Refactoring the tax code

Our tax system is broken, properly.  It is insanely complex.  It’s a messy mix of transfers (e.g. the old age pension) and taxes (e.g. income tax).  Normally, when code ends up as a huge ball of mud someone steps in and re-writes it, or re-expresses it bit-by-bit (refactoring) until it’s much better – clearer, faster with a smaller footprint.

Before you refactor, you’ve got to figure out what the system is meant to do – what kind of country do we want Australia to be?


Generally I imagine Australians agree they want a progressive taxation system, where poorer taxpayers pay a smaller proportion of their income in tax compared to the richer members of society.  They want one where tax can’t be evaded (the system has high integrity), and the proportion of the economy devoted to the evaluation, collection and remittance of tax is low (it is efficient).  There seems to be an appetite for a system that operates, over the long term, neutrally – no Greek-style runaway spending, nor perpetual budgetary surpluses.  Equally, while Australians like the idea of a small government, they actually want a large one – one that intervenes to take the rough edges off of life, that provides a safety net no matter what misfortune befalls you; but they don’t want their government’s generosity to be exploited by those without need.  I look at as: I don’t want to look at poor people; make it better.


We’ve got unemployment benefits, single parent benefits, old age benefits, disability benefits and more.  But the nub of all of these payments is that a civilised society doesn’t leave anyone in abject poverty, and that problems that aren’t your fault ought to be covered by broader society. So what makes the unemployed less in need of support than a single parent?  Free money reduces the incentive to work, if one can.  How can a government tell if you’re merely free-loading?  Should it care, or should we – as a society – deem that if you don’t want to work, you shouldn’t have to?  What should we be doing when there’s a worldwide depression, and there just isn’t any work to be had?  If there’s no work for you locally, ought to be compelled to move, potentially away from friends and family – it reasonable to say that if your friends and family are so great that you refuse to move, they (instead of the government) can look after you?  If you bought your own home while you were working, ought the government give you have an easier go of it once you retire?  If you retire in the city, ought payments be made to you to compensate for the higher cost of rents than rents in the country?

The recent budget has decided that tertiary students ought to contribute more towards their education (by way of paying for a greater proportion of the cost of their education, and then paying more for the associated debt), and do so more quickly (by way of lowering the repayment threshold to basically the minimum wage).  Which is all good and well, but it seems that all those who got their education at lower rates or even free ought to shell out too – so if you got your education in the late 1970s, you ought to have a retrospective charge levied against you today.  I’m not clear on what use art degrees are to our economy, but if fewer are undertaken, is that so bad?  Don’t we want a well-educated citizenry?  It’s been pointed out that graduates earn more, so they ought to pay their way – but don’t they do that in higher tax brackets? What, if anything, should we do about the perpetual student – gaining education but never applying it to the benefit of society? What of those who build up a substantial education debt and then move to another country to apply said education?


The tax system is a little more complex – there are some taxes (sin taxes) that try to discourage legal but morally undesirable things – drinking, gambling, smoking, greenhouse gas emissions.  Other taxes discourage consumption – taxes on insurance, land transfer, Goods and Services Tax, excise on fuel.  Still more taxes try to level income inequality; our income tax system taxes are proportionally higher on higher incomes. In Australia we don’t have much in the way of asset taxes to level out disparity in asset ownership, but there are the odd example here and there.

If you design a tax system wrong, it discourages desirable behaviour and relatively encourages undesirable behaviour.  These behaviours ought to be enumerated somewhere.  Is saving better than consumption?  Can you have too much of one or the other?  Societal happiness increases with greater income and asset uniformity, but communist societies have shown that reward must follow effort or work becomes demoralising. So how much equality is enough, and how much inequality is too much? Should sin taxes be eliminated by eliminating the associated sin, as New Zealand is doing with tobacco?


I see a lot of our tax expenditures don’t mesh with any reasonable model of how the world ought to be, or commonly held views.

FBT – what the hell? Weddings are funded by the taxpayer? Allow me to refactor FBT for you: Organisations can spend money on whatever they like.  If they want to deduct that expenditure from their taxable income, they need to either: show it was a legitimate business expense, or attribute it to another taxpayer for whom it will be income.  Thousands of pages of legislation replaced with two sentences.

There’s been a lot of rhetoric lately, and from it I’ve learned that apparently debt is bad – especially being indebted to foreigners.  If it’s bad, make interest payments to foreign entities deductible at 98% rather than 100%, and keep lowering the proportion of the international interest bill that Australian taxpayers will subsidise until an acceptable mix of domestic-international debt is reached.

The Howard government decided that we needed more children, and women in the home, so paid for giving birth and underfunded childcare.  Payments were made for birthing and having children, almost regardless of income.  Welfare payments blew out to be by far the largest part of the budget, and importing children (via adoption) just got harder, slower and more expensive. I guess they were the wrong colour or something – bloody protectionists. Anyway, we ought not be growing babies locally, we ought to be importing them.  The demographic issues have been well studied.  Global population is expected to top out after the next couple of billion people, and then start dropping, but as I understand things Australia has no plan to balance its population growth. Is that the kind of country we want, covered in population centres, with cities that smear across hundreds of kilometres?

The biggest expenditure is on the Department of Defence, but I’m unclear what that department is tasked with or why it costs so much.  Apparently its role is to “protect and advance Australia’s strategic interests by providing military forces“, but that could be any armed force in the world.  Is it meant to repel a foreign invasion?  Is it meant to protect our exclusive economic zone?  Is it meant to provide an acceptable contribution to UN interventions?  Is it a coiled spring, ready to train up millions of soldiers in case of emergency?  Why does it need tanks, or fighter aircraft?  The USA is clear what their DoD is for, it’s the employer of last resort and a jobs program for domestic companies that can’t find other purchasers elsewhere. What is our DoD for?

There’s currently a bunch of whining about how Australian median Real Disposable Income has been stagnant for the last decade. The Liberal party is convinced the only way to get it moving is with Trickle-down economics – dropping the corporate tax rate. Labour seems to think if we get rid of enterprise bargaining, roll-back anti-union legislation and raise the minimum wage everything will be sorted. I think it’s globalisation at work – everything will level out, with wages in the developing world rising, and those in the developed world dropping. If you want less of something: tax it; if you want more of something: tax it less. If you want employees to be paid more, make wages deductible at more than 100%, rather than taxing corporate profits less.

So, tax system broken, needs more income (and perhaps dramatically less air superiority fighter jets).


Increasing and broadening the GST would dramatically increase the tax take, but that comes at a cost.  The GST is a regressive tax.  Taxing things like fresh food, health-care and financial payments (interest, insurance) is complex, in that there are a large number of interacting considerations. On the whole, I’m in favouring of taxing everything (broadening that tax) and hiking the rate.  But this is where the complicating considerations come in.

Push up GST and a lot of high-value purchases will go overseas – cameras, phones, breast implant surgery, etc. – because international transactions are not taxed.  This no-tax on international transactions has the effect of pushing multinational companies to bill from foreign countries and avoid GST on their sales (e.g. Google, Apple, et al). So: just tax international financial transactions; credit cards and PayPal to start with, that will catch 99% of low-value transactions, but you’re going to have to keep moving to catch whatever the latest work-around becomes. I can see health insurance funds moving overseas, for example. Or just tax all international transactions, with a simple piece of paperwork to fill in if that wasn’t a payment for goods or services, but was in fact a transfer.

There’s a complaint that if taxes are set too high, the taxpayers will leave.  High income earning English speaking workers are highly mobile, and can move to whatever tax jurisdiction they like, and they can move their money there too.  But if they’re living in Australia, consuming Australian government services, they’ll get taxed here.

Anyway, once you’ve hiked up the GST tax take, you’re going to have to compensate the poor – consumption taxes are regressive (i.e. the proportion of your income gobbled up by them is higher the lower your income is).  This is where negative income taxes come in; everybody (children included) becomes a taxpayer, and gets a cut of the negative income tax goodness.  And thus we’ve closed off this inequity – yes, more GST is paid, but if you don’t have any income the government hands over money that ought to cover the additional GST you’ll be shelling out.


Companies and Trusts are taxed as a different rate to the rest of the population, although I’m not clear as to why that is.  In fact, I’m not clear as to why companies pay tax at all.  Companies and Trusts ought to be legally obligated to hand over their profits to their owners each tax year, and have the owners deal with the tax liability arising from that.  Doing so would remove an enormous world of complexity and opportunity to manipulate the tax system.  Naturally taxpayers without TFNs will have to have tax withheld at the highest marginal rates, for later imputation.  Admittedly, this will lead to an increase in unemployment for accountants and lawyers, but I’m really not upset by that.

Although donations to a registered charitable cause are wholly tax deductible, for some weird reason there’s a company tax exemption on companies owned by charities – why not just donate all of this year’s profits to the owning entity?  In the same breath, government-owned businesses pay tax, but the tax paid by businesses owned by state governments are refunded to those same state governments. No doubt this is some relic from the transfer of taxation power from the States to the Commonwealth, but enough is enough.

Often companies don’t pay out all of their profits as dividends – some of that money is retained to fund growth.  This can continue to happen under my proposed system; the liability for the full profit is transferred to owner, but the amount of cash transferred is up to the directors.

So, by taking companies out of the tax-paying regime an enormous amount of fiddling and pissing around will be removed – creating a simpler, more straight-forward and transparent tax system.


Capital Gains Tax makes a poor attempt at smearing the real (i.e. inflation-adjusted) realised capital gain over period it was made and taxing it as income, but while treasurer Peter Costello introduced concessional taxation and since then Australian housing has become unaffordable for a large section of the population.  The ATO is perfectly capable of applying capital gains over the entire earning history, and ought to do so.  50% CGT concession ought to be removed, as it doesn’t encourage investment but instead speculation.

CGT exemption for housing is a hard problem, but one I think I have a solution for.  Read below.


Houses have proven to be a failing in our taxation system.  Concessional taxation treatment means CGT is not payable on homes.  State governments have become addicted to the revenue of turnover in the property market, which is a volatile income stream.  Stamp duty on property is a substantial impediment to transactions – it costs a lot of money to move home, which means labour will be much less willing to move to follow work. Inflexible labour markets drive up employment/business costs. Instead of stamp duty on property transfers, state governments ought to do as the ACT is doing and move from stamp duty to levying annual property taxes.


Tony Abbott said in 1995, “The basic objective of compulsory superannuation is that the government is taking our money now so that it does not have to pay us a pension when we retire.

“The government is making us worse off now so that it will be better off in the future.”

This is a laudable goal. Choosing to not work merely because you’re old is foreseeable, and the government ought not be expected to insure you, or the broader populous, against foreseeable certitudes.

Super is not a con as Abbott asserted, and the rates need to be increased.  Given that people can generally be expected to earn income for 45 years and be retired for 20, putting away a third of your income for old age wouldn’t be outrageous.

Superannuation is fabulous idea, tucking away income for the future, and is concessionally taxed on the way in, and also while in the super system – enabling growth of superannuation savings.  On the way out – if you wait long enough (60 years of age) – the money is tax-free.  Why tax free?  Isn’t it income?  This is madness, and needs to stop.

Because of the tax-free status, super is seen as a fantastic mechanism for inheritance planning, and that’s outrageous.

It’s time to rework superannuation; make it an income-smoothing scheme:

Make all contributions 100% tax deductible, and split each contribution into two – one part vested until retirement, the equivalent of today’s super system.  Money transferred into super, or earned while in super, will be non-taxable. If you inherit super money, it’s income – but you can shove it straight into your own superannuation account and avoid paying tax on it.  When you pull money out of super, it’s income. Employers won’t pay their employee any more – it will all go to their super fund, who withhold appropriate amounts for tax and old age, and pay the employee whatever they ask for – more or less than they earned, it’s up to them, because it is all smoothed out and tax accounted for. There’s only hundreds or thousands of super funds, so push the tax paperwork onto them rather than the millions of businesses around Australia.

If you want to buy a house, they’re considered superannuation investments and can be bought with your superannuation money. When you sell it the sale proceeds are wholly income – which you can pay tax on or shove back into your super account.

When not working, for example if you’ve retired, you draw down on your super account and pay tax on it like everyone else.

This set-up will demolish the distinction between assets and income. For too long you’ve been able to build up enormous assets and hand them on to subsequent generations without being clipped for a contribution to running the country.


Of course, much of this was considered by the Henry Tax Review,  The Australia’s Future Tax System Review couldn’t consider super or GST, and they’re two areas that need reform too.  But this stuff is simultaneously obvious and too hard for our politicians.

Replacement Hot Water Service

All my electricity is green: my retailer buys RECS sufficient to back my electricity purchases. As such, I don’t care how much electricity I use, except such that it costs me money.

Breakeven analysis is fun.

My house has a twelve year old 160 litre resistive electric hot water service (HWS). General opinion seems to be that a HWS will last perhaps as long as 12 years before failing (my last house had one that was 30 years old and still going strong). It’s currently inside the house (taking up valuable floorspace), and may not survive being moved outside in the coming renovation. I want an instantaneous gas HWS (unlimited hot water at exactly the temperature I dictate), but refuse to use gas.

Instantaneous electric HWS exist and are only about $1000, but require three-phase power (an upgrade costing a surprisingly small $1000, plus electrical work on my side of the divide).  How much power will it consume?  Turns out, the same as resistive heating the water, but it’s all peak electricity.  That pushes its daily cost quite high.  There are other HWS options; reusing the existing tank (free-ish), replacing it with a larger tank (still resistive, $1000), sucking up all the spare electricity from the PV solar system (perhaps $1000), or a heat pump ($3400), and combinations of the above.

I was able to figure out how much electricity we’re using to power our HWS by virtue of it being on a separate meter to the rest of the house – 4.6kWh/day, costing about $0.85/day because it runs off peak. Hot water consumption is expected to increase after the renovations.  It turns out that how much hot water is consumed, and when, is very important for accurately pricing electricity consumption. I’ve a fairly complex spreadsheet modeling current and projected consumption patterns, and the resultant energy requirement timing and costs. We have a PV solar system, which is how I thought I could push our cost of hot water down – heat it from the panels during the day, when electricity is cheap for me ($0.119/kWh).  If your tank is too small (which ours will be/nearly is already) then you’ve got to heat using electricity other than cheap solar electricity.

I calculated the Total Cost of Ownership at the 5 year mark, and the average daily cost of hot water for the various options (note, this is for my projected hot water consumption profile – yours will differ, altering the values):

Option TCO Daily Cost
Keep existing HWS, peak electricity $4,340 $2.27
Keep existing HWS, off peak only, coupled to instantaneous electric HWS $7,411 $2.69
Buy 315L resistive HWS, off peak only $5,497 $2.46
Keep existing resistive HWS, run off PV solar and off-peak $3,764 $1.51
Buy 315L resistive HWS, run off PV solar $4.968 $1.63
Buy 315L heat-pump HWS, run off PV solar $3,888 $0.27

The heat pump can run off solar using its built-in clock, saving $1000 in diverter costs. You can see that its TCO is a little more than a salvage job on the existing HWS run from solar power, but the daily cost means the heat pump is going to pull away at a mad rate. Hot water that cheap is making me think of grand ways to heat my house.

Ditching gas

All my electricity is green: my retailer buys RECS sufficient to back my electricity purchases. When I calculated my household’s Green House Gas emissions equivalence, we pulled in emissions below 15% of that of the average Australian household. In fact, our emissions were down to two sources: our car (7000 km/year @ 9l/100km – emitting a quarter of that of the average Australian household) and our natural gas consumption (20300MJ/year – home heating emissions 57% of that of the average Australian household).  Apparently emissions can vary from 3 to 30 tonnes/year – I’ve calculated my household at around 2.5 tonnes per year at the moment. I think we can do better. How about 1.5 tonnes per year?

I’ve had a poke around the non-hydrocarbon motorised transport market. There isn’t much there for me, cars are north of $50,000, lifespans are limited. If I could buy an electric car for $20,000 that was going to last 20 years, I’d be up for it. Because I can’t, hydrocarbons will continue to be used for this form of transport. Will revisit when car fails, I’m guessing in less than a decade. Besides, I’m pretty convinced “car ownership” will end up being something people did in the 20th century, not the 21st.

We don’t cook with gas; we have an induction cooktop. I hate electric cooking – resistive electric cooking. It’s inefficient, slow, too cold, too hot, ugly and messy and too expensive. I’ve always cooked on gas. Induction cooking has turned me around; it’s everything gas cooking is, without the explosions, burnt-on gunk, poisoning and GHG emissions.  However, it is fussy (it only works with ferrous cookware) but that’s inconvenient, not a showstopper (example: coffee pecolators are almost all aluminium, and those that aren’t have a very small base. The pecolator has to go in a small pot to be used).

Our gas consumption is purely for space heating via a ducted heating system. It costs less than $770/year to heat our house, so an electric replacement will need to be competitive with that. Having run the numbers, I’ve calculated our gas consumption produced 4000kWh of heat in the house each year. Doing that with air conditioners would (assuming 400% efficiency, which is pretty middle-of-the-road) require 1000kWh of electricity. I seem to pay about 30 cents/kWh (if you can figure out what your electricity actually costs you, I’d love to hear what you did to get that number), so that’s $300/year to run air conditioners instead of ducted heating. Payback is less than 10 years if $4000 is spent on adding aircon units.

From an environmental and financial perspective it’s time to ditch gas, so I’m off. Each gas bill raises the daily connection fee.  It’s about $1/day now, so if you don’t use much gas there’s an increasing incentive to use no gas at all. Nearly half my bill is for the privilege of having a gas supply.

But wait! I love wok cooking, and there’s almost no way to wok-fry stuff without gas. What to do? For a couple of years we’ve used a butane camp stove as a stop-gap until we got around to plumbing in our dedicated wok burner, but if we’re cutting off gas we’ll continue living like animals for the rest of our squalid lives! No fear, says my plumber: convert to LPG – like used for BBQ cooking. And so, we now happily wok-fry on gas, which I figure will cost us $30 – $60 a year to refill the bottle. $38 for the LPG conversion kit for the burner, which would have been avoided if I’d thought this all through a couple of years ago when buying the wok burner.

The next problem is: what to do about hot water?

I tried Firefox again

I used Firefox when it was initially released about 15 years ago, but migrated to Chrome a few years later.

This story made me think it was worth trying FF again: NYT: ‘Firefox Is Back. It’s Time to Give It a Try.’

A couple of weeks ago, I tried Firefox over a few days. Here’s what I found.

Tuesday

Once-off import of everything (including passwords) is easy: Switching from Chrome to Firefox

I’m trying out Firefox now on desktop and Android. Will see how I go.

So far I haven’t found a way of continuous synching of Firefox and Chrome without plugins.

Wednesday

On my desktops at home (Win7) and work (Win10), Firefox feels about as fast as Chrome, except for Gmail, but I think I’m seeing the effects of the new Gmail interface, which I switched to a day before switching browsers – this seemed slower than the old interface in Chrome as well.

Bringing bookmarks, passwords, etc over from Chrome was easy. Have synced most of them via a Firefox account (but not bookmarks, as I want the bookmarks toolbar to be different between home and work – I rarely use non-toolbar bookmarks)

It seems to run fine on my Android phone. Again, was able to sync via the Firefox account. Easy to set Android to open FF by default.

Possibly a bug in FF – on my work desktop, if I maximise the browser window on one of my monitors, the navigation all disappears. It works on the other monitor, and at home. — This is not a FF bug – Chrome, IE and Edge are all doing it. Probably be a graphics driver issue.

…at some stage a Windows Update came through and seemed to fix this.

Friday

One issue I’m seeing with Firefox: looking at Youtube, the options to embed a video have disappeared. Instead, the Share option will only let you send a Youtube message to somebody with the video link.

Tried Edge/Chrome on the same video, and they’re appearing. (It’s one of my own videos, so the option to allow sharing is definitely on).

So it seems Firefox appears to be doing something funny. I wonder if it’s trying to render a simplified (mobile-like) rendering of the page, though I can’t see an option for turning that off.

Eventually I found the Embed option. The navigation to it is totally different from within Chrome and Edge, making it difficult to find.

(Responsive Design Mode is off – looks like a handy option to have, actually)

Then I started to see similar issues on carsales.com.au… hmmm.

Tuesday

Well, I’m going back to Chrome, because:

  • Some quirks like the Youtube issue, and a few other local sites (perhaps the fault of the web designers, not the browser)
  • On my fast work PC, Firefox is good, but on my old desktop machine it seems a little bit sluggish compared to Chrome
  • I’ll keep FF on the work PC for my own development, but won’t use it as my usual browser.

For those sticking to Chrome but unhappy with the privacy defaults, there are a few tweaks that can be made, though who knows how effective they really are.

Happy browsing!

(I’m finally posting this just as news comes through of the big EU fine against Google. Interesting.)

Windows Update on Windows 7 repeatedly installs KB4103718

Surely I can’t be the only one with this problem?

For the past few days, Windows 7 Update has been repeatedly installing 4103718, the May 2018 rollup of security updates.

(Before you ask: I still run Windows 7 on one machine because I like Windows Media Center, which isn’t available on Windows 10.)

Every time, it thinks the patch is successful, but then wants to do it again. And again. And again.

I tried the Fix Windows Errors web page, which included the Windows Update Troubleshooter. It didn’t seem to help.

This article describes what to do: go to the list of available updates, right click, Hide Update.

This didn’t fix it alone. Checking for updates again, 4103718 popped up again in the guise of the April 2018 rollup.

Once I hid that version as well, it seemed to stop wanting to reinstall it.

4103718 has other problems, including in some cases disabling network connections. Hopefully they fix this one soon.

Motorola Moto G5 Plus “camera restart” error

My current phone is a Motorola G5 Plus. I really like it.

Except for one thing: sometimes it won’t start the camera. It pauses for a few seconds, then comes up with a camera restart error; you have to try it again. Sometimes it takes several goes to get it to work.

By the time the camera actually opens, whatever you wanted to snap may have gone.

It’s a widespread problem. Some people think it’s a heat issue, but I have my doubts.

There is a partial workaround: clear the cache partition.

This removes some temporary files, but no user files.

This page on the Motorola web site explains how to do it — but I’m going to post the text here, as it keeps disappearing off their site. Dodgy.

To perform a wipe cache partition:

1. With the phone powered off, press and hold the Volume Down button and the Power button at the same time until the device turns on.
2. Press the Volume Down button until the flag next to the power button reads “Recovery mode”
3. Press the Power button to restart into Recovery mode.
You’ll see an image of an Android robot with the words “No Command”
4. Holding the Power button, tap Volume Up once and then release the Power button.
5. Use the volume buttons to scroll to “wipe cache partition” and press the Power button to select it.
6. Use volume down to scroll to YES and power to confirm.
7. At the bottom of the screen, you will see your device go through the process. Once it says “Cache Wipe Complete” the reboot system now option will appear at the top.
8. Press the power button to confirm the reboot.

The above workaround clears it for a little while… then it comes back a few days or weeks later.

Hopefully eventually there’ll be a permanent fix for it.

Teletext still lives (just)

Teletext was developed in the 1970s in Britain as a way of sending information (text and basic colour graphics) in a PAL television signal.

The BBC implemented it as Ceefax (1974 to 2012), and numerous other broadcasters in PAL countries also used it. In Australia it was called Austext (1982 to 2009) and broadcast on Channel 7.

Apart from screens of information, the technology was also used to provide captions for TV programs (in Australia on page 801 on all networks).

In Australia, it ended in part because the original equipment was at end-of-life, no doubt combined with the rise of the Internet for getting that sort of information.

THE AUSTEXT SERVICE WILL CLOSE ON 30 SEPTEMBER 2009.

The Seven Network started providing test Teletext services in 1977, with live services commencing in 1982 in Brisbane and Sydney.

The Austext service today is still provided using the original 1970’s technology. This equipment has now reached the end of its lifespan.

Unfortunately,it is not possible to replace the existing Austext system with new equipment except at significant cost.

The BBC Micro and teletext

When the BBC Micro was introduced in 1981, this included a graphics mode (Mode 7) that natively supported teletext graphics. Given the computer only originally had 16-32 Kb of RAM, this mode using only 1 Kb was handy to have. It was mostly used by text-based programs, though there was the odd action game implemented in it — I remember a rendition of Space Invaders that used Mode 7.

In schools, BBC Micros could be networked together using the Econet system. A Teletext-like system was available that I think was called Eco-fax — we had that at my high school.

Less common, and only used in Britain, was a special Teletext adaptor, this could be used to download computer programs.

Teletext lives!

Teletext on broadcast television might be long gone, but there’s one place the technology is still used: in Australian racing.

Teletext displays in a TAB

Walk into any betting shop (this photo is from a TAB in Melbourne) and you’ll find these familiar text displays, with 8 colours, the capability of flashing and double-height text, and simple graphics, under the brand name “TabCorp Skytext”.

I have no idea how the signal is broadcast, but it’s definitely the same display technology. Nice to know it lives on, over 45 years since it was devised.

  • Ironically, this video from 2012 of highlights of 38 years of Ceefax isn’t playable on modern web browsers because it requires Flash

Taco Bill’s loyalty database hacked

A couple of weeks ago I noticed a suspicious-looking email that purported to be from Mexican restaurant chain Taco Bill.

I’m on their loyalty database (“Club Taco“), so I suspected their systems had been compromised.

Today they’ve confirmed it.

I’ll post the full statement, interspersed with some notes from me.

Data Breach – Taco Bill database

Taco Bill respects your privacy and values your ongoing business and, for this reason, would like to let you know, as a precautionary measure, about a data security incident that may involve your personal information.

On Friday, 22 September 2017, the Taco Bill email database managed by our external service provider was hacked by an unknown person or persons. This database contains personal information that you have provided to us when requesting to subscribe to our mailing system. This may include full name, postal address, email, phone number, date of birth, and additional linked account members’ details, if applicable (including spouse and/or childrens’ names).

By default, Club Taco asks for name and date of birth (the latter to send special offers on your birthday). Optional details include your address and phone number/s. I think — I hope — I didn’t enter those.

At present, they seem to have disabled the Club Taco joining page. Probably just as well.

The hacker uploaded approximately 1.75 million further subscribers to our database and then sent out two emails to our valued customers on our database and to the further 1.75 million subscribers that were uploaded. These emails do not appear to contain any viruses, but we recommend deleting them.

Sure, the email itself appeared to be clean. However, it did include a link to docx file on a hacked web site, multimixconcrete.com.au — hopefully they’ve figured out that they too were compromised.

From a trusted source:

At the time of writing, the multimixconcrete.com.au web site has been suspended by its ISP. It appears it belongs to a company in Western Australia.

We have been informed by our external provider that no information was copied off our database, however this does not mean that information may not have been copied.

Hedging their bets there a bit.

Taco Bill is undertaking a thorough review of the potentially affected database and its computers. We have also taken steps to protect your privacy and make sure this does not happen again, including scans of our computers, as well as changing our external service provider to provide us with faster response times on security issues, extra security measures for protection of your data and around the clock monitoring and alerts. We will let you know if there are any significant developments.

We suggest that you remain vigilant and, as a precautionary measure, review account statements and monitor credit reports. We also suggest you retain a copy of this letter for your records in case of any future concerns.

If you think your identity may have been stolen please immediately contact the relevant financial institution or company with which the account is held. We also suggest you immediately report any suspicious activity or identify theft to the proper law enforcement agency (for example, the police).

Please do not hesitate to contact Taco Bill head office on email admin@tacobill.com.au if you have any queries or require any additional information or assistance in relation to the above

If you are not satisfied with our response in resolving this issue, you can make a complaint to the Office of the Australian Information Commissioner, whose contact details are located at www.oaic.gov.au .

We sincerely apologise for this incident occurring. Taco Bill values your privacy and ongoing support of our business.

I wonder precisely what happened, and just how insecure their database was?

It’s a reminder that even big companies can mess up their security, and one should be wary of how much information we give them.

How to light the pilot on a Brivis Wombat 92 central heating unit

I’m lucky enough to have central heating in my house, and as the weather is cold in SE Australia at this time of year, we’ve been using it a bit.

Every few years a strong storm will blow out the pilot light. To fix it I climb up into the roof (fortunately I have an attic ladder fitted) and re-light it. Generally the effort involved to re-learn how to light it is more than the effort to actually do it.

So I’m doing like any good geek would: documenting it.

The unit is a Brivis Wombat 92 (I assume that means it’s a 1992 model). The instructions are written in tiny writing on a label attached to the inside of cover — so tiny it’s quite difficult to read while in the cramped roof space.

The steps are actually pretty quick and easy, as follows:

1. Make sure the heater control (eg in the house) is set to Off, and grab yourself a torch if you have to climb into the roof.

2. Take off the cover. On mine you pull it upwards, but I think my unit is actually mounted upside-down, judging from the logo on the side.

3. Find the dial. Turn it clockwise to the Off position.

4. Find the power point for the unit. The power cord on my unit leads to a power point about a metre away, mounted on a joist. Switch it off.

5. Wait a few seconds and switch it on again. You will hear a regular clicking sound – this is the heater trying to re-light. You’ve got about 20 seconds for the next step.

6. Turn the dial back to the Light position and press down on it. A couple of clicks later you should hear the pilot light.

7. If all looks well, now turn the dial to On. That’s it! Put the cover back on. Enjoy the heat.

So basically, you’re turning it off then on again.

If it doesn’t work? I guess try it again. I know in 2013 mine wouldn’t re-light, and needed a service, but that’s perhaps not surprising for a 20 year old unit.

Good luck!

(Edit: Added to turn the dial to On when the pilot has been lit. Thanks for the feedback!)

Securely run a low memory/low CPU Minecraft server

If you’ve got next to no memory and CPU available to run a Minecraft server, don’t fret. Cuberite is what you’re after. At them moment, Cuberite isn’t bug-free, nor indiscernible from a genuine Minecraft server, but it’s quite usable – and instead of needing 4GB+ of RAM, it needs less than 300MB. And it needs next to no processing power: some people run Cuberite on their Raspberry Pi and have plenty of CPU available.

I would at this point go on about how this is a significant point of difference between C++ and Java, but Java optimizes for something different to C++.  I got into an interesting discussion with Cathy about this after reading a question someone had about what Java was trying to be good at. I used to think that VB was the new COBOL, but clearly Java is the new COBOL; those Java programs are going nowhere, they’re verbose and easy to understand and maintain.

A point to note: The Minecraft protocols are bandwidth heavy, I found if I wanted to run a server at home I’d be able to have one, perhaps two players. Thus is Internet in Australia. Instead I’ve dropped this onto a free AWS VPS instance and bandwidth is no problem.

Still, it’s a random piece of software off the Internet, so we’re going to give it its own user account for our own safety. Let’s install the software:

curl -sSfL https://download.cuberite.org | sh
sudo mv Server /usr/local/cuberite
cd /usr/local/cuberite

Cuberite allows configuration through a web interface.  We now enable webadmin.ini
[User:admin]
; Please restart Cuberite to apply changes made in this file!
Password=yourstrongpassword
[WebAdmin]
Ports=8080
Enabled=1

Port 8080 is the alternative html port (http/https).  You could cd into webadmin and run GenerateSelfSignedHTTPSCertUsingOpenssl.sh and get https serving, but your browser will barf on the certificate. Instead, let’s use a LetsEncrypt certificate, one that we installed earlier. First we make our one-line shell script for running the daemon:

sudo useradd -c "Cuberite server" -f -1 -M -r cuberite
chown -R cuberite:`whoami` /usr/local/cuberite/
sudo nano /etc/init.d/cuberite.sh

#!/bin/sh
### BEGIN INIT INFO
# Provides: cuberite
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: cuberite
# Description: Cuberite server, a Minecraft server lookalike
### END INIT INFO
cd /usr/local/cuberite
sudo -u cuberite /usr/local/cuberite/Cuberite -d &

Next we set it going when the box starts up:

sudo chmod +x /etc/init.d/cuberite.sh
sudo update-rc.d cuberite.sh defaults

Before we can go to the website we need to allow user cuberite to get to the certificates:

sudo groupadd privkey_users
sudo usermod -aG privkey_users cuberite
sudo sudo chmod g+rx /etc/letsencrypt/live/
sudo sudo chmod g+rx /etc/letsencrypt/archive/
sudo chown root:privkey_users /etc/letsencrypt/archive/
sudo chown root:privkey_users /etc/letsencrypt/archive/example.com/
sudo chown root:privkey_users /etc/letsencrypt/archive/example.com/cert1.pem
sudo chown root:privkey_users /etc/letsencrypt/archive/example.com/chain1.pem
sudo chown root:privkey_users /etc/letsencrypt/archive/example.com/privkey1.pem
sudo chown root:privkey_users /etc/letsencrypt/archive/example.com/fullchain1.pem
sudo chown root:privkey_users /etc/letsencrypt/live/
sudo chown root:privkey_users /etc/letsencrypt/live/example.com/
sudo -u cuberite ln -s /etc/letsencrypt/live/example.com/cert.pem /usr/local/cuberite/webadmin/httpscert.crt
sudo -u cuberite ln -s /etc/letsencrypt/live/example.com/privkey.pem /usr/local/cuberite/webadmin/httpskey.pem

Changing these permissions doesn’t affect apache2’s ability to get them.
The reason we’ve used a group here is to allow both Cuberite and any other app (for example, exim) to access the private keys; just add any other user that needs to use the private keys to the privkey_users group.

Remember to punch a firewall hole for port 8080. Fire up Cuberite now:

sudo service cuberite restart

And check if that worked, there should be about one entry:

ps -aux | grep cuberitps -aux | grep cuberit

If not, you can check in the logs directory to see what’s wrong.

So now:

sudo lsof -i :8080
https://example.com:8080/

should be secure.  Note the https is mandatory, as your browser will use http if you fail to specify a protocol.

Windows WannaCrypt attack

This is interesting, and perhaps not unexpected: a vulnerability in Windows SMB 1 (used for shared drives) which was patched by Microsoft in March April, has been exploited.

It’s hit unpatched computers in numerous countries – most infamously, the UK’s National Health Service.

Despite what some Australian media is reporting, this tracker shows we are not immune — though it may be a reduced impact for now thanks to the weekend. Could be a different story on Monday.

For now it appears to have stopped thanks to someone finding a “kill switch”, but no doubt it or another version will hit again.

The lesson here for any of your computers that are connected to a network:

Patch them. Keep them up to date — preferably set them to automatically install patches.

If you’re using XP or older, Microsoft has just issued a patch, which you can get here.

You can also disable SMB 1 — note there are server and client portions, and that later versions of Windows make this a lot easier than earlier ones.

If you’re using Vista or older, find out about getting an upgrade. Vista patches stopped being issued earlier this year. You’ll be safe from this specific attack if you’re patched, but maybe not the next one. (Windows 7 keeps going until 2020.)

My assumption is that home users who use a broadband modem of some kind may not be at immediate risk this time from outside attack, since the modem can function as a basic firewall, but accidentally running an infected file from an email or web site could bring it in.

This attack has been serious, and other future ones will be too. So stay up to date, and stay safe.

  • Blatant plug: If you’re in southeast Melbourne and have no idea how to fix your computer, my brother-in-law runs this company that may be able to help: Bayside PC Services
  • In this blog post, Microsoft basically tells governments that they shouldn’t keep discovered vulnerabilities secret and exploit them for themselves (as the NSA did in this case, until that information was stolen) — that they should instead tell vendors so they can be fixed quickly. Difficult to argue with that.
  • Update May 2021: This new article notes that it is still a threat

Where do you wake up from a bed in Minecraft?

After issuing many /time set night commands, I can tell you the waking-location algorithm for Minecraft. This presumably also affects your spawn point.

Two locations are checked, and if they fail to select an acceptable location the pillow-location is used regardless of consequences of picking this location. An acceptable location is on the same level as the bed, and has two transparent-non-solid blocks above it (i.e. you will be standing next to the bed without your head or body embedded in something that’s killing you).

The process is the same for each of the two locations:

Sweep x-1 to x+1:
  Sweep z-1 to z+1:
    if the location is acceptable, we're done

The locations are checked in the order: pillow-part-of-bed, non-pillow-part-of-bed. The effect is:
From the Minecraft wiki:

For a bed to be usable as a spawn point, the player must be able to stand next to the bed at the same level as it. There must be a solid block at the same ‘floor’ level as the bed, with 2 transparent blocks of space (for example, air) for the player to stand in, in one of the ten blocks that surround the bed. It doesn’t matter if the bed itself has blocks above it.