Understanding Nothing

The Register is reporting that BT have shut down the SMS service due to Data Protection fears.

However, BT’s own website for the service shows that they haven’t actually stopped the service at all – just added an extra level of “security” to it. Now, instead of requesting the information justing by texting the service with a phone number, you now need to include the phone number and the account number.

This will presumably cut out a large percentage of the “poor man’s credit check”-type lookups, but it seems to miss the point that they’re still willing to supply this information without customers’ consent.

I don’t recall every receiving anything from BT telling me to treat my account number with utmost confidentiality, as anyone who gets access to it will be able to access my information …

When using Movable Type I was rather lax about assigning categories to posts, mostly because they weren’t really that useful, as I didn’t use any of the navigation features related to them.

By default in WordPress they seem to be much more prominent. Rather than trying to find a way to minimise that, I’m going to try to train myself to categorise everything better. I’ve spent a couple of hours working my way back through the last two years’ posts, adding them all categories, and rearranging my categories to better fit what I have actually written about regularly.

I still have a ways to go (about 200 posts to categorise), so I’m going to set myself a target of cleaning up 10 of them a day. That way I should have it all done in a few weeks.

It would be much quicker if adding a category to an uncategorised post automatically removed it from “uncategorised” rather than needing that to be done explicitly (and forgetting about 10% of the time)…

Tim Trent has written an article about the BT SMS fiasco: Anatomy of a Marketing Disaster.

In it he describes some of the responses that people have been given when they have tried to talk to BT about this service.

This morning, on the Data Protection list, an even better one was unveiled. After sending a s10 Notice, asking BT to stop processing their details in this manner (the official way to say, “Don’t allow anyone to get my details through this service), one customer received a reply saying that BT have now changed their telephone number to be ex-directory, and they are thus no longer accessible through Directory Enquiries!

When the internet bubble collapsed a few years back, there was a trend for some of the surviving ecommerce companies, in a bid to cut costs to ensure they continued to survive, to switch a lot of their customer service to automated software which would extract key words from customer emails and respond with a suitable stock answer. Of course everyone made fun of these, as, for the most part, they were universally useless – often hilariously so. You certainly didn’t want to send an email saying anything like “I have already checked with my bank and they say it’s not a problem with my credit card”, as their software would only see the phrase “problem with my credit card”, and reply accordingly.

So, most organisations stepped this back a level. They still built up a database of pre-approved stock answers, but a human had to select the relevant one based on the content of your email. But, even when this approach works well, it still doesn’t really work well. (There are lots of organisations who will get really confused if you ask more than one question in an email.) Unfortunately, a lot of the time, it doesn’t seem to work much better than the original software.

Whichever theory you subscribe to (management pressure to handle 10,000 emails per day, or customer service being offshored to people who don’t speak English well, or just that 90% of call centre staff are just incompetent, or whatever), dealing with many companies these days is a very painful experience. And, as you often only have to contact them when something has gone wrong in the first place, this level of incompetence usually just pours oil on the flames.

As the person who received the above response from BT suggested, many of these sorts of companies should look very carefully at their customer defection rates and reasons. Some might be surprised to see how much they’re spending on marketing just to generate as many new customers as they’re losing through poor service.

The server on which my weblog used to run is getting rather old and crumbly, and brings with it a constant low-level dread that some day, real soon now, it’s going to give up the ghost. So for the last while, we’ve gradually been moving everything off it. When it came time to move this site, I decided that it was also a good opportunity to migrate away from Movable Type, mostly for the same philosophical reasons that Mark Pilgrim has already set out.

I considered moving to Typo, following Piers‘ lead, mostly just so I could play with Ruby, but in the end I decided on WordPress. I’ve made the mistake too many times now of choosing software based on the language in which it’s written. Yes, it would be nicer to be able to hack on my weblog in Ruby or Perl than in PHP, but I know enough PHP to get by, and I doubt I’ll be doing that much hacking anyway.

Setting the weblog up was fairly trivial, as most good PHP installations tend to be. Migrating all my old content wasn’t quite so simple. WordPress 2 seems to have made the import process much simpler than before; most of the information on the process I’ve found relates to older versions and isn’t really applicable any more. Unfortunately, although the simple case of importing my MT archive was fairly painless, I really didn’t want to break all my old links.

There are a few sites that discuss how to maintain your Movable Type post IDs, but they all seem to relate to the old WordPress process. So I had to get my hands dirty in PHP much quicker than expected.

Firstly, I had to edit MT/App/CMS.pm in my MT setup, adding a line to include the entry id in the export output:

AUTHOR: <$MTEntryAuthor$>
TITLE: <$MTEntryTitle$>
ID: <$MTEntryID$>
STATUS: <$MTEntryStatus$>

Then I was able to export all my posts.

I had to post-process the output file, however, as I’ve been creating my posts using the MT Kwiki plugin. This meant that none of my links imported correctly. I spent much too long wrestling with vim’s non-greedy regular expressions before giving up and processing the data in Perl instead:

perl -pe 's/[(http:.*?) (.*?)]/$2/g' mt-dump.txt |
perl -pe 's/[(.*?) (http:.*?)]/$1/g' > deWikied.txt

Then I had to persuade WordPress to maintain the MT ids. In the old WordPress import script it just inserted the posts by hand, and it was a simple matter of ‘fixing’ the SQL it used to do this. But now the importer calls the same code that is used when you create a post through the normal interface.

So I needed to add a check for the ID into the import/mt.php script:

case 'AUTHOR' :
    $post_author = $value;
    break;
case 'ID' :
    $post_ID = $value;
    break;

And then fix the call that inserts the data:

$postdata = compact('post_ID','post_author', 'post_date', 'post_date_gmt', ... );

Then I needed to adjust the wp_insert_post() call to cope with an incoming post_ID:

  if ( !isset($post_ID) )
      $post_ID = 0;
  if ( !isset($post_password) )
      $post_password = '';

and adjust its SQL accordingly

"INSERT IGNORE INTO $wpdb->posts (id, post_author, post_date, ... ) VALUES
  ($post_ID, '$post_author', '$post_date', ...)");

(The arguments are passed as an extract() of a get_object_vars(), so there’s no need to change any of the other handling).

I believe that this is a safe enough approach that won’t interfere with creating new posts or editing old ones, but you can always revert this file back after importing if there are any problems.

With this in place, I was able to import all my old posts. (There were a lot of them, so I actually had to split the file and import 4 segments in turn). The other thing that the docs don’t make clear is that you need to have an upload directory which is writable by your webserver, but that was easy enough to work out from the error message.

They all came in with the same IDs as they used to have, so then it was just a matter of setting up some Apache redirects on the old server:

Redirect permanent /nothing/index.rdf

http://nothing.tmtm.com/feed/

RedirectMatch permanent /nothing/archives/([0-9]{6}).html

http://nothing.tmtm.com/archives/$1

RedirectMatch permanent /nothing/archives/([0-9]{4})_([0-9]{2}).html

http://nothing.tmtm.com/archives/date/$1/$2

RedirectMatch permanent /nothing/archives/([0-9]{4})_([0-9]{2})_([0-9]{2}).html

http://nothing.tmtm.com/archives/date/$1/$2/$3

RedirectMatch permanent /nothing/archives/([0-9]{4})_([0-9]{2})_([0-9]{2}).html

http://nothing.tmtm.com/archives/date/$1/$2/$3

(I’ve already changed my permalink structure in WordPress to have this style of URL)

There will be many more things to change later to replicate the changes I’d made to my MT set-up, but this at least gets me up and running on WordPress.

Dion Hinchcliffe’s Web 2.0 Blog has an interesting post on “Ten Ways To Take Advantage of Web 2.0″. It’s full of great advice, but I find point 2 particularly interesting:

The read/write Web is about making users co-creators of content on a massive scale. Armed with foreknowledge of the effectiveness of the Wisdom of Crowds, you can take advantage of the fact that none of us is as smart as all of us. Wiki sites turn this editable dial all the way to the right for example, and let every page be editable by anyone who is allowed. Far too many sites don’t take advantage of the fact that you can give people an ownership stake, and get them immersed in working on improving what you offer, all just by letting them have the ability to change an appropriate level of content.

I’ve been writing here about wikis since I started this weblog back in early 2002, and it’s fascinating to see them getting tagged as Web 2.0!

I’m certainly no rabid purist on this, distraught that a 10 year old technology is getting caught up in some newfangled hype. As far as I’m concerned, the more things that promote the usefulness of wikis the better.

And it’s great to see that Joel finally gets it too!

I called BT back after an hour to ask why I hadn’t yet received the promised phone call from a manager.

They managed to reconnect me to the person I was talking to earlier, who seemed surprised that I hadn’t been called as the manager had left a note on my account saying that they had agreed a credit of £25 to my account to compensate me for my inconvenience!

The note also said they’d opened an internal investigation into how the system had gone wrong on this occassion, which makes me think they didn’t really understand my complaint.

I’m happy enough to take their £25, and I also look forward to the report on their investigation (which they say I should get in 7-10 days), but in the meantime, if anyone else is upset that BT would give out their details like this, I’d suggest ringing 150 (pressing 9 at the menu gets you straight through to Customer Service), and raising a complaint.

Asking for details on whether or not your information has been requested in this manner could be quite interesting…

According to the conversation sparked by this on the Data Protection mailing list, I think that Oftel and the Information Commissioner are going to get a few complaints about this too.

This afternoon, I, along with presumably many millions of other BT customers, received an email announcing their wonderful new SMS Self Service system.

Due to the marvels of modern technology, BT now allow me to use SMS to discover information about my phone line, such as when there was last a fault on the line, and when the bill was last paid.

All I have to do is send an SMS to 64364 asking “Paid [phonenumber]“, and they’ll reply with the information.

This would all be fine and dandy, except for the fact that that is, literally, all I have to do. Nothing to register my mobile phone number as being connected in any way with my home phone. Nothing to say that it’s OK to send this information to anyone with an SMS compatible phone who happens to know my home phone number. Nothing, in fact, to stop anyone getting access to such information about anyone else’s BT line.

And it’s not just restricted to ‘home’ phones either. It works with business too. Think that one of your clients might be late in paying other people’s bills too? Well, you can now explore your theory by checking when they last paid their BT bills.

For extra doses of incredulity, the “terms and conditions” of this service (which, of course, you don’t actually have to agree to before you can either access this information, or have your information accessed) say that:

17. You [i.e. *me*] are responsible for taking all reasonable steps to prevent unauthorised persons gaining access to the Services. [I'm really not sure how I'm meant to do that. Does saying here "Please don't access my details unless I've given you explicit permission" count? Somehow I doubt it ...]

and

24. We exclude all liability of any kind (including negligence) in respect of any third party information or other material made available on, or which can be accessed using SMS text services.

So far neither of the two people I’ve spoken to at BT have even been aware of the service, and seemed at a complete loss to know what to do with my complaint other than to escalate it. Now I’m waiting for a manager to call me back. This will supposedly happen within “15 to 20 minutes”, but I’m not going to hold my breath …