Attachment	Size
La mochila viajera, 13 de julio del 2012: Migrantes y software libre	84.19 MB

It's that time of the year again. No, not only the Debian biyearly freeze that has just happened, again (YAY!). It's DebConf time again. Yesterday night I arrived in Managua, Nicaragua, for DebConf12. I'm still jetlagged a bit, but the first impression is great. And that impression is also very green, shockingly green. The city is gorgeous: full of trees and plants (well, at least compared to my metropolitan European standards), and the campus of Universidad Centroamericana where the conference is hosted is even more so. Also, it's a great pleasure to have DebConf in an university campus where students are still swarming. My only reason for sadness thus far. While I did bring my traditional Debian kilt at DebConf, I discovered this morning that I forgot my sporran at home
So if you don't see me wearing my kilt at this DebConf often, that's why

Yesterday night, Regina and me arrived to Nicaragua. Ready to greet us, we found quite a good number of good friends. We had a nice pizza+beer dinner at Diana's house, and some of the foreigners among us were distributed among the houses of several locals. This morning, we woke up together with V ctor, Moray and Gaudenz in Norman's brother's beautiful house. We had breakfast with the family, were picked up to go to the hotel that will have the ho(n rr)or to host us all for the following two weeks, and walked to the Universidad Centroamericana (UCA) campus. Contrary to our usual practices... It seems everything is working fine! I mean, I'm sure we will stumble with some unforseen details and what not... But coming on the very first day to the university, to find that food is all sorted out, that we have food tickets (and they are all printed!), that network works (and it's by a fiber connection that was laid out expressly for us), that we have all the hardware I was worried about, that people are arriving and getting accepted at the hotel. I mean, things work! So, I'm quite optimistic this DebCamp will have everything ready to be a success And the DebConf following it as well, of course! If you have not yet arrived - See you soon!

During my work on Debian Edu based on Squeeze, I came across some issues that should be addressed in the Wheezy release. I finally found time to wrap up my notes and provide quick summary of what I found, with a bit explanation.

• We need to rewrite our package installation framework, as tasksel changed from using tasksel tasks to using meta packages (aka packages with dependencies like our education-* packages), and our installation system depend on tasksel tasks in /usr/share/tasksel/debian-edu-tasks.desc for package installation.
• Enable Kerberos login for more services. Now with the Kerberos foundation in place, we should use it to get single sign on with more services, and avoiding unneeded password / login questions. We should at least try to enable it for these services:
  • CUPS for admins to add/configure printers and users when using quotas.
  • Nagios for admins checking the system status.
  • GOsa for admins updating LDAP and users changing their passwords.
  • LDAP for admins updating LDAP.
  • Squid for users when exam mode / filtering is active.
  • ssh for admins and users to save a password prompt.
• When we move GOsa to use Kerberos instead of LDAP bind to authenticate users, we should try to block or at least limit access to use LDAP bind for authentication, to ensure Kerberos is used when it is intended, and nothing fall back to using the less safe LDAP bind
• Merge debian-edu-config and debian-edu-install. The split made sense when d-e-install did a lot more, but these days it is just an inconvenience when we update the debconf preseeding values.
• Fix partman-auto to allow us to abort the installation before touching the disk if the disk is too small. This is BTS report #653305 and the d-i developers are fine with the patch and someone just need to apply it and upload. After this is done we need to adjust debian-edu-install to use this new hook.
• Adjust to new LTSP framework (boot time config instead of install time config). LTSP changed its design, and our hooks to install packages and update the configuration is most likely not going to work in Wheezy.
• Consider switching to NBD instead of NFS for LTSP root, to allow the Kernel to cache files in its normal file cache, possibly speeding up KDE login on slow networks.
• Make it possible to create expired user passwords that need to change on first login. This is useful when handing out password on paper, to make sure only the user know the password. This require fixes to the PAM handling of kdm and gdm.
• Make GUI for adding new machines automatically from sitesummary. The current command line script is not very friendly to people most familiar with GUIs. This should probably be integrated into GOsa to have it available where the admin will be looking for it..
• We should find way for Nagios to check that the DHCP service actually is working (as in handling out IP addresses). None of the Nagios checks I have found so far have been working for me.
• We should switch from libpam-nss-ldapd to sssd for all profiles using LDAP, and not only on for roaming workstations, to have less packages to configure and consistent setup across all profiles.
• We should configure Kerberos to update LDAP and Samba password when changing password using the Kerberos protocol. The hook was requested in BTS report #588968 and is now available in Wheezy. We might need to write a MIT Kerberos plugin in C to get this.
• We should clean up the set of applications installed by default.
  • reduce the number of chemistry visualisers
  • consider dropping xpaint
  • and probably more?
• Some hardware need external firmware to work properly. This is mostly the case for WiFi network cards, but there are some other examples too. For popular laptops to work out of the box, such firmware need to be installed from non-free, and we should provide some GUI to do this. Ubuntu already have this implemented, and we could consider using their packages. At the moment we have some command line script to do this (one for the running system, another for the LTSP chroot).
• In Squeeze, we provide KDE, Gnome and LXDE as desktop options. We should extend the list to Xfce and Sugar, and preferably find a way to install several and allow the admin or the user to select which one to use.
• The golearn tool from the goplay package make it easy to check out interesting educational packages. We should work on the package tagging in Debian to ensure it represent all the useful educational packages, and extend the tool to allow it to use packagekit to install new applications with a simple mouse click.
• The Squeeze version got half a exam solution already in place, with the introduction of iptable based network blocking, but for it to be a complete exam solution the Squid proxy need to enable filtering/blocking as well when the exam mode is enabled. We should implement a way to easily enable this for the schools that want it, instead of the "it is documented" method of today.
• A feature used in several schools is the ability for a teacher to "take over" the desktop of individual or all computers in the room. There are at least three implementations, italc, controlaula og epoptes and we should pick one of them and make it trivial to set it up in a school. The challenges is how to distribute crypto keys and how to group computers in one room and how to set up which machine/user can control the machines in a given room.
• Tablets and surf boards are getting more and more popular, and we should look into providing a good solution for integrating these into the Debian Edu network. Not quite sure how. Perhaps we should provide a installation profile with better touch screen support for them, or add some sync services to allow them to exchange configuration and data with the central server. This should be investigated.

I guess we will discover more as we continue to work on the Wheezy version.

In this age of 3d accelerated desktops and all that fancy stuff, one does not expect practical innovation happening in the remote terminal emulation area. But it has just happened. It is called Mosh, a shorthand for "Mobile Shell". What does it do better than ssh we have learned to love?

• Less lag! Being UDP based, it is not prone to TCP congestion effects. Considering that voip, games and everything else latency critical has been UDP based, it is (almost) surprising that it wasn't done for interactive terminals before...
• Even less lag! Mosh provides local echo and line editing when the other side is not being responsive. To do this, mosh actually becomes a terminal emulator of it's own. This stuff is sweet on unstable 3G and conference wifi networks.
• Survives suspending. Resume your laptop and *bam* all your remote mutt and vim editors are still there instead of the "connection reset" you get from ssh.
• Roaming. Got another IP? Moved from wifi to ethernet to 3G? your sessions are still open! Another thing a TCP based protocol couldn't do easily...

It doesn't replace ssh, as it still borrows authentication from ssh. But that's cool, as you can keep your ssh authorized keys. Available in Debian unstable,testing and Backports today, and many other systems as well. Hopefully an Android client comes available soon, as the above mentioned advantages seem really tailored for android like mobile systems. Caveat: This is new stuff, and thus hasn't quite been proven to be secure.

I ve send a mail today with a summary of some of my experiences in Managua and tiny bits of Nicaragua late April / early May 2012. If you are considering going to DebConf12 (which you obviously should do as you are reading this!) go and read this mail, as it includes a thematically sorted list of impressions and advice written by Gunnar, Norman, Leo, Felix and myself, which should give you some better idea about DebConf12 in Managua! While I spent 14 days in Nicaragua in total, for the last three days I was joined by Gunnar Wolf, to make sure my impressions about the local team, the status of the preparations and everything were correct. Our visit also seems to have been very motivating to local team members, whom I ve seen really enthusiastic to welcome a huge Debian crowd for the first DebConf in Central America in just a few weeks! At the last DebConf12 IRC meeting I summarized it like this: in very short: my two weeks were great, I had a great vacation, met many members of the localteam, which is way bigger then it seems on irc, saw and liked UCA (Universidad Centroamericana, the DebConf12 venue), had zillions of reunions (meetings, see schedule wiki page) and met many nice people and a very hot & interesting country+capital with great countryside. The deadline for sponsored accomodation ends in three days - so if you haven t registered yet, hurry up, DebCamp starts in 49 days! :-) (After that registration is still possible, but you will need to pay for your costs yourself.) We re looking forward to see you there and have a great DebConf together! Hopefully we sweat together while Wheezy is frozen :-D

Most of my private online life happens on netbooks and besides the web browser, SSH is my most used program especially on netbooks. Accordingly I also have hosts on the net to which I connect via SSH. My most used program there is GNU Screen. So yes, for things like e-mail, IRC, and Jabber I connect to a running screen session on some host with a permanent internet connection. On those hosts there is usually one GNU Screen instance running permanently with either mutt or irssi (which is also my Jabber client via a Bitlbee gateway). But there are some other less well-known tools which I regard as useful in such a setup. The following two tools can both be seen as SSH for special occassions. autossh I already blogged about autossh, even twice, so I ll just recap the most important features here: autossh is a wrapper around SSH which regularily checks via two tunnels connect to each other on the remote side if the connection is still alive, and if not, it kills the ssh and starts a new one with the same parameters (i.e. tunnels, port forwardings, commands to call, etc.). It s quite obvious that this is perfect to be combined with screen s -R and -d options. I use autossh so often that I even adopted its Debian package. mosh Since last week there s a new kid in town^WDebian Unstable: mosh targets the same problems as autossh (unreliable networks, roaming, suspending the computer, etc.) just with a completely different approach which partially even obsoletes the usage of GNU Screen or tmux: While mosh uses plain SSH for authentication, authorization and key exchange the final connection is an AES-128 encrypted UDP connection on a random port and is independent of the client s IP address. This allows mosh to have the following advantages: The connection stays even if you re switching networks or suspending your netbook. So if you re just running a single text-mode application you don t even need GNU Screen or tmux. (You still do if you want the terminal multiplexing feature of GNU Screen or tmux.) Another nice feature, especially on unreliable WLAN connections or laggy GSM or UMTS connections is mosh s output prediction based on its input (i.e. what is typed). Per line it tries to guess which server reaction a key press would cause and if it detects a lagging connection, it shows the predicted result underlined until it gets the real result from the server. This eases writing mails in a remote mutt or chatting in a remote irssi, especially if you noticed that you made a typo, but can t remember how many backspaces you would have to type to fix it. Mosh needs to be installed on both, client and server, but the server is only activated via SSH, so it has no port open unless a connection is started. And despite that (in Debian) mosh is currently just available in Unstable, the package builds fine on Squeeze, too. There s also an PPA for Ubuntu and of course you can also get the source code, e.g. as git checkout from GitHub. mosh is still under heavy development and new features and bug fixes get added nearly every day. Thanks to Christine Spang for sponsoring and mentoring Keith s mosh package in Debian.

Open Source Days Open Source Days were nice, especially the meating(sic) of and talking to old friends and new people. I got to discuss Mercurial with two of its developers which was very interesting indeed. It's funny how similar git and Mercurial are in some regards and how different in others. Overall, it feels a bit as if Mercurial is not quite as distributed as git. Its local, sliding revision index feels like disaster waiting to happen, to me. On the other hand, Mercurials ability to not check out large files to your local repository sounds very git-annex-ish, which is nice. Choice is good :) My talk about how to gitify your life (slides, no video) went extremely well. Within my time-slot, there were a total of six talks, and lunch(!), in parallel. About 300 people attended OSD on Sunday and of those, many were at booths, stands, eating, etc. My personal turnout was 50-70 listeners so I was well above mathematical average and from what I heard, my talk was the most-visited one during that time. Add the fact that several people asked me to put up the resource links up again after the talk so they could take pictures and I would say this talk really was a success. Ego-stroking? Yes. Vanity? Most likely. Being able to see that people can really want to learn about what you have to say? Priceless. It's a real pity that there was no video recording, but it's obviously too late to do anything about that. Joey Hess asked me to at least make an audio recording on my laptop, but that turned out to be a lot of useless white noise with faint mumbling in between. Maybe I should at least get a small microphone or recorder so I will always have an audio copy. I already did order a presentation clickie with built-in laser pointer so I won't have to rely on possibly non-existent conference infra, any more. If there's any interest, I may re-record the talk as audio, else I will just try to get another speaker slot at another conference, with video recording, and link that. Denmark Barring the airport, central station, bus, hotel, venue, and metro, I did not see anything of Copenhagen. That's a pity, but I didn't want to leave the conference early. To continue my recent tradition of dumping random observations about places I visit onto my blog, here goes:

• Torx screw adaption: No idea, I did not see any screws as I didn't enter any wooden buildings.
• Most power outlets have their own on/off switch; I would love to have the same in Germany.
• English movies, series, etc. are not dubbed, merely subbed. This is great to learn English even though it will obviously increase potential exposure to certain "news" stations.
• When exiting Copenhagen airport's first floor, there are knee-high bumpers with broad wings right in front of escalators. In a crowd, it's impossible to see them; the first information about their existence is most likely a bruised shin. If there's ever a panic, people will get seriously hurt. I am sure that Denmark has officials from the fire department and city OK their evacuation routes. No idea how those bumpers can be allowed; they probably are not.
• It's great to have a map of your target area along with the street name in the search field handy on your phone when asking people for directions. You can pre-cache the map tiles and don't need to pay horrendous roaming charges for online navigation, that way.
• As always, the best people to ask for directions are young mothers with strollers.
• The Gulf Stream never ceases to boggle my mind. It's warm in Denmark.
• The bridge between Denmark and NorwaySweden (thanks kloeri) looks very impressive from a plane. Hopefully, I will be able to drive over it at some point in my life.
• Hotels will always be able to lend you a phone charger in case you forgot yours.
• Danish coffee is horrible. This really seems to be a common theme in Scandinavia.
• If you board last, you can sit down next to the emergency exit without bothering anyone. If the seat is still free, no one will claim it any more as you are the last to enter the plane. Just sit down and enjoy the leg room.
• The one great advantage of semi-commercial/for-pay conferences is that you will get a name badge. I need to poke FOSDEM about this again; badges and lanyards are cheap if you know where to order.

New in the Squeeze version of Debian Edu / Skolelinux is the ability for clients to automatically configure their proxy settings based on their environment. We want all systems on the client to use the WPAD based proxy definition fetched from http://wpad/wpad.dat, to allow sites to control the proxy setting from a central place and make sure clients do not have hard coded proxy settings. The schools can change the global proxy setting by editing tjener:/etc/debian-edu/www/wpad.dat and the change propagate to all Debian Edu clients in the network. The problem is that some systems do not understand the WPAD system. In other words, how do one get from a WPAD file like this (this is a simple one, they can run arbitrary code):

function FindProxyForURL(url, host)
 
   if (!isResolvable(host)  
       isPlainHostName(host)  
       dnsDomainIs(host, ".intern"))
      return "DIRECT";
   else
      return "PROXY webcache:3128; DIRECT";
 

to a proxy setting in the process environment looking like this:

http_proxy=http://webcache:3128/
ftp_proxy=http://webcache:3128/

To do this conversion I developed a perl script that will execute the javascript fragment in the WPAD file and return the proxy that would be used for http://www.debian.org/, and insert this extracted proxy URL in /etc/environment and /etc/apt/apt.conf. The perl script wpad-extract work just fine in Squeeze, but in Wheezy the library it need to run the javascript code is no longer able to build because the C library it depended on is now a C++ library. I hope someone find a solution to that problem before Wheezy is frozen. An alternative would be for us to rewrite wpad-extract to use some other javascript library currently working in Wheezy, but no known alternative is known at the moment. This automatic proxy system allow the roaming workstation (aka laptop) setup in Debian Edu/Squeeze to use the proxy when the laptop is connected to the backbone network in a Debian Edu setup, and to automatically use any proxy present and announced using the WPAD feature when it is connected to other networks. And if no proxy is announced, direct connections will be used instead. Silently using a proxy announced on the network might be a privacy or security problem. But those controlling DHCP and DNS on a network could just as easily set up a transparent proxy, and force all HTTP and FTP connections to use a proxy anyway, so I consider that distinction to be academic. If you are afraid of using the wrong proxy, you should avoid connecting to the network in question in the first place. In Debian Edu, the proxy setup is updated using dhcp and ifupdown hooks, to make sure the configuration is updated every time the network setup changes. The WPAD system is documented in a IETF draft and a Wikipedia page for those that want to learn more.

There has been a lot of discussion recently about the recent Microsoft ideas regarding secure boot, in case you have missed it Michael Casadevall has written a good summary of the issue [1]. Recently I ve seen a couple of people advocate the concept of secure boot with the stated idea that root should be unable to damage the system, as Microsoft Software is something that doesn t matter to me I ll restrict my comments to how this might work on Linux. Restricting the root account is something that is technically possible, for much of the past 9 years I have been running SE Linux Play Machines which have UID 0 (root) restricted by SE Linux such that they can t damage the system [2] there are other ways of achieving similar goals. But having an account with UID 0 that can t change anything on the system doesn t really match what most people think of as root , I just do it as a way of demonstrating that SE Linux controls all access such that cracking a daemon which runs as root won t result in immediately controlling the entire system. As an aside my Play Machine is not online at the moment, I hope to have it running again soon. Root Can t Damage the System One specific claim was that root should be unable to damage the system. While a secure boot system can theoretically result in a boot to single user mode without any compromise that doesn t apply to fully operational systems. For a file owned by root to be replaced the system security has to be compromised in some way. The same compromise will usually work every time until the bug is fixed and the software is upgraded. So the process of cracking root that might be used to install hostile files can also be used at runtime to exploit running processes via ptrace and do other bad stuff. Even if the attacker is forced to compromise the system at every boot this isn t a great win for the case of servers with months of uptime or for the case of workstations that have confidential data that can be rapidly copied over the Internet. There are also many workstations that are live on the Internet for months nowadays. Also the general claim doesn t really make sense on it s own. root usually means the account that is used for configuring the system. If a system can be configured then the account which is used to configure it will be able to do unwanted things. It is theoretically possible to run workstations without external root access (EG have them automatically update to the latest security fixes). Such a workstation configuration MIGHT be able to survive a compromise by having a reboot trigger an automatic update. But a workstation that is used in such a manner could be just re-imaged as it would probably be used in an environment where data-less operation makes sense. An Android phone could be considered as an example of a Linux system for which the root user can t damage the system if you consider root to mean person accessing the GUI configuration system . But then it wouldn t be difficult to create a configuration program for a regular Linux system that allows the user to change some parts of the system configuration while making others unavailable. Besides there are many ways in which the Android configuration GUI permits the user to make the system mostly unusable (EG by disabling data access) or extremely expensive to operate (EG by forcing data roaming). So I don t think that Android is a good example of root being prevented from doing damage. Signing All Files Another idea that I saw advocated was to have the secure boot concept extended to all files. So you have a boot loader that loads a signed kernel which then loads only signed executables and then every interpreter (Perl, Python, etc) will also check for signatures on files that they run. This would be tricky with interpreters that are designed to run from standard input (most notably /bin/sh but also many other interpreters). Doing this would require changing many programs, I guess you would even have to change mount to check the signature on /etc/fstab etc. This would be an unreasonably large amount of work. Another possibility would be to change the kernel such that it checks file signatures and has restrictions on system calls such as open() and the exec() family of calls. In concept it would be possible to extend SE Linux or any other access control system to include access checks on which files need to be signed (some types such as etc_t and bin_t would need to be signed but others such as var_t wouldn t). Of course this would mean that no sysadmin work could be performed locally as all file changes would have to come from the signing system. I can imagine all sorts of theoretically interesting but practically useless ways of implementing this such as having the signing system disconnected from the Internet with USB flash devices used for one-way file transfer because you can t have the signing system available to the same attacks as the host system. The requirement to sign all files would reduce the use of such a system to a tiny fraction of the user-base. Which would then raise the question of why anyone would spend the effort on that task when there are so many other ways of improving security that involve less work and can be used by more people. Encrypted Root Filesystem One real benefit of a secure boot system is for systems using encrypted filesystems. It would be good to know that a hostile party hasn t replaced the kernel and initrd when you are asked for the password to unlock the root filesystem. This would be good for the case where a laptop is left in a hotel room or other place where a hostile party could access it. Another way of addressing the same problem is to boot from a USB device so that you can keep a small USB boot device with you when it s inconvenient to carry a large laptop (which works for me). Of course it s theoretically possible for the system BIOS to be replaced with something that trojans the boot process (EG runs the kernel in a virtual machine). But I expect that if someone who is capable of doing that gets access to my laptop then I m going to lose anyway. Conclusion The secure boot concept does seem to have some useful potential when the aim is to reboot the system and have it automatically apply security fixes in the early stages of the boot process. This could be used for Netbooks and phones. Of course such a process would have to reset some configuration settings to safe defaults, this means replacing files in /etc and some configuration files in the user s home directory. So such a reboot and upgrade procedure would either leave the possibility that files in /etc were still compromised or it would remove some configuration work and thus give the user an incentive to avoid applying the patch. Any system that tries to extend signature checks all the way would either be vulnerable to valid but hostile changes to system configuration (such as authenticating to a server run by a hostile party) or have extreme ease of use issues due to signing everything. Also a secure boot will only protect a vulnerable system between the time it is rebooted and the time it returns to full operation after the reboot. If the security flaw hasn t been fixed (which could be due to a 0-day exploit or an exploit for which the patch hasn t been applied) then the system could be cracked again. I don t think that a secure boot process offers real benefits to many users.

• [1] http://ncommander.blogspot.com/2011/11/secure-boot-its-here-and-been-here-for.html
• [2] http://www.coker.com.au/selinux/play.html

Arrival in a new country is always exciting. This was my first time ever to visit India, and although I have heard especially cultural bits and pieces, I was as usual nowhere near "well" prepared. How to fill out the registration forms (surprisingly needed in addition to the visa already gathered ahead of departure) when your only known address in India is on the laptop you completely drained the battery of during the flight? Luckily they tolerated the "address during stay" to be left blank. I got out in the heat of Hyderabad in the late afternoon, got a cab, and had my host instruct the cab driver - over the phone via roaming to Denmark - where to drop me off. After a long ride with cows and beautiful dressed pedestrians casually crossing the high speed road and a short pitstop at an ATM, I finally met Pavithran. Until then we only knew each other from casual online chat. (I should later learn that my first impression was quite unusual - not cows or clothes or chat, but roads capable of driving at high speed!) Pavithran checked me into a small hotel and we visited his home. It was in the middle of being rebuild, so impossible to stay at as had been our original planed. After a few hours of looking at the neighbourhood and talking about possible events during the week, we decided to cancel the hotel and instead go visit his parents in Khammam, some 5 hours away by bus This text is part of my Asia 2011 scriblings.

Poor Sarah. Cat dramas always seem to befall us when she's in Australia. It looks as if Smudge has managed to escape the house. Being at work all day, it took me 24 hours to notice. Our friend Helen came over on Sunday night. Smudge was definitely around then, because she was climbing all over Liam. Helen used the downstairs bathroom before she went home, and I remember her having to shoo Smudge out because she was in there. I'm pretty sure she went home after that. If my memory serves, she saw herself out and I was in the kitchen cleaning up, so my current theory is that she escaped when Helen left. On Monday night, I had a lengthy video call with Sarah, who was at my parent's place setting up their new Mac Mini. I didn't realise until after that, when I was about to go to bed, that I hadn't been harassed by Smudge all evening. So I searched the house that night, and couldn't find her. Liam had already gone to bed for the night, so I hoped she was stuck in his room, and went to bed too. This morning, Liam and I both searched the house, and the immediate surrounds, without any luck. I called the Palo Alto Animal Services (I got the dispatch because the shelter hadn't opened yet), emailed the local neighbourhood association, and went to work. I called Palo Alto Animal Services again later in the day to report her missing to the shelter itself, and Betty-Ann there recognised my accent and name and asked me if I was Sarah's husband (Sarah used to volunteer there a lot, and we adopted Smudge from there), so they're now keeping a look out. Smudge is micro chipped, but wasn't wearing a collar. She's allowed in the back yard, because it's totally enclosed and can't escape, so she shouldn't be totally freaked out by being outdoors. Whenever she does escape out the front door, she usually makes a beeline to the right, which is mostly enclosed, but she can certainly get out of the complex. Unfortunately she often doesn't come when called, so for all I know she's in some obscure location 10 metres from the front door and I can't see her. My main concerns are that we're only two blocks from Highway 101, so if she does stray too far, she could get into serious trouble, and I'm also a bit worried about raccoons giving her grief. I spent some time tonight putting up posters in the immediate area and poking around bushes. I've left the two humane cat traps that we have out by the front door with some cat food in them, in the hope that she's roaming around and will walk into one of them. Oh and the other big concern I have is that Halloween is coming up. Shelters tend not to adopt out black cats around Halloween because bad things can happen to them. So now we wait. I'm really hoping she turns up safe and sound, soon.

I was due for another Google interview mail it seems. I have to say I wasn't expecting it, but this week I had a follow up to my polite mail from 6 months ago that said "No thanks, I'm not looking" asking if it was still the case. Normally I welcome this little bit of ego stroking; it's always nice to be wanted. Except that's not really the case, is it? It's an invitation to interview for something, not any indication that you've done more than tick some initial boxes. Google mails inevitably ask me if I'd like to work in SRE. It's always SRE. No one ever emails and asks if I want to work on self-replicating nanobots that will roam Mars searching for the perfect spot to build a beach house. And that's where things fall down. If someone currently has a job, then emailing them out of the blue to ask if they want to come and interview for something vague is hoping that they're either looking, and just haven't come to you yet, or not looking but unhappy enough with their current role that all they needed to start was an email asking them to submit a recent CV. For the former, if you're Google, do you really think that person doesn't know where to find you? For the latter, you're being quite presumptuous, aren't you? The act of updating my CV my be some effort (actually it's usually not, because the stuff that's not on it is the stuff I can't talk about because it's not released yet, or stuff that's specific and thus wouldn't go on a CV for a vague job spec). Even if it's not the act of interviewing is potentially a waste of time for both of us, if the role isn't clear. One argument used is that people will be placed according to the skills they show during the interview process. That's fine from the employers point of view, but if you're actively trying to get some interest from people who are gainfully employed you really need to grab their attention somehow. I can't remember the last time I had an unsolicited email interview offer that actually wowed me, or indeed even showed more than a passing sign of tailoring a spec to my profile. When I was running Black Cat I made a point of always replying to unsolicited CVs. How polite I was depended on how the covering emails were worded (a Word document with nothing else was likely to get short shrift, something well targeted in a Linux friendly format would normally get some comment about how we weren't hiring and were unlikely to be, but if that changed it would be mentioned on the website), but I felt people deserved a reply - I have been disappointed by not receiving responses myself to what I considered well targeted job inquiries. So far I've so far taken the same approach with mails from corporate recruiters (less so with recruiters that are associated with recruitment firms, rather than directly with the companies they are hiring for), but I'm starting to feel like changing that stance. Candidates are told to tailor CVs to the role being applied for, provide a decent cover letter, and in general make companies want to talk to them. Companies who are sending out recruitment emails should be held to the same standard. Even assuming you do a basic phone screen first, I can probably expect to need to take a day off work assuming that goes well. You need to convince me I can justify that before I'm going to feel like engaging at all. (And if I'm honest, based on what I've seen so far, it's unlikely to happen. All of the things I've considered have come from conversations with people I know directly about companies they own or work for, never some random contact via email. I try hard not to think of recruitment mail as spam, but I can how that line of thought follows through.) I should apologize to Google here. They got mentioned as an example, but I don't think they're particularly bad. I did interview with them at one point, and made the decision not to continue that process after deciding a different, more certain, path was better for me. So I've displayed interest. And in response to my reply today of "I know where to find you, so please assume I'll do so if I change my mind." they've said they'll make a note on their records.

I m just back from spending a few days volunteering with the tornado recovery effort in Joplin, MO. The biggest image that remains in my mind is of the first time I saw a person picking through a large pile of rubble. The person was standing on top of what used to be a house. Now it was a pile of wood, glass, carpet, siding, and roofing material. I m sure there was hope for finding some treasure or other maybe a photo album or videos of children. In any case, it made me feel so lucky, even unfairly lucky, to have not had to go through that. This scene was repeated several times, but mostly the houses that devastated appeared abandoned by the time we were there, now two weeks after the event. But I heard stories, and lots of them. The victims of the storm, who were perhaps trying to rebuild that part of their house that got smashed by a tree or a pickup, or trying to get their intact belongings out before abandoning the house, or whatever, were mostly surprisingly upbeat. They were working out in 95-degree heat, many without electricity, running water, or sewer service. Almost every person I met that suffered a loss from the tornado wanted to tell their story. Many also told of their plans for the future, which were full of hope and even upbeat. These were people doing a hard job in terrible conditions and still showing hope. Another testament to the disaster was the most unusual set of vehicles you ve ever seen parked at any hotel you can care to think of, for at least an hour-and-a-half radius in the direction I came from. Besides the usual cars and minivans, there might be FEMA vehicles, electric company trucks, Red Cross vans, construction trucks of every kind, police and law enforcement from all over, etc. There was quite obviously an influx of people helping out in Joplin. My primary task there was to provide communications support for the effort as an amateur radio operator. Amateurs (or hams ) are something of a volunteer first responder of sorts during times of crisis; most of us own and are very familiar with operating equipment that can communicate over very long distances without the need for any on-site infrastructure. Amateur radio was the only method of communication for some Joplin hospitals in the immediate aftermath. The communications emergency is over, but the response isn t. I was assigned to work with the Salvation Army. They were doing a lot of things in Joplin, and had hundreds of volunteers working with them. I don t think I even know what many of them were doing I do know they had set up several warehouses across the city working with donating clothing, food, etc. The part I was involved with was primarily the canteen operation. The SA sent in food service trucks from several parts of the country. These trucks would roam up and down the streets in the damaged area, trying to get past every single street several times a day. Anybody that we could see would be offered food and water. No strings attached, no questions asked. This included homeowners, electric line workers, construction crews, sanitation workers, and quite a few nonprofit groups that sent well-meaning and useful volunteers into the area but didn t think to provide them with a large supply of water due to sending them into an area without any. Oops. In any case, with extreme heat and no running water, conditions were dangerous. The canteens also knew of certain at-risk families that were living in homes that were mostly intact in the disaster areas, and made a special point to check in on them. They also generally looked to make sure that people looked like they were healthy. Each canteen also had a counselor on board that would visit with people while we quickly prepared their meal they all seemed to welcome that. Amateur Radio s Role The operation of this size had quite a logistics challenge. I d hear of things like an unexpected need of 70 lunches, or a semi showing up with donations before there was space, or an unexpected but very welcome donation of a large quantity of ice cream without a place to store it (so the canteen trucks, which have freezers, needed to pick it up quickly). That s where us hams came in. Each canteen had an amateur radio operator on board. Each major location also had a ham stationed there, and the head of operations also often had a shadow a ham that would follow him around wherever he went to relay messages back and forth. We also had hams with pickups (with radios in them, of course) that could transport things around the city to places that needed them, hams at headquarters managing all the communication and generally investigating questions that didn t have immediately obvious answers, etc. Radios were used instead of cellphones for a few reasons. One big one is that everybody on the operation can hear what everyone else s needs are, since it s a group communications situation rather than one-to-one. It s easy to give a general alert to everyone ( come get your ice cream now please! ) and people that have suggestions can chime in. This came in extremely handy more than once. Also, it frees the people doing other jobs from having to spend time chasing someone s voicemail, finding phone numbers, etc; that gets delegated to us in some cases. I heard from the head of canteen operations, for whom this was the first disaster he d worked that had amateur radio support, how wonderful it was to have this going on. I also heard a secondhand report that some police officers that were also amateurs had listened to our operation and reported that we sound more professional than 911 dispatch and do a better job. On Sunday I was assigned to a canteen. This meant I didn t have a lot of radio traffic to pass, so although I had it in my ear all day, I wasn t actively talking on the radio very much. So I rode in back, helping hand out water, carry meals to people, and so forth. On Saturday, I was the shadow for the head of operations. That was a difficult task, because he barely ever moved at a pace slower than a run, sometimes would abruptly zip out somewhere, etc. But it was also enlightening and vital. He was a real get it done sort of guy, and was the key to quite a few things. Having someone available to relay questions to and from him was a good thing. And today I worked as a transport person and at headquarters. Due to not having a pickup there, I didn t actually get called on much to transport things, but in general between jobs the whole time I d act as a runner if needed, or simply try to figure out the details of how things were run for next time. I wound up taking net control (being the control operator at headquarters, and generally managing communications so that people don t talk over each other and such) for about an hour. So I got to do a little of just about every amateur radio task. Thoughts I am thankful for the opportunity to go, and the good feeling of helping people in need the first I ve ever had the chance to do that in a disaster. It s a good feeling to have a skill that is useful and appreciated. Sometimes it felt like handing out food and water is something pretty small in the scheme of things. But on the other hand, it gives people a chance to have contact with someone that cares, an opportunity to have people that can notice problems drive by a few times a day, and an opportunity to help meet people s basic needs. And sometimes in a fluid situation, there might be more volunteers than are needed, so I did spend some time sitting waiting for the next task. But overall, I m convinced that the work I helped facilitate was a good thing and provided a good and needed service in Joplin. This has been quite the experience and I m sure it s changed me too, though I don t yet know how.

In February I started the process of moving my phone and my wife s phone to Virgin from Three [1]. The reason is that Three didn t offer any good phones on affordable contracts, the cheapest that was suitable was a HTC Desire HD which would have cost me $55 per month, while I could justify spending that for my own phone (which is used for responding to SMS from Nagios to fix client servers) I didn t have the budget to spend that much on my wife s phone too and I really want us to have the same type of phone for ease of support. So I chose Virgin who offers the Sony Ericsson Xperia X10 for as little as $29 per month I chose a $39 per month deal that included 1500MB of data transfer and also had three months free which makes it effectively $34.12 per month. When using previous phones that weren t particularly smart I had also carried a Netbook and a 3G modem with me most of the time. Now that I have a phone that is a ssh client I don t need that so I tried to cancel the contract today. Three allows you to do almost everything over the Internet except cancel a contract their web site doesn t even give a phone number to call for that purpose. This must keep their support people busy, Vodaphone (which has just merged with Three) has recently had a horrible security breach because their sales booths used public Internet access for all customer data [2]. Also there is currently a law suit against Vodafone for poor network performance and misleading claims about service areas [3]. My experience with Three performance has been reasonably good apart from the fact that they advertised 3G service in Bendigo and provided none. As Three are apparently desperate to retain customers they offered me free service for 6 months if I don t close the account now. So I have a SIM that supports 1G of 3G data transfer per month for no charge until December (worth $90). What can I do with it? I don t own a 3G modem as I gave that to my parents (who are quite happy with pre-paid 3G net access via Three) and the phones that I have which can be used for tethering are a little slow (usable for ssh and basic web access but not for Youtube etc). Is there a way of selling such a SIM? Note that my name is still on the contract and any excess data or roaming fees will be billed to me so I can t just put it on ebay. I guess that one thing I can do is to use the SIM for receiving phone calls. For example if a friend was visiting from another country and wanted to receive calls without paying roaming fees I could lend them a phone. Any ideas?

• [1] http://etbe.coker.com.au/2011/02/18/xperia-x10i-first-experience/
• [2] http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html
• [3] http://www.theaustralian.com.au/australian-it/it-business/users-join-legal-suit-on-vodafone-network-performance/story-e6frganx-1226044675451

As you all probably know by know, DNSSEC has been enabled on the root ('.') since July 2010. And on most TLDs like .com shortly thereafter (in the specific case of .com, since March 2011). The Debian guide to turning on DNSSEC is useful but some things you need to know (after using it for a week or so).

BIND loves IPv6.

If you have 'listen-on-v6', set to yes and you roam to a non-IPv6 network. Your name resolutions can take 30+ seconds.Since I roam from a some networks they do have IP6 and some that do not, I have had to turn this setting off to achieve reasonable performance

Each new network requires manual intervention

Just like Andrew Cowie, I'm trying to get new features in NetworkManager. by blogging.My use case is simple if a bit geeky use the local resolver on my system irregardless of what I get dynamically (via DHCP) or automagically (via SLAAC).I can do this manually for each network I connect to, but it quickly looses its appeal.

Very little software takes advantage of DNSSEC (yet).

Apart from the happy DNSSEC campers, very little takes advantage of DNSSEC yet.Kind of like the early days of IP6. It would be nicer if websites stored the fingerprint of the SSL website in DNS and it could be cross-checked against what was sent.The effort to do so is underway at the IETF by the name of DANE.In fact publishing SSH key fingerprints via DNS is already possible RFC4255 but I am unaware of deployed support.

Things are progressing, and I suspect now is a great moment to get involved if you have spare time, in making it significantly harder for 3rd-parties to censor the Internet for everyone.

squeeze is released but this doesn't mean the end of the ordinary RC bug; old ones are still around, & new ones keep floating in.

as a short reminder to take the occasional look at the RC bug list I'm again posting what I've done in the last weeks. as you can see no NMUs but only work on packages I have a relation to, & often only uploading packages prepared by others (yeah teamwork!).

• #599794 libcgi-application-extra-plugin-bundle-perl: "libcgi-application-extra-plugin-bundle-perl: Copyright etc of icons in Authentication module not declared"
  upload package prepared by periapt (pkg-perl)
• #603252 libthread-queue-perl: "libthread-queue-perl: obsoleted by perl in squeeze"
  upload new upstream release prepared by periapt (pkg-perl)
• #603253 libtime-local-perl: "libtime-local-perl: obsoleted by perl in squeeze"
  upload new upstream release prepared by periapt (pkg-perl)
• #605795 src:libconfig-model-backend-augeas-perl: "libconfig-model-backend-augeas-perl: FTBFS: failed tests"
  upload package prepared by dod (pkg-perl)
• #605796 libdevel-ebug-perl: "FTBFS: failed tests"
  update bug info, later closed by carnil (pkg-perl)
• #605809 src:libhtml-widget-perl: "libhtml-widget-perl: FTBFS: failed tests"
  patch to make tests compatible with libhtml-tree-perl >= 4 (pkg-perl)
• #612723 iodine: "iodine overwrites /etc/default/iodine during upgrade with a sourced version of that file"
  change config script to read variables from configuration file instead of sourcing it (maintainer upload)
• #613187 libogre-perl: "xs/SceneQuery.xs:28: error: cannot convert [..]"
  upload new upstream version (pkg-perl)
• #613388 libproc-processtable-perl: "libproc-processtable-perl: FTBFS on kFreeBSD"
  apply kFreeBSD patch (pkg-perl)
• #613390 src:libgearman-client-async-perl: "libgearman-client-async-perl: FTBFS: tests hang"
  merge and tag confirmed (pkg-perl)
• #613395 libnet-twitter-lite-perl: "libnet-twitter-lite-perl: FTBFS: spelling tests fail"
  run tests under LANG=C, later disable POD tests (pkg-perl)
• #613398 libpoe-perl: "libpoe-perl: FTBFS: tests fail"
  upload new upstream release, prepared by periapt (pkg-perl)
• #613731 libtest-www-mechanize-perl: "libtest-www-mechanize-perl: FTBFS: test failures"
  upload fixed package prepared by roam (pkg-perl)
• #613732 libtest-xml-simple-perl: "libtest-xml-simple-perl: FTBFS: test failures"
  upload fixed package prepared by roam (pkg-perl)
• #613942 perlipq: "perlipq: FTBFS on armel - Failed 1/2 subtests"
  adjust patch in test suite to only run first test (pkg-perl)

It has been almost a full year since my last log entry. It has been a busy work year, I attended some nice conferences and did minimal FLOSS stuff. On the work side of things I was a third of an Australian VoIP startup that came and went. I setup Debian servers, installed OpenSIPS and associated software, wrote OpenSIPS scripts, wrote peripheral software and did customer support. We had a good thing going there for a while, some fans on the Whirlpool forums but in the end there wasn't enough money for the requisite marketing and local market circumstances were squeezing Australian VoIP providers anyway. On the conference side of things I went to LCA 2010, the Thai Mini-DebCamp 2010, DebConf10 and FOSSASIA 2010. Had a great time at all of them. At LCA 2010 in windy Wellington, New Zealand the distributions summit organised by Martin Krafft was one of the highlights. It was dominated by Debian/Ubuntu talks but there were some other interesting ones, especially the one on GoboLinux's integration of domain-specific package managers. Also excellent were the keynotes given by Gabriella Coleman (Best & worst of times), Mako Hill (Antifeatures) and others, which I felt gave LCA an improved and very welcome focus on software freedom. There were quite a few Debian folks at LCA, it was great to hang out with them during the week and afterwards. Monopedal sumo with mako and others was hilarious fun. At the Thailand Mini-DebCamp 2010 in Khon Kaen, I was glad to see Andrew Lee (Taiwan) and Christian Perrier (France) again and meet Yukiharu YABUKI (Japan) and Daiki Ueno (Japan). In addition to the five international folks, there were quite a few locals, including Thailand's currently sole Debian member, Theppitak Karoonboonyanan. The event was hosted at Khon Kaen University and opened with my talk about the Debian Social Contract and the Debian Free Software Guidelines. This was followed by a number of talks about Debian package building, a 3-day BSP where we touched 57 bugs, a great day of sightseeing and talks about i18n, derivative distros, keysigning, mirrors, contribution and a discussion about DebConf. During the week there was also the usual beersigning, combined with eating of unfamiliar and "interesting" Thai snacks. After the conference Andrew and I roamed some markets in Bangkok and got Thai massages. Beforehand I also visited a friend from my travels on the RV Heraclitus in Chiang Mai, once again experiencing the awesomeness of trains in Asia, unfortunately during the dry season this time. I took a lot of photos during my time in Thailand and ate a lot of great and spicy food. As a vegetarian I especially appreciated the organiser's efforts to accommodate this during the conference. At DebConf10 in New York City, by far the highlight was Eben Moglen's vision of the FreedomBox. Negotiating the hot rickety subways was fun, the party at the NYC Resistor space was most excellent, Coney Island was hot and the water a bit yuck, zack threw a ball, the food and campus was really nice. Really enjoyed the lintian BoF, ARM discussions, shy folks, GPLv3 question time, paulproteus' comments & insights, wiki BoF, puppet BoF, derivatives BoF, Sita, astronomy rooftop, cheese, virt BoF, Libravatar, DebConf11, Brave new Multimedia World, bagels for breakfast, CUT, OpenStreetMap & lightning talks. Having my power supply die was not fun at all. Afterwards I hung out with a couple of the exhausted organisers, ate awesome vegan food and fell asleep watching a movie about dreams. One weird thing about DebConf10 was that relatively few folks used the DebConf gallery to host their photos, months later only myself and Aigars Mahinovs posted any photos there. At FOSSASIA 2010 in H Ch Minh City (HCMC) was a mini-DebConf. I arrived at the HCMC airport and was greeted by Huyen (thanks!!), one of FOSSASIA's numerous volunteers, who bundled me into a taxi bound for the speakers accommodation and pre-event meetup at The Spotted Cow Bar. The next day the conference opened at the Raffles International College and after looking at the schedule I noticed that I was to give a talk about Debian that day. Since I didn't volunteer for such a talk and had nothing prepared, the schedule took me by surprise. So shortly after an awesome lunch of Vietnamese pancakes we gathered some Debian folks and a random Fedora dude and prepared a short intro to Debian. The rest of the day the highlights were the intro, video greetings and the fonts, YaCy and HTML5 talks. The next day the Debian MiniConf began with Arne Goetje and everyone trying to get Debian Live LXDE USB keys booted on as many machines in the classroom as possible (many didn't boot). Once people started showing up we kicked off with Thomas Goirand's introduction to the breadth of Debian. Others talked about Debian pure blends, Gnuk and building community and packages. The second last session was about showing the Vietnamese folks in the room how to do l10n and translation since Debian had only one Vietnamese translator (Clytie Siddall). After manually switching keyboard layouts (seems LXDE doesn't have a GUI for that) on the English LXDE installs, the two Cambodian folks were able to do some Khmer translation too. This was a great session and it resulted in two extra Vietnamese translators joining Debian. It went over time so I didn't end up doing my presentation about package reviewing. We rushed off to a university where the random Fedora ch^Wambassador was hosting a Fedora 14 release party in a huge packed classroom. There were a lot of excited faces, interesting and advanced questions and it was in general a success. Afterwards we had some food, joined up with some other speakers and ended up in a bar in the gross tourist zone. On the final day we hung around in the Debian room, went downstairs for the group photo and final goodbyes. Later we found a place with baked goods, coffee and juices and navigated the crazy traffic to a nice local restaurant. The next morning Arne & I went to the airport, others went on a Mekong Delta tour and Jonas hung out with the organisers. I took less photos than at other events but got a few interesting ones. I avoided doing a lot of FLOSS stuff over the last year, I hope to work on some things in the coming months;

• revive various (semi-)abandoned upstream projects
• do some more work on the Debian wiki
• contribute to RC bug squashing efforts
• push the VoIP company patches upstream
• contribute to debexpo/debshots/lintian/qa
• contribute to the Debian multimedia/FSO teams
• promote/organise/rejuvenate the Debian games team
• announce the Debian derivatives census more widely
• finish writing a SANE driver for my scanner
• finish the removal of defoma from Debian
• watch some videos from LCA and DebConf

I'm also planning some interesting travel and acquiring some new technological goods, more on those in some later posts.

Choosing a PhoneI was considering renewing my Three contract and getting a HTC Desire HD [1]. What I need is a phone that is good for being a ssh client on 3G networks, has a good camera, and has all the fancy Google Apps.In the comments Lon recommended a Norwegian review of phone cameras which gave the Sony Ericsson Xperia X10 a much better review than the HTC Desire HD [2] the Xperia was the highest rating Android camera phone while the Nokia N8 was the best overall.Also the Xperia is a lot cheaper, I can get it on a $29 monthly cap from Virgin as opposed to $44 per month from Three. So just on hardware and price the Xperia beats the Desire HD.One of the advantages of the Xperia from Virgin being cheap is that my wife and I can use the same model of phone. This avoids having to solve two sets of phone related problems and also allows us to do things like swap batteries between the phones based on who can most conveniently charge their phone.The Need for RootBut one problem with e Xperia is that the CyanogenMod images for rooted Android phones can t be installed on an Xperia because the boot loader hasn t yet been cracked [3]. I would like to run CyanogenMod so I can get wireless proxy support, and support for tunneling IP over DNS, ICMP, and OpenVPN.The Three web site claims that they have 3G phone and net access in Bendigo, but on a recent holiday my phone said that it was roaming all the time and I couldn t get net access. I ended up having to use McDonalds Wifi net access which had ports such as 22 blocked and thus forced me to use Iodine IP over DNS to get proper net access. To avoid having to talk my mother through rebooting servers in future I need to have a mobile ssh client that can use all possible protocols. I could carry my EeePC with me all the time, but sometimes it s good to travel light.OTOH, as I feel compelled to fiddle with all my computers it would probably give me a more reliable mobile experience if I was unable to mess with my phone.Why Buying a Phone Outright Isn t ViableA $29 monthly plan is probably the cheapest plan that will do for anyone who uses a phone regularly, I have had a Three $29 plan for the last four years which allows up to $150 of calls to be made in a month and typically use about $60. So any plan which doesn t have such a cap will have to be no more than half the price of Three on a per-minute basis to compete. If I m going to pay $29 per month ($696 over a 24 month contract) then I can use a free phone. If I was to buy a phone then it would cost at least $500 for anything that I like and maybe a lot more.Buying a phone independently of a contract would about double the cost of owning a phone. It s really not a viable option.Therefore I am compelled to buy a phone that is on offer from a Telco. Things like the Nokia N900 are nice devices but as the Telcos don t offer them I can t consider them.No Discount if you Don t get a PhoneThe annoying thing is that the Telcos don t offer a discount if you choose not to get a phone. Obviously buying the hardware costs them some money, so a $29 cap with a phone included should have a matching offer of something less than $29 if you choose not to get the phone from them. I currently have a $29 per month contract with Three, I can renew that for another two years at the same rate and get a half-decent phone for free or I can renew for two years on a $19 per month contract and get a low-end phone for free but I can t get a price that is lower than $19 per month if I decide to keep my current phone.If Three was to offer such a discount then I would consider buying a phone outright over the net and staying with them. But as it is they don t provide good deals for buying a phone and give me an economic incentive to go to another provider. So I will probably use Virgin when my contract runs out in January.Locked PhonesMany Telcos still sell locked phones on a contract. When that happens it s really difficult to get a phone unlocked as the Telco employees usually aren t very helpful. There are a variety of web sites claiming to generate unlock codes for phones, most seem to charge $10 or more for this service and the free ones have a very small range of phones, so getting the unlock code from the Telco seems to be the only option for a phone at the end of it s contract period as it s not worth enough to justify the $10 expense.While some Telcos sell unlocked phones on plans the ones that lock their phones have a chilling effect on the industry. Most people don t test whether their old phone can be used with a different provider they just throw it out the phone stores conveniently provide bins for old phones that are apparently recycled for some good cause.ConclusionIf you make serious use of mobile phones (EG being ready to fix errors reported by Nagios 24*7) then choosing a new phone and plan is one of the most difficult things there is to do. All the plans are quite complicated and every Telco offers a different set of phones. The Telco web sites are usually poorly done, most of them don t have an option to search for Android phones or for phones with a certain minimum resolution they usually don t even state the resolution and use terms such as WQVGA which don t even have a fixed meaning in pixels. When it comes to choosing a plan most Telcos don t have a clear comparison of the different plans, writing your own spreadsheet comparing plan costs is a good idea.The fact that Telcos such as Virgin and Three/Vodaphone allow free calls to other people using the same company makes it even more tricky. I have to discuss my phone plans with several relatives as there is a good incentive for everyone to use the same provider.I think that we need government regulation on the way that phones are bundled. The market for phones that aren t associated with Telco contracts has been destroyed by the anti-competitive behavior of the Telcos.

• [1] http://etbe.coker.com.au/2010/11/17/mobile-phone-sysadmin/
• [2] http://www.amobil.no/artikler/norges_beste_kameramobil/79081
• [3] http://www.cyanogenmod.com/

There s been a lot of discussion regarding whether or not Nokia is Doomed or not. The people who say Nokia are doomed basically point out that Nokia doesn t have any attractive products at the high end, and at the low end the margins are extremely thin. The high end products suffer from the Symbian being essentially dead (even Nokia is recommending that developers not develop native applications for Symbian, but to use Qt instead), and Nokia doesn t have much of a development community following it, and it certainly does have much in the way of 3rd party applications, either targetting Symbian or Qt at the moment. So what do I think of the whole debate between Tomi and Scoble? First of all, I think there is a huge difference in American and European assumptions and perspectives, and a big question is whether the rest of the world will end up looking more like Europe or America vis-a-vis two key areas: cost of data plans, and whether phones become much more application centric. Tomi took Apple to task in the comments section of his 2nd article for not having an SD card slot (how else would people share photos with their friends?) and for not supporting MMS in its earlier phones. My first reaction to that was: Um, isn t that what photo-sharing sites are for? Is it really that hard to attach a photo to an e-mail? And then it hit me. In Europe, data is still like MMS a few years ago a place for rapacious carriers to make way too much money. Many European telco s don t have unlimited data plans, and charge by the megabyte and even if you re lucky enough to live in a country which does have an American-like data plan, the cost of data roaming is still incredibly expensive. In contrast, in the US, I can pay $30/month for an unlimited data plan, and I can travel 2000 miles south or west and it will still be valid. Try doing that in Europe! The US had consumer-friendly data plans much earlier than Europe did, and so perhaps it s not surprising that Nokia has engineered phones that were far more optimized for the limitations caused by the Europe s Wireless carriers. The second area of debate where I think Scoble and Tomi are far apart is whether phones of the future are fundamentally about applications or well, making phone calls. Here I don t have proof that this is a fundamentally European vs. US difference, but I have my suspicions that it might be. Tomi spent a lot of time dwelling on how Nokia was much better at making phone calls (i.e., better microphones, better radios, etc). And my reaction to that was, Who cares? I rarely use my phone for making phone calls these days! And that was certainly one of the reasons why I gave up on Nokia after the E70 its contacts database was garbage! It was OK as a phone directory, but as a place for storing multiple addresses and e-mail addresses, it didn t hold a candle to the Palm PDA. And that s perhaps the key question how much is a smart phone and about being a phone , versus being a PDA (and these days I want a cloud-synchronized PDA, for my calendar, contacts, and todo lists), and how much is it about applications? This is getting long, so I think I ll save my comments about whether I think Meego will be an adequate savior for Nokia for another post. But it s worthwhile to talk here about Tomi s comments about most smartphones being much cheaper than the luxury iPhone, and so it doesn t matter that Nokia s attempt in the higher end smart phones has been a continuous history of fail. First of all, it s worth noting that there are much cheaper Android phones available on the market today, which are price-competitive with Nokia s low-end smartphones (i.e., available for free from T-Mobile in the States with a two year commitment). Secondly, the history in the computer market over the last twenty years is that features inevitably waterfall into the cheaper models, and prices will tend to drop over time as well. Apple started only with the iPod, but over time they added the iPod Nano and the iPod Shuffle. And it would not surprise me if they introduce a lower-end iPhone as well in time as well. It would shock me if they aren t experimenting with such models even as we speak, and have simply chosen not to push one out to the market yet. So even if you buy Tomi s argument that the high-end smartphones don t matter, and you only care about volume, and not about profit margins (talk to the people at Nokia that will need to be laid off to make their expenses match with their lowered revenue run rates; I bet they will care), the question is really about whether Nokia has time to execute on the Meego vision before it s too late and the current application-centric smartphone ecosystems (Android and iPhone) start eating into the lower-end smartphone segment. More on that in my next post. No related posts.