Monthly Archives: November 2015

The communal food and drink area

Deja Vu

Almost exactly a year ago I was stood on the platform at Roughton Road station, my life packed into bags, ready to embark on one of the biggest adventures of my life. It’s hard to believe a year has passed, the time has just flown by. That year has seen Rainbird more than double in size, gain traction, and move to swanky new offices. It’s also seen us accepted onto the MasterCard Start Path program, which is why I’m once again sat on a bed that isn’t mine, away from my family.

The Start Path programme is 6 months long, but it’s a very different beast to Techstars. For starters, only a couple of weeks is spent away from home, kicking off with an Immersion Week in Berlin. Secondly, I don’t think the mental working hours will apply. And thirdly, daily blogging isn’t going to happen (although maybe for the days when I’m away from home).

Despite being run by a big corporate like MasterCard the programme has a startup feel to it, right down to the space we’re using. Today has mostly been introductions, both to MasterCard and the Start Path programme, and to each other as we’re one of 7 startups in this cohort. Tomorrow I get to learn all about payments. In the mean time I actually need to get some work done, something that could be fun given the poor mobile signal and flaky hotel WiFi.

Our offices for the next week

Since arriving in Germany I’ve learned that you need to validate your train tickets (Ben and I got told off for not doing that by the conductor on the train from the airport), that hotels here don’t believe in proper pillows (may require some improvisation), and that pedestrian crossings don’t quite work like they do in the UK (turning traffic seems to still drive at you, and you just have to take it on faith they’re going to yield for you). Oh, and German gummy bears (and gummy sweets in general) are just awesome.

Despite the not-so-mental working hours I seriously doubt we’ll get to see much of the city. It’s autumn, so it’s going to be dark when we leave each evening, and it’s only a short walk from the hotel to the venue with not a huge amount to see en-route, or to explore in the surrounding area. That said, we did get to see a few sights on the train this morning when we weren’t being told off for accidentally fare dodging.

Quantified Terror

So here’s an interesting thought. as part of the always on, always connected quantified self we can now measure terror. As I sit in my bulkhead seat of this RyanAir flight to Berlin, climbing out from the takeoff, I can watch in real time as my heart rate rises well above 100BPM, despite my deploying a barrage of tricks and diversion tactics to remain calm.

My rate spikes as the plane banks, my head studiously down, ignoring the fact that I’m in a pressurised tube hurtling through the sky in a display of what my brain feels to be Brute Force Over Ignorance.

And this state of mild panic actually me coping well. I can think straight enough to write. I don’t yet have that sinking feeling in the pit of my stomach. Clearly I’ve got better at flying.

Not great though. An elevated heart rate and nervous shuffling around at the airport for 15 minutes while waiting for my travelling companion registered as a full 15 minutes of exercise. As we settle into the flight my resting heart rate is now in the high 90s, low 100s

And for the next hour and however many terrifying minutes are left in this flight I can know, with data to back it up, that I do not fly well. Of course, I knew that before, but now it’s quantified.

There now follows a party political rant on behalf of the Common Sense Party

When my Dad died it fell to me to sort out his online presence. I sat down at his fancy HP Touch Screen Media Centre monstrosity and promptly demonstrated why full disk encryption is so vital.

Within 5 minutes I had full access to his computer, and everything on it. This included Outlook Express, which dutifully connected to his email account using the credentials it had handily stored away. 30 minutes later and I owned almost his entire digital life.

Once you have access to someones email, you have access to a huge number of websites they’re registered with. Don’t know the password? No problem, we’ll handily email you a link to reset it to something you do know via an email sent to the compromised account you now own. Oh goody!

But that’s OK, no one is going to steal your computer and get access to your email client. Maybe not (although you might just want to enable full disk encryption, just in case), but then perhaps someone like TalkTalk will slip up and release account details which give them access to your email – because, hey, remembering lots of passwords is hard and what’s the harm in using the same password everywhere?

Now lets just pretend that companies like TalkTalk need to suddenly start storing lots more personal information because the government said so. What’s going to happen here? Are you going to get a well architected, well implemented system with security being on of the basic tenants of its design? Or are they just going to ram something into production that does what’s required and then forget about it?

What we’re talking about is a data store that does nothing for the company’s business model, makes them no money, and is a cost to build and maintain. It’ll also be a treasure trove that hackers will want to target, if only to say they did. I have very little doubt that the whole thing will furnish me with a sequel to my talk on massive cockups in IT.

And this data store does what? It allows you to pin some extra evidence on the sloppy who, lets face it, probably have made enough mistakes to be convicted anyway. Anyone with half a clue and nefarious intentions can easily sidestep this store, flood it with spurious data, or both. Incidentally, anyone with half a clue and perfectly honest intentions can also sidestep the store. It’s very hard to tell the difference.

But it’s just metadata! Yeah… putting the word “meta” in front of it doesn’t make it OK. Happy for me to see your browsing history? Of course you are, you’ve got nothing to hide! What if I told you I could also see all those sites you went to in that incognito window you had open last night? Not so great any more is it? Still happy to hand over “metadata”? Then consider this: if the data is the results of your STD test, then the metadata is that you’ve had a test in the first place. I could go on.

It’s also dangerous. So perhaps your browser connects to a compromised server because someone has injected a malicious advert into an innocuous page you’re browsing. Perhaps that server also contains material the authorities deem to be something you shouldn’t be looking at. They now have proof that you were looking at it, but no context as to why. You’re simply the victim of a drive-by download, but the metadata convicts you of viewing forbidden data. Don’t try to argue, it’s all there in the logs, we know you’re guilty.

But it stops the terrorists! Ah yes, that old chestnut. We must all make sacrifices to our liberties, and to our rights so that we can Maintain Our Way Of Life, because otherwise The Terrorists Win. There is a brutal irony there. The only way it could get more ironic is if it’s the terrorists who hack all this data and use it for nefarious purposes… you honestly couldn’t make this stuff up.

Anyway, on a totally unrelated topic, who can recommend me a good VPN and some strong cryptography packages?