Category Archives: Business

Retroactive HECS fees

I think it’s about time we introduced HECS fees for all those people who obtained degrees without contributing to the cost of those degrees.

The argument is that educating tertiary students costs the taxpayer money, and what’s in it for the taxpayers – why ought they fund some snotty kid’s education?  By the same argument, those who got those free educations between 1974 and 1989 ought to cough up and return the same portion of the cost of that education back to the people of Australia.

Disable PayPass or PayWave RFID with a light globe, a pen and a drill bit

I got a new credit card in the mail, and I noticed the PayPass logo in the top right corner.  I’m no fan of RFID, especially with so many documented weaknesses. Also troubling is the loss of two-factor authentification that we’ve had for decades in Australia; both Visa and Mastercard require only the presence of the card for EMV transactions under $100. I like my credit card, I don’t like that other people can spend my money with it.  I thought about trying to convince my bank to give me one that wasn’t PayPass enabled, but Mastercard won’t issue cards without PayPass, so it seems I need to make my new credit card compliant with my privacy and security policies.

Admittedly, all the exploits for RFID enabled cards seem to affect cards in the USA, whose banking system (as best I can tell) is run by a bunch of morons. I assume that the cards in Australia leak no information other than an identifying card number… but even that. RFID can allow unintended transactions, so I’d prefer my transactions to be intentional. I considered killing the whole chip in the microwave, but there’s a risk that would affect the mag-stripe.  You don’t need a radiographer to lend you an xray machine to locate the RFID antenna.  Turns out that a light globe is plenty bright enough to spot the antenna tracks, or the sun (if you can spot it at this time of year).

I lay my card on a horizontal compact fluorescent light globe, and look what I could see:

Disable drill-point marked on a credit card
Just drill out the point where the tracks narrow down, and the antenna is toast

I dutifully marked the point where the antenna traces all converged on the one location, then drilled that point out with a hole made with a 3mm drill bit.  I took it off to my local Kmart, and it worked.  However, it failed at the Coles, and every subsequent retailer (dozens) I’ve tried using it.  Apart from that one Kmart (others haven’t worked) the PayPass functionality is now turned off.

I’ll update here if I make additional modifications that are successful.

Tap and Go causes crime: duh

Ken Lay says that in the last year in Victoria, 11500 extra crimes caused by Tap and Go cards have meant that the crime rate in Victoria has gone up (5%) rather than down.  These additional “crimes of deception” and are apparently tying up police.

It’s slack. Totally slack. There’s no control over it. And what are we finding? There’s been a huge spike in different offences committed to facilitate it; cars being broken into, mail stolen, handbags grabbed, purely because of industry introducing a new practice without any regard to security.

We have taken the view we should be taking on industry over this because our concern is they’ve introduced new practices with no regard to the implications on security and there’s no prevention measures, which is at times bogging down our members in work and time that could be better spent on some really serious type of investigations or responding to critical issues.

Assistant Commissioner Stephen Fontana

And the ABA says “no ways!” and says that dollar value of fraud is down since chip-in-card (neglecting that this isn’t about that) but allowing that losses following theft are up 35% (to only $20m/year).  And ignores all the crime that would be associated with obtaining the cards.

Political donations are not the problem

Corrupt politicians have recently been in the Australian news.

It has been observed that money, in the form of political donations, is a corrupting influence. This causes hand-wringing, as banning donations is considered to hinder the freedom of political expression.

As a response to this demand for cash to finance political expression, suggestions are made that private funding of politics be replaced by public funding – basically an increase on the funding which parties already receive (something of the order of $2.48 per primary vote in lower house seats in the last federal election, for example). This grates those with a strong dislike of politicians and the political process. In addition, the current funding model of retrospective funding (based on votes received) disenfranchises new political views – it locks in the existing players by funding them, allowing them to campaign for votes that will fund them; those outside the system will not be able to break in.

To allow new entrants into the political system to be funded on an equitable basis, some kind of on-going polling could be done and a funding stream allocated on proportionate support in non-electoral polls.

However, switching to purely taxpayer-funded funding isn’t necessary, even if in effect the tax-deductibility of political donations makes them taxpayer subsidised.

Political donations are not the problem, the problem is that donors can be identified by the political party and and expectation of quid pro quo is raised. Beyond that, large donations from a single donor are also a problem – even if political party donations were anonymised and repudiable the donation’s existence could be inferred by the velocity of money flowing out of any anonymising system.

Let’s say you’re trying to run a corrupt political party under an annoymised donation system. Someone comes to you and says “I will give your corrupt party $10m, and I expect you to make this corrupt thing happen.” You’d then donate the $10m, and your donation would be pooled along with the hundreds of other donations made to the party. The Donor Anonymising Service (DAS) would then hand over a certain amount of money to the party, but it would not be $10m. It would be the stipend that the party had requested from the DAS, along with advice that the current amount held in reserve is enough to last at least X days, where X was the same number (give or take a couple of days) as it was yesterday. You don’t know if the $10m donation was actually made, all your party knows is that it’s got enough money to last X+2 days. You could up the rate of the stipend, but the DAS would scale back the reported window so that no extra information is revealed by the reported minimum duration the reserves will last. You’d limit the rate and number of times the stipend could be changed to discourage probing. Naturally, it would be illegal to make a political party aware of a donation or its amount.

Of course, then you have all the fun and games associated with loaning money to political parties, and with corrupt administration of a Donor Anonymising Service, but you get the gist of where we could go with this idea.

Allow more JavaScript, maintain privacy

I’ve long regarded JavaScript in the browser to be one of the biggest security holes in web-browsing, and at the same time the Internet works less and less well without it. In 2008 Joel Spolsky made the observation that for some people the Internet is just broken:

Spolsky:   Does anybody really turn off JavaScript nowadays, and like successfully surf the Internets?

Atwood:   Yeah, I was going through my blog…

Spolsky:   It seems like half of all sites would be broken.

Which is not wrong.  Things have changed in the last five years, and now the Internet is even more broken if you’re not willing to do whatever random things the site you’re looking at tells you to, and whatever other random sites that site links off to tell you to, plus whatever their JavaScript in turn tells you to. This bugs me because it marginalizes the vulnerable (the visually impaired, specifically), and is also a gaping security hole.  And the performance drain!

Normally I rock with JavaScript disabling tools and part of my tin-foil-hat approach to the Internet, but I’m now seeing that the Internet is increasingly dependent on fat clients. I’ve seen blogging sites that come up empty, because they can’t lay out their content without client-side scripting and refuse to fall back gracefully.

So, I need finer granularity of control.  Part one is RequestPolicy for FireFox, similar to which (but not as fine-grained) is Cross-Domain Request Filter for Chrome.

The extensive tracking performed by Google, Facebook, Twitter et al gives me the willys. These particular organisations can be blocked by ShareMeNot, but the galling thing is that the ShareMeNot download page demands JavaScript to display a screenshot and a clickable graphical button – which could easily been implemented as an image with a href. What the hell is wrong with kids these days?

Anyway, here’s the base configuration for my browsers these days:

FireFox Chrome Reason
HTTPSEverywhere HTTPSEverywhere Avoid inadvertent privacy leakage
Self Destructing Cookies “Third party cookies and site data” is blocked via the browser’s Settings, manual approval of individual third party cookies. Avoid tracking; StackOverflow (for example) completely breaks without cookies
RequestPolicy Cross-Domain Request Filter for Chrome Browser security and performance, avoid tracking
NoScript NotScripts Browser security and performance, avoid tracking
AdBlock Edge Adblock Plus Ad blocking
DoNotTrackMe DoNotTrackMe Avoid tracking – use social media when you want, not all the time
Firegloves (no longer available), could replace with Blender or Blend In I’ve have had layout issues when using Firegloves and couldn’t turn it off site-by-site

Please make it okay for KITT to drive itself around

Driverless vehicles are coming. A clear legal framework will make them come all the sooner, and there’s an opportunity to make autonomous vehicles as safe as passenger aircraft.

Don't drive a car like a smuck, get the car to drive you!

Don’t drive a car like a smuck, get the car to drive you!

Make the manufacturer(1) solely responsible for all liabilities incurred by the vehicle, driverless or not. Transfer this liability to anyone who modifies the vehicle without manufacturer approval(2) – covering up sensors, adding systems, modifying software etc. While autonomous, fines for driving infractions are the responsibility of the manufacturer; demerit points are treated as unidentified and the fine for failing to identify the driver is payable by the manufacturer. Annual vehicle registration fees(3) remain payable by the vehicle owner, but third party insurance costs – personal and property – are remitted to the manufacturer, who could be expected to pay you to… not drive the car – if you drive the car, that creates an uncontrollable liability, but if the car drives itself then the risks are only those that are those due to the product, which presumably would lead to product improvement to decrease crashes and injury.

How would you force owners of cars that are the liability of someone else to properly maintain them? Simple; you make the manufacturer cover maintenance costs too – tyres, servicing etc. So now we’re getting to the point where we ask: what are people paying for cars that they only have to cover the running expenses for? How does the manufacturer recoup the cost of maintenance? Doesn’t really matter, but I think you’ll see that driverless cars will only be able to be leased, or hired, or rented, or some other such model. They’d basically be taxis – paid for by time and distance.

Every driverless crash will be investigated by a federal body – the Australian Transport Safety Bureau. To aid investigations, vehicles will be required to detect crashes and refuse to function after them; extensive data logging like on aircraft will be mandated. Because of the lack of humans involved, crashes come down to systems failure and the crash rate should be highly controllable.


Fly, KITT, fly

(1) Autonomous vehicle manufacturers might baulk at these plans to make them directly fiscally responsible for their products. Fine; they could instead put an insurance/finance company in as the responsible entity, but whomever is responsible would have to prove to the government their capability to meet their contingent liabilities.

(2) That is, you can hack your car if you want. But if you do, you wear the (potentially quite substantial) risks associated with having done so. Find an insurance company that’s willing to cover you (ha!).

Have you played thePopulation: Tire game? If not, you haven't lived.

Have you played thePopulation: Tire game? If not, you haven’t lived.

(3) Why do we charge registration fees? Owning a car doesn’t impose any costs on society. Driving it does; parking it does. There ought to be taxes on… tyres. The consumption of tyres by a vehicle is roughly correlated to the wear and tear on infrastructure and other externalities. Motorbikes, two tyres; semis eighteen or more. There are already taxes on fuel, again because of externalities – and presumably, because they’re easy-to-levy taxes that are hard to avoid. But infrastructure wear is not a function of fuel consumption, but it is a function of using tyres. The problem with a tyre tax is that people will naturally buy tyres that last a long time, rather than other considerations – for example braking efficiency; to address this some wear factor ought to be applied too.

Australian electoral fraud

An undamaged security cable tie

If the security cable tie isn’t pulled tight engaging the teeth, it can be pulled right off. If it was secured, it would have been damaged while being removed (with scissors).

I did scrutineering at the last Victorian state election, and apart from the shocking level of informal voting and above-the-line voting, there was another shock.

Electoral fraud – or the possibility of it.

The nice thing about living in Australia is that we take our democracy seriously, and we balance being able to prove that what the outcome was with ballot secrecy. Nobody, no level of government or industry, no individual, will know how you voted without you telling them. Yet at the same time we can have confidence that our electoral system is not being rorted; our governments change back and forth, and each time it does representatives of both sides keep a close watch on the activities of the employees of the AEC and VEC, eyeballing each individual vote and knowing that they are all distinctly different from the others in spite of being a collection of handwritten marks on a slip of paper.

To minimize the risks of ballot box tampering, at the start of voting the ballot boxes (just big cardboard boxes here in Australia) are sealed shut with serialized cable-ties. An independent somebody witnesses this when an Electoral Commission employee does this (typically the first voters who wandered into the polling station), and their details are recorded (by details, I think that means signature, but it could be actually enough to track the person down afterwards) and they sign the form that records the sealing of those particular ballot boxes.

So how come they use cable ties that can be “done up” and yet the teeth don’t engage – thus leading to an unsealed ballot box? Is it too much to ask for a cable tie with teeth on both sides?

I should have kicked up a fuss, but it was a safe booth in a safe seat, and who needs the hassle?

Anyways, the reason I relate this story is that I’ve been seeing comments along the lines of “this is the 21st century, why they hell are we using pencil and paper?”  Because, dickwads, computers don’t leave a fucking audit trail.  There’s no scrutineering of electrons.  How the hell are you meant to verify that Clive Palmer didn’t in fact get 98% of the vote?  You can’t.  Interesting that Clive Palmer owns the company that supplied all of the (suspiciously cheap) voting machines to the AEC, but that hasn’t got anything to do with it. And the cost! Pencils are 10c each, paper is about a cent a sheet.  A shitty computer is $500, and requires a bunch of electricity. “Do it on the Internet, or use smart phones!” I hear you say. No, because while nearly everyone can move a pencil around, significantly fewer can use their computer to vote. And there’s no connection between how you voted, and the counting of votes. The announced result could be anything, and there’d be absolutely no way of proving it wrong.  So, yes, computers are shiny and clearly the best way of implementing a voting system, if you want an electoral system you can’t actually trust.

Grumpy Duck has a nothing

There was some massacre in the US (again) and the pundits are trying to explain why the perp did it. Closest they got is “well, he did like violent video games. Said it was like he was actually there, doing it”. I predict calls to ban violent video games. I’ve reached the point where I’ve given up caring about massacres in the USA; I’ve researched why they can’t make laws controlling gun ownership and it turns out the Supreme Court has taken a very pro-gun interpretation of the US Constitution in some recent key cases. The decisions made have cast gun availability in stone, so to alter that in any way now it’s a simple matter of changing the constitution if they want safety. Which they’re not going to do, so screw ‘em. Massacres are the price the USA pays for having those laws of its land.

If you’re not going to change your laws, quit whining.  Either you love gun massacres and stay in The Greatest Country On Earth, or you sod off to a proper country. Why not celebrate these massacres as a beacon to the rest of the world, a sign that your country loves freedom – and that the occasional mass killing is just a timely reminder of how valuable those freedoms are?  Besides which, those shot in mass killings deserved it – they failed to exercise their constitutional right to bear arms. Increase your personal safety and that of those around you – go buy a gun, right now!  Buy two: one for each hand.

Kids in the USA get Grumpy Duck has a gun.

Aussie kids get Grumpy Duck has a nothing.

The Roast can be seen on ABC2 at 19:30 three weeks out of four.

Tell us what you think!

Tell us what you think!

Tell us what you think!

It doesn’t really work like that.

This is why retail is in such trouble

To our surprise, we’ve discovered our youngest has terrible vision due to dud eyes.  He’s proven a superlative example of the brain’s ability to work around systems failures – his parents didn’t have the slightest idea his vision was as stuffed as it is.  The discovery that something was wrong was made at his 3.5 year overhaul child health check.  We got a recommendation to an optometrist who was reportedly good with youngsters; and she determined the exact problem and quantified it (without using any lasers at all, which seriously disappointed me). Medicare covers the entire cost of this testing.

Neither Cathy nor myself wears or has ever worn eyeglasses (I recently complained to my doctor that my vision had deteriorated, and after testing he told me to quit bitching because my vision has dropped to  20/20), so we were lost at sea when it came to acquiring and purchasing.

With a prescription in hand we went shopping, with prices ranging from $350 to $550 for a single set of eyeglasses that will need replacing in six months.  These prices seemed dramatically above what the cost ought to be; I’ve bought sunglasses before and paid between $1 and $100 a pair.  “To the Internet!” I cried. And lo, the Internet said that if we were willing to wait three weeks instead of one to two, it would hand over the same kinds of vision correction devices for $90 $78; actually that was USD, so it was going to be less again.  Not only that, all the stores on the interwebs had memory metal eyeglass frames, whereas the physical stores often didn’t carry that vital (in a three year old) option, hoping instead that arms that were double-hinged might be able to survive (or, given the warranties involved, perhaps even hoping they wouldn’t survive).

Australian retailers are in trouble and want GST charged on all imports into Australia, rather than with the $1000 limit that currently operates; the GST is the least of the problems with retail in Australia.  And the cost of collecting GST on imports is high:

The Productivity Commission said that reducing the threshold to $100 would raise an additional $472 million, but, based on the current customs processing charges, this would cost consumers and businesses approximately $715 million.

So that’s not taxing everything, just anything where $10 of tax could be collected.  An efficient way of taxing imports would be just to tax everything based on the cost of posting it into Australia; one could argue that if someone’s willing to pay $50 postage on something, the goods must be worth something more than… say $50… to them.  So charging Australia Post $5 for the parcel will collect some tax on the thing that we don’t know what the price is, but can make some guesses about its value.  AP will just pass on this charge to the postal services it operates with, pushing up the price of posting to Australia.  People receiving gifts would be able to fill out paperwork to claim this tax back.

The 55m parcels imported into Australia below the $1000 threshold account for a guessed $5.8b of value, that’s an average of about $100/parcel.  My proposal would collect… perhaps $200m, with a very low administration cost – 40% of the tax for 1% of the cost.

But none of this is going to save retail, because the problem retail has with eBusiness is that the fixed costs are so much higher.  Once property prices – and rents – drop to a reasonable level, retail will have a chance.  And for that to happen, many retail businesses are going to have to fail.  Until then, retail is going to need a 50% markup on everything, and will continue to struggle against competitors that don’t need that margin.

Interestingly, our optometrist probably has the right model for a business – they are a service provider providing a service that can only be performed in person, with an adjunct retail business selling glasses etc, ready to mop up consumers who don’t baulk at $550 for a pair of glasses.  They can justify these prices because have the right kind of warranty – two years, no question, anything happens and we’ll fix it.  Accidentally drove over them?  No worries, we’ll replace them.  Try getting that from the intertubes.

Of course, this whole discussion assumes capital and materials mobility, and low labour mobility.  If fuel costs skyrocket, or immigration becomes just a matter of getting on an aeroplane, the whole ball game changes.

Update: Ten days (six business days) after placing the order, the glasses have arrived from China.  That’s right in the delivery window suggested by local providers, and half the delivery time promised by the online eyeglasses retailer we used.  Everything looks great; I’ll whine if anything isn’t right, but with my limited knowledge, all seems well at the moment!  On the downside, our health insurer says that we choose poorly if we wanted a refund; the cheap Internet places they pay out with want $200 for the same glasses, so screw ‘em – our out-of-pocket’s the same whichever way, and this way has less paperwork.

Skype: will it stay multiplatform?

So, as of today, Skype is available for:


  • Windows
  • Mac
  • Linux


  • Android
  • iPhone/iPad
  • Symbian (some Nokia and Sony Ericsson)

Now that Microsoft has bought Skype, it’ll be interesting to see which platforms are supported in, say, 6-12 months time. I bet Windows Phone 7 will be there, but will any disappear?

As Office Watch speculates:

Skype has benefited from being independent of any operating system or platform. If there’s sufficient users for an operating system, Skype made the necessary software. Windows, Mac, Linux, iPhone, Android etc, all have Skype downloads because it was in Skype’s corporate interest to have broad based coverage.

Now, that corporate interest has changed. Any Skype development will go through the filter of serving Microsoft’s broader corporate agenda. Despite Microsoft’s assurances, that will gradually change Skype into something that gives preference to Windows, Windows Phone and other Microsoft products.

Wired also has a good piece pondering why MS bought it.

How not to run a corporate web site

I’ve noticed that Transport For London do this irritating thing: they move (“archive”) their corporate media releases content each month.

So this:

– which has been quoted widely as the press release for the Royal Wedding Oyster Card, for instance on the popular Going Underground blog — gets moved to:

The old link returns a 404.

WHY? It just seems utterly pointless.

The other thing they do is fail to show, or even link to pictures on their media release pages, even in cases like this where the picture is of prime interest, as the story is “Mayor unveils design of the royal wedding Oyster card”. Instead they make you ring the TFL press office.

Perhaps they haven’t noted the rise of social media, where the messages you put out can be spread by bloggers, Tweeters, Facebookers — none of whom will have the time or motivation to ring your press office to get hold of a photo.

If you hide the official information too much, people will end up relying on the unofficial information out there. Less detail, less reliability, and you’ve got less control of the message you want to put out.

Seems an odd way of doing things in the 21st century.

(I only had this rant because I was looking for a picture of the special Royal Wedding Oyster Card.)