The Musings of Chris Samuel

Along with folks like the Samba project I’ve joined the Great Australian Internet Blackout, so the first time (and only the first time) you visit the site you’ll get the notice about the protest. Here’s why the proposed mandatory filtering is a bad idea from the Great Australian Internet Blackout website:

• It won’t protect children: The filter isn’t a “cyber safety” measure to stop kids seeing inappropriate content such as R and X rated websites. It is not even designed to prevent the spread of illegal material where it is most often found (chat rooms, peer-to-peer file sharing).
• We will all pay for this ineffective solution: Under this policy, ISPs will be forced to charge more for consumer and business broadband. Several hundred thousand dollars has already been spent to test the filter – without considering high-speed services such as the National Broadband Network!
• A dangerous precedent: We stand to join a small club of countries which impose centralised Internet censorship such as China, Iran and Saudi Arabia. The secret blacklist may be limited to “Refused Classification” content for now, but what might a future Australian Government choose to block?

If you’re using Wordpress with a theme that supports widgets then participating is as easy as adding a text widget (or using one you already have) and add the single line of HTML to activate the blackout.

To paraphrase Kryten from Red Dwarf, it has just two minor flaws. One, it won’t work, and two, it won’t work. Now I realise that, technically speaking, that’s only one flaw but I thought it was such a big one it was worth mentioning twice.

Oh joy, Microsoft have managed to introduce security problems into Firefox through a plugin for it that they silently install without your knowledge!

Along with .NET Framework 3.5 SP1, Microsoft have been silently installing a Windows Presentation Foundation Plugin that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP (XAML Web App). The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefox’s AddOn Manager and disable the WPF plugin.

Mozilla might already have reacted to this, my brother (who alerted me to the above story) said:

Firefox popped up saying it’s blocking 2 Microsoft add-ons so they must be cracking down on them

Dear Microsoft – please do not stuff about with peoples web browsers that don’t belong to you, you’re just not qualified..

So it’s just over two weeks since I started with Android on my FreeRunner and it’s time for an update. First of all I’m no longer using the Koolu images, they lack echo suppression support and as soon as I found that Michael Trimarchi’s Panicking port of Android does do echo suppression I switched. The added benefit of changing was that Michaels port has fixed the go-slow feel of the Koolu version and feels responsive and usable in most situations (though the soft keyboard is still a little slow).

Good points:

1. Calls work flawlessly.
2. SMS works flawlessly (and has a nice interface)
3. Contacts can be added as shortcuts on the desktop
4. Wifi works (though WPA2 Enterprise networks need some text file magic)
5. GPS works nicely (I used GPS-status to see how many satellites it can see)
6. Bluetooth works – or at least finds devices when scanning – not gone any further with that
7. Web browser works nicely, even supports Google Gears

Bad points:

1. NO ACCESS TO THE ANDROID MARKET – the Android Market application is not open source (a decision by Google) so you can’t access any applications hosted there. Whilst there are alternative sources they only have a fraction of the applications so this does limit things.
2. The phone seems to stop being able to suspend if you define a APN for GPRS/MMS access. Resetting the APN to the defaults (none) fixes it though.
3. I don’t seem to be able to download MMS/PXT’s – I suspect this is related to the APN issues and I may just not have the right info
4. Accelerometers don’t appear to work – or at least the marble game I had didn’t react to me tilting the phone.
5. Battery life doesn’t seem to be quite as good as Qtopia/Qt-Extended/QtMoko – I have to charge every 24 hours at present. That said the later kernels don’t seem to give me quite as long a lifetime as the 2.6.24 based ones so that may not be Androids fault..

But all in all I’m really quite happy with Android on FreeRunner, it easily outshines my previous favourite of Qtopia/Qt-Extended/QtMoko in terms of overall polish and usefulness as a phone! Thanks to all involved in the porting effort, and especially Michael.

My esteemed friend Dr. Rich Boakes has noticed some odd behaviour in his Apache logs that turned out to be people abusing his OpenID server to make page requests to remote sites, presumably as a way of increasing clicks. He raises an interesting point as to whether this makes OpenID servers potential DDoS amplifiers (I suspect he’s right).

I have been assimilated. Or at least my OpenMoko Freerunner has been! It’s now running the Koolu port of Android 1.5 “Cupcake” on it, and with a *very* helpful hint from Damian Spriggs on the OpenMoko community mailing list it’s able to make and receive calls and SMS’s. For the record you need to get ADB working and grab a root shell on the phone. Then you can use the sqlite command line utility to set the “provisioned” flag in its DB.

# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
SQLite version 3.5.9
Enter ".help" for instructions
sqlite> INSERT INTO secure (name, value) VALUES ('device_provisioned', 1);

I’ve also found a rather nice application called VCardIO for importing my contacts exported in VCard v2.1 format from KDE’s Kontact addressbook. Now we’ll see how it goes over the next few days!

Well thanks to those nice people at Rimuhosting for migrating this Xen host to a 2.6.27.x kernel and pointing my at the Hurricane Electric IPv6 TunnelBroker.net service this blog is now IPv6 enabled (as is Donna’s site, blog and podcast)! Slowly updating DNS for all the other sites hosted here but I’ll finish that off tomorrow night.

Congrats to Brian for being the first person to hit the site by IPv6!

I suspect that the world and its dog will have heard about this by now, but in case you’ve somehow missed the announcement from Google..

Google Chrome OS will run on both x86 as well as ARM chips and we are working with multiple OEMs to bring a number of netbooks to market next year. The software architecture is simple — Google Chrome running within a new windowing system on top of a Linux kernel. For application developers, the web is the platform. All web-based applications will automatically work and new applications can be written using your favorite web technologies. And of course, these apps will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform.

If (and I emphasis if) this takes off then MS might be in for something of a rough ride in the Netbook market. The Netbook vendors have been unable to stand up to the MS monopoly with Linux on Netbooks until now, perhaps Google can start to rebalance the marked a little ?

OK, I broke, I’ve got myself a Twitter account (chris_bloke)..

Some very interesting investigations done by the Arbor Networks security folks looking into Iranian traffic engineering and filtering from the time of the Iranian presidential election onwards. They have both a preliminary investigation showing a dramatic fall in traffic at the time of the election and a follow up deeper look demonstrating that they appear to be specifically targeting streaming media (flash, et. al) and email, as graphically demonstrated by this graph:

Web and other traffic have been left relatively unscathed, prompting this comment:

Perhaps games provide a possible source of covert channels (e.g. “Bring your elves to the castle on the island of Azeroth and we’ll plan the next Ahmadinejad protest rally?”)

This got caught by the spam filters:

To speed up the process, you are required to call us at our free toll free number (+61) 731-235-996 to verify your Commonwealth Maestro Card.

First time I’ve seen a phishing attack that uses (presumably VOIP) phone numbers (in this case allocated to GoTalk in Brisbane, they own 0731230000 to 0731239999 according to the search you can do here) rather than a web site (though I suspect it’s been around for a while).