More electric sanding, the remains of my mahogany wood stain and rubber feet... the second bench is now complete and back in the garden:
I've now added rubber feet (solid rubber door stops) to the first garden bench and put it back outside:
I've recently installed an 80A Power Meter on the electricity supply to my house. It measures the current active, reactive and apparent power as well as providing a count of the total active and reactive energy. These reading are updated every second.
After installing a 100A isolator and pulling through extra cables, the installation of the power meter was relatively straight forward. It's in an enclosure with an 80A circuit breaker, located inside to avoid inconvenience if it ever trips, and because the distribution board doesn't have enough space for it.
I intend to write an Android app for a real-time view but for now I'm just collecting historical data:
On the 5th of November 2013, I received 4 scam emails from "[The Federal] Tax Service" (containing a trojan executable) to an email address that has only ever been given to Santander (and is indeed unique to Santander, given that it has their name in it).
Some people will claim that this was caused by a brute force or dictionary attack and that it is a co-incidence that it only went to my Santander email address. The advantage of running my own email servers is that I can check the logs and see what other email was rejected. There were 4 rejected attempts to send email the day before to this address but nothing before that. On average there were 2 email attempts per day in November to completely unknown recipients, following a dictionary attack pattern. No one performs a brute force attack on email recipients, that would be ridiculous and take forever at the rate of 2 per day.
As reported by The Register in
Oi, bank manager. Only you've got my email address - where're these TROJANS coming from?, I wasn't the only person to have this issue which implies that a number of other customers have had their personal data leaked too. Unfortunately in the UK the only practical way to enforce our data protection laws is by reporting issues to the ICO, and as usual they decided to do nothing.
Responses from Santander Executive Complaints
I complained to Santander about this issue and received nonsense back every time:
Firstly I would like to apologise for the misunderstanding of your previous complaint, that the emails you were receiving were from someone claiming to be Santander. I now understand that this is not the case and you are unhappy with an email you received claiming to be from "The Federal Tax Service" addressed to an email account used specifically for Santander and you would like to understand how this email address was obtained by the third party.
As I confirmed within my letter of 3 January 2014, Santander has never supplied your personal details to an unauthorised third party. However, I can confirm that our Security Team were highlighted to attempts by third parties trying to obtain a large proportion of customer related emails who used a specific email address for their Santander accounts.
attempts ... to obtain ... customer related emails (sic) who used a specific email address for ... Santander could be the plot for a movie because it's pure fiction. It's also amazing what Santander can know about these "attempts" that were supposedly unsuccessful.
Thank you for coming back to me. I can confirm we detected the attempt to obtain personal details in time to ensure preventative measures were in place and as advised within my letter our IT and Security Team are aware that the National Crime Agency's National Cyber Crime Unit (NCCU) are working hard to identify the source.
Please be assured, none of your personal data has been stolen or compromised, the only data obtained was the Santander specific email address, which I understand you have now changed, to a more secure address.
So my personal data hasn't been stolen except for my email address which is personal data!?
Santander email practices
Reviewing all the legitimate email received from Santander, it either comes direct from servers owned by Santander UK PLC (relating to my account) or it's a general marketing email in which case it comes from servers owned by Marketing Source Limited (from the domain "yoursantander.co.uk" because nothing says trustworthy like using separate unverifiable domains to email your customers!).
It's possible that the personal data leak occurred from within Santander or within Marketing Source. Both companies have the personal data of customers (including postcodes used to "authenticate" the email). What's interesting is that all the general marketing email up to August 2013 (before the spam started) comes from "email@example.com" and all such email from June 2014 (after the spam started) comes from "firstname.lastname@example.org", so Marketing Source have changed something in that time period.
The long-term effect
What happens when you leak customers' email addresses to third parties? They receive junk email to that address forever. At its peak this was on average 4 emails per day but it has reduced to 1 every 3 days, as this graph illustrates:
ASDA are at it again with the shrinkflation, this time with their own brand toilet paper "Shades So Soft". In August you could buy 24 rolls with a total area of 65.18m² for £8.00 but from September the same 24 rolls (also £8.00) have a total area of only 63.20m². That's about ¾ of a roll less paper for the same price.
I turned my Kindle on last night on the train and most of the screen failed to update. Only a small area at the bottom now updates. I pre-ordered this when it first came out in the UK so it has lasted for 6 years and 1 month (the battery life is still very good).
I've started restoring my garden furniture as the existing paint is now peeling off everywhere. I'm using an electric sander which is a lot easier than sanding by hand. Some mahogany wood stain has then been applied with a paintbrush to the bench, floor covering and my clothes.
The first bench is now complete:
Alberto Balsam have brought out "new" 350ml bottles of shampoo that ASDA sell for the same price (£1) as the previous 400ml bottles, so you now pay the same price for less. What makes it worse is that when they originally replaced the ASDA branded product with the Alberto Balsam equivalent, it had a "same 400ml fill" label despite it being smaller than the 500ml ASDA version.