Headline Figures

By 2015/2016….

• Spending cuts will have reached £99 billion per year.
• Taxes to rise by £29 billion per year.
• Total consolidation of £128 billion per year.
• Government spending to fall to 40% of GDP from 48% in 2010.
• Tax receipts to rise to 39% of GDP from 37% in 2010.
• Public sector net debt to be 67.4% of GDP, after peaking at 70.3% in 2013-2014.

Tax changes

• VAT is rising to 20% from 4th January 2011.
• Personal income tax allowance for under 65s is rising by £1000 to £7475. Should bring 880,000 low income tax payers out of tax. However, basic rate and higher rate earning limits will be reduced to ensure that higher rate payers do not benefit from the increased personal allowance. The exact figures will be published in September.
• Employers NI Thresholds will rise by £21 a week (but the NI rate is also rising as per the March budget).
• Capital gains tax kept at 18% for basic rate tax payers, but rising to 28% for higher rate payers (capital gains added to income to determine if someone is a higher rate payer). The annual exemption will continue to rise inline with inflation, and will remain at £10,100 in 2010/2011.
• 10% Entrepreneur relief rate allowances raised from £2 million to £5 million of lifetime gains.
• The main rate of Corporation Tax is to be cut from 28% to 24% by 1% a year over 4 years. The small companies rate will be reduced from 21% to 20%. Starting in April 2011.
• R&D: The government plans to consult with business to review the taxation of intellectual property, the support R&D tax credits provide for innovation and the proposals of the Dyson Review.
• No rise in duty on cigarettes, alcohol or fuel (although VAT rise will apply to them). Government is looking into a fuel price stabiliser, and fuel subsidies for rural residents.
• New businesses setting up outside the South East and London will be exempt from the first £5000 of N.I. payments for the first 10 workers.
• New levy on banks’ balance sheets (0.03% of total size minus insured retail deposits and capital)

Benefits

• Child benefit frozen for three years.
• Tax credits reduced for families earning £40,000+ per year, but increased for low earners – amount per child to raise by £150 per year per child above inflation.
• Housing benefits capped at £400 per week for 4 bedroom or larger properties, with lower caps for smaller properties (3 beds – £340, 2 beds – £290, 1 bed flat – £250).
• State pensions to be given triple guarantee – they will rise annually by the greater of earnings, prices or 2.5%.
• State pension age to rise to 66.

Public Sector

• 25% cut in spending across all government departments except health and foreign aid. Includes education, defence, local government etc..
• Public sector workers earning more than £21,000 per year to have pay frozen for 2 years. Workers earning below this will receive a flat rate increase of £250 per year.
• Public sector pensions to rise only by CPI (which is generally lower than RPI).

Deficit

• Aiming for cyclically adjusted current budget balance (excludes debt interest, cyclical payments such extra unemployment benefits because we’re in recession, and also capital spending / investment) by 2015/2016.
• Aiming for public sector net debt as a percentage of GDP to be falling from 2015-16 onwards.

As an investor who seeks to make long term investments in small businesses, this budget is encouraging.

Typos / Errors

• Page 15: Table 1.1 2014/2015 total numbers for spending and tax don’t add up (83 + 29 != 113).
• Page 18: incresase should be increase.

However, it is very easy to fix this:

• Open up System Preferences > Keyboard
• At the bottom of this window is a section labelled “Full Keyboard Access”. Click the “all controls” option.

And that’s it! You should now be able to tab cycle between all fields including the remember password field in password prompts.

The iPad works really well as a web browsing device, since the high res screen makes web pages look beautiful and the low power ARM based processor means the battery life is fantastic. I’ve only had to charge it once so far with 2 days of heavy use. It would seem that that, unlike the iPhone, the iPad uses very little, if any, power when in standby mode. It effectively behaves like a computer with an instant on/off button. The lack of flash support is a bit frustrating but definitely not a show stopper and as more sites move to using native HTML 5 video this will become even less of an issue. The on screen keyboard is a little bit fiddly, but when you get used to it you can type at pretty much the same speed as a normal keyboard for short bursts. For serious typing you would probably want to make use of an external keyboard.

iPad specific apps look great – check out Weather Pro HD, Plants versus Zombies HD, XPlane 9, Wolfram Alpha and the F1 Timing App to name a few.

The built in apps (contacts, calendar, maps) also look a lot better than their iPhone counterparts as they have been redesigned to take advantage of the larger screen.

The worst thing about the new iPad is that it’s so addictive that you’ll not want to put it down!

It turns out that there is a limit to the number of domain aliases you can have. For our account, the limit seemed to be set at 20 domain aliases. After contacting Google, and asking them to raise it, I was told that the maximum number of domain aliases is tied to the maximum number of nicknames per user, which in our case was set to 30.

The more domain aliases you have, the less nicknames you can have, and vice versa. This makes sense as every nickname becomes a valid e-mail address for every domain alias. So if they allowed too many they’d quickly end up with a huge amount of potential e-mail addresses to manage.

The golden rule seems to be:

Max Domain Aliases multiplied by the Max Nicknames Per User must not exceed 600

Therefore, you could have the following rations:

- 6 domain aliases and 100 nicknames per user
- 10 domain aliases and 60 nicknames per user
- 20 domain aliases and 30 nicknames per user
- 30 domain aliases and 20 nicknames per user
- 60 domain aliases and 10 nicknames per user
- 100 domain aliases and 6 nicknames per user

Looking through our 26 user accounts, I could see that only 2 of them had more than 6 nicknames. Initially, I thought this would rule out an increase to 100 domain aliases – but it appears that groups can be used to achieve pretty much the same effect.

Some testing revealed that groupname@primarydomain.com also received e-mails to groupname@aliasdomain.com, and so works in a similar way to a nickname.

So my next task is to remove some of the nicknames and replace them with groups. I should then be able to increase the domain alias count and migrate the remaining domains across!

To get it working with iChat you simply follow these steps:

1. Navigate to iChat > Preferences > Accounts
2. Click the plus icon in the bottom left hand corner, to add a new account
3. Select Jabber as the Account Type
4. Enter username@chat.facebook.com in the Account Name (where username is your facebook username).
5. Enter your facebook password in the password box.

And that’s it!

Facebook has some instructions on how to set up other popular clients here.

So here’s my wish list for our next government:

• All government spending and contracts should be published openly, and available for anyone to download as raw data. The only exception should be staff salaries, which I would consider personal information. Each department should publish their total wage bill, and the number of staff they employ so that the average wage can be seen. Currently, nobody, not even the opposition, may scrutinise government spending on certain large contracts – so no-one knows the true extent of our nations commitments. Commercial confidentiality is often cited as an excuse not release such information – in my opinion, if you are a business who deals with government – you should  accept that your contracts will be public knowledge.
• All Ordnance Survey and Postcode data should be open and free. There should be a central, authoritative address database that anyone can use. I strongly believe that freeing up all this data will encourage a huge amount of innovation and bring economic benefits of several orders of magnitude bigger than the cost to the public purse.
• Prevent any bank or business from becoming too big too fail. If a business is too big too fail, it’s too big. It’s not fair to privatise the profits, and socialise the losses, therefore these businesses should be broken up.
• Pay back the national debt. It’s not a good strategy for individuals or governments to consistently spend more than they earn. Nor is it fair that every child in the UK is born with £30,000+ of public debt. Let’s try to boost the economy through sustainable activities rather then borrowing from the next generation, otherwise interest payments on our debt will soon cost us more than the whole education budget.
• Simplify the tax system. The current system is hideously complex and inefficient. Surely we could save some money by simplifying things. Do tax inspectors really add much value to society? Couldn’t we redeploy most of them as Doctors, or scientists instead? (Or indeed any other job!) Do we need so many loop holes and tax reliefs – a simple lower tax rate would be more efficient. How about a single flat tax for income, capital gains and profits, say 25%. Really rich people don’t pay much tax in the UK currently as they just move to Monaco or other low tax jurisdictions. So, if we got the balance right we could probably collect more tax with a lower tax rate than we do currently.
• Encourage entrepreneurship. Cut back on the amount of paperwork (red tape) that businesses must complete.
• Streamline public procurement and encourage small business to bid for contracts. Let’s make it easier for small business to compete to provide products and services to the government.
• Protect front line services (Doctors, Nurses, Policemen, Firemen), but reduce the size of the state through efficiency savings, removing bureaucracy and getting rid of most quangos.
• Re-structure the benefits system to encourage work. Most people I know who are on benefits want to work, but they find it hard because they will be worse off if they take a minimum wage job. We need to ensure that it pays to work.
• Consider a citizen’s income (also known as basic income) instead of benefit payments, and thus increase the incentive to work. I’ve not fully costed this one, and I’m not even sure it would work – but I definitely think it’s an interesting concept that’s worth considering. Here’s how it would work: All citizens would receive a flat monthly payment regardless of whether they are employed or not. Adults would receive more than children. Parents would receive their children’s payments on their behalf. It would be paid without requiring the citizen to work, or requiring them to accept a job if offered one. Do we really need full employment? If some people don’t want to work then that is their choice. However, if they do get a job, they get to keep all their citizen’s income, so there is no disincentive to work for those who want to. Basic social housing would then be rented back to families for a portion of their income. The incentive to work would be for anyone who wants to live in better accommodation than the basic social housing they rent, or if they want to go on holidays or have luxury goods, etc…  You would probably need to scrap the basic tax free allowances in order to fund it, however the marginal benefit of working would increase – people wouldn’t risk loosing their basic income if they accepted any work. We would not need as many staff at HMRC.
• Simplify the planning system, and consider building more towns on agricultural land. I think ultimately we will need to build more new towns. People rightly complain when more housing is packed into smaller and smaller spaces in existing towns, leading to over stretched public services and infrastructure. Planning standards should ensure a low environmental impact of new developments, but not mean that we all have to live in shoe box flats. They should provide open and transparent rules that are positively biased (i.e. you can build here as long as… ) rather than the planning lottery that we currently have. If the rules were simple to apply it would encourage much more investment in housing. Most of us aspire to live in a detached house and surely the gardens that come with these are better for bio-diversity than the tarmac car parks of a block of flats, or even the single crop agricultural land that they could be built on. Even if we doubled the amount of urban areas in the UK we’d still only be approaching the level of urbanisation of the Netherlands. There is definitely not a shortage of land in the UK! As a nation we are perfectly capable of building larger, more affordable, higher quality, more sustainable, lower emission houses. We just need to sort out the planning system!

What are you wishes for the next government? Add a comment to this post!

General

• Private limited companies no longer need to have a company secretary.
• Private limited companies are no longer required to have an annual general meeting (AGM).
• There are new standard company constitution documents (memorandum and model articles of association). The model articles replace Table A as the new default articles.
• Companies are no longer be required to specify their objects on incorporation.

Company Directors

• Director’s general duties have been formally codified in law.
• Company Directors are no longer required to publish their residential address for all to see.  They may opt to provide an additional service address for correspondence, which can be the same as their company’s registered office address. A residential address must still be given to companies house, but this will only be shared with selected 3rd parties (certain public bodies, and credit reference agencies).
• Company Directors must now be at least 16 years old.

Accounts and Reports

• The statements that appear on a company’s accounts have changed.
• The accounts filing deadline has been reduced from 10 months to 9 months for private companies, and 7 months to 6 months for PLCs.

Members / Shareholders

• Companies are able to make better use of electronic communication to communicate with shareholders.
• It’s no longer as easy for external parties to demand to see a company’s list of shareholders. Interested parties must declare their name, address, and the purpose of their request. It must be for a “proper” purpose – whatever that means! A company can apply to a court to reject the request.

Forms

• Lots of the companies house forms have been redesigned / renamed with much more logical names. Rather than being named after the section of the companies house act that describes them, they are named after their purpose. For example, the Annual Return is now Form AR01 rather than Form 363. The relevant law sections are now referred to within the body of the form.
• Companies must now complete a Statement of Capital when they are first registered, whenever share capital changes, and every year when they file their annual return. This is a snapshot of the companies share capital at a given point in time, and also gives details of voting and dividend rights for each share.

Companies House is holding a number of seminars to help businesses understand the implications of the new Companies Act. They will also give some demonstrations of how to use the web filing system to file forms online. You can book a place a the seminar online and, at the time of writing the next ones available are:

Basingstoke
Holiday Inn Basingstoke, Grove Road, Basingstoke. RG21 3EE
Thursday 11 February 2010 at 9.30am and 2.00pm

Norwich
Holiday Inn Norwich, Ipswich Road, Norwich. NR4 6EP
Thursday 11 March 2010 at 9.30am and 2.00pm

Clear Books integrates with a number of Government APIs, including:

• Companies House WebCheck – Lets you purchase official documents (annual accounts, annual returns, director appointments, share allotments) that have been filed for most companies registered in England & Wales.
• Online VAT Filing – Allows you to generate and file VAT returns online. Also allows you to pay by direct debit, so no need to send a cheque in the post.
• Online CIS Filing (coming soon) – A feature specifically for the Construction Industry – this lets you file monthly CIS300 returns and verify sub-contractors from within Clear Books.

In the future we plan to add a number of other services, such as:

• Online Filing with Companies House – File your annual return, annual accounts, and other forms electronically.
• PAYE forms filing with HMRC  - File P14 , P35 , P45, P46 etc online.

We have also made a lot of our code available as open source under the php-govtalk project, so if you are interested in collaborating with us – we’d love to hear from you.

1)  If you haven’t already, download and install VirtualBox.

2) Download the Askozia disk image that you want to use. I’m using the latest Linux port release at the time of writing (r1161)

3) Uncompress the image, and then convert it to a Virtual Disk Image

gzcat askozia-pbx-generic-pc-x86-i486-uclibc-r1161.img > test.img
VBoxManage convertdd test.img test.vdi --variant Fixed

4) Load up VirtualBox and create a new virtual machine. Use whatever name you want, and select “Other” as the operating system. Allocate some memory (I used 256MB), and then choose the virtual hard disk that you created in the previous step as the boot hard disk (primary master). Click Finish.

5) Select your new virtual machine and go to Settings > Network. Specify Intel Pro/1000 MT Desktop, Bridged Adapter, and then en0: Ethernet in the three drop down boxes. Click OK to save. This will join the virtual machine to the same network as your host machine is on. We have DHCP configured on our network, so the virtual machine should pick up an IP address from that.

6) Start your virtual machine.

Once the virtual machine has loaded it should tell you what IP address it has been assigned at the terminal. You can then access the control panel from a web browser by going to that IP address using admin/askozia as the login details.

In this post I am going to look at ways you can tell if your blog has been hacked, suggest some ways to fix it, and then discuss techniques to prevent being hacked again.

Before we start, the most important thing you can do to prevent being hacked in the future is to regularly update your blog software. The easiest way is to use subversion. I’ve written how to upgrade your blog with subversion in an earlier post.

Symptoms

So firstly, you’ll probably want to find out if your blog has been compromised. There are a few things to look out for:

Unauthorised Admin Users

Disable JavaScript in your web browser, then navigate to the Users page in the WordPress admin panel. If you see some additional administrator users there that you didn’t expect, you have probably been hacked. They sometimes use an e-mail address like www@www.com

Strange Files in the Uploads Folder

Strange files may also appear in your WordPress uploads folder, including ones that have hidden PHP code inside them (try grepping for “events or a cale” or php).

grep -R -l "php" wp-content/uploads/

The files might have random names like:

faceboutique-spot-less-150×150.bak.php
mandseyeshadowpalette.bak
cliniqueblusher_old.jpeg
.wp-cache.cache.php

The uploads folder is writeable by apache, so hackers use this area to save malicious code to your server. They may then include such code as a plugin.

Strange Records in the Database

Check for suspicious data in wp_options by running the following queries:

SELECT *
FROM  `wp_options`
WHERE  `option_name` LIKE 'active_plugins';

Hackers use the plugin system to include their rogue scripts. You may see some strange files being listed as a plugin. You can delete this row and manually re-activate any plugins via the admin.

SELECT *
FROM  `wp_options`
WHERE  `option_name` LIKE  'permalink_structure';

This will show you the permalink structure – the most recent vulnerability modified this so look out for anything abnormal.

SELECT *
FROM  `wp_options`
WHERE  `option_name` LIKE  '_transient_rewrite_rules';

You can delete this row if it exists (it should be rebuilt dynamically)…. it may contain cached

SELECT *
FROM wp_posts
WHERE post_content LIKE  '%iframe%' OR post_content LIKE  '%noscript%' OR post_content LIKE  '%display:%';

This will look for posts that contain iframes, or hidden links.

Fixing a hacked WordPress Installation

The cleanest way is to re-install WordPress, re-import your posts and comments via the import tool and then to copy in any files that you know are safe…

• Back up your database and site code.
• Export your posts, comments, tags and categories in a WordPress WXR File (Tools – Export).
• Set up a new mysql database, username and password. Ensure the user only has access to the WordPress db.
• Install a fresh copy of the latest version of WordPress (with the correct permissions), and configure it to point at the new db.
• Delete any files that include PHP from the uploads folder.
• Import your posts, comments etc from the WordPress WXR XML file. There is an option to get WordPress to fetch image uploads, but I haven’t had that much luck with this. To get it to work, you will need to install your new blog in a parallel location so that it can access the old blog. When I tried, it seemed to grab the files, but not update the location urls in posts, thus requiring a script to update the urls in the db. Instead, you might find it easier to just copy your uploads folder across – but they won’t then show in the media gallery. Neither route seems ideal!
• Re-install your themes and plugins.
• Move the old blog to a location outside your web root as a backup, or delete it all together.
• Set up new WordPress users with secure passwords.

It’s not a fun job!

Securing WordPress

• Ensure you have the right permissions set on your WordPress scripts. Only the uploads folder should be writeable by the web server.
• Use a separate database, db username and db password for WordPress.
• Add an additional layer of authentication above the WordPress admin area, e.g. http authentication in Apache. NB: When I did this, it seemed to stop uploads from working with the flash uploader (gave a HTTP ERROR), so I had resort to using the basic browser uploader.
• Some people also recommend removing the default “admin” user, and setting up an administrator with a new name – to make it harder to brute force crack your passwords.

Further Information

Here’s some of the pages I read while researching this article….

• http://blog.4rev.net/2009-09/wordpress-hacked-eval-base64_decode-_serverhttp_referer/
• http://groups.google.com/group/google-reader-troubleshoot/browse_thread/thread/39a7eef288c65dd0/c057b39d2f6e7455?pli=1
• https://support.mayfirst.org/ticket/2291
• http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
• http://www.teohuiming.name/blog/wordpress-exploit
• http://linux.byexamples.com/archives/397/wordpress-exploit-we-been-hit-by-hidden-spam-link-injection/