the courts I applied for a re-hearing and - what a surprise, the defence failed to attend. Although even if they had I'm not sure it would have made any difference as I barely spoke at all.

The judge asked for 20 minutes for additional reading time, having been passed the case from another judge. After I'd sat down he simply stated the conditions under which a re-trial would be granted and that he was not there to deal with the other submissions. In under five minutes he worked his way through the reasoning for allowing the application - even noting that he was not there to decide the case, even though he deemed the defence as 'flimsy at best'.

The new trial is listed on the 21st November 2016 and I'll provide more updates nearer the time. However in the time between the last post and the application heading the defendant has spammed be yet again.

Not only that but Monster.co.uk have confirmed - after I provided them all the details of the web of companies holding UK Apollo together - that they've spoken directly to the defendant and advised them that what they're doing not only breaches the terms and conditions of their contract with Monster, but is breaking the law.

I'm yet to hear any kind of conciliatory tones from Kieth Taylor, nor do I expect to. Perhaps having a CCJ listed against his company for the next 6 years will adjust his attitude towards stealing personal data for profit.

Running VMWare Player on an Ubuntu 16 SP4

I had some minor headaches trying to get a decent hypervisor working on Linux desktop, and figured out a more manageable approach whilst retaining secure boot & UEFI.

One of the initial challenges is actually getting to the download for the VMW Player - rather than the full (paid for) Workstation etc. but can be found here at the time of writing. VMWare seem to have made it far simpler to access than when I first dug it out. NB this is only for non-commercial use, otherwise you'll need the paid-for Pro version.

Had to use Chromium as FF didn't want to play with vmware.com

Of concern for me was the lack of checksum or PGP verification for the download, something VMWare need to work on. The other major annoyance is that every time the kernel is updated this process needs to be repeated.

High-Level Views

The reason you may need to do this is that you've tried to use VMWare Player / Worktation but the networking does not work. After digging into your logs you'll see that the drivers couldn't be loaded at boot time.

Unlike VirtualBox et al VMWare seems a lot more stable on my SP4 i7 16GB, and can run multiple VMs without the need to have their UI windows open. It also seems to handle host-guest device management (e.g. USB) far better.

Personally, I was tired of VB being flakey and am used to VMware and Hyper-V.

Step-by-Step

1. Download the VMWare bundle from the link listed above
2. Apply executable permissions via sudo chmod ug+x <vmw.bundle> 
3. Run the .bundle (it's just a shell script) via sudo ./<vmw.bundle
4. Once the installer has completed you may need a reboot - if you do you'll see systemd errors relating to failed service starts for the vmware.service due to the unsigned network drivers vmmon / vmnet 
5. You'll need to run the kernel module updater - either via GUI or via sudo vmware-modconfig --console --install-all - this ensures that the modules VMWare needs to operate it's core networking capability are available

GUI version of the installer is invoked if you try and run the player at this point

This step should produce a script output ending something like this:
Starting VMware services:
   Virtual machine monitor                                            failed
   Virtual machine communication interface                             done
   VM communication interface socket family                            done
   Blocking file system                                                done
   Virtual ethernet                                                   failed
   VMware Authentication Daemon                                        done
Unable to start services 

Checking the status of system services should show vmware loaded but unable to run.

This indicates that everything is ready for signing now the modules are ready. After step #5 download or clone a copy of this signer script and follow the instructions. You will be asked to create a password during generation, which is then requested during MOK install after you reboot.

Expanding on That

The last item on that list is a bit abrupt but there's a couple of things you must do. Firstly you need to adapt the certificate definition to your own needs.

Change the subject of each of the certificates from "/C=CountyCode/ST=OfficeState/L=OfficeCity/O=Dept/CN=local.yourdomain.ext" on line 9 as appropriate to your specific needs. Ensure that these details are not accessible by anyone other than yourself.

Two certificates are generated - one for each driver. You can simplify to one certificate if you prefer.

Problems

1. Errors during step 5 could mean issues with VMware version and the Linux version. I upgraded to Ubuntu 16.10 which upgraded the kernel. To solve issues in error messages with the VMW kernel module updater download the latest version of the VMware player
2. I found that a reboot was needed between dist-upgrade of Ubuntu and VMware re-sign, otherwise something would get itself tied up in knots and have no effect on the player.

Old News

I noticed a few news articles recently that bemused me....relating to the addition of updates to v4.8 of the Linux kernel to support touch screen on Surface Pro 3.

This is strange to me because when I dual-booted my SP3 a couple of years ago with Ubuntu 15, touch screen worked out-of-the-box. Unity and Gnome UIs don't really deal with touch-screen input very well (but Linux doesn't really have the designers that Microsoft or Apple do), but it's not too bad. The SP 3 pen right-click isn't recognised at all so you'll need a mouse anyway. I included a photo of this in operation from a much earlier blog post.

Ubuntu 15, using the SP3 pen as a mouse

 However touch-screen input doesn't work at all with the SP4 - Running Ubuntu 16.04 and Gnome - no direct touch or pen input is detected. I can't find a touch-screen device registered by the OS either so am guessing this is the lack of drivers / support from Intel for the Iris 540 and touch-screen itself.

When I get some time later this month I'll look at the Intel Linux driver programme and the latest kernel to see if there's progress.

Why I've Had Enough Of Windows Phone

I had an Android handset years ago before I joined a company that had a BES infrastructure - Although I missed the smartphone I soon found it far easier to email and message using the blackberry.

Of course that's part of the façade of permanent employment; "Here have a shiny toy!". Which is nice.

"Now we can reach you everywhere you go at any time".

Nuts.

When I came to my senses and left my last permanent job there were far too many options on the handset market but it essentially boiled down to either the horrifically insecure Androids or the locked down iPhones which haven't progressed in a decade.

Then I saw some SDKs advertised in my MSDN subscription relating to Windows Phone 7, which was a break from the Windows Mobile core / v6 (i.e. "It's different this time, we promise"). And it really was.

Innovative user experience which seemed to evolve in subtle ways (unlike The Emperors New iPhone) whilst retaining a nicely contained app space which stopped all the horrific memory sharing in Android [at the time].

Well. You have to go with the lesser of three evils if none particularly appeal, right?

Wind the clocks forward another year and I'm sold on Windows Phone. v8 is being talked about - hopefully solving the few remaining deficiencies. The app store is slightly bare in comparison to Google and Apples store fronts but all the essentials are available.

Friends with both Android and iPhone regard it as a curiosity because they "just don't understand" the freaky blocky UI; yet when they play with it for a few seconds you hear "Ahhh ok"; and "that's interesting"; until you just hear the fingers slipping over the gorilla glass over the silence.

WP 8 solved a lot of the speed issues but then so did the upgraded handsets - after a four year stint with WP I've gone from a Nokia Lumia 720 to Microsoft Lumia 935 with little fanfare - after all when I got a new handset and entered my MS account details it all just .... worked.

Wipe and reset the old phone without any concern about data loss because one you've logged in on the new one ... it's all there waiting for you. Tiles and all. Unfortunately because I'm quite clumsy I've dropped a number of them so this functionality is a complete life saver.

Your favourites and history are also retained if you use a Microsoft account so when the browser crashes (which it does a lot) you restart it pretty much where you left off.

You can amalgamate multiple tiles together into drawers (a la Android) and resize / re-arrange any way you want. Most tiles flip over and show updates or info related to their app at a glance.

I got all the integrations with Xbox and Windows 8.1 / 10 first via the beta programme, which allows me to project my phone screen to the TV via Xbox or PC whenever I need to. Handy for showing the full HD 5.1 surround sound movies taken using the Lumia camera. Who needs disk space anyway, right? If you're not using it you're wasting money!

In the last year things have turned round dramatically though; having Office on my phone has always been really handy during meetings or to sort out time sheets in a hurry when an agency is still using antiquated paper time keeping (this is 2016 ok?). But this year Google and Apple started putting their own office-alike out there - abruptly followed by Microsoft 'suddenly' releasing multi-platform versions of the same, along with the slightly-less-capable online equivalents via most modern browsers.

It's almost like they had them waiting in the wings to wring out one more conversion to Windows desktop...

Then the Microsoft website started having areas which stopped working on WP's browser. The browser crashed a lot (especially on news sites such as The Guardian). The Xbox and MS account passport no longer had a pass through capability in the phone browser - when you have 2FA this either means swearing + generating app passwords or swearing + authenticator app + hope that when you switch back the original phone app hasn't cancelled out of the login screen.

Assuming the browser doesn't crash during that process. Which it does a lot.

Which is extremely frustrating.

HERE Drive couldn't work out that you have no data and took 2 minutes to timeout on an online search before asking if you simply wanted to search offline maps (which can be cached on the device for any selected area of the world). Truly a dumb way of ruining a great experience - my better halfs iPhone 6 just doesn't have maps or satnav if she has no data.

A lot of GPS apps (Cycle Tracks GPS and CoPilot) simply don't work without data. Even though they're supposed to only need GPS and cached maps they just end up providing nonsensical cycle tracks or closing during a car journey. CoPilot was particularly useless: It would close itself unless you keep the app open and not lock the screen and have a way of charging the phone faster than the car charger. Money flushed down the lavvy.

Often areas of Microsofts own web pages don't work properly on WP8 - I tried to buy a Surface Pro 4 on my phone but gave up after a few minutes of wildly jabbing (and shouting for effect) at the screen, my repeated key presses ignored by the buttons on the page.

The vendor attitude towards FDE raised an eyebrow; essentially you can only enable FDE on your phone if you connect it to enterprise services. Why the restriction? Enterprises will have DR which allows them to unlock any devices they own, but what about mere mortals like you or I? If somoene nicks my device I want to be absolutely sure that my data is out of reach even if the handset isn't.

Even after taking the tin-foil hat off I simply no longer trust Microsoft with anything sensitive - having all my emails read by Cortana is a functionally nice existence but there's things in there she shouldn't be reading. Even my servers now send me their reports encrypted - although WP8 does allow for S/MIME encrypted email systems I've gone with PGP. And no longer use Windows for email at all except my Outlook.com accounts - I can't provide any guarantees to my clients otherwise.

In short, all those really slick integrations have gone - perhaps the development teams at Microsoft across different areas no longer stay friends? Perhaps this is a transitional phase where the whole company mindset is being moulded in different directions. Whatever the cause Windows Phone is no longer the fun place it once was.

The new handsets look great - I've not upgraded - Continuum is a brilliant idea (your phone is your laptop, plug the phone into the docking station which has a keyboard & mouse....). A bit flakey at the moment but, again, Microsoft pushing the boundaries.

Had a look at iPhone and it seems to look almost exactly as it did in 2006, albeit with a bigger screen and flatter handset. Not for me and my desire to tinker.

So my Android phone arrives in a couple of weeks and I've got to work out how to harden it properly before I swap the SIM card across. Maybe I'll download the source and alter a few bits before building my own image.

I'll probably miss the inherent security model of Windows Phone (n.b. not the same as Windows Mobile) - and it's [mostly] awesome user experience. I won't miss the raging frustration with it's shortcomings but I can't help but feel it could have been great.

Maybe Nokia shouldn't have been involved with the project - perhaps they wanted to stay Symbian too much. Perhaps it's a potential partnership for Blackberry due to the imminent demise of Blackberry OS? Who knows. A more robust Continuum would suit a number of businesses who are considering moving to thin terminals or all-VM environments perhaps. It's essentially a very cheap, ultra-portable laptop.

I may wander off into Android-land for a year or so and just get fed up with it - just in time for WP10 to mature more. But I can't get ProtonMail, Signal or other browsers on WP.

Maybe I'll find a Nokia 3310 instead and walk free of all the nonsense :)

Q1 Review

Miami winning 5-4 in the championship series...but it's close

It's been a busy start to the year beginning with having Swiftbiscuit show me how it's done on the kart circuit - even if he didn't bring is own racing boots, gloves or helmet from Miami. The marshals came up to him afterwards and mentioned their awe of his racing line. Total focus and precision - awesome to try and chase through the corners.

(I've also knocked a couple of seconds of my lap times and made it into the elite class since)

My birthday last month was pleasantly uneventful - although managed to get another kart race in on the weekend - there was one less birthday card this year which forced poignant reminder of the events of Jan and Feb.

Dad didn't tell us until it was too late and even though we knew he was ill, he didn't let on about how much pain he was in until right near the end. That was kind of his way of doing things (i.e. refusing to listen to anyone else). It didn't really sink in that he was beyond the point of no return until I got a call from the care home telling me he'd been taken into hospital.

We'll scatter his ashes in his home county of Cornwall this year so he can enjoy the countryside and coast he came to know as a boy. A lesson to all of us to make sure we take care of ourselves and always keep talking. Every hill is a victory in potentia after all.

There's too much to do on the information assurance front and I've re-focused my efforts significantly. The last two months or so has been flat out - no thanks to laptop problems and a 192 mile round-trip commute. This week should allow me to break the surface again whilst migrating corporate accounts to both a different package and different accountants.

All whilst studying for my CEH & CISSP...

I've made significant progress on the spam front too - from hundreds of spam emails a day down to between 20-100 is a big plus. I spend far less time trawling through nonsense looking for potential business or emails from friends & relatives. It's like whack-a-mole though...you get a domain disabled or an ASA complaint upheld against one and another pops up. Eventually the pattern will become obvious as individuals are already being tracked.

One thing I have noticed quite consistently is the attitude of spammers and their lawyers (with a handful of notable exceptions) - I'm becoming less and less surprised by the lack of knowledge surrounding DPA and PECR, as well as case precedent such as Vidal Hall vs. Google. I'm not suggesting an ambulance chasing model is ideal but it seems like the regulators are being restrained whilst the data traders and spammers are not.

Until the balance is restored however, ProtonMail, EFF and WWF will be getting more donations from me after winning or settling my cases.

Hopefully ICO's GDPR education campaign will keep momentum up as it's vitally important to drag the private sector into the current decade (before it finishes).

Fingers crossed that the EU referendum passes with a Stay / Remain vote and we can all get on with commerce again; as well as a wider, considered approach on privacy and information assurance in future.

Surface Pro 4 vs. Linux

Surface Pro 3 seemed to be stable, relatively efficient and a good mix for a dual boot laptop. Things were pretty good all round and Windows 8.1 Enterprise worked well on the touch-screen led device - probably not a popular statement but it was designed for Surface.

My own belief is that Microsoft didn't enter the laptop market to dominate it but to force the competition to get off their lazy backsides and start thinking again. We've had a stagnated market for over a decade and it's taken the software & keyboard kids to initiate change. Apple has had to improve it's hardware to compete with both Surface Pro & Book; HP and Lenovo have had to reconsider their clamshell laptop propositions too.

Moving beyond a simple single-OS laptop replacement a growing number of penguinistas have noticed the Surface and blogged about supporting it. Personally, I'd gotten to the point with Ubuntu 15.10 on SP3 where I was pretty much using it for everything work-wise - bar Visio and Excel situations, firmware updates for the Microsoft hardware and games or modern apps such as movie streaming or Kodi.
I don't use Windows for email and have my PGP keys available only on non-Windows OS's; all my remote work is done on servers via SSH and I lock drives up with a multi-platform encryption solution. Ubuntu handled all of that and seemed to get the most support for SP3 out of all the Debian-based distros.

Ubuntu didn't really do brilliantly with touch-screen but the stylus was a pretty good mouse replacement (assuming you don't need a right click...). The SP4 stylus was a big improvement on the SP3 variant - and didn't go to sleep at random whilst you were using it.

A big plus. And not generating a BSOD when you attempt to disable power management would have been a bigger plus. Although Windows 10 - in all it's greatness - decided to fail software licensing management services without any bidding on the replacement SP3, meaning I had to deploy W8.1Ent anyway...

Then the connector between the SP3 and the type cover stopped detecting anything - I have Type Cover 3 & 4 so tried both - and with John Lewis' support policies meaning a 3 week period without a laptop whilst they repair it; I was running out of options as I need a laptop to earn money / work on client site.

Perhaps rashly, I elected to buy a Surface Pro 4, take an image of my old SP3 and deploy straight onto the SP4.

I used dd more in the last month than I have in years

Of course - that would be too easy. Microsoft have revoked support for Skylake and a significant portion of hardware drivers for the SP4 from anything but Windows 10.

Dick move Microsoft.

I wasn't prepared to disable the driver signing checks and manually install 100+ drivers. Looking forward another 12 months I would not have thanked myself for the maintenance overhead.

After a lot of research and swearing I gave up. Reset the PC.

Plan B. Good thing I took a backup of the SP4 drive before I started eh? Redeploy the boot partition, the W10 partition and the W10 recovery image (a partition at the back of the drive) and run the re-deployment.

What's this? I can put Debian straight onto the SP4? Skip a few kernel versions and maybe get that Surface Pro driver support OotB? Why mess about with downstream distros like Ubuntu? A big thumbs up to Alexander Clouter who's been persistent enough to plug away at Debian 8 on the SP4.

All went fairly well until the reboot then I discovered a problem where putting the home mount point on a LUKS provided partition seemed to keep taking out the installer. Seemed to get confused, dismount the home partition cryptsetup preventing selection for home.

I tried putting all mount points into one partition and got Debian 8 loaded on it. But as soon as I got further into the configuration (around the kernel rebuild) things started going wrong. Despite long hours of research I couldn't get initramfs or hid_multitouch to deliver the right state prior to kernel build. Although I sorted out the sources I think it just needed someone with more linux experience to resolve the errors when it wandered off Alexanders plan.

More swearing. I used a couple of the old SP3 pens as darts on a dartboard and chucked some kittens in a wood chipper to make myself feel better.

At this point I had to carry the old SP3, a usb keyboard and the stylus on to client site and wasn't happy. I'd got plenty of other things to do (on top of the consultancy work during the day) and paperwork to sort out.

Right - so plan B stuffed. Plan C. This time I already had the partitions set up so just invoked the PC reset / W10 recovery process. W10 set up and updates re-installed I just grabbed the ISO for Ubuntu 16.04 Desktop and plodded through the deployment.

Same issue with the LUKS and separate home mount point - eventually gave up on the idea altogether and created a shared encrypted partition which is usable by W10 and Ubuntu, along with separate partitions for later use.

Thanks to Spideroak it was pretty easy to download and re-deploy all those custom .bashrc and .bash_alias type moments - and Evolution backups that I use to replicate my environment across machines.

Finally Operational

Windows 10 is an utter disappointment. If I'd never seen Windows 8 I would have loved it as it's a great step forward from Windows 7. It makes even more sense when you use it on a touch screen device like a Surface and with the stylus & OneNote the whole thing takes on new meanings in meetings.

However my faith in Windows 10 is gone - 8.1 was a pinnacle in user experience and there's a lot of it's logical workflows that I hope will one day be amalgamated into 10; e.g. VPN - the charms allowed me to select a configured VPN adapter whereas in the W10 right-side menu it opens the control panel VPN settings page - a wholly unnecessary screen jump for an "on/off" operation. For now though it's a step backwards.

W10 also has a recently introduced "undocumented feature" which has touch-screen and stylus stop responding seemingly at random. I'm pretty much steering clear but OneNote, Excel and Visio keep that productivity link - there's nothing that comes close on Linux unfortunately. The majority of my work is done in Linux - Architool, LibreOffice, Evolution and Office365 Enterprise (depending on the client).

Game streaming from an Xbox One though is a huge plus for W10 and the new processor & cooling fan doesn't sound like a helicopter on take-off when the slightest CPU utilisation spike hits. Did I mention that I like it that the SP4 pen doesn't fall asleep at random whilst you're using it?

Security Concerns

After all of the recent nag-malware, privacy issues and Microsoft’s collaboration with various data collection schemes I'm left only with concern that my security and data investigation work would potentially be compromised by continuing to use the ecosystem in any great way.

I've already encountered a swathe of spear phishing attempts using email addresses only available to the subjects of spam hunts or AV firms (more of that another time) and not reading my emails on Windows is good way to cut out 99% of that threat vector. The rest I can deal with via opsec & security solutions on Linux.

Hindsight is a wonderful thing and what I should have done was buy a replacement [new] SP3 i7 and just redeployed the machine image from old to new. Maybe there would have been some software licensing tied to hardware ID's - or perhaps a re-sign of secure boot certificates. But nothing as relentless as the SP4 option or as expensive. It has not proved value for money and I'll not be buying an SP5 unless it's device vendors provide drivers for the open source community.

UK Apollo Group (Updated)

The Claim

The Entire Defence (v1)

I don't blog about cases unless there are exceptional circumstances and this is certainly one of those. Of all my cases this is probably the most ridiculous attitude towards data protection and information assurance I've seen yet.

Over the course of 2015 I've spent a lot of time speaking to people in and around data protection and those who've been taking spammers to task. Within a group of people there are different motivations and slightly differing goals but one key factor is common: Spam fatigue and being fed-up with personal data being sold, re-sold and profited from without any kind of consent or reparation.

If you sign a EULA with Microsoft, Apple, Google and many others and read enough of the small print (yes - I'm one of them, sorry...) you'll discover that you haven't actually bought the Thing in your hand or the Thing installed on your device. You've paid for license to use that Thing on your device. Your use of that Thing can be terminated at any time by the owner - you (the licensee) have rights to use the Thing but you don't actually own it.

In legal terms personal information is not property [yet] and so this doesn't necessarily follow in the literal sense of authorised ownership / resale. However in the terms of an agreement where you license an entity to use your personal information for a given purpose you have the right to withdraw that consent at any time.

Since 2014 I've started using a mechanism which allows me to trace the path of personal data from capture to spam; there are edge cases where data traders may be between the capture point and the spammer but it's up to the spammer whether or not to "'fess up" and disclose those sources. Incidentally, disclose of source is a statutory duty under the Data Protection Act if requested to do so under SAR.

I agreed / licensed the use of my information (arguably a product in itself) to Monster.co.uk for the purposes of finding a job. I'm a contractor and am "client cycling" on a semi-regular basis so use jobsites fairly often. However Monster's own T's and C's - as well as the consent conditions I agreed to - do not allow anyone to acquire this jobseeker profile information for anything other than recruitment for a live job role.

That means you cannot acquire this data arbitrarily on the promise of a future job role being created nor can you scrape this data and monetise it via offering products or services - whether they are relevant or not.

When I started getting spam which used email addresses only added to Monster profiles from Taylor CVs advertising their CV writing & design services it was pretty clear that it wasn't by mutual consent. I spoke to Monster's abuse team and they agreed with me.

After one of the most insane SAR-based email exchanges with them I've ever borne witness too I raised a claim in the courts for their blatant breaches of statutory duty, the DPA and the PECR. It didn't take long to find some really extreme examples of Apollo's persistent offences. In one case one of their representatives posted a very personal email from a complainant to attempt to belittle their criticism of Apollo - not only an abhorrent breach of data protection but a galling breach of privacy.

I wouldn't have considered this course of action (normally some polite emails to ask them to adjust their policies and perhaps a blog post or two to help others dealing with the same situation) but the attitude of some organisations really hacks me off. Had they put their hands up and said "Ok, we did something we shouldn't and we're sorry" I would probably have left it at that and added a note for future reference.

By they didn't - they actually tried to tell me I'd consented and that I'd subscribed via their Executive Partnership brand (since shut down). They tried to weasel out of it and I suspect they know exactly what they're doing wrong.

What's worse I know from other witnesses that they have no way of tracking which sources they compile their central lists from as they don't have the infrastructure to manage it - even if they did care.

In this case I applied to the court to force the Apollo to re-write their defence so that it was coherent and actually answered the claim - as you can see from the photos at the top of this article the defence looks like it was written with the same attitude that Apollo spoke to me directly with: through arrogance and ignorance.

TL;DR - Re-write the defence. Another CM hearing to see if it's worth an actual hearing

Apollo have until 4pm today (15 mins from the scheduled publish time of this post) to file a proper defence and the court then has a case management hearing to determine whether or not Defence v2 will actually answer the case or not. I've already raised the issue with ICO and the ASA as Apollo have spammed me more than eight times since "deleting my data from their systems".

ICO's response was essentially: "Yes, they're very wrong and need to improve their data compliance but we're not going to do anything about it". Considering they know I'm taking action directly I think that's reasonable but I think a decision notice would be applicable as it's not a first offence.

It's beyond a joke and as no-one else - especially the regulators - seem interested in doing something about it much outside of the public sector...but why should it be up to people like me to force these companies into compliance with the law? Surely that's not the way it should be?

If you have views or concerns please feel free to get in touch directly (secure contact details open in new window).

Update 25th July

There was a mishap at the Birmingham County Courts resulting in being sent to the court rooms on the wrong floor. Because there was no usher that day there was no way of easily finding out how to correct the mistake until 10 mins into the hearing. Case dismissed as the claimant (yours truly) didn't attend - despite being less than 10 metres away the ushers in the district court area didn't use the tannoy.

Application submitted to have the dismissal set aside, hearing fee paid and awaiting a date for the hearing. Apollo have also spammed me since the original post - four times.

Surface Pro 3 & Ubuntu Tip

Monday morning is always a bit of a struggle and it seems my SP3 was really feeling it this morning.

It refused to recognise either the SP4 Type Cover or the SP3 Type Cover during boot and OS load. Normally I'm use to swapping out to the older type cover for Ubuntu (real shame - SP4 Type Cover is a massive improvement) when the two stop talking but today...nothing.

No matter how much I shouted, cursed, cleaned the connectors, pleaded or bargained with it, the device would not recognised the keyboard.

This post is to potentially save someone else out there the frustration of the fix - which I found myself as none of the posts out there seem to fix the problem.

Here we go:

1. Shut down the SP3 in preparation for a boot into the UEFI manager with the type cover attached
2. Hold down Volume Up + Power and then release only the power button after a couple of seconds
3. Got to keep the Vol. Up button pressed until you see the UEFI or UEFI login screen
4. Doesn't really matter what you do at this point as you should be able to navigate / login using your type cover
5. Select "Exit" and reboot

Should now be back in operation. There's something about going into the UEFI kick starts the connectivity between SP3 and TC.