Category Archives: Quotes

Everything is good in moderation; except moderation…

I thought it was about time to write an article on how I was recently fired from my job with one of the Internet’s leading moderation companies. It’s been a couple of months now, so I am confident that I can write this in a non-reactionary way since I am trying to be informational rather than adversarial; I am not even going to mention their name and I am confident that very few people will actually know for sure which company I am referring to. I am not worried about libel; I am well covered by the new UK whistle-blower laws – But pending the result of a couple of potential criminal investigations against the company I think I will keep names out if for now.

I’d worked for them for a few years – I am a Brit in Canada and they are headquartered in the UK with a shell-office in the USA. The contract I signed when I joined was oddly written and didn’t look like it had ever seen the inside of lawyer’s office – There were clauses in there which were obviously in reaction to previous issues they’d had such as “You agree that while working for us you will be engaged on a freelance independent contractor basis and will not be our employee.” – A clause which any employment lawyer would tell them is pretty much worthless. There is also no geographical basis to the contract nor any acknowledgement that other national laws may take precedence. This company is also quite proud of the fact that they make all staff go through police checks – There was a problem with mine since I’d moved around a while earlier so I was told on the phone to lie on the form so that it would pass. I should probably have known there was something amiss at this point.

Are you bored yet? Sorry – I will get back to the story!

On the day I was fired I had been working solidly every day for blocks of about 10 hours for 465 days, without a break – That’s no weekends, no Christmas … Nothing. 465 days earlier, I had been at a work meeting in the USA, and the day before I flew home was my “day off”. I had 1 day off in 2010, 9 days off in 2011, 4 days off in 2012 and that was it. I was considered a good employee, I was told so on numerous occasions and just prior to leaving they had jiggled a number of clients so that I could be the person to moderate them. I had zero idea or warning that they were gunning for me.

So why was I fired? Well – I don’t know! I wasn’t told. I woke up one morning and my phone was complaining it couldn’t get the work calendar. I tried to login and I wasn’t able to. I had an email on my personal account to call the big-boss and she told me on the phone that I “obviously wasn’t happy at the company, and we had incompatibilities and I wasn’t following the correct procedures”. That was it – Nothing more was explained, no emails followed – Just a final payment from them a few weeks later that was sent without me invoicing them (so much for freelancers!). In respect to the correct procedures, I had had a meeting with my line manager two weeks earlier where I had explained that I often didn’t and this was why people wanted me on their projects and he said he knew this and promised to back me up with people in case there were issues (which there never had been). Ironically the two things quoted at me (not using the company enforced browser and not using their timekeeping system) were both false since I used both.

And so, it is for me to speculate the real reasons…

I had been openly worried about changes to the company – I had expressed grave concerns that not only were we double billing clients, I was also put into the position of having to moderate two competing companies at the same time (that unless there were changes I knew nothing about, were paying for my exclusive time). This meant that if there was a rush on one company, the other would essentially have to be ignored and this happened often. I didn’t like this and I didn’t want to work on projects where this was the case; so I had arranged to be removed from them, even though I had worked on them for years and in one case, co-managed. When I asked the scheduling manager if we were double billing, I was told yes, and that the money was being used to “do up the house” of the Managing Director. This wasn’t exactly very reassuring.

I had also mailed the week earlier to express concern that I was working illegally. An accountant had told me that I could not work 70 hours a week, every single day for nearly two years and claim to be freelance – Having read the Canadian regulations this was indeed the case and they were also liable for years of back holiday pay, overtime etc. I asked them to work out a way of making me a “proper employee” like they had done to the US staff and were about to do to the UK staff and was told quite rudely that I was talking nonsense and to shut up and carry on. I probably shouldn’t have expected much else; when I pointed out that most of the UK staff were also working illegally and they should fix it before they were found out and liable to millions of pounds in fines and ten years of back payments, I was also told I was wrong, and to shut up. This is an area of law I know a lot about. I was not wrong – But I did shut up.

The last email I got before I left was one from a colleague expressing concern about a moderator in Ireland who was working on one of the major projects that weekend… He had apparently been complaining about being tired but still had the whole weekend to work with only a 5 hour sleeping gap. Occasionally I’d worked 60 hour days – But thankfully not too often. They claim that they don’t allow this – But it’s their schedulers who allocate the hours.  They claim a lot of things about staff-welfare that are complete fiction though. I remember reading an article about them in a British newspaper about how the rotas are planned sensitively to give staff a chance to recover from stressful projects. I am pretty sure they interviewed the wrong company.

A few days before I was fired, a friend of mine at the company was also fired. She’d been working for another company and she acknowledges that they had grounds to fire her – It probably should have been a written warning, but that’s not how they operate. In actual fact they actually hacked a competitor to get this information (I wish I was making this up!); a matter of which I was quite open about how I felt having worked in security and policing for most of my life. Over the course of the next few days they read all her emails and chat-logs to essentially go on a witch hunt.

As Wilde said – “Moderation is a fatal thing. Nothing succeeds like excess.” – Hummmm.

The Emperor’s New Currency

Two seemingly unrelated events decided to correlate themselves in my head today and I thought I would ponder out loud just for the irony value.

Firstly there was a seemingly throwaway comment that made me smile on What The Papers Say about the fact that Obama lost thousands of his Twitter followers: “Talk about hitting the President where it will hurt him the least”.

It’s one of the 1st times I have heard somebody in the media actually admit that a whole bunch of virtual Twitter followers are utterly meaningless – it’s almost a brave statement from a journalist who relies on people reading his stuff. But does anyone really care about the drivel people post on Twitter? I’ll leave that conclusion to you.

The other thing I noticed today was that Firefox was using nearly 4GB of memory on my Laptop. That is more crap stored in my working memory than we had long term disk space for the entire University of Leeds in the 1980’s – And I don’t think it’s like we really stored much less useful data.

I wonder how much storage space, air-conditioning, manufacturing, working-electricity etc is being used simply to keep the gazillions of gigabytes of disk farms going just so the worthless opinions about Lady Gaga and Amy Winehouse of a billion Internet users can be preserved for ever more.

I shall shut up now, and not add any more to it.

How not to fire your Security Manager.

If you have ever read my resume on this site you will notice that I passingly refer to being sacked from British Telecom three times. Occasionally people ask for the story of this, but since I was always covered by some weird ethical code / Non Disclosure Agreement and the like I have always kept quiet. It is now more than ten years since the final event so I feel it is a good time to tell the story – Mostly because it sadly amusing to see how one of the largest telecoms companies in the world could be quite so stupid. Part of the problem with writing this is that I don’t actually believe it myself. This may come across as a little bitter – It should do, because I am. I don’t think I come out too badly in this story so I am not too worried about telling it.

Firstly I must say that if I am being completely truthful I was only actually fired once, and this is about that event. The other two times I left it was a mutually agreed situation – In the first one, I told my managers that I flat out refused to lie for them any more and apparently in a company whose whole culture is based on lying to customers that is a bad thing – In the second case, I left because accounting every half  hour I worked to a customer cost-centre (when it often made no sense at all) was just ludicrous and often downright dishonest. In both cases, as soon as I left my contract was immediately picked up by another part of BT  with promises of various changes and a decent pay rise.  I actually ended up with what was effectively a long unbroken lump of employment for BT, even though I worked for a few different divisions.

So let us go back to a time just before the last Millennium. I had just returned from a few months secondment building a new Internet Service Provider for BT’s new mobile company (Genie, now O2) and I had in my hand a glowing letter from the Chairman of Cellnet saying how wonderful me and my team were for delivering the impossible in such a short timescale. We did good on that job, even though I didn’t want to do it. Back at the office I was finally at the point of being part of the sign-off process for any solutions that BT sold to customers. In theory, before any solution was sold I got to security evaluate it first and could refuse to sign it off and send it back for design corrections if it failed. I was also working with internal security and in all I should have been happy; but I wasn’t. In the past I had been able to do what I wanted and what was best for BT and its customers as a whole – To be proactive and to look for problems that needed solving. Now I wasn’t allowed to breath without it being charged to a customer. Any autonomy I once had was gone and I was fixing things on my own time and not being paid for them which was getting somewhat ridiculous. I told my managers I was really not renewing my contract when it came up and I thought that was that.

A week before I was due to leave I got a call from BT Operations begging me to come and work for them. They piled on the sweeteners; a nice big pay rise, all my billing to a single cost centre, just two months and no more and I could move back to my favourite office. I agreed to this, I decided not to go ahead with another job I’d planned to move to and I made sure the paperwork was all sorted out.

The following Monday, I turned up at my new job and had a tea. The office was basically a football-pitch sized machine room that took up a whole floor of a building with just me and 2 operators in it. There were a few offices in there from the days that this was the major PSS centre for the UK but they had basically been abandoned Marie-Celeste like in the 80’s. I had worked here before when I worked on Genie and had made a little cubby-hole in a long since abandoned conference room, the two Operators had also moved in there.

At mid-day both the Ops got a call and vanished. I never saw them again. Nobody had told me what they wanted me to do so I just sat around drinking tea and watched machines humming. At 3pm I got a call from my new boss saying he was coming around at 4pm for a meeting. At about this point I attempted to login to the Operations Systems and it wouldn’t let me so I got a little suspicious and phoned some people. Nobody was saying much but somebody said they had heard that word from the board said they were about to fire me, but nobody knew why. I couldn’t find out any more so I sat and waited. My boss arrived at 4pm, and curtly told me I had been fired and he had to escort me out of the building. I asked why, he said he didn’t know, he’d just been told to do it. He asked for my security card which I didn’t have on me that day and that was that – I was standing outside the heavily armoured and razor-wired front gate and very confused.

The next day I expected to hear more. I didn’t – At least, I didn’t hear anything from my bosses but I did hear a lot from other parts of BT. I received mails asking me to review secure networks, I had calls from customers asking me how to repair things and I had calls from various people within BT wanting advice. I made excuses when I had to and just waited to hear something official.

A week went by. I heard nothing. No letter, not even an email. Nothing to tell me formally I had been sacked and nothing to tell me why. I contacted S-Com, my agency who were cagey (rightly so since they owed me a month’s salary in notice period). I am assuming they knew nothing and were keeping quiet hoping I wouldn’t notice that I was out of a job. I decided to contact a few people in BT and had a few shady meetings in pubs and BT canteens but the upshot was that nobody knew a thing. Nobody had been told I had been sacked, most people were astonished and assumed I was still working ther,  I still had my fixed network connection into BT from my house and I could still access all of their systems except for one I had been deleted from and my mail addresses all still worked.

I decided to arrange a meeting with BT Internal Security, I was curious to know if they knew anything so I popped to Milton Keynes for dinner and we had a chat. They’d not heard a thing and even when they dug around they could find nothing. As far as they were concerned I was still working for BT. I asked them if I could see how much access I still had without them arresting me and they said sure as long as I wasn’t silly or naughty.

Over the next month I tested various networks. I could access all of the customers I ever worked on which included governments, law enforcement, most of the major banks, various ISPs and a whole load of internal things. I tested my card and my ability to just walk into a building – Nobody ever challenged me, I had a nice cup of tea in the room that housed the central Bank Clearing System and the national salary payment systems (CHAPS) and yes, I could still login to them. I could also wander into Telehouse and the like at any time I wanted. I was still getting many calls from customers and internal BT people and in the end I just pointed them at somebody else and didn’t explain why.

At this point, I was thoroughly pissed off. BT owed me nearly £10,000 and my agency S-Com (who had sent me a crate of champagne just 2 months earlier) claimed they knew nothing about it. I sent them a copy of the purchase order and the reference numbers but they just refused to reply after that. Nobody seemed to have a clue why I was fired they just know I was. There were various rumours but none of them really seemed right. It had just been ordered from on-high.

So we have one exceptionally disgruntled ex-security manager, who was owed money, who was being constantly ignored and treated like shit by BT and who still had access to every customer, internal system and building of importance. I had to change my phone number after six months, people were still calling me about things. It took them two years to disconnect my lines from my house into BT and to this day there may still be personal  machines of mine housed on the internal networks that I can access. As far as I know, my card was never disabled and as far as I know, nobody in BT and certainly no customers were ever told I had stopped working there. My email address eventually stopped working in about 2004 when they changed systems.

To my credit, I never did anything to them – But that’s not really the point, I could have caused untold amounts of hugely embarrassing damage. I am not sure if relying on the continuing ethics of somebody you treat dismally is really a good policy but apparently in this instance it worked for them.

It’s at times like this I remember the old mantra:

“WE ARE THE TELEPHONE COMPANY. WE DON’T GIVE A FUCK”.


A tale of two shittys.

As I kneed myself in the face yesterday whilst trying to sit down on a North American toilet, I came to a startling realisation about why North Americans know very little about the world. In the spirit of international relations I am going to share this with you so that now, rather than pointing at them and laughing, you can just weep a little to yourself about their plight. This is a tragic tale.

It’s quite simple really… North American toilets just aren’t made as a comfortable place to read. They are too low and it seems offputting and potentially perilous to be quite so physically close to all that water in the bowl.

In England people have traditionally retreated to the bog to sit and read and get away from the other people in the house. It’s sometimes the only privacy they ever get. People started to read on the toilet because we tended to use ripped up newspapers to wipe our frozen botties in outside loos. It gave us something to do whilst we were trying to shiver out a poo in the wind and rain and even though now our toilets tend to be inside and somebody invented Andrex1 the reading habit has carried on and no English toilet2 would be complete without a pile of toilet books. The upshot of this is that North Americans have never been exposed to books like “The Book of Heroic Failures” (volumes 1, 2 and 3), “The World’s top 20 Serial Killers”, “Not a Lot of People Know That” (by the esteemed Mr Caine) nor in fact, any Gyles Brandreth books at all.

You know… This is probably why Americans don’t have pub quizzes too. It’s all starting to make sense now.


1: Does anyone else still object to the slogan “240 sheets per roll”? It’s not true, at best you can get about 30. If you are a vegetarian, your mileage may vary.

2: Note, toilet, not bathroom, the toilet has the throne position here not the bath – And come to think of it, most American bathrooms don’t even have a bath, especially the ones in cafes – What sort of a rip off is that? Grrr!

3: Did you spot that I moved from they to we mid-posting? I can’t be bothered to correct it since it amused me.

I can has vegan beefburger?

I read the most amazing article today about McDonalds admitting it was adding milk and wheat to their french fries. (Can we call them chips now please? This is an English Weblog – In fact where I come from they fry them in beef fat anyway).

Admittedly, I find it a tad strange that McDs are adding such things to their chips but that’s not my problem with the article. My problem is with comments such as:

“I am vegan. I have eaten their vegetable burger with fries for many years. I will never do it again. I really hope their vegetable burgers were animal free.”

What? What fucking delusional vegan would eat at McDonalds anyway? I can understand if they were forced in there once and had to eat something to be social or because they were starving but come on, this one has eaten there “for many years” and not had the nouse to actually check with McDonalds that their stuff was animal free? This is McDonalds, not some trendy vegan restaraunt in Covent Garden.

Then it struck me… Half way down the article there is a quote:

“Nadia Sugich, a vegan, is also suing McDonald’s. Vegans do not eat any animal products at all (vegetarians include dairy and eggs in their diet, vegans don’t). Had she known the product contained milk she would not have touched them.”

Silly me – How did I miss that? It’s just an excuse to sue somebody. Obviously these people expected a certain duty of care and dedication to their high standards of vegan care FROM A FUCKING HAMBURGER SHOP!

Well I am sorry and I have no issue with most vegans, but in this case I hope the courts force them to pay costs and tell them to fuck off and get a life.

Antisocial Security

A while ago I pondered starting a weblog devoted to security. I occasionally feel the need to write something about this subject and I was worried that my one loyal reader would probably get bored stiff if I wrote too much in amongst my generally pointless rants.

My problem is that I know more about security than you. I am pretty safe in saying this unless you are one of a handful of people, all of whom I could name and none of which would be reading my weblog. Don’t get me wrong – If you are an expert in Linux, I bet you know tonnes more about Linux security than I do and I know 12 year olds who know more about modern hacking tools and methods than I ever will. The problem is that these specialisms don’t make good all around security experts; experience and exposure does and if nothing else, I have a lot more of that than most.

I got an email from an old adversary of mine today and part of my reply got me thinking about how I view a profession I used to be very much involved with. I quote:

“My former industry is full of self-publicists who are dreadful at
what they do; I care nothing at all for them and their paranoia
fuelled money making machine. I’ll stick with breeding camels and
just drag myself back into security when I need to eat occasionally,
but even so I don’t much think that will last.”

I’d like to write about security. As an odd kid working out better ways of nicking things or how to open locks I wasn’t meant to open, I have always been interested in the topic and I have devoted most of my adult life to it. When I was at school and a teacher of mine suggested that I manage the school computer systems as an alternative to trying to pull them to bits to see how they worked; I had no idea that a few years later I would be in the position to happily ignore fax requests for help from the FBI because they refused to give me a cool baseball cap or getting hate mail for working with the government to get Universities to prosecute hackers under the then new Computer Misuse Act (an action on my part which was  very misunderstood since I was actually more on the side of the students trying to make sure that they received a fair trial where the Rules of Evidence applied). Incidentally, we haven’t even hit the 1990s nor the start of the Internet in the UK yet.

I am not blowing my own trumpet here, I don’t like blatant self publicity and it’s certainly a bad trait in a security person anyway. That said, I am going to talk about me. It’s my weblog and if you don’t like it, then stop reading. I am making a point that I don’t like being told I am wrong by somebody who got a degree in Computer Security from Wigan Polytechnic in 2005 and then spent a few months getting a bunch of commercial “qualifications” consisting of seemingly random letters from computer-equipment manufacturers and then gets employed by some company and given a job title with the word manager, or consultant in it.

In my previous jobs I was surrounded by ’em. I’d go to meetings to be told I was wrong by people who didn’t  have a clue what they were talking about. I wasn’t wrong, I am rarely wrong about things I profess to know something about. At BT, we had a chap who I will call John (mostly because that is is name). He didn’t go to University, he didn’t have a single security qualification and he knew very little about computers, networks or telephony. He had, however, spent more than 10 years as a soldier in Northern Ireland on constant active duty. I had been told by my colleagues that John was a jobsworth and something of a tosser and although his job was to give security advice for high-profile projects, he shouldn’t be consulted. I ignored them and decided to talk to him one day  about a system I was building for one of the country’s biggest banks. It was a pretty good design and there weren’t too many flaws that I could see but as soon as he saw it, he started asking questions that other people hadn’t thought of and prompted me to make a lot of changes for the better. He didn’t know about anything like as much about technology as the people I was surrounded by but he did have a much better appreciation of security in general and he knew what questions to ask and wasn’t afraid to ask them. Although he doesn’t know it, it was him who prompted me to get more military training to increase my skill set. I would say thanks but he’ll never  read this; I don’t think he knows how to use a web browser.

It’s become an odd industry. We are talking security here and security is meant to be quite important in the modern world. There are billions of pounds flying around the world at any given moment and as you see every time the government accidentally sells a few million people’s personal details at a carboot sale, there are people who actually worry about this sort of thing. Who is protecting all this money? Who’s looking after your personal  details? Generally speaking, it’s the people with the Wigan Poly degree I am afraid. They don’t have a clue what they are doing and in the rare cases where somebody who does have a clue gets to contribute, the babbling rabble who are shouting out “We can do it for you on a Linux box for 50p” will win the day anyway since it all ultimately comes down to money.

I am not going to start a security weblog. I am not sure there is much I could write that hasn’t already been butchered by the Wigan Polytechnic Press. I may still write about security things but I will just do them as normal rants.

Now you know.