Technogeddon is Nigh

Sometimes, in my career as an ardent Technophile, I wonder ‘Why?’… why do I continue? My daily frustration at all the genuinely crap tech I have to use… crap development tools, crap web-sites, crap operating systems… they all have their faults and foibles.

Any one on it’s own is manageable… even a few in a row… but all of them all the time is just becoming too, too, much.

Software standards are rock bottom IMHO. Every other engineering discipline has ‘culpability’ of service. In that, if I design a bridge to take a certain amount of traffic, it has to take a certain amount of traffic plus a tolerance. It’s required as part of the job. It will be checked. Regulations ensure it has to be. Culpability means you’ll be in damned hot water if you don’t.

Software, no one cares. Does it pass QA? Ship it. Did it fail QA? Meh, probably ship it. It’s unregulated, unchecked, and (generally) not culpable. In the UK at the moment, Smart Motorways are a hotly contentious topic. I’m against them, because I know the kind of developers who would be writing the software that detects cars in the managed lane and puts up the red ‘X’… no way am I trusting them and their software with my life.

The primary consumer/customer of all Software, is the end user. But, ‘development’ doesn’t care that they have to suffer using their crap software.

There, I said it.

Of course, it’s not all true of all development. But of all the software I use day-to-day, it’s becoming truer every day.

Budgets, delivery pressure, over-taxed resources, insufficient resources, bad planning, lack of QA, lack of customer focus or design vision, they all take their toll.

But, I’m not here to complain about that! Aha! Oh no. I actually want to highlight something that worked when I was expecting it to fail!

I have finally decide to dip my metaphorical toe into the metaphorical waters of the ‘Smart Home’… I have been avoiding this for some time. I have absolutely every desire to make tech a driving force in my home, but absolutely no desire to increase the amount of things I have to continuously go around turning off/on again, or updating firmware on, or otherwise troubleshooting due to the above rantings. Trying to get FreeSat HD on the TV is taxing enough.

Amazon (yes, them) did a promo on a Tapo Smart plug, for a mere £5. I couldn’t resist. “What the heck,” I thought, “if it’s useless, it’s the price of two coffee’s… go for it.”

I bought it, I got it, I set it up, I linked it to Google Home, it works. Every day on test for weeks. Slightly impressed. But not the reason for writing yet…

I have already wired up some outside lights on the house, and ideally, I want to leave them on with a dusk sensor to turn them on when it gets dark. But, that won’t turn them off at nighty-night time… light sensitive sensors would only turn off at dawn, or a preset (but too short) time delay. Bad for my electricity bill, and bad for the environment overall.

Amazon (yes, them again) search turned up a Smart life Wifi relay switch for lighting circuits. Encouraged by my Tapo success (which will shortly be controlling my outside Christmas lights!) I shelled out for a pair of relays.

I wire one up. I set it up, I link it to Google Home. It works! And lo! I am now impressed.

As this will live in the loft, I don’t want to ever have to reset this, or turn it off/on, or whatever. So as a test, I cut power for it for over 12 hours. The next day, I re-power it and lo! it works as it did before the power cut. No having to repair it, and reset everything. More impressed! It now resides in the loft, where it controls the outside lights on a Dusk to Bed-time routine. (However, I can turn it off entirely from the original light switch still.)

So this is all great… Smart Home is Reality… and now here’s the but….

Technogeddon is nigh!

Oh yes.

The Tapo, and the Smart life relays are (I hope) very simple, and should not require updating firmware and all that jazz. The Tapo plug will remain accessible, so even if the odd reset is needed, so be it. I’m hopeful the relays won’t ever be an issue. We’ll see after the next power cut and my Router goes down.

The issue (and source of this post, thanks for waiting) is more fundamental, and more infrastructure in nature…

You see, somewhat annoyingly, each ‘smart device’ requires an account setting up with the device provider… ok… frustrating, but I can understand why… however, 20 different devices later and 20 different accounts, and you’ll be a bit sick of ‘Yet Another Smart Home Device Account To Create And Remember’. Then of course each one requires an app to set it up, and control it, rapidly filling up your phone and sorely testing your patience with a variety of poor/barely adequate/poorly translated app’s with frustrating UI’s as you try to remember which app controls what and why isn’t that light turning on oh its the app for the outside light device and I want the one for the plug in the bedroom aaaarargh….

But rejoice! For Amazon/Google (and Apple I believe, but don’t care) solve that problem with Alexa/Home linking… so after ‘Linking Yet Another Smart Home Device Account To Google Home’ everything is well, and controllable from one app – with voice – hurrah!

So now stop, pause, and think… 20 smart home device manufacturers now have access to your Amazon/Google (ok, and yes Apple) account information…

You still need 20 app’s on your phone to maintain the devices should anything go wrong.

You still need 20 accounts for Smart Home Devices.

If any one of them gets hacked, can they get anything useful about you from Amazon/Google/(and yes yes Apple)?

But, further… what happens when one of those (or more) Smart Home Device Companies changes brand, or disappears entirely? That device eventually becomes defunct through lack of software support, because no one is updating the app, or the link to Amazon/Google/etc.(ok, or Apple).

Further still, Android, or iOS gets updated, and the Smart Home Device app no longer works with the new release, or your phone changes and the apps are no longer compatible… or even more harmful (unlikely but possible still) Alexa gets canned or changes and is no longer compatible, or Google Home (or yes, whatever it is Apple do).

Or you update your Router for the New & Shiny WiFi gen X which is 10GBps! but doesn’t support 2.4Ghz any more cos it’s old and naff… and all those devices now fail to connect…

And realise that every WiFi connecting device is an open doorway into your Router as WiFi just ain’t as secure as they’d like you to think it is… and that ‘Smart Device’ you just plugged in definitely doesn’t use the security options it should (even if they are largely useless)…

Suddenly, your lovely Smart Home ain’t so smart any more… littered with a load of expensive, but defunct ‘smart’ hardware.

Of course, the companies involved can help avoid this by ensuring backwards compatibility in all that they do, or maintaining older systems and services to ensure older products can tick along. But, they won’t do this.

Why?

Because it will cost them money. And while they are spending their money to ensure your old kit keeps ticking… you aren’t spending your money buying the new shiny kit they want you to buy so they can stop spending money keeping the old kit running, and spend it on keeping the new kit running until they decide it’s old kit, and they really want you to spend your money.

Even if they were super-benevolent, eventually they would be faced with running ancient tech-stacks of servers and software no one wants to work on and costing a fortune to run/maintain. At some point, tech has to move on, and a cut-off point emerges, and your smart home dies a sad, timely death.

So, when you do go for your Smart Home, what are your options?

  1. All your eggs in one basket, all the tech is from the same provider. Pro: one account. Con: They go down, so does your Smart Home. Buy everything again.
  2. Everything is different. Pro: One of them goes down, just replace that one thing. Con: Loads of accounts and updates and god knows what else.
  3. Regardless, commit to an ongoing spending budget of replacing kit every now and then as the soulless advance of progress marches on.

Also, rejoice in finally becoming that IT Support Engineer you’ve always wanted to be!

“Hubby? The light in the garage isn’t working again…”

“Hubby? Why has Nest stopped turning the heating on?”

“Hubby? Alexa isn’t working… there’s no Wifi, or internet and the TV is on the blink…”

This is the price of progress, the cost of change, and it’s coming to a home near you… more likely, it’s already there and lurking in the background waiting for the next power outage…

Technogeddon!

IR35 – Or How to Single Handedly Dismantle an Economy – Part 2.1

Yawnsome as this is getting, I have to drop this… the third government department to be fined by HMRC for IR35 non-compliance…

Third government body handed multi-million pound IR35 bill

By my tally, that’s now somewhere around £140m ‘non-compliance’ tax ‘recovered’ by HMRC.

At least the tax payer, who are paying that fine above even though they are probably full-time workers who don’t care about IR35, can rest assured that the government aren’t guilty of hypocrisy…

IR35 – or – How to Single Handedly Dismantle an Economy – Part Two

Ok, so, this was supposed to be Part One of a one part series. But, that DWP thing just rankled too much to ignore.

This post is more personal(ish) and uses my own experience of the wonders of IR35 to illustrate just how entirely nuts this failed scheme is.

First, some preamble to lay the foundations – I’ll try not to get boring, and please try not to get bored.

  1. IR35 is designed to recover tax from Contractors who are really Employees.
  2. Someone determined as IR35 pays tax as an Employee, but has no rights as an Employee.
  3. IR35 penalises both the Contractor, and the Client, as both are required to pay taxation on an Employee that doesn’t work for them as an Employee.
  4. Even the guy who came up with IR35 says it is untenable.
  5. HMRC have ignored an entire industry’s very compelling counter-arguments against it.

There, I think that’s enough to be getting on with.

Nb. by ‘Tax’ I lump ‘deductibles made by the state’ together, so National Insurance, NEST/Pension and so on. Basically, ‘Tax’ = ‘money you don’t get in your pocket’

So, what does this mean?

Well, I have been contracting for the past 12 years or so, quite happily. In that time, I have grown and developed a Software Engineering business and been able to charge more and more for my services.

My earning potential has far outreached any I would have been able to attain if I had been working full-time as an Employee of a company.

And no, I am not being ‘superior’ or gloating. I am setting up a point. I count myself incredibly lucky and fortunate to have had the opportunities I have had, and for how things have gone for me. Not many people have the good fortune to love the work they do, and fewer still to get paid well for doing it.

Most people (usually Employees) say Contractors should pay more tax, they are all on the fiddle, you earn it so you should pay it, and so on.

Yes, there are those who abuse the system (because it allows them to), and those who do off-shore and all the tricks. I don’t. I pay everything I should, and in 12 years I have paid more tax than I ever would have if I had stayed as an Employee. The abusers are in the minority. In 12 years I have met and worked with many contractors, and not once have I encountered a Contractor who I would consider an ‘abuser’.

So now to flip it on it’s head…

I have gone ‘Employee’, purely because of IR35.

I am fed up of having to prove I am not an Employee for every contract I undertake, of having the threat of an audit looming large, and the risk of being found non-compliant (even though I am) and having the past six years of work turned on it’s head and being fined, along with all the clients I’ve worked with.

Recent IR35 legislation has made it nigh on impossible, certainly very difficult, to do categorically prove you are outside IR35.

Most clients now are just going IR35 and requiring Contractors to be ‘within’ IR35 and therefore pay tax as an Employee but have no Employee rights.

But, it’s all ok!

Because you are a Contractor, not an Employee, to be within IR35 you have to be ‘Employed’ by an Umbrella Company.

This makes everything ok! (Hear the sarcasm…)

The Umbrella Company provides Contractors to the Client to do the Clients work. That’s all it does. It does nothing itself. So in other words, it is pointless, and only exists because of… IR35

In the past few years, 50,000+ Umbrella Companies have sprung up.

50,000+!

Why? Because they get to cream a little of the day rates of all the Contractors being forced into IR35. Which the Umbrella Company can only do because of… IR35.

The end result is that the Client is now having to pay more to get a Contractor via an Umbrella Company than if they hired the Contractor directly. Most Umbrella Companies claim this is a small amount. But, not if you consider ‘take home pay’… observe…

These figures are illustrative, but based on percentages taken from reality, and in fact led to my decision to go Employee.

Client – ‘ABC’ – a bank – offers Contractor ‘Tom’ £100 a day ‘within’ IR35, via Umbrella Company ‘Bob’. Bob states they charge (say £5 a day, I couldn’t find the exact fee % on the one I used as a reference, which in itself says a lot…)

After tax, deductions and so on, Tom takes home £53 a day

So, to reverse this and remove the Umbrella Company from the equation, if Tom worked directly for ABC (as he used to be able to), to get the same take home of £53, he would only need to charge ABC £80 a day.

So, given deductions and so on are all the same (ignoring Tom’s ‘fees’), that means ABC are paying an extra £20 a day to ‘someone’…

Ok, some of that £20 is indeed tax from the higher day rate.. but… not all of it, tax is a percentage of that £20 after all… which means Bob is getting a bit more than they should be… at least an extra £12 a day for doing nothing. So effectively (with their made-up-£5-a-day from above) they are taking £17 a day, or 17% of the daily rate ABC are offering. For sod all. For doing Tom’s PAYE for HMRC so it doesn’t confuse them.

These Umbrella entities only exist in the numbers they do because of IR35, and they are massive profit generating loopholes created solely (IMH-and-probably-incorrect-O) by a failed taxation policy ran by HMRC. (One wonders how many HMRC staff/MP’s own shares in some of these Umbrella companies… that would be an interesting piece of journalistic investigation…)

Without IR35, some of them may still exist, as yes, they do provide a convenience to Contractors who don’t want to do their own accounts and so forth, and just want to be able to work freely. But, that’s fine when it’s their choice… not when it’s a blanket requirement forced on all Contractors.

They all do the same work, the same way, but get less money, can’t claim expenses and cost the client more.

And because they can’t claim expenses (which by the way, generate secondary taxes which people seem to forget) they spend less, travel less. So all those food shops and so on in Central London now get less turnover, so pay less tax…

Do the math.

Because of this, Clients are unsure of their hiring position, are hiring less or more discriminately, are paying more per Contractor than before (or not, and getting less experienced Contractors because the Umbrella pays them less, so attract less experienced people and so on, which ultimately costs the client more due bug fixing time, lower quality work and so forth).

Having talked to numerous Recruiters on my quest for gainful work earlier this year, it is evident that Contractors from all sectors are bailing Contracting entirely. Either working abroad, or going Employee. This means Clients are losing access to a highly skilled, flexible resource that they rely on to ramp projects up/down, or do R&D, prototype projects, throwaway work, and so on. You can’t do these without the burden of a massive ‘permanent’ Employee cost, so what will the Client do? Stop growing, stop innovating, make less, turnover less, generate less tax £’s…

With Brexit (& Covid) the UK really needs to bring home some form of economical boost (not a football trophy), and Software Engineering is a great, low cost, high turnover industry requiring skilled people. We could boom with this; computers and software are everywhere, and reaching further into our lives every day (in both good and bad ways yes, but hence the need for better/more highly experienced people).

And yet, HMRC doggedly pursues an unworkable policy which is crippling any chance of that happening. End result, less people paying their higher taxes, less industry turnover, less corporation tax, less VAT churn, less economic growth.

Even their own IR35 determination tool (CEST) hasn’t got a clue on how to apply IR35 to a Contractor.

I now work full time, and get less income than when I did… therefore I am generating less tax £’s now as an Employee, than I was as a Contractor.

Employees generate direct tax £’s at two points; that paid by their Employer, and that paid by the Employee under PAYE.

Contractors (at least, those with their own Ltd Co and a high enough turnover) generate direct tax £’s at four points. VAT, Corporation Tax (on profit), Dividends Paid & Self-assessment Income Tax.

Then there are the secondary ‘losses’ IR35 incur on the economy. I on longer need an accountant (sorry!) so they lose turnover, and therefore pay less tax. I also spend less as I have no expenses. I no longer travel to London, I no longer spend money buying food and shiny tech. This is all ‘lost’ revenue to those sectors. Though more money in my back pocket it has to be said 🙂

IR35 is generating a huge ongoing, rolling snowball of economic harm to the UK, and the snowball grows every day as it rolls inexorably onward, crushing PSC’s at the moment, and soon SME’s who can no longer weather the loss of revenue preventing them growing, and then Enterprise stagnation as they fail to innovate… (doom and gloom, I know, I know…)

More math: multiply my own reduced contributions of tax £’s by the countless Contractors going Employee.

Well done IR35, because ‘taxing contractors fairly’ to generate more tax, clearly worked.

Damn, I forgot the ‘Not!’…

IR35 – or – How to Single Handedly Dismantle an Economy – Part One

Well, I have a few things to say about IR35.

But, let’s light the torch with this gem…

https://www.contractorweekly.com/tax-a-ir35-news/dwp-handed-88m-tax-bill-over-incorrect-ir35-determinations/

Now, let’s distill this down to bullet points;

  • State hits State with back tax bill for State Services
  • State services paid for by State Tax Payers
  • State Tax Payers therefore foot that back tax bill
  • Less money for State Services
  • More money for HMRC
  • HMRC revenue collection pays for… State Services

Effectively, HMRC are fining DWP using IR35 to collect taxes to pay for DWP, burning no doubt millions of £’s in the process of just pure ‘process’ doing it.

I mean, even I couldn’t make this up.

And did anyone spot the purest irony?

IR35 determines employment status, and this is fining the Department for Work & Pensions… yep, IR35 is the gag that keeps on giving taking folks!

That’s not a desk, THIS is a desk!

Mild bragging and overt chuffedness… having finally(ish) completed my grand masterpiece which is my Fort, my Place of Peace, my new office space.

Having moved into our new house, I inherited this room, and the ‘MFI Special’ desk left behind to try and put all my kit on;

This clearly failed.

So, I hatched grandiose plans for a new, improved, more relaxing work environment as my pet project once we’d broken the back of the household DIY, because NO ONE MAKES A DESK GOOD ENOUGH it seems, at least, for my needs!

This bespoke desk made from 38mm Oak Stave Worktop is feature packed!

  • 4 x power points each with USB charging
  • 4 x RJ45 Cat 7 Ethernet ports
  • 7 x Height adjustable legs
  • 2 x folding wrap-around leaves
    • this means I can free up office floor space for an inflatable double bed should we need to accommodate for guests!
  • 5.1 Surround Sound built in
  • Under desk cable management
  • RGB LED Mood/Strip Lighting
  • Room for a file server, NAS, a PC, iMac and plenty of screens
  • Actual Free Desk Space!

Who could possibly want more??!!

Hmm… hammock attachment… coffee machine…

Actually, I can make room for a coffee machine, and there’s a handy power point on the desk…

Many, many thanks to Stuart of Studeo Creations for entertaining my madness, and chopping all the pieces out of the worktop for me, especially the inset curved rebate bit where I sit!

More Time Wasters: I won’t beat around the bush. I know BOB is your password.

I got this in the early hours… and ‘BOB’ replaces what was actually a real password I have been using, that they somehow had grabbed…

The entire scam is automated generic trash of no real substance, but I was intrigued on how they had gotten hold of my username and a real password…

 

Subject: mak- BOB

 

I won’t beat around the bush. I know BOB is your password. More importantly, I do know about your secret and I’ve evidence of your secret. You don’t know me and nobody paid me to examine you.

It’s just your bad luck that I stumbled across your blunder. Actually, I actually setup a malware on the adult vids (sexually graphic) and you visited this web site to have fun (you know what I mean). When you were busy watching video clips, your web browser started out operating as a Rdp (Remote control desktop) having a key logger which provided me with access to your screen and also web camera. Right after that, my software program gathered your entire contacts from fb, and email.

After that I put in much more time than I should have exploring into your life and created a double-screen video. 1st part displays the video you were watching and next part displays the video from your webcam (its you doing inappropriate things).

Honestly, I want to forget all information about you and let you get on with your daily life. And I will provide you two options which will make it happen. The above choices with the idea to ignore this letter, or simply pay me $ 2900. Let’s explore above two options in more detail.

Option One is to ignore this email. Let us see what will happen if you take this path. I definitely will send out your video recording to your entire contacts including friends and family, colleagues, and so forth. It doesn’t help you avoid the humiliation your family will ought to feel when friends find out your sordid videos from me.

Second Option is to make the payment of $ 2900. We’ll name this my “privacy charges”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll delete the video immediately. You continue on with your daily life like none of this ever occurred.

At this point you may be thinking, “I’m going to report to the cops”. Let me tell you, I’ve covered my steps to ensure this email can’t be linked returning to me and yes it will not steer clear of the evidence from destroying your health. I am not trying to break your bank. I just want to get compensated for the time I place into investigating you. Let’s hope you’ve decided to produce this all vanish entirely and pay me my confidentiality fee. You’ll make the payment via Bitcoins (if you do not know this, type “how to buy bitcoins” in google)

 

Amount to be sent: $ 2900

Bitcoin Address to Send to: 1KjxgUYw2QC53ZiGeAG9uohcSSRUWsSsQA

(It is case sensitive, so copy and paste it)

 

Tell no-one what you would be using the Bitcoins for or they might not sell it to you. The process to get bitcoin may take a short time so do not put it off.

I’ve a special pixel within this message, and right now I know that you have read this e mail. You have 2 days in order to make the payment. If I do not receive the Bitcoins, I will send your video to all your contacts including relatives, colleagues, and so on. You better come up with an excuse for friends and family before they find out. However, if I do get paid, I’ll destroy the video immediately. It’s a non negotiable one time offer, so kindly do not ruin my time and yours. The clock is ticking.

Oh no’es, what will I do’es? My secret (eh?) is out. I am so glad they are not trying to extort me into bankruptcy and are asking for a reasonable fee so they can protect my secret for me and conceal my shameful behaviour from those I love dearly.

I am also glad for the ‘copy and paste’ tip! Phew! I would not have liked to mistype that Bitcoin address and mistakenly pay the wrong person.

And – yikes! – a ‘special pixel’! In a plain text email! How do they do this magic?

Sigh. Please note the sarcasm.

What secret? I don’t watch pron – truly – and my webcam USB is unplugged on my desk at all times, until such time I use audio/video messengers. I have never trusted that little beady glass eye with the blue light underneath it, staring at me silently. It reminds me of HAL 9000 too much. Also, the password in question hasn’t been used for my PC for about, oooh, six years?

If the email had been HTML, I may have been a bit wary of the ‘special pixel’- but even so I wouldn’t gave given a damn. Unless my malware and email defences failed me, I would remain ‘untracked’. Even if not, I was tempted to reply to them and ask them for a URL to the video they had of me watching pron. It would be entertaining to watch a film of myself doing something I had never done. It’s amazing what they can do with CGI these days!

I suspected they had compromised WordPress (for we know it’s a bit of a Barn Door), as I have used this password (too widely) in the past. Even though all my sites are 2FA’d, you can still no doubt find ways to sneak past the defences – probably even get the 2FA QR code – without even logging in. But, again, that password hasn’t been used on my WordPress sites for years.

Some digging shows they got the details from ‘leakedsource.com’ (now shut down) – a site hosting billions of leaked accounts/usernames/passwords from various site break ins. I’ve checked the Bitcoin address, it’s valid… and unbelievably 126 saps have fallen for this (so they probably do have something to hide and were too scared to take the risk, or – more stupidly – thought this was for real). The progenitor of this tosh netted over $120,000 USD!

Crime does pay, it seems.

Still, it did force my hand on a long overdue exercise. As I had used this same password widely years ago (I know, bad practice), I have long been meaning to clean up my act using a password manager to spot and change vulnerable passwords like they one they found… so 120 password changes later, that old password is a deader. Still, none of the ‘important stuff’ was involved, fortunately. And I’ve still yet to go through another 300 slightly more secure but still vulnerable passwords… more sigh.

I am tempted to ‘Request Payment’ for $120,000 from the Bitcoin address just for a larf… for ‘reciprocal privacy charges’… or perhaps as payment for my time being forced to update my sloppy password usage 😀

Still, a safe outcome – this time… it could have been much, much worse! and a clear message that even if you do know the risks of data compromise/insecure passwords (as I definitely do!), and know you have to clean them up – it’s no good leaving that exercise until it’s too bloomin’ late!

If they’d actually tried to use the username/password against whatever service it was leaked from – they may actually have obtained data worth while – such as physical address, partial visa card details, what size underwear I use… and so on!

Good job they are thick, eh?

Though, not so thick as to having extorted $120,000 USD from some gullible/guilty people!

Visit the awesomeness ofDominium!