Terence Eden’s Blog

The NHS shouldn't outsource its QR codes

2025-06-03T07:04:18Z

QR codes are brilliant. They're a simple way to allow users to easily and quickly go to the right URl - no matter how complex. No more worrying about typing in long addresses or figuring out if that's a letter O or the number O. Scan and go!

The best thing about QR codes is that they're free. It doesn't cost any money to generate one. They're an open standard with no middle-men. Users can go direct to your site!

Except… Some people want to insert themselves into your conversation. Sometimes it is for malicious reasons, sometimes it is greed for user data, and sometimes it is just incompetence.

Let's take this example - a health centre wants people to register. Scan the QR and get started. Fab!

Photo shamelessly stolen from a LinkedIn contact.

But what happens when you scan the QR code? Rather than taking you directly to an authoritative and trusted NHS.UK domain name, it sends you through https://register-with-gp.ht1.uk/.

Who on earth are HT1.UK?

According to their website, they're an automation company who are "on a mission to make the NHS the most advanced healthcare system in the world."

Good for them. But what information are they collecting about users who traverse through their QR codes? If you take a look at their privacy policy you won't find anything specific. Never mind, let's email their friendly privacy team. What's their email address?

Of course, emailing that gets you back this error:

Emoji! How fun!!

So I emailed the new address to see what information they were collecting. Their response wasn't particularly informative.

because Healthtech-1 is a processor of information and the GP practice is the data controller any requests about how your data is handled should be made to the GP practice who can inform you of the information you requested.

…

I can confirm that there is no information stored about users who scan the QR codes and no cookies placed.

But, of course, users have no way of verifying what this company is storing about them. There's simply no reason to use an untrusted 3rd party like this to provide either a QR code or an intermediary website.

Why this is a problem

Trust is everything. People are constantly being scammed. One of the great things that GOV.UK did was to say "This here is our trusted brand. If you don't see GOV.UK in the URl bar - don't trust it!"

The NHS should be doing the same. Every hospital, surgery, and clinic should have an NHS.UK domain name. When a user sees a link to a healthcare service which doesn't go through NHS.UK, they should feel suspicious and not click on it.

There is no way as a regular user to know that HT1.UK is a trusted domain. What about HT1.biz? HT2.UK? NHS.info.ly? What happens if HT1 go bust or have their domain name hijacked?

The NHS must stop the proliferation of these 3rd party domain names. They need to reinforce users' understanding that NHS.UK is the only trusted domain name for official NHS services.

I'm sure HT1.UK aren't doing anything nefarious with the data of people who visit their QR codes. I'm sure they're not inserting tracking cookies or selling my data. But I shouldn't have to be sure. All users should be pointed directly to an NHS.UK domain without having to risk whether their details are going via a dodgy site.

Here endeth the rant.

Mobile Phones of Doctor Who - Season 15

2025-05-31T20:45:38Z

Is it Season 15 of New Who? Series 2 of Ncuti Gatwa's Who? Series 1875 of the UNIT dating controversy? Either way, welcome back to this increasingly silly series of blog posts where I try to identify all the mobile phones used by The Doctor and their companions.

This weird and wonderful series has, sadly, a paucity of phones. The only time they appear is in the phonetastic and bone-chilling Lucky Day…

Lucky Day

Hunky heart-throb, and all-round nice guy Conrad Clark has this device:

Not much to go on. Looks like an Android. The vertical camera cluster, buttons on the right, and inset front camera means it is probably a Samsung - but you'd be hard pressed to tell which!

Ruby Sunday has the same yellow clad phone from Joy To The World.

A few closeups as well.

I'm pretty sure that's the Google Pixel 5.

Carla's phone is wrapped in an anonymous case.

That's the same case as last year's episodes. But there's not much to go on. That tiny camera cluster could be from anything other than an iPhone. Think you know what it is? Leave a note in the comments.

Most of 's phones are blurry and in the background, so it's hard to say what they are. One goon has this device:

Given the bevel around the camera lenses, and the flash near the top, I think it's the Samsung S21 5G

Another has this model:

Again, not much detail there. It looks like it has a fingerprint sensor on the rear. Any clues?

Shirley Bingham, UNIT's technical marvel, has this foldable phone.

Although the scene is quite dark, I reckon it is the same phone she was rocking in The Star Beast.

Up next!

Will there be more phones in "The War Between the Land and the Sea"? Stay tuned!

What's up with this "Please add me on WhatsApp" robocall spam?

2025-05-30T15:52:29Z

Over the last few weeks, I've received several calls which all have the same modus operandi. A disembodied robotic voice tries to get me to connect on WhatsApp.

https://shkspr.mobi/blog/wp-content/uploads/2025/05/add-me-on-whatsapp.mp4

Some of the voices are reasonable facsimiles of human voices (like the above) and some are just garbage.

Download this audio file.

The voice clip plays and the call immediately terminates.

What I can't understand is how this can possibly be effective from the scammers' point of view. On receiving the call the victim must…

Decided to answer from an unknown number.
Listen to the message and decide it is legitimate.
Go the their phone's dialler app.
Copy the caller's phone number.
Open WhatsApp.
- Install WhatsApp if they don't have it already
Create a new contact - giving a name - and pasting the number.
Engage with the contact.

That's a lot of effort based on… what? A vague offer? There's a little bit of a curiosity gap but not much. It's hardly "add me on WhatsApp or we'll release the photos we have of you" or "you've won the lottery, add me on WhatsApp to get the funds", or "This is the CEO of your company, urgently add me…".

I guess that if a spammer is able to send out thousands of these messages then they might be able to attract a couple of people to engage with them. There's no easy way to report a spam account to WhatsApp unless you've engaged with it.

I also assume that WhatsApp will see that you were the person who initiated WhatsApp contact - which makes them less likely to think the scammer is the problem.

I am just fascinated to see if this scam can possibly be effective. Generating fake voices is free, as is placing short calls. WhatsApp accounts are also free and easy to automate. But are there really that many people willing to go to the effort of adding a new contact based on so little information?

Obviously, all spam is a numbers game. If the message reaches someone receptive to a robocall, they're less likely to query the scam. And, yes, I know that you're a very clever boy and don't answer unknown numbers - but in the real world people get calls from hospitals, recruiters, and friends with new numbers.

If you're a spammer and have found this approach effective - please leave a comment!

Book Review: The Haunting of Tram Car 015 by P. Djèlí Clark ★★★⯪☆

2025-04-29T08:49:57Z

After reading the short story A Dead Djinn in Cairo, I decided to grab the first book in the "Dead Djinn" series.

It is a delightfully realised universe although reminiscent of both Saladin Ahmed's work - a Middle-East populated with ghuls, djinn, and sword-wielding magicians - and also Annalee Newitz's Terraformers with its sentient trains and unionised robots.

Unfortunately, it is rather brief. The short story and book together make for a decent novella. Because of that, some of the exposition is rather abrupt. Rather than gradually introduce us into the gender politics of the city, one character turns to another to clumsily explain it.

It's a good book, I just wish there was a lot more of it.

Whatever happened to cheap eReaders?

2025-05-22T06:44:40Z

Way back in 2012, The Guardian reviewed an eInk reader which cost a mere £8.

The txtr beagle was designed to be a stripped-down and simplified eReader⁰.

As far as I can tell, it never shipped. There were a few review units sent out but I can't find any evidence of consumers getting their hands on one. Also, that £8 price was the subsidised price when purchased with a mobile contract. Their website ceased working long ago.

But it got me intrigued. Moore's law is supposed to drive down the cost of electronics. So where are all the dirt-cheap eReaders?

The cheapest Kindle for sale on Amazon UK right now is about £100. Back in 2012, it was about £70. Taking inflation into account, that price has stayed static. Brands like Kobo are also in the £100 to £150 range.

About the cheapest retail eReader is the PocketBook Lux 4 for £85 or the (terribly reviewed) Woxter Scriba for £70.

AliExpress has loads of second-hand and obsolete models at cheap-ish prices. But a surprising dearth of new eReaders.

Going wholesale, Alibaba has a range of models, some of which clock in at around £30.

But, of course, that's before shipping and tax. They won't come with any manufacturer's warranty and don't expect any software updates. Also, good luck getting accessories!

So what's stopping new eReaders being released at a cheap(er) price? I think it comes down to four main things.

Reading is a niche hobby

Around 40% of UK adults didn't read a single book last year. That survey combines reading books and listening to audiobooks. Of the 60% who do read/listen, about 14% primarily listen. Of those that read, around 60% do so on paper books.

If reading is niche, reading electronically is a tiny niche! This is somewhat of a chicken-and-egg argument. If an eReader were the same cost as a mass-market paperback, I'm sure many more paper-book readers would become converts.

The whole point of an eInk reader is that it is a distraction-free environment. Yeah, you could scroll TikTok on one, but it isn't a pleasant experience. An eReader is designed for one thing only, unlike a phone or tablet. Do enough people want to carry yet-another-bloody-device just for reading?

eInk is expensive

The company which makes eInk hold several patents on the process. They're not a patent troll; they're building a business and selling mega-hectares of the stuff. Understandably, they have an interest in keeping prices high. They don't want to cannibalise their own market.

A basic 6 inch screen with wiring costs around £20 wholesale - that's from Alibaba, so doesn't include tax and shipping. That's before you've added any electronics or a operating system.

Speaking of which…

Android is a bottleneck

The promise of the Android Open Source Project was a free Operating System for anyone to use. The reality has been a little different. Most people want to be able to use basic Android functionality - like download operating system updates or reading apps. But Google doesn't allow that for eInk devices.

As I understand it, Google requires Android devices to have colour screens and, so I've read, won't certify eInk eReaders for newer versions of Android.

So manufacturers have to source parts which have drivers for older versions of Android. Or they have to develop their own OSes.

Books are fungible

Back when Apple sold iPods, they knew that the majority of purchasers would buy MP3s direct from Apple. The perfect symbiotic relationship! But the walled-gardens cracked and now people can buy their music from anywhere.

Amazon keeps this model for its eBooks. Unless you're prepared to get technical, you can only read Amazon books on your Amazon Kindle paid for with your Amazon wallet.

Games consoles are often sold at a loss because the manufacturer knows they'll make it up in game sales and subscriptions.

A low-price manufacturer is unlikely to also run a book store and wouldn't be able to cross-subsidise their hardware with content sales.

Alternatives

Some people have tried building open source eReaders but they're either abandoned, not suitable for production, or ridiculously expensive.

Buying second hand is relatively cheap - often under £50. But eInk screens can be brittle, and older ones may have scratches or cracks which are effectively unrepairable.

How cheap is cheap?

I'd love a £8 eReader. Something I could throw in a pocket and not worry about damaging. An eReader which was the same price as a hardback book - around £20 - would be amazing.

But I don't think we'll get there soon. The monopoly on screen technologies sets a retail floor of around £30, before the rest of the hardware is taken into account. Niche hardware is viable - but only with decent OS support. Other than Kobo and Amazon, no book retailer wants to stray outside their core competency to develop and subsidise hardware.

So I guess it's buy second-hand, or wait for the patents to expire.

You can see some internal photos on this Mastodon thread. ︎

Decorative text within HTML

2025-05-24T11:09:12Z

Back in 2020, Andy Bell introduced me to the idea of grouping attribute values.

You've probably seen something like this before:

A single class over-encumbered by all sorts of things. The more modular way to write this would be:

That's pretty good! Each one of those classes can have its own bit of CSS and everyone is happy. But… sometimes it is hard to spot the gaps. Is that a - or a spec of dirt on your screen? Is there a way to make it more visually obvious what the groupings are?

Andy proposed this:

Or, if you don't like brackets, this:

The nice thing about attributes values is that they can contain any character. The spec says:

An attribute value is a string. Except where otherwise specified, attribute values on HTML elements may be any string value, including the empty string, and there is no restriction on what text can be specified in such attribute values.

Obviously there are some little gotchas. Quotes may need to be encoded, and some attributes only take specific variables. For the class attribute, however, the spec says they can have:

A set of space-separated tokens is a string containing zero or more words (known as tokens) separated by one or more ASCII whitespace, where words consist of any string of one or more characters, none of which are ASCII whitespace.

If a string isn't referenced within the CSS, it is simply ignored. So let's get creative!

Space Cowboy

You can space your variables however you like. These are all perfectly valid and (might) be easier for a human to read.

Separating out primary and secondary classes:

Newline classes:

Vertically aligned classes:

Specific call-outs

Remember, you can have any text in your class names. If you need to highlight something specific to a human, you could use emoji:

Unicode Abuses

Unicode contains lots of mathematical symbols which look like letters but aren't. You could write something like:

But I wouldn't recommend it; you would need to change your CSS to target those particular values.

Commenting

All code should be self commenting. HTML allows but there's nothing stopping you from adding comments inside values.

I'd suggesting using underscore spacing to keep things readable and avoid having words which are accidentally class names.

Or, go artstic:

Yes. That is perfectly valid HTML. It may not be sensible, but it won't cause any problems in the browser. It might make people grumpy though.

Caveats

There are a few things to be aware of here:

Optimisers might strip spaces.
Pre-processes might re-order values.
This is unusual and humans might get confused.

Book Review: How to Land a Plane by Mark Vanhoenacker ★★★★☆

2025-04-27T15:00:03Z

I was lounging by the pool while on holiday, desperately hoping that I would never need to use the knowledge contained within this book.

"How to Land a Plane" is not a metaphor. This isn't a book which teaches you life-lessons via the exciting world of aeronautics. It is a charming and practical guide to landing plane. What the various instruments say, how the controls work, and the basics of navigation.

The author strikes an irreverent but relaxing tone, the sort which might sooth a nervous flyer, as he gently bombards the reader with facts. There are some excellent illustrations and lots of rabbit-holes for the curious adventurer to wander through. The writing is pure poetry about motion.

It is one of those books which makes you feel clever without effort. For an over-confident man like me, it is utter catnip. I'm now convinced I could mansplain landing a 747 and take a reasonable crack at it if the pilot were incapacitated.

Our flight home was - sadly - uneventful.

I am indebted to my former colleagues at CDDO for getting me this fine leaving present - and regretful that it took me so long to read!

Book Review: Throne of the Crescent Moon by Saladin Ahmed ★★★★★

2025-05-05T08:32:31Z

After reading Saladin Ahmed's collection of short stories, I was keen to read more. This book is fantastic! Fantasy books usually seem to be swords and dragons, set in a generic European country. Crescent Moon is scimitars and sorcery, and set in a mythical Middle-Eastern country.

The writing is sublime. It feels like an ancient epic, translated a hundred years ago with archaic language left intact. It'll make good use of your eReader's dictionary to discover words like "ensorcelled".

Amongst all the blood and magic, are literary gems like:

Zamia’s little laugh cut through him like a sword poisoned with pure happiness.

But, perhaps the best thing about this, is that it reads like the end of a trilogy. The characters are all established, there's little exposition about the fantasy-word, the environment is richly textured. Above all, the characters are tired!

It is a fast-paced, exciting, and entertaining book. Perfect for fantasy-lovers who fancy something a bit different from endless Game-of-Thrones rip-offs.

Can you meaningfully measure how environmentally friendly a website is?

2025-05-04T08:10:22Z

Think global; act local. That's the mantra, right? I can't stop coal plants belching out suffocating pollutants, but can I ensure my website is as environmentally friendly as possible?

There are several services which claim to be able to detect just how lean, green, and clean your website is. But, in my opinion, they're all a bit inadequate.

WebsiteCarbon

The WebsiteCarbon.com service gives me this very pleasing report

But what does that actually mean? There's an almost content-free description of their rating system. It boils down to how large your web pages are and whether your data centre runs on green energy.

I specifically chose Krystal as my host because of their green energy credentials. So it got that right.

WebsiteCarbon seems to just be an advertising pitch for their paid-for auditing services:

You can get a comprehensive view of a website’s emissions and potential improvements by carrying out a Website Carbon Audit.

Let's try another service.

EcoGrader

EcoGrader gives me a lower score but provides a lot more detail about why.

They also give tips on how I can improve things.

Do you notice anything about those tips? They're basically the same as Core Web Vitals! A set of useful, if generic, tips to optimise your website.

Others

There are several other services which claim to measure your site's eco-credentials. But, as far as I can tell, they're all doing the same thing; reskinning Core Web Vitals or similar products.

Some, like, Blacklight are promoted on the claim that excessive tracking scripts are an environmental disaster. In the end, the message is the same - clean up your website to make it ~~faster~~ more efficient.

What Does This Mean?

The energy efficiency of modern codecs is often asymmetric. It might be energy intensive to encode a movie - but that's paid back a thousand-fold by having to store and stream less data and by the efficiency of the decode process at the user's end.

If you operating at planetary scale then, yes, a small saving affecting a billion users will have a huge impact. If you're optimising a single hero image on your recipe blog, probably not so much.

Much like the discredited idea that by switching off your "standby" devices you can save £££, most of these website changes are marginal at best.

Yes, we should strive for svelte and performant websites - as much for usability as for environmentalism. It makes ecological sense to choose a hosting provider who is at least somewhat responsible in their energy usage - as much for cost as for anything else.

If these websites help convince your boss that you can remove horrific amounts of JS, upgrade images to WebP, and set sensible caching policies - great! Sell them the shiny accreditation badge while you go about making the site better.

Finally, a word of caution to anyone implicitly trusting these services - there's no way to know what's going on in the background of a website. An ultra efficient looking website served from a green data-centre, might be spinning up a dozen LLMs just to churn out the page content. A slow website might be solar powered. All those ultra-compressed images might be adverts for fossil fuels.

And every time you leave a comment on my blog, I shoot a panda.

Book Review: Death Glitch - How Techno-Solutionism Fails Us in This Life and Beyond by Tamara Kneese ★★★★⯪

2025-05-14T16:50:10Z

What happens after we die? All dogs go to heaven, but all data eventually gets corrupted.

Most online services are designed for the "happy path". Users never change name, gender remains fixed, spouses never divorce, and customers live forever. The real world is a tad more complicated. As the book puts it:

When death occurs for users and platforms, it becomes a kind of glitch that reveals needs that designers did not originally consider.

This is an exploration of what happens to our digital remains after we have shuffled off this mortal coil.

Did you know that graves are regularly re-used? The plot your dear old granny is buried in, will one day make room for someone else's beloved. The same is true on the Internet.

When Paul created a memorial website for Julie, julieslife.com, he found that two other women named Julie had used that domain before; he was building on top of their digital traces.

It is worth noting that this is an academic book. It is rather heavy on the (Marxist) theory and a little unforgiving to the casual reader.

In Chun’s estimation, digital information is itself “undead,” having ghostly qualities that she likens to Karl Marx’s commodity fetishism: “if a commodity is, as Marx famously argued, a ‘sensible supersensible thing,’ information would seem to be its complement: a supersensible sensible thing.”

Death is hard work for all involved. Do you want your loved ones to be burdened with the admin of keeping your domain active? Do they really want the hassle of sorting through your MP3s? Does anyone care about your custom Netflix algorithm?

One of the hardest things I had to do recently was "unfriend" someone who had died. The platform didn't have a "memorial" option, and I kept being suggested to reconnect with someone who was uncontactable without a Ouija Board. The book points out how Facebook and other platforms evolved to support the death of their users - even though the platforms were sometimes reluctant in the face of hostility from the living.

Instead of trusting religious entities with their immortal souls, users should put their faith in the tech industry. Rather than employing established institutions or kinship networks to manage digital belongings, ordinary users are expected to outsource that labor to a host of relatively new web-based companies that might very well dissolve within a decade.

These are secular problems which remain unsolved. They cannot be solved by the current cultural hegemon:

Digital remains are dependent on the global reach and future existence of successful platforms, but they are also mostly located in the United States, particularly in the San Francisco Bay area and along the West Coast.

The author also directly attacks me:

Smart homes are designed according to the specifications of those who build them and do not take into account the desires of those who inherit them. They are fundamentally incompatible with the collective care work needed to keep them running.

Harsh but fair!

I could quote endlessly from this book. It points out how digital devices become haunted objects, as our last wishes cascade through endless algorithms, how we don't control digital products in the same way as we do the physical, and how it is our duty to die responsibly.

It is a little heavy on the Marxist discourse but, to be fair, the right-wing are incapable of writing anything academic - so the free market has prevailed and delivers us Socialist dreams.

The only question I have left to ask is: who gets my ringtones when I die?

Book Review: Protective Practices - A History of the London Rubber Company and the Condom Business by Jessica Borge ★★★★☆

2025-04-26T10:29:46Z

Did you know that there was a virtual monopoly on condom production in the UK? I certainly didn't! This book is a detailed dive into how and why one company came to dominate the "French Letter" business and the ways in which British culture shaped them.

This is a sober and detailed look through the lifespan of a fascinating British company. It is, in part, corporate biography, marketing textbook, business thriller, and social history. Dr Borge has an eye for the interesting story buried deep within the manilla folders of corporate drudgery.

It starts with a little pre-history of the condom, how it came to be, and how it was marketed. Of interest me was just how attitudes about sex waxed and waned throughout the years:

Both in London and in provincial towns, retailers presented contraceptive supplies blatantly and without embarrassment, so much so that the commercialization of contraceptives was well established by the interwar period. Women and men of any class might purchase them on high streets

There are amazing titbits of historical shenanigans - with the eugenicist Marie Stopes coming in for some well-deserved criticism.

Stopes, who broke away from the NBCA/FPA, believed in the “highly stimulating” (by which we can infer sexually arousing) power of semen absorption through vaginal walls, and vetoed the condom on that basis.

Considering the secrecy surrounding the London Rubber Company, there are a good number of archival photos which enliven the text. In fact, more than secret, at time the company seems to have become a cult - under thrall to its purported founder while whitewashing dissenting heretics.

It is weird to see just how much and little has changed when it comes to attitudes around health and birth control.

Comparable to the later Point of Display law for cigarettes, which came into force under the 2009 Health Act and saw tobacco products covered by opaque shutters in shops, 1930s campaigners felt that attractive packaging enticed consumers into patterns of behaviour in which they would not otherwise engage.

Imagine telling someone from the 1940s that tobacco adverts would be banned in the future but contraceptives and sex aids would be on full display!

At times, it does stray slightly into textbook territory. Each chapter has an introductory summary and an ending recap. I suspect part of the target audience may be marketing students who are assigned to read one specific chapter, or business studies students tearing through it in a hurry.

What amazed me was just how underhand and duplicitous the London Rubber Company appeared to be. They abused their monopoly, tried to force clinics to carry their advertising, and even engaged in astroturfing:

To this end, the ‘Genetic Studies Unit’ was invented by London Rubber’s PR agent, Marc Quinn Associates, in 1964.

We go through politics, changes in attitudes, and the geo-politics of rubber supplies. To say it is varied is an understatement!

For a company obsessed with making money, it is downright strange how their internalised bigotry almost broke the company.

the transition to a new customer base was culturally problematic for the company. Its dependence on addressing its consumer base through normative stereotypes was well established, and it was reluctant to publicly acknowledge the use of its product outside of the normative heterosexual family.

The ending is a little abrupt, covering several decades in a single chapter - it could easily have been twice the length.

Ultimately, if you're interested in the intersection of commerce and the politics of sex, this is the book for you.

Book Review: The Canterbury Tales - Geoffrey Chaucer (Standard Ebooks version)

2025-04-26T10:29:43Z

I am flying through the sky with a magic glass on my lap. As I hurtle at terrifying speeds to lands undreamed of, Chaucer's words arrange themselves on the slate. With the merest flick of my fingers another tale appears. In a few hours I will have covered more distance than he ever did in his lifetime. The parchment evidence of his life is now compiled for all to read.

I can't remember when I last read a book aloud. With Chaucer, I found myself mouthing along to the lines - it was the only way to make sense of the rhythms and rhymes. The Standard Ebooks version is a copy of the mid-1800s translation so while the language is somewhat more accessible, there are still lots of explanatory footnotes and a fair bit of dictionary look-ups.

What's fascinating is how the tropes and stereotypes echo down through the ages. The COVID profiteers are no different to the plague doctors:

He kept that he won in the pestilence.
For gold in physic is a cordial;
Therefore he loved gold in special.

It is also delightful to use rhymes to see how language has changed:

Translation
And weakë be the oxen in my plough;
The remnant of my tale is long enow.

Original
And wayke been the oxen in my plough.
The remenant of the tale is long ynough.

I was impressed by just how silly Chaucer is - it really feels like he's making up the story casually as he goes along:

Her yellow hair was braided in a tress,
Behind her back, a yardë long I guess.

Which also brings forth some genuine laughs:

Who couldë rhyme in English properly
His martyrdom? forsooth, it is not I;

The Knight's Tale goes on a bit, and is desperately melodramatic. But the pace is good and the story compelling.

The Miller's Tale is rude

And at the window she put out her hole,
And Absolon him fell ne bet ne werse,
But with his mouth he kiss’d her naked erse
Full savourly. When he was ware of this,
Aback he start, and thought it was amiss,
For well he wist a woman hath no beard.
He felt a thing all rough, and long y-hair’d,
And saidë; “Fy, alas! what have I do?”
“Te he!” quoth she, and clapt the window to;

It gets even more scatalogical:

“Speak, sweetë bird, I know not where thou art.”
This Nicholas anon let fly a fart,
As great as it had been a thunder dent;
That with the stroke he was well nigh y-blent;

Although - content warning - it does have a fair bit of rape and sexual assault in it.

I was fascinated with how much scientific knowledge there was in it. Along with the talk of "infinity" there's a marvellous passage about calculating the time from the sun:

And saw well that the shadow of every tree
Was in its length of the same quantity
That was the body erect that caused it;
And therefore by the shadow he took his wit,
That Phoebus, which that shone so clear and bright,
Degrees was five-and-forty clomb on height;
And for that day, as in that latitude,
It was ten of the clock, he gan conclude;

He also displays a surprisingly amount of knowledge of Islam and some of its central theses.

The Wife of Bath is amazing! A total feminist icon. With her five husbands that she's outlived after gaining their great big tracts of land. She rails against the patriarchy, the fetishisation of chastity, and the hypocrisy of men

But well I wot, express without a lie,
God bade us for to wax and multiply;
That gentle text can I well understand.
Eke well I wot, he said, that mine husbánd
Should leave father and mother, and take to me;
But of no number mentión made he,
Of bigamy or of octogamy;
Why then should men speak of it villainy?

Once you can get past the language barrier and get into the rhythm, the stories are bawdy and jolly.

Sadly, I had to give up reading the Standard Ebooks version halfway through. Although it is perfectly formatted and beautifully typeset, it has numerous typographical errors. It appears most of those typos appear in the Gutenberg version which it is adapted from. I sent a few pull requests to fix the ones I found but it became increasingly frustrating not knowing whether a spelling was archaic or merely transcribed incorrectly.

The other issue is that this is the Purves translation from the mid-1800s. Although it does a reasonable job with explanatory footnotes, it also is weirdly censored in places. For example, in The Wife of Bath, the titular character says:

Is it for ye would have my [love] alone?

What word has been elided? The original is:

Is it for ye wolde have my queynte allone?

Yes kids! Chaucer used very naughty words!

So I stopped reading that version and will restart with a more modern and less Bowdlerised version. Any recommendations?

Book Review: Learning to Think by Tracy King ★★★★★

2025-05-10T20:38:43Z

What does it mean to write an autobiography?

For most people, their autobiography is a series of well-worn stories that they've told themselves. I remember reading Peter Mandelson's autobiography and being staggered at how he won every argument he ever had and was proved completely right by history. I'm sure you've read a dozen autobiographies where the subject has gleefully recounted something which sounds true, but with no fact checking.

Tracy King's autobiography is different. There is a story that she has told herself about her father's death. The event is a pivotal point in the life of her and her family. Their world is shattered by the tragedy and the events surround it become mythologised. Rather than just retelling the story, she asks the important question - is this true?

That's what Learning To Think is about.

Do you have the courage to revisit a distressing moment from your past and interrogate it? We all have totemic stories about our history but very few of us go back to check whether our memories are accurate. I hesitate to describe the revelations as a "plot-twist", because this is real life, but it is astounding.

The writing is beautiful and portentous. It also spends a fair amount of time seeking to understand why people (like the author) get drawn to religion, mysticism, and conspiracy theories:

Solving problems you’ve invented is a good facsimile of empowerment when you’ve never had the real thing.

It would be tempting to lump this in with the "misery memoir" genre - but I think it is something else. It isn't about revelling in the pain and inviting the reader to share it, instead it is a hopeful look at how the truth sets us free. It is bleakly hilarious at times with its blunt assessment of some shocking events.

I sometimes worry that science and "new rationalism" is a cult. It can attract people who are desperate for answers and want to surrender to a system which will teach them the secret truths of the world. But, as this book points out, rationality gives us the power to say "but I could be wrong".

Science should teach us to be humble. Not humble in front of a god; humble in front of our own fallibilities and vulnerabilities.

This is a thought-provoking and wonderful book.

Stop using preg_* on HTML and start using \Dom\HTMLDocument instead

2025-05-05T10:53:40Z

It is a truth universally acknowledged that a programmer in possession of some HTML will eventually try to parse it with a regular expression.

This makes many people very angry and is widely regarded as a bad move.

In the bad old days, it was somewhat understandable for a PHP coder to run a quick-and-dirty preg_replace() on a scrap of code. They probably could control the input and there wasn't a great way to manipulate an HTML5 DOM.

Rejoice sinners! PHP 8.4 is here to save your wicked souls. There's a new HTML5 Parser which makes everything better and stops you having to write brittle regexen.

Here are a few tips - mostly notes to myself - but I hope you'll find useful.

Sanitise HTML

This is the most basic example. This loads HTML into a DOM, tries to fix all the mistakes it finds, and then spits out the result.

$html = 'Hi
Test
';
$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED , "UTF-8" );
echo $dom->saveHTML();

It uses LIBXML_HTML_NOIMPLIED because we don't want a full HTML document with a doctype, head, body, etc.

If you want Pretty Printing, you can use my library.

Get the plain text

OK, so you've got the DOM, how do you get the text of the body without any of the surrounding HTML

$html = 'Hello World!'; $dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR , "UTF-8" ); echo $dom->body->textContent;

Note, this doesn't replace images with their alt text.

Get a single element

You can use the same querySelector() function as you do in JavaScript!

$element = $dom->querySelector( "h2" );

That returns a pointer to the element. Which means you can run:

$element->setAttribute( "id", "interesting" ); echo $dom->querySelector( "h2" )->attributes["id"]->value;

And you will see that the DOM has been manipulated!

Search for multiple elements

Suppose you have a bunch of headings and you want to get all of them. You can use the same querySelectorAll() function as you do in JavaScript!

To get all headings, in the order they appear:

$headings = $dom->querySelectorAll( "h1, h2, h3, h4, h5, h6" ); foreach ( $headings as $heading ) { // Do something }

Advanced Search

Suppose you have a bunch of links and you want to find only those which point to "example.com/test/". Again, you can use the same attribute selectors as you would elsewhere

$dom->querySelectorAll( "a[href^=https\:\/\/example\.com\/test\/]" );

Replacing content

Sadly, it isn't quite as simple as setting the innerHTML. Each search returns a node. That node may have children. Those children will also be node which, themselves, may have children, and so on.

Let's take a simple example:

$html = 'Hello'; $dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" ); $element = $dom->querySelector( "h2" ); $element->childNodes[0]->textContent = "Goodbye"; echo $dom->saveHTML();

That changes "Hello" to "Goodbye".

But what if the element has child nodes?

$html = 'Hello friend'; $dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" ); $element = $dom->querySelector( "h2" ); $element->childNodes[0]->textContent = "Goodbye"; echo $dom->saveHTML();

That outputs
Goodbyefriend
- so think carefully about the structure of the DOM and what you want to replace.

Adding a new node

This one is tricky! Let's suppose you have this:

Hello

You want to add an
before the
. Here's how to do this.

First, you need to construct the DOM:

$html = '
Hello'; $dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );

Next, you need to construct an entirely new DOM for your new node.

$newHTML = "Title"; $newDom = \Dom\HTMLDocument::createFromString( $newHTML, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );

Next, extract the new element from the new DOM, and import it into the original DOM:

$element = $dom->importNode( $newDom->firstChild, true );

The element now needs to be inserted somewhere in the original DOM. In this case, get the h2, tell its parent node to insert the new node before the h2:

$h2 = $dom->querySelector( "h2" ); $h2->parentNode->insertBefore( $element, $h2 ); echo $dom->saveHTML();

Out pops:

Title Hello

An alternative is to use the appendChild() method. Note that it appends it to the end of the children. For example:

$div = $dom->querySelector( "#page" ); $div->appendChild( $element ); echo $dom->saveHTML();

Produces:

Hello Title

And more?

I've only scratched the surface of what the new 8.4 HTML Parser can do. I've already rewritten lots of my yucky old preg_ code to something which (hopefully) is less likely to break in catastrophic ways.

If you have any other tips, please leave a comment.

Gadget Review: AsiceSound Bluetooth Earbuds S23 ★⯪☆☆☆

2025-05-08T18:16:25Z

The good folks at AsiceSound sent me their latest Bluetooth Earbuds. They're yet another no brand company which rebadge various Chinese gadgetry.

The S23 are £50, which is a reasonable price compared to AirPods, and expensive compared to bargain basement earbuds. So what do these have going for them?

The charging case shows the battery level of each bud

You get a few different sized tips for the earbuds.

But, on the flipside…

Lack of Qi / Wireless charging of the case.

Charging display flashes constantly.

Touch controls are a nightmare.

*sigh* Let's talk about controls. If your phone is in your pocket, you want an easy way to change the volume, play/pause, skip tracks, and summon your digital assistant.

On the Pixel Buds you can tap, hold, and swipe for those controls on either ear. On these, not so much. You need to remember a precise sequence of taps if you want to do anything.

Oh, you also need to remember which ear to use. Here's the list of controls.

Tap once

Either ear: Play / Pause

Either ear: Answer / Hang-up call

Tap twice

Left ear: Previous Track

Right ear: Next Track

Tap three times

Left ear: Volume Down

Right ear: Volume Up

Hold 2 seconds

Launch assistant.

Reject call.

Hold 3 seconds

Left ear: Turn off left headphone

Right ear: Turn off right headphone

Yup! There's no way to switch both off with one gesture. And if you hold down for Siri for too long, you one of your buds switches off. And if you're too slow with your volume changes, the track either pauses or skips. It really is frustrating to use.

Volume control worked, as did play/pause. I couldn't get double-tapping to skip track to work on Android or Linux.

Charging

The buds recharge inside a case. It takes a standard USB-C cable - albeit only at 5V. It also seems to discharge into the headphones disturbingly rapidly.

https://shkspr.mobi/blog/wp-content/uploads/2025/05/output.mp4

You do get to see how charged each side is, which is helpful. But, when charging, the display on the case flashes constantly which is a bit annoying.

There's no wireless charging in the case, no rapid charging, or anything like that.

Audio

They claim that codec support includes LDAC - but my Android only showed AAC or SBC for audio. My other headphones will work with LDAC, so I don't think my phone is the problem.

Audio playback quality was fine. Voice quality was a little muffled.

Their Amazon advert claims "Active Noise Cancellation" but I couldn't find any evidence of that. There was certainly no way to turn it on or off. The snug fit of the rubber tips did keep our a fair bit of noise though.

Linux

They paired just fine with Linux - showing as both a headset (with microphone) and headphones.

The only codecs it advertised were:

You can read about the difference between the codecs - they're all basically fine for listening to music, but none are LDAC.

Verdict

I can't really recommend these. The sound quality is good - although not as advertised. A range of tips means they fit well enough and won't fall out while you're exercising. Voice quality is adequate.

But the interface is so frustrating.

The touch-target on the headphones is fairly small, so it is pretty easy to miss it entirely. If you miss one of your triple-taps it becomes a double-tap, which might not be what you want at all.

You have to remember a bewildering array of taps - and they differ between ears.

There's a horrible tinny voice to announce when a device is paired or the buds are powered off. It sounds cheap and nasty.

If you're prepared to memorise and put up with the interface, I'd still say they were overpriced.

Gadget Review: DisplayPort to HDMI Showdown

2025-04-23T13:59:29Z

From crummy old S-Video, through SCART, VGA, and HDMI - the world of video connectors has never been entirely cross compatible. Oh, sure, with enough boxes and adapters you can usually get an old device to talk to a new one. But results are never guaranteed and quality can take a hit.

HDMI was supposed to be our saviour, but now DisplayPort threatens its dominance. What's the difference? For the average user - nothing. They both carry high-fidelity video and audio at resolutions higher than the human brain can interpret. Unless you are trying to pump 8K streams 5cm from your eyeballs at 200Hz, you're not going to notice the difference between the standards. They both do surround sound which your home cinema speakers are woefully under-specced for.

The main differences boil down to:

DisplayPort has a spring-loaded latching mechanism which prevents cables coming loose.

Lots of laptops and phones support DisplayPort via USB-C's DP Alt Mode.

DisplayPort monitors can be "daisy chained" to each other.

HDMI supports ARC (Audio Return Channel) which means your screen's sound can be sent back down the HDMI cable to an amp.

DisplayPort uses Packetized Data Transmission which, in theory, is more efficient than HDMI.

But, in the end, it all comes down to this:

What port your screen has.

My USB-C Docking Station has two DisplayPort outputs and a single HDMI socket. My 4K Vertical Monitor has DP, but my older monitor is stuck with HDMI. Is there anything I can do to convert the DisplayPort signal from my USB-C hub into an HDMI signal the monitor will understand?

Yes!

The good folks at Benfei have chucked me a couple of their adapters to test out. Let's put them through their paces.

Here's their 4K one:

And their 1080p one:

Rather handily, there are little instructions on the dongle to tell you which end is which.

The important thing to note is that they are both "plug and play", no drivers needed.

Feature Regular 4K

Max resolution 1080p 4K

Max refresh 60Hz 60Hz (4K)
120Hz (2K)

Features Latch on DisplayPort Nylon braided cable

Cost £10 £12

The main difference between the cables is that the lower-resolution one has a locking latch on the DisplayPort end.

I just couldn't get the lower-resolution one to work. My laptop saw it, it identified the monitor and its available resolutions, my sound output could be routed to it - but no video appeared. Yes, I tried rebooting and updating, and unplugging, and sacrificing a chicken - no dice.

The other one worked perfectly. Video came through crisp and clear. Instant detection. Like any modern electronics, it did get a little warm with constant use - but nothing too serious.

Bonus Flipmo Selekta!

What if you want to go the other way? Converting HDMI to DP? Let's go!

Wait? Why is there a USB plug on this thing?

The standard DisplayPort can supply 3.3V @ 0.5A. That's usually enough to power a converter chip. However HDMI can only do 5V @ 0.05A which is insufficient to power anything useful⁰.

Does it work? Yes! The USB plug is only used for power - it doesn't require any drivers or configuration. Plug it into your laptop or hub, plug the HDMI jack into your port, run a DisplayPort cable from it to your monitor. Done.

Buy

Please click the affiliate links so that I can feed my crippling technology addiction.

DisplayPort to HDMI (HD & latching)

DisplayPort to HDMI (4K non-latching)

HDMI to DisplayPort adapter

HDMI 2.1b will support higher power - but those are pretty rare. So a USB plug is needed to power the converter. ︎

Too many overflows reporting Gmail spam

2025-04-26T10:29:17Z

What does the humble ⋮ symbol mean to you?

To geeks, it is a compelling attraction. Something cool and esoteric lives in there! All sorts of goodies to explore and configure.

To normal people, it is invisible. Normal people don't go pushing random icons on their apps because computers are fragile and may break if you do the wrong thing.

To me, it is a sign that product managers are a menace and must be stopped. A hundred thousand icons vying for your attention have been stuffed away because no one has the authority to prioritise user needs.

As a | user who has received some spam

I want to | easily report it as spam

So that | ~~Google's AI can become ever stronger~~ my inbox is easier to manage

How do you report spam? On the web, it is possible if you're prepared to enter the forbidden lair of ⋮. Click the one nearest the message and you'll see:

But there is no "report spam" button in the Gmail app. Try to find it. I promise you it isn't there.

No, not even behind the door of mysteries which is ⋮. See:

Ah ha! FOOLISH USER!! You thought that you could transfer a mastered skill from one environment to another? You are an idiot. A buffoon. The Eloi at Google mock your Morlock ways.

Here is the report spam button in the Gmail app - hidden in the top ⋮ menu!

And, just for completeness, here's what the top ⋮ on the web has.

Why?!

Why do the Monkey-Punchers at Google have such scorn for its users? Is it because their illegal monopoly means they don't have to compete for users? Do their perverse internal politics only reward employees for adding features, not removing them? Perhaps the web team and the app team are engaged in holy war around a doctrinal schism over icon placement?

We may never know.

OK, but why?

Why do the overflows on the web have icons but on the Android app they're barren?

Why is the order of the options completely different on both?

Why are the names different for the same functions?

We can only assume that the web team are Montagues and the app team Capulets.

What is going on?

Moving a UI from the big screen to the small screen is difficult. Some options aren't relevant in either context. Some labels are too big. Some prioritisation needs to happen. I accept that.

But users only have limited cognitive plasticity. They have a mental model of how a UI works and they expect it to be reasonably consistent.

I keep making the same mistake. Whether I'm on the web or app, I always go to the wrong option! This makes me feel like an idiot. I have a hundred apps to use, each with subtly different UIs - I can't be expected to keep them all straight. But I do expect the a common set of paradigms if the services are under the auspices of a single company.

Why are there two ⋮ menu options? I think the top relates to the conversation whereas the second relates to the specific message? But maybe I'm wrong.

Two out of three ain't bad

I lied earlier. There's a third way to report spam.

On the web, hover over one of the mysterious small icons - the ones with ridiculously thin lines and low contrast - and you'll be rewarded with this:

Make it make sense!!

Get alerted when your Kobo wishlist books drop in price

2025-04-29T08:58:10Z

The brilliant kobodl Python package allows you to interact with your Kobo account programmatically. You can list all the books you've purchased, download them, and - as of version 0.12.0 - view your wishlist.

Here's a rough and ready Python script which will tell you when any the books on your wishlist have dropped below a certain amount.

Table of Contents
Prerequisites
Get your wishlist
Sort the wishlist
Create the Message
Send an Email
Setting the settings
The End Result
Next Steps

Prerequisites

Install kobodl following their guide.

Log in with your account by running kobodl user add

Check that the configuration file is saved in the default location /home/YOURUSERNAME/.config/kobodl.json

Get your wishlist

The kobodl function GetWishList() takes a list of users and returns a generator. The generator contains the book's name and author. The price is a string (for example 5.99 GBP) so needs to be split at the space.

Here's a quick proof of concept:

import kobodl wishlist = kobodl.book.actions.GetWishList( kobodl.globals.Settings().UserList.users ) for book in wishlist: print( book.Title + " - " + book.Author + " " + book.Price.split()[0] )

Sort the wishlist

Using Pandas, the data can be added to a dataframe and then sorted by price:

import kobodl import pandas as pd # Set up the lists items = [] prices = [] ids = [] wishlist = kobodl.book.actions.GetWishList( kobodl.globals.Settings().UserList.users ) for book in wishlist: items.append( book.Title + " - " + book.Author ) prices.append( float( book.Price.split()[0] ) ) ids.append( book.RevisionId ) # Place into a DataFrame all_items = zip( ids, items, prices ) book_prices = pd.DataFrame( list(all_items), columns = ["ID", "Name", "Price"]) book_prices = book_prices.reset_index() # Get books cheaper than three quid cheap_df = book_prices[ book_prices["Price"] < 3 ]

Create the Message

This will write the body text of the email. It gives you the price, book details, and a search link to buy the book.

from urllib.parse import quote_plus # Search Prefix website = "https://www.kobo.com/gb/en/search?query=" # Email Body message = "" for index, row in cheap_df.sort_values("Price").iterrows(): name = row["Name"] price = str(row["Price"]) link = website + quote_plus( name ) message += "£" + price + " - " + name + "\n" + link + "\n\n"

Send an Email

Python makes it fairly easy to send an email - assuming you have a co-operative mailhost.

import smtplib from email.message import EmailMessage # Send Email def send_email(message): email_user = 'you@example.com' email_password = 'P@55w0rd' to = 'destination@example.com' msg = EmailMessage() msg.set_content(message) msg['Subject'] = "Kobo price drops" msg['From'] = email_user msg['To'] = to server = smtplib.SMTP_SSL('example.com', 465) server.ehlo() server.login(email_user, email_password) server.send_message(msg) server.quit() send_email( message )

Setting the settings

When running as a script, it is necessary to ensure the settings are correctly initialised.

from kobodl.settings import Settings my_settings = Settings() kobodl.Globals.Settings = my_settings

The End Result

I have a cron job which runs this every morning. It sends an email like this:

Next Steps

Some possible ideas. If you can code these, let me know!

Save the prices so it sees if there's been a drop since yesterday.

Compare prices to Amazon for eBook Arbitrage.

Automatically buy any book that hits 99p.

Happy reading!

Is enhancement the same as manipulation?

2025-04-30T12:33:29Z

How far can you enhance an image or video before you cross the line into manipulation?

The UK is currently prosecuting two men accused of a crime. Part of the prosecution's evidence is a video⁰. In showing it to the jury, the prosecution have said:

the two minute and 41 second-long video is "extremely dark" but the "unmistakeable" noise of a chainsaw can be heard followed by the sound of a tree falling.

Police experts have "enhanced" the video as much as possible but it has "not been interfered with", Mr Wright tells the jury.

BBC News

I think most reasonable people would agree that creating an AI "Deep Fake" by inserting the faces of the pair into the video, would be unacceptable.

What about boosting the brightness on the video? That seems pretty unobjectionable to me and, I suspect, most neutral parties.

Suppose the prosecutors used AI to enhance the image? Perhaps adding a background which wasn't there up maybe upscaling the video resolution and introducing elements which didn't exist before? I think that's a step too far. Algorithmic enhancement strays into manipulation territory.

But what if the police ran a face detection algorithm on the video and only boosted the visibility of those parts, rather than the rest of the video? Now I think we're haggling over price.

The photographer Paul Clarke has a wonderful blog post about enhancing photographs of MPs - take a look at those photos. Are they enhanced or manipulated? Do you feel differently if it is a photo of an MP from "your" side?

But just brightening and colour correcting is fine, right?

This is a well-known problem in legal circles¹. Boosting the colouring of a photo may make an injury seem more severe. Zooming or cropping an image may make someone seem closer to the action than they were.

The Crown Prosecution Service has this to say about video² evidence:

In terms of proving the authenticity of the video recording, the Prosecution must be able to show that the video film produced in evidence is the original video recording or an authentic copy of the original and show that it has not been tampered with.

CPS Legal Guidance - Exhibits

I suppose it's pretty easy to show that the produced evidence can be derived by taking the original and twisting the brightness and contrast knobs. I also guess that the defence could bring in an image manipulation specialist to show that the enhanced version introduces unacceptable changes.

Although that brings with it some problems about whether an expert in manipulation can say they're an expert about the contents of the media. (No, basically.)

I'll leave you with these words from a House of Lords report in 1998:

The existence of a technology that can be used to modify images in this way need in itself be of no great concern; even the widespread availability of the technology at low cost might not cause concern.

But an apparent lack of understanding of the implications of both these facts should cause concern and warrants further study. The public and all those in the legal profession should be made more aware of the technology, what it can do, and what its limitations are.

It was suggested that criminal convictions that were dependent on evidence captured by digital cameras could be at risk if defence lawyers began to realise how vulnerable such images are to manipulation.

Select Committee on Science and Technology Fifth Report

The trial continues.

Update!

The BBC reports:

The initial video was totally dark, with just the sound of wind and a chainsaw leading up to a giant crash.

A second version has now been shown to the jury, which has been enhanced by a Northumbria Police digital media examiner.

The contrast has been changed, a white border has been put around it and the image has been made brighter.

Here's a clip of the enhanced version:

https://shkspr.mobi/blog/wp-content/uploads/2025/04/bbc.mp4

If you were presented evidence of a completely dark video, how could you be sure that subsequent "brighter" version was derived from the original?

To be clear, I'm not at the trial. ︎

With thanks to several anonymous legal friends for pointing me in the right direction. ︎

There's a good discussion about the admissibility of video evidence in [2002] EWCA Crim 2373 ︎

Who is responsible for missing money?

2025-04-27T14:59:53Z

I have a simple rule of thumb when it comes to news reports. The real story is always in the penultimate paragraph.

Let's look at this inflammatory headline:

Woman’s 'spree' after $158k banking error, refuses to return pensioner’s life savings

An Auckland beneficiary is under investigation for an alleged “spending spree” after $158,000 was mistakenly transferred to her account.
[…] pensioner lost his life savings due to an account number error.
The account number provided to Westpac had only 15 digits, not the intended 16, so Westpac added a zero to the suffice [sic] as per its usual protocols.
Newstalk ZB

Wow! That seems pretty bad. Obviously the woman who allegedly received the money and then spent it shouldn't have done that. Spending money that doesn't belong to you is a crime in most parts of the world. But let's focus on the real villain here - the evil bank!!

Why did the bank make the decision to add an extra digit to the recipient's account number?

An NZ bank account number looks like BB-bbbb-AAAAAAA-SSS.

The first two digits are the banking institution and the next four are the specific branch. The seven digit account number relates to the specific account. The three digit suffix is for the type of account. For example, your spending account might have suffix 001 and your savings account might have suffix 099.

However, because all suffices have a leading zero, it is often only displayed as two.

So, adding an extra zero to the suffix itself shouldn't have caused a problem. It would have gone to the correct recipient although it might have either gone to the wrong sub-account. Indeed, WestPac's help page on international transfers says "if your account suffix is 12, enter 012". It sounds like the journalist hasn't quite understood where the insertion happened.

It seems likely to me that the victim meant to type 1234567-001 but missed a digit, causing WestPac to shift things to 1235670-01. That's poorly formatted but technically valid.

But, wait! Don't bank account numbers have checksums? Yes! According to NZ's internal revenue, all bank account numbers have a check-digit. However, when checking an account number's validity:

If less than the maximum number of digits is supplied, then values are right justified and the fields padded with zeroes

Bank account number validation

Having played around with the algorithm, the first few digits of the account number aren't included in the checksum validation. For example, the account number 1234567 and 0234567 both pass checksumming. So it is possible that padding the start of the string wouldn't have been picked up.

Whatever the underlying issue, it is distressing to hear of someone losing a significant amount of money.

What could have stopped this?

Humans make mistakes. As an industry, we know this. It's our job to prevent, rectify, and neutralise those mistake. We need systems in place which reduce the likelihood of errors causing catastrophic failures.

Here are some systemic changes which could have prevented this:

New Zealand could adopt the IBAN standard for international transfers.

They don't seem keen on doing this.

It wouldn't prevent mistyping, but a standardised length makes transferring to the wrong account less likely.

Confirmation of Payee asks the user to type in the name of the intended recipient. If it doesn't match the bank account, the payment is rejected or cautioned against.

NZ is rolling out CoP but it doesn't yet apply to international transfers.

Multi-lingual CoP is complex. I don't know if any cross-border payments do this yet.

WestPac should have noticed the name discrepancy.

This is the argument I have the most sympathy with.

Of course, returning the money (especially to a closed account) may be difficult.

Large systems changes are expensive and time consuming.

What else could have been done? Let's go to the final few sentences of the story:

Unfortunately, the incorrect bank account number provided by Che was a valid account number for another customer, Westpac said.
“As soon as Mr Che alerted us to the issue, we traced the payment and froze the remaining funds.”
But Westpac was unable to recover the rest of Che’s money due to the seven-week delay in reporting his error to the banks.
Emphasis added

I'm not trying to victim blame here, but WestPac seem to have done what was asked for them. The sender provided an ambiguous bank account number which was, nevertheless, valid.

The sender didn't raise an issue for seven weeks. Once notified, the bank froze the recipient account and notified the police.

Yes, big evil banks should be less evil. But they're in a tough spot. People want protection, but they resent banks telling them what they can and can't do with their own money. Big systemic change is difficult but it seems crushingly unfair when an innocent party is caught in the middle.

I don't think anyone comes out of this covered in glory. Banks need to invest in technology which keeps their customers safe. Customers need to take some responsibility for checking whether a bank has done the right thing.

The only tips I can give is that you must always copy & paste financial details from a trusted source, rather than manually type them in. Always send a small amount first to check it is received. If you suspect a mistake, contact your bank immediately.

Stay safe out there.

Feature	Regular	4K
Max resolution	1080p	4K
Max refresh	60Hz	60Hz (4K) 120Hz (2K)
Features	Latch on DisplayPort	Nylon braided cable
Cost	£10	£12