Author Archives: onjabike

IoT Security – has to be Holistic

[published by the author on LinkedIn, December 19th 2016]communication-1439187_960_720

The Internet of Things is certainly getting a lot of media attention, particularly when cars, security cameras and retailers are compromised, in some cases resulting in significant financial exposure at worst and a simple DDoS at best.

However, this attention has caused significant focus to be applied to the device and its security. I was recently asked what is so different about IoT, devices have been calling home over dial up modems in the 1980’s to ask for help if they detected a fault, surely IoT is the same. It’s not, it’s very, very different.

Back in the dial-up days the device was a complex, single device and typically only reached home when in trouble or to report something has changed. The cost of the connection was significant so the communication only happened when it was needed.

The different premise of IoT is that there is now an inexpensive connection back to the host in such that its always connected. Now, rather than a remote device only making connection when it has something to say a device can stay connected and provide greater insight to is function. Furthermore, adding additional devices comes with a minimal delta in installation and connectivity costs. However, while many consider the few, say 10’s of devices the possibility of huge deployments comes with potentially significant operational costs.

The US Department of Energy; Energy, Efficiency & Renewable Energy report on the 2010 US Lighting Market (pub. January 2012) reports an average of 376 lamps per commercial building forming a total of around 2bn lamps, with some 44% being build using 4ft fluorescent T8’s. Bringing IoT into this arena and establishing daylight harvesting, air quality, humidity, temperature and room utilisation would significantly reduce the 349 TWh reported to be consumed annually.

If we take a tiny 1% share of the 5.5m sites reported that is nearly 21 million devices, providing a data stream back to the cloud for business logic and analytics to be applied and business decisions and operational decisions made. My point is that just the value of data harvesting (adjusting lux levels to accommodate sunlight & room use) brings huge business value and providers such as Ersúles and Enlighted are already installing compelling solutions. This is the real IoT, the bringing of IT business logic and analytics to the Operational Technology in such a way to deliver distributively new business models, models where you may subscribe to lux levels to save huge energy costs.

However, a recently viewed YouTube where a kettle was hacked and from that, using http://www.shodan.io (the world’s first search engine for Internet-connected devices) it was suggested that a whole city of smart kettles could be controlled. The advice given is to change the passwords, secure the web-server if there is one and switch off the WiFi access point. The pressure voiced to the consumer arena is to establish an “approved status” such as UL or the BS-kite to inform the consumer the device is deemed safe and secure, in fact a trusted device.

However, taking the commercial example, an estate of remote devices in the tens of thousands is not unimaginable, and taking the experience of the IT community of the past 30+ years, managing large numbers of remote devices is not at all easy. Managing different deployed hardware builds, different versions of platform, different applications variants, time-zones, and ensuring encryption, AV and security are maintained are all significant challenges.

Additionally, as the number of installed systems increases, the world of IoT is beginning to understand that while the telemetry data is enabling the exciting, disruptive business opportunity, the life-cycle of the remote device quickly becomes business critical. If the telemetry is bringing the business value (ie. leasing lux levels), then how to keep the lights on truly becomes a significant business issue. Furthermore, how can the device and channel of communications be kept secure, how can we know its a real device, how is the device operation maintained so the business critical telemetry, that the business has become dependant on, keeps flowing?

In the commercial arena, that of trains, planes, traffic management, commercial and public utilities, the belief is that the CISO and their IT team understand security and integrity, and hence it is not the big concern that has been seen already in the consumer space. However, with the scale of the devices heading quickly into the greater than huge, the scope of the challenge is not being fully considered.

Taking a very painful, and publicly reported example, where an IT department was in the team, along with the facilities team, is that of the US retailer Target. The hackers secured the data of some 30 million credit cards by gaining access to the HVAC and from there reaching the POS and deploying a modified application, or new binary image. The retailer is reported to now be potentially exposed to decades of fiscal uncertainty as 30 million lost data points are near impossible to control or contain.

As with a large deployed IT estate, the focus on the end device security has to be so much more than password strength, particularly as two factor authentication with the device is not really a viable option. Additional aspects such as trusted boot, signed executable binaries and device attestation over an encrypted channel to the cloud host would seem to be the table-stakes for any deployed IoT device, systems are out there than can help with all of that. In this instance, any personnel accessing the system (note: not the device specifically) would need to have two-factor authentication at the host and the communication only channelled through the encrypted channel to a target device who has managed previously to attest its security and integrity.

However, while the remote device security has now become the recent focus with the recent breaches fuelling more of the attention, there is a much larger “elephant in the room”, that of the systemic integrity.

The vision of connected health or connected/smart city or connected agriculture are exciting, yet taking the connected city that is likely connecting traffic management with underground (tube/subway) trains, bus, taxi, automated vehicles and vehicle parking to enable a traveller to be routed, probably via a mobile phone app, to their destination in an optimal, time/cost efficient way.

The travelling population will come to expect the integrated service. The multiple sources of telemetry coming from each subset would be brought together with the travellers information and travel history to dynamically build out the routing for individuals and groups with common needs. Furthermore, the inclusion of demand side energy management and commercials utilities would enable home and office heating and lighting to be part of travel plans. Yet, the security of the system will only be as strong as the weakest member, and a hacked system could bring a a city transport system to its knees or destroy the energy grid. The hacked security cameras originated DDoS impacting twitter, the POS records stolen via the HVAC, the Jeep that stopped are single telemetry sources under attack, what of the many?

The suppliers of technology to the Operational Technology (OT) world have significant experience in the challenges of device security and while well understood has just not been well implemented by many of the equipment manufacturers at this time. This is likely as the builders of the most vulnerable IoT systems mentioned have not considered these well known security challenges seen by traditional OT, perhaps as they simply leveraged maker platforms using a variant of Linux, or the IT folks they consulted traditionally left security to others to protect them, such as the AV, Malware and Firewall folks.

Yet IoT is not M2M, its not about a device talking back to a server, its about a mass of multiple telemetry sources bringing data to a business logic system that leverages analytics and intelligence to determine new, disruptive business models. This brings much greater planes of security vulnerability, and will demand a systemic, holistic approach to security.

Consider this, IT infrastructure security is very well understood, this likely makes “the cloud” a secure arena. Yet, when bitcoin appeared a line of trust needed to be established that allowed a software concept to be passed as a form of payment. The mechanism that enables bitcoin to function is a server data structure termed Blockchain, a standard, community defined line of trust that has attested integrity.

With multiples sources of telemetry being used to establish business outcomes, like Blockchain, the integrity and trust of the whole system needs to be maintained. A mechanism is needed that will ensure that when a business decision is executed by the system that every telemetry point used in that decision is attested for its integrity and is secure.

As we connect previously unconnected systems together, lighting, parking, rail, cars, planes, heating, passengers, etc. the attack surface for a security breach widens, potentially causing catastrophic outcomes for a Smart City, for instance. Forget securing the device, that is a tiny step, the next phase in IoT has to be a Blockchain like holistic system integrity such that the machines can be trusted to deliver the disruptive benefits that IoT eludes too.

Golden Paste -the healer

Eighteen months ago I was in a mother and fathers roller disco race and a father pushed me out of the way causing me to fly, and crack my Medial Malleolus, the bone that sticks out on the inside of your ankle.

The medical consultant told me that if its splits away it will need a screw, if not then it will likely take more than 12 months to heal.

The pain towards the end of the day has been awful, plus, for some reason, my Achilles tendon on the other foot is incredibly stiff, painfully so, both of them making my TAGB Taekwondo tough to focus on.

The medical community tell me it will take time, use Ibuprofen, Paracetamol, Asprin to cope with the pain, however I believe pain is the body saying something, masking it is likely to make things worse.

So I endeavoured on a mission to find out what the internet might have as a view, and I discovered both for people and horses Turmeric is recommended. In fact Dr English, http://turmericlife.com.au/turmeric-recipes-golden-paste/ a vet has a whole world of followers with some 190 members on his closed Facebook group.

A friend, who uses the Golden Paste for acne suggested I tried it, as it works wonders.

So I started with a teaspoon (3g) of Turmeric and some black pepper on sandwiches, salads, baked potatoes, pizza and in 4-days I went a whole day without pain.

So next to find out how to make Golden Paste, and I discovered many, many recipes, all about the same, but all using units of measure I have no clue about. For instance, 1/2 cup of Turmeric and 1/2 cup of coconut oil, what size cup, how does that translate.

Additionally, the coconut oil I bought was solid, not liquid, and those that mention a measure I could use stated 70ml, written again the American way of 70mils.

Posting on Facebook provided lots of help, people telling me to use the internet, lots of conversion sites that can help .. however, none of them provides a conversion from a liquid oil to a solid oil.

So, I took 100g of solid coconut oil and placed it in a bowl and placed the bowl over a saucepan of boiling water as you would when melting chocolate. Once melted I then poured it into a chemistry graduated vial, 70ml. Perfect, now I have the measures:

  • 65g                          Organic Turmeric power
  • 250ml                     Water
  • 75g                           Manuka Honey (optional sweetner)
  • 100g                         Solid Organic Virgin Coconut Oil
  • 3g                              Organic Powered Black Pepper
  • 2 teaspoons           Cinnamon Powder (optional spicy sweetner)
  • a pinch                       Low Sodium Salt

The process is so simple, the toughest part is knowing how much it will make and finding a suitable jar to put it in when you have finished as you need to store it in the fridge.

I doubled all the above and ended up with much more than I intended .. ooops!

  1. Mix water and Turmeric together in a pan on the hob with a wooden spoon who you don’t mind being yellow for the rest of time, and bring the mix to a simmer. Add extra water if needed, it needs to be quite a thick paste, something like plaster for walls or even those DIY wall fillers that come in tubes.
  2. Add all Black Pepper, the Cinnamon (if spicy sweet is interesting) and the slat and cook on simmer while mixing for 5 minutes. Don’t let it boil.
  3. Add the Coconut solid oil, it will melt quickly and mix until it eventually disappears, it will, you just have to believe it will and keep mixing!
  4. Turn off the heat.
  5. While cooling, add the honey, if this is your preferred sweetner, and blend thoroughly.
  6. While still runny, pour into clean jars and refrigerate.

I’ve tried it without sweetner (Turmeric has a bitter flavour), with cinnamon and with honey and I prefer with cinnamon or plain. I like honey, but not in this case.

The mix should last many weeks in the fridge as the ingredients are all anti-microbial and the cooking will have killed any other items, like moulds, etc. that might have been present in the raw ingredients.

 

The Black pepper is reported to be key to the success of this, it contains Piperine which apparently increases the bioavailability of just about everything. That is other medication you may be on will be enhanced by black pepper, and Curcumin (the active component in Turmeric) has been reported with some insane increased levels of effectiveness.

There are all sorts of claims of Golden Paste on anti-inflammatory capabilities especially in the treatment of rheumatoid arthritis, ulcerative colitis and other inflammatory conditions. Curcumin is able to inhibit the activity of cytokines and enzymes such as COX-1 and COX-2. It has been recommended as a treatment for chronic neurodegenerative diseases in combination with lower doses of Non-Steroidal Anti-Inflammatory Drugs (NSAIDs)….

However, never believe what you read about on the internet, so who knows whether it does all of that.

What I can say, is a week of taking my Golden Paste an neither of my ankles ache, at all. Now, its been 18 months, nearly two years since the race and the ankle smash, so perhaps it all healed just the same week as I started to take 1/2 teaspoon a day, in 2 doses (morning and night). Others have said its all in the mind, and taking the paste is having me believe it works, maybe …

What I do know is that it’s working, rather amazingly in fact. I will keep going another 4 weeks and see where it gets me, but for now I am amazed.

 

 

To Crack or not to crack my Medial Malleolus

Ok, some would say, starting to learn to rollerblade for the first time on your 50th Birthday is a little  crazy, but then those that know me would not be surprised.

Four and a half years later of skating 2hrs Friday, 1hr45 Saturday and 2hrs Sunday every week has me doing ok. My 14 yr old son, streets ahead even though we’ve skated roughly the same amount over the same time. I’ve recently removed my brake, recently managed crossovers and most recently was gaining confidence on t-braking.

Anyway, a couple of weekends ago I entered the Mum’s and Dad’s race as I always do, and over the past nearly 5-years my speed has gradually increased until this particular Saturday evening I was flying around in front at some 10-12 mph. As I took the second lap, crossing over my right on my left to double power around the bend I saw another Dad coming up on the inside, an ex-ice hockey player.

He shoulder barged me on my left, and not in slow motion, I flew through the air, landed on my left bum cheek, slid along the floor with my left leg out straight and felt my right leg come rapidly pulled down by the weight of the boot to hit my medial malleolus onto the skating floor, while in my boot, with a thud.

That hurt, lots. I got up, rolled around a little on my inline skates and mentioned it was painful and left it. Around 20-minutes later I went to first aid and put ice on it and elevated it. I then, at the end of the roller disco, hobbled with my son to Ten Pin, a bowling alley and had a San Miguel with Nacho Double Cheese with Jalapeños. Around an hour late I drove home … and went to bed.

The following morning the swelling was as bad as it had ever been, so after a while (and tutoring Maths), I took myself to Accident & Emergency, ER if you like.

An hour later the consultant said I’d cracked my medial Malleolus and they put me in plaster, … now to get someone to fetch me and the car .. urgh!

WP_20151001_10_14_56_Pro  Revised Foot

No weight on it, two crutches, a plaster cast on my right … nightmare. No cups of tea, no breakfast, no showers (I need a daily to wake up in the morning), awful.

That following Thursday I had the plaster replaced with a fibreglass version, claims of it being lighter are grossly overrated. The medial malleolus is renowned for not healing, so the consultant this time said I want an x-ray every week, we need to keep an eye on it and pin it if its not healing.

The following Tuesday, the new consultant has my cast removed, sends me to x-ray, and all are puzzled. The plaster room, the consultant, the radiologist. To be honest the first radiologist said “you’ve not broken it make, I think its bruised, but let the Doctor take a look”. This time the consultant said something rather strange;

“When did you last break your ankle sir”, he said. “Me, I’ve never broken my ankle”, I replied. It seems I have, in the past 2-5 years I had broken my medial malleolus and it had since healed. What they were looking at was a aged healed break. The new consultant pressed the bone that sticks out of the inside of my foot, nothing. He said I would be flying around the room, as I will do when he presses … this … boy I flew around the room.WP_20151006_001

That he said is a very bruised medial malleolus but its not broken, they then said “of course, we knew all along” in the plaster room, I had not chance to check with the radiologist, but I could feel him thinking “I told you so”. Anyhow, they’ve put me into surgical boot, one of those that Robocop wore in the film I think. To be worn when out and about and I am to wear slippers or shoes in the home …

The pain this week, 1.5 weeks after the accident, is still rather unpleasant, especially if I hold it still for any length of time. Last weekend I returned to the Roller Disco and spoke to the quietly spoken, but rather competitive Dad and watched my son skate .. when it comes to this weekend in the boot I suspect he will be surprised.

Robocop returns, heals in 2-weeks, feels no pain after a break; real or implied; and is really rather scary .. for me, I am thankful that pinning my ankle back together is not something I need to be done any time soon.

September/October 2015

Teaching, Lecturing, Training and Learning

I finally have found a role I am as passionate about as I am about education. It’s fun, it’s gregarious, it’s emotionally rewarding as well as financially.

However, I’ve just been put through an online e-learning course which must have been more than 30 hours of modules. It was horrific.

I work from home, alone, with the phone and email as my tools. I travel frequently around the country and also often fly to Finland, Sweden and Norway to visit my Accounts, as I am an Account Manager.

So sitting alone, listening to some sort of online presentation with interactive questions has been a severe challenge.

I wish more trainers and the like would take a PGCE and teach for a year actual 11-18yr old students. When you realise how people learn you would never think training is video lecturing with tests of recall rather than understanding. Teaching is not imparting knowledge. … That is the first base of error.

Latin gives a clue, the Latin root of Educate is ‘to draw out’. The student needs to find paths of recall in their minds. The facilitator in the room, often called the teacher , needs to draw out the understanding from the student. Pushing information in does not create recall paths, neither do tests of comprehension. The test should be determining understanding.

Additionally, the solitary experience of being lectured and tested for recall via an online portal is an assurance of wasted time and money as the student is unlikely to be able to synthesise the information provided into something of use to their situation.

Footballers do not hone their skills sitting in a room alone with an e-learning set of presentation before starting a match. Football training is taking an ability and developing it into a skill through repetitive application. For football it needs a field, a ball and a few team mates.

Teaching is not telling, Training is not lecturing … So much of the training courses developed are of near zero applied value. Take a student and test for comprehension (not recall) some 6months to a year after the class was taken and the results will doubtful shock.

Global Integration on Remote Teams showed how to do it. Splitting a class into 5×5 and then dropping them all over Brussels with part of a puzzle to solve that needed groups to connect, no phones available. The mission, to get all 25 to the restaurant.

The teaching method was educate (to draw out) the training method was to engage in a physical team activity. Genius.

So, how do you do it. Well, first, as a teacher you get the students to drive. Create discussion, explore ideas. As teacher you facilitate, ask questions, take the room down dead ends. The class decide its a dead end, they look further. To propose things to consider. They come to a consensus. Through multi-way dialog, ensuring all contribute, they determine understanding. As they formed it themselves they connected the imagery and the neurones to ensure they have comprehension, understanding and recall.

I did this with a group of 30x 14 yr olds and they had a wild time in the lesson. They solved all the problems given , they passed the end of topic exam with little to no additional work and they told me it was the best lesson they had had in the school ever … They had been through years 7 and 8 before making 9.

I’m interested in how online education, personal development and training can be delivered effectively and have some thoughts of my own but would be interested to explore others.

The Internet of Things (IoT)

The world is getting connected. Not so long ago things, parking meters, phones, cars, buses, etc. we’re standing alone doing their thing.
Then Machine to Machine arrived, where a thing would talk to another thing. The most common is probably the parts in your car, the remote key unlocking doors.
However, in the past 3 years there has been a rapid acceleration of connecting things to a central server at a hosted location via the internet connectivity, the thing is connected to the Cloud. This is the Internet of Things.

A parking meter that has number plate recognition and gets its tariff by accessing the cloud. A street parking meter that informs it’s cloud that it has an empty space that in turn provided the detail to an App on a phone helping needy drivers to find a space.
The bus that can inform the stops ahead of it where it is and how long it will be. A central system that can understand passenger loading so ensuring enough buses are on route.

My favourite , the removal of signals from the train rails as the trains are given intelligence and details of where they are and where the other trains are.

This last one will make for much safer trains. They will never hit each other, the signalling failure will never hinder flow, the fault will take a train out not a service. Additionally the service can provide more trains per time interval. In fact, companies like Rail Track will be a hosted cloud service providing access to tracks for the various train operators making for real competition.

Of course, at sometime cars will connect to the Internet and will know where all the other cars are … I wonder if we can improve traffic density and flow with such technology?

5 ways to improve Teaching

1. Start pay scales at professional levels

In the UK, at this point in time, the union collusion with government has the pay scales set to ensure teaching quality is kept low or at least and a second household income.

Learning to teach is like learning to fly, you start with theory, then you watch an experienced person, then you try for yourself under supervision, then once qualified you have to accumulate recorded and occasionally monitored hours.

While not qualified the highest pay you can get in the counties next to Greater London is £26k/year before tax.

Now, for a partner of the main home earner or a recent graduate who is living with parents that may work. However, for a career change person with significant experience in industry this is nonsense.

Additionally, the £26k applies to all teacher trainees, no matter whether they are scarce resources or not!!

I have experience of teaching Physics, had to leave a PGCE due to NQT pay scales, and yet I can teach computing, or programming and mathematics too. All three are subjects that there is a huge shortage of teachers for yet the ‘offer’ of £26k remains the same as Biology, Geography, History teachers. Market forces are artificially being contained by union nonsense.

The result, the best at Physics, Electronics, Programming, Mathematics, Chemistry, etc. do not share their passion, experience and fun for the subject. The schools end up with the least able teaching.

2. Enable guest teacher appearances

Teachers, once qualified, are isolated and insular. They spend hour after hour with children. They teach the same set each week. Each year the audience change but the subject doesn’t. There is little sense of community between teachers as the plire of department are caught in the c isolation.

Having guest teachers, guest professors, being a guest teacher would build a community of experienced teachers who can explore together innovative ideas on how to engage the class.

3. Enable 360 degree appraisals

4. Involve the students in scheme of work planning

5. Focus on developing curiosity not cramming their heads with facts

I started to write this blog more than a year ago, out of frustration that there was no way for me to enter the profession yet my personal experience had shown me that its such a rewarding role. Nearly two years later and I find my 5 points still incredibly to the point and still proving to be very valid.

This last one is the most important. The one I saw work wonders. If you try and push facts into their heads they resist, even subconsciously. Those that appear not to resist will appear to understand yet when that understanding is checked they will not recall correctly. Simply they had no passion to reflect the learning.

However, if you use questions and exploration you will develop their curiosity, they will ask more questions. Whether its Mathematics, English, History, Art, Religion or Science does not matter. Build the lessons to engage the audience, using whatever techniques you can dream up. Have the students explore, examine, question either as a large group or small groups and have them present back to the class what they discovered. Allow failure to be acceptable in the learning process, discuss and reflect on what confusion led to the wrong understanding, explore why its wrong.

That last part is easier in Physics, however in Art or English the question of interpretation comes to the fore. In many instances an interpretation away from the norm is allowed, however in others this is not the case. However, you will recall as a student yourself what it was that captured your passion for the subject and keep that front and centre.

The mission is not to push out lots of data, lots of facts, but purely to develop a passion for exploration, for questioning, for curiosity. For, if you can teach a child to be curious then you have taught a child to learn, something they will enter the world with that will constantly help them to add value to themselves and to the world as a whole. That has to be the ultimate role as a teacher, to allow and develop curiosity.

I will come back later and fill out the remaining three, perhaps in another few months. I am not sure they need explaination.

 

Surviving Redundancy in a deep Recession – Part 2

In my previous blog I wrote about the basics of getting yourself into the proactive, find a role push that is needed to support a personal marketing campaign and to find those hiring managers before they open a dialog with HR or a Recruitment agent. In times of plenty, and we have plenty of people looking for a role, you have to find another way. Its tough, very tough, an emotional roller coaster in fact that may have you questioning every aspect of yourself. Nothing I can say other than keep marching, even when it seems hopelessness or hopeful, keep marching. The soldier who gives up on the roadside will not get to relax in the bar of a tavern in the distant city.

So, there I was, promoting on LinkedIn, Twitter, Facebook, Paper.li and building a network of connections into all areas of interest and I found a number of small companies in need of some part-time assistance. However, any income I received from my exit point through to the end of the tax year would be taxable at the annual rate. From that I looked at sole proprietor or limited company, and concluded the later can be done simply and cheaply …

1. Forming a Limited Company. In the UK this is done on te Companies House website and costys £18. You need to decide who the directors and who the shareholders are and allocate Ordinary A and Ordinary B shares to them as you think fit. The two types are to enable you to pay out different Dividend Rates. For example you may be the sole Director but your spouse could be a shareholder.  Once formed you have 18 months to submit your first annual return, so no need to worry about that for now. The name, and securing a domain for the website is all you need right now, most likely £18 for the company and £13 for the domain.

2. You will need a company bank account. This will need your paperwork from the formation of the company and some forms of ID. Its trivial and it takes a week or so to get in place, online access, a company credit card and you have it all.

3. Ensure you have implemented Statutory bookkeeping. For those in the UK, the Quickfile provides a free online bookkeeping package that is centred around your business current account. YOu can download your statement and then simply, with a click per line, allocate the entry to something defined in the accounts. Things like travel, internet access, etc. Quickfile has recently enhanced to understand VAT so its a full package, although I am not sure it will scale as your business grows.

A cheap, but not free version, is ClearBooks which truly understands double entry bookkeeping, the various VAT rules, etc. and has the means to expand as your business expands. Its clumsier than Quickfile to use as you have actions and reactions, for example you have to raise a purchase entry before you can allocate funds to that, as in pay it.

4. Value Added Tax. This is a debatable item. Credibility is built from having a VAT number and with the UK flat-rate scheme its simply a percentage of revenue gained in a period. The flat-rate is charged to the customer at a different rate than paid to the HMRC providing a small source of income. For this reason I chose to register, however it is time consuming.

5. Customers paying for services. The invoice format is within the bookkeeping packages, however you can also develop your own. When the clients pay you the amount goes into the company current account. That is not money you can draw on unless you a) charge expenses to the business, b) register as PAYE and start PAYE payments and payslips, c) Directors loan it (pay back within 18 months) or d) pay Dividends as per profits recorded.

However, until you start to draw some form of income from the business account or register as PAYE (paying tax as you go each month) you will not incur any income tax. This is actually an effective way of minimising your tax liability and using your severance to buffer you while you build a business.

6. Getting an Accountant. If you are wise and follow the rules outlined on mileage and other business expenditure and you complete an expense claim as if you were employed that you submit and approve to the business then I would say you do not need an accountant. Besides, at this point you have very little revenue going into the business as you need to find customers who have a need for your product or service.

In fact do not register for PAYE until the new tax years starts if you can help it, that is the new tax year starts and you intend to draw a regular, monthly salary. The amount you draw is somewhat irrelevant, but it should be above the personal allowance limit so it appears on the inland revenue radar. As long as you are on their radar all will be fine. That said, the majority of your personal income should come from Dividends, Dividends that you can release early as a Directors Loan.

These details are not to be worried about, simply register for PAYE in the first tax month of the year, decide on an amount per month and use the tools, (in the case of the UK), that are provided by HMRC to calculate deductions. Its actually a simple process, and yes you can let it go to an Accountant but it will be for a fee, a fee you simply may not have yet and if you did I would still recommend you understand how its done.

The next installment will be about getting your Klout score up using social media and making a noise, getting yourself visible to the huge audience in your target market sector and determining what to say to them that keeps you connected.