Southampton, iPhones and lying web sites.

Last weekend I updated my iPod Touch to the new version 2.0 firmware which, for the first time, allowed it to talk to the network at work and added the capability of installing extra software. This is basically the same firmware as in the new iPhone 3G, except without the phone, bluetooth and GPS.

I decided this week to use the device at work as a general communications device to see just how useful this and the iPhone would actually be in everyday use.

Well, let’s say that the trial was a success. The week included the annual support staff conference and the iPod Touch was an invaluable tool for keeping up to date with e-mail and all the other tasks I could want, including calendaring and general web surfing (I hate that term). In fact it easily replaced the laptop I’d usually have taken and was a great deal more portable.

It was this, and the number of people at the conference with iPhone 3Gs (:-)) which convinced me that the iPhone would be a very useful purchase for me, despite having about 5 months to go on the T-Mobile contract. Basically, the Sony-Ericsson phone combined with the Nokia N800, although usable, is too inconvenient to use everyday. It’s too bulky (the N800) and is clunky, slow and unreliable. (The latest firmware update (Diablo) for the N800 has much improved the e-mail client’s usability, as long as you have a small number of mail folders and they have a small number of messages. It takes the mail program 15 minutes to open my inbox EVERY TIME it starts up!) The iPod Touch in comparison is small, convenient and fast.

Since I made the decision I’ve been tracking Apple’s on-line store stock page noting the availability of the black 16GB model. Unfortunately, last night I noticed that that model had just sold out at the Milton Keynes shop but that it was still in stock in Southampton, which is only about 15 minutes further travel time (though about 25 miles further). So, this morning I got up at 6:30am and was out the door before 7:30am.

The journey down was uneventful and I managed to get the shop at 8:45am, just as the shutters went up, so I joined the shortish queue (about 10 people) and went in.

After about 20 minutes of waiting a shop attendant came along the line asking what version of the iPhone we all wanted… everyone wanted the 16GB black model, which was a pity as he said that they’d sold the last one yesterday evening. I was a bit narked off seeing as the 9pm evening stock update on the web had said otherwise. If I’d have known I would have had at least two more hour’s sleep and not bothered with the three hour round trip.

Anyway, I’d had the foresight to bring my camera with me so I thought that the trip probably wasn’t totally wasted. So, after grabbing a cup of coffee, I picked up the camera from the car and went for a walkabout.

Well, other than a few reminants of the city wall, there was nothing to see there, not even the sea. Well, at least I know never to visit Southampton again.

Again, the journey back was uneventful. I didn’t go straight home but instead drove over to Witney and got a hair cut and lunch (remind me never to both getting lunch in Norton’s Cafe and Bar, OK).

This afternoon has been spent sleeping, recovering after the lack of sleep caused by the very ate night in the pub after the conference on Wednesday night/Thursday morning. enough said.

P.S. 10:00pm 19th July.

Well, tonight Apple’s iPhone availability checker STILL shows the Southampton store as having the black 16GB. In fact it’s the only store other than Regent’s Street one listed as having stock. You have to wonder about the rest.

Test update using iPod Touch over cisco VPN

Well, both WPA Enterprise and Cisco VPN seems to work pretty smoothly using the new version 2.0 firmware for the iPod Touch and iPhone.

I must admit that typing on the screen is pretty easy if you lay the iPod down. In fact using two fingers I can get quite a high speed. Though the accuracy can be a little low if I try to type too quickly. Typing one handed is not quite as good as I find that I get cramp in the typing hand from the way I hold the hand.

Anyway, this has been a good test.

Life update

I’ve been rather bad at updating this journal for quite a while now. Mostly not being able to get the energy up to do so really.

Anyway, what have I been doing lately?

I think you could round up my experience at work as being a couple of bad months. Basically, during May a server failed and had to be recovered every week for the first three weeks. On the fourth week I thought things were getting better until the Tuesday when I was notified that one of the machine on our network was scanning other machines. Let’s put it this way… the rabbit hole was very deep. It turns out that the hackers had been in our systems for about six months undetected. The repercussions of this fact are continuing as I’m having to rebuild every single UNIX and Linux machine in the Department from scratch (as there’s no way of telling what’s been tampered with). It also means that I’ve had to lock down the firewall to the point where basically only mail and web traffic (and essential services within the Oxford University network) are being permitted outbound and even fewer inbound. This has mean that the version of Bullet has currently disappeared, which may turn out ot be permanent.

Those of you who read this and have used Bullet in the past or still want to can access my “back-up” Bullet via ssh and telnet to lingula.org.uk with the same demo or guest usernames.

As for non-work related activities, there have been very few due to the pressures of work (and initially the 3 days almost continuous work with about 6 hours’ sleep). I have been to the cinema with Grim and Holly to see “The Happening,” which is really dire.

This last weekend I decided to add high definition to my satellite feed. However I wasn’t going to pay Mr. Murdoch an extortionate amount of money (both up front and as an extra subscription) for the privilege, however. So, I bought a FreesatHD box for ~£150 and then spent another £30 buying cable, some F type connectors and a switch box so as to share the current Sky dish between the two decoder boxes. Job done! I may splash out on a quad LNB for the dish and get an installer to install a nice four port wall plate, however, as this would make the whole job far neater and will allow the installation of up to two satellite PVRs sometime in the future. This will cost another £180 (according to a quote I obtained today).

As for satellite HD quality. Well, not bad, though if you’re close enough to the screen to see the a lot of the detail to start to see quite a few compression artifacts, especially around sharp lines. It’s a sort of speckled halo effect. Low contrast areas also show “moving blocks” artifacts. Still, the TV does handle 1080i rather well, de-interlacing it to 1080p without showing any artifacts there.

And so, that pretty well wraps up this giant posting…. I wonder when I’ll next write an update.

P.S. I forgot to mention Lindsey’s birthday party on the 7th June…. this hacker business has really fried my brain.

Stuff

Well, I’ve not been bothering to update this in quite a while. Call it apathy or merely laziness.

So, what have I been doing?

Well, I went on my Easter hols down to Cornwall for a start. Seeing as Easter this year was about a month earlier than it has been for the last few years it wasn’t surprising that the weather thought it was still winter. Hence, I managed to get out for only one decent walk. This, of course, meant that I was totally unfit by the time it came to cycle into work on the Monday after the holiday ended.

The Tuesday after I got back, at morning coffee, the two sets of muscles either side of my spine at the back of my rib cage decided that they didn’t like me and went into total spasm when I reached for the milk bottle. I dived for the floor in agony and, about one and a half hours later, I managed to get up again, after the arrival of an ambulance (as someone had called 999 ‘cos they couldn’t find the non-emergency number) and the application of anesthetic gas. Once I was sitting on a chair the muscles reasonably quickly relaxed again. Still, the Dept. sent me home in a taxi. Not the best way of getting an afternoon off. By teatime I could hardly tell anything had happened. The muscles were merely slightly stiff from over-use.

Last week I got a new telly. I’ve gone all high definition.. well at least the TV is capable of it. It’s a Panasonic plasma and is very-very nice. The display is far better than my old 32″ Thomson CRT, which is now in my bedroom. Having got used to the plasma I find it very hard to watch the CRT as I can see the scan lines, even from 10ft away. The image just looks stripey.

To complement the FullHD screen I also bought a Playstation 3 to act as a Blu-ray disc player. Well, you have to, don’t you? 🙂 Seeing as dedicated Blu-ray players now cost the same prices as the 40GB PS3 it’s not really worth buying them, especially as the current models can’t be upgraded to the version 2.0 Blu-ray specification, which the PS3 already supports, and the PS3 plays games as well.

Well, that’s about it, really, other than last Friday I spent a rather night evening meeting up with Grim and Holly in Reading and having a seafood dinner. Of course, Grim had a whole lobster all to himself! 🙂

The next social occasion on the calendar… Alec’s (no-longer a) surprise birthday party on the 27th. It’ll be nice to see Alec again. Our paths haven’t crossed in a good 18 months. It will also be good to meet up with others I’ve not seen in too long.

Why the Apple iPhone/iPod Touch SDK is (almost) pointless.

The Cake^H^H^H^HSDK is a lie!

The release of the iPhone/iPod Touch SDK last week has not gone without comment on the ‘Net, most of it being gut reaction to the terms and conditions imposed by Apple to allow the applications to be distributed via their gatekeeper site. I’ve been mulling this and the technical restrictions Apple have devised and come to the conclusion that the SDK is (almost) pointless.

Let’s look at the reasons I believe this to be the case and why the SDK itself is mostly a PR exercise…

(1) Techical problems.

I’m not going to touch on anything here to do with Apple gatekeeper role or licensing issues. I’m merely going to talk about what you can do with the SDK programmatically and how it makes many useful applications on a mobile device practically pointless.

(a) Applications have no access to the filesystem.

This is a strange restriction as the applications won’t be able to save their state. It rules out programs which need to hold cryptographic information for a start. It prevents the iPod Touch to be used as a notepad etc.

So, what programs *DOES* this allow?

Games, maybe? Erm, no, ‘cos you can’t hold the high scores. Oh, sorry, Apple’s thought of that, it seems, they’ll allow the big boys to store the high scores for you, or you could get the device to upload the scores to your central server… you can afford to have that sort of infrastructure can’t you?

(b) Applications cannot run in the background.

This will prevent any application which requires a continuous network connection. Yes, the most immediate programs which come to mind are things such as instant messaging clients, but there are other “enterprise” applications which this will affect, such as, say, an ssh terminal client used by techies in the field.. especially if the remote systems use one-time passwords generated by another application on the iPhone/Touch.

Just think about this scenario for a minute. A field engineer needs to contact a server at base via ssh. He starts the ssh client, connects to the server and gets prompted for his one-time password. Now his switches to the password generator program. Ooops! His connection to the server has just gone foom! Oh, and because the ssh client can’t store any authorised keys because of point 1(a) the probably can’t connect in the first place anyway.

So, what does this all mean about the sorts of applications which can be written?

Well, basically, the only applications which can be written are either stateless or hold their state at the other end of a network connection and don’t need a continuous connection. i.e. They use discrete data burst connections.. like HTTP. (Just what GPRS/EDGE is least bad at, funnily enough.)

(2) Apple’s licensing restrictions.

This is cash cow time. Let’s look at the restrictions:

(a) No interpretors or plug-ins.

This means JAVA, Flash and command shells are out.

(b) No direct up loading to the device without going through Apple.

You could technically have an application download onto the phone but because of the first restriction you couldn’t do anything with it and because of 1(a) you couldn’t store it anyway.

(c) Developers have to pay Apple a $99 tax per year to have their applications run on a real device.

This is *THE* real killer for hobbyist developers. You have to pay the tax otherwise you can’t even load your program onto your own device, even in tethered mode.

Oh, and if you don’t pay the tax it seems, from what I’ve read, that anyone who has downloaded your application will find that it no-longer runs.

(d) Programs mustn’t try to break the jail.

Fine, I have no problem with that, but the other restrictions will make you want to.

(e) Programs mustn’t be data intensive over the phone connection.

Fine, I can see why this is, and it has a lot to do with the TelCos not having a good enough back-haul network to cope. How would want to over GPRS/EDGE anyway?!

Conclusion

So, what do you get with the SDK in terms of the possibility to write programs which you’d actually want to use as a hobbyist or even corporate techie? Not a lot.

So, basically, the same people who are jailbreaking the iPhone to load their applications will STILL have to jailbreak the iPhone to load their applications as only pointless applications and toys will be able to be loaded the official way (with the annual payment of tax to Apple, of course).

You won’t see any GPLv3 code on the iPhone/Touch as you can’t distribute the code with the certificate to allow you to build and run the code.

So, in conclusion, this is a PR exercise, nothing more. Apple had to develop the SDK for their own internal use anyway so it costs them nothing to give it away. It costs them a small amount to set up the infrastructure for distributing the applications and vetting them, but this is trivial relative to the cash cow of the $99 per year per potential developer and a third of any takings from commercial developers. I can here the Ka-Ching! from here.

How it might have been….

So, how could Apple have had their cake and eat it?

I understand entirely that Apple don’t want rogue applications on the iPhone. It could tarnish the image of the device for the general public and corporate management. So, placing restrictions on generally distributed applications is AGoodThing(tm). However, they’ve thrown the baby out with the bath water.

Some might say that many of the restrictions are there to prevent applications misusing the device and jailbreaking it. Well, I have news for you, the cat’s out of the bag already. Restricting the SDK won’t help at all, in fact it will make things worse ‘cos techies can’t run what they want using the SDK and hence will be forced to jailbreak. Doh!

So, what could Apple have done instead?

Actually, that potentially quite easy.

Firstly, give applications a restricted access to the filesystem. Even if it’s each application gets a virtual filesystem in a file, it doesn’t matter. The OS can restrict the size and an initial version can be downloaded with the application.

Secondly, allow those with the SDK to build and run the application only on their own iPhone/Touch. The SDK could copy a cryptographic key from the device and use that to sign the code before uploading it to that device.

In that way the only method of distributing the code would be via source code or via Apple’s official channels (binary distribution wouldn’t work in any other form). Hey, Apple could even have their own version of SourceForge for the projects.

The effect of this one move would be to decrease the pressure for jailbreaking the phone. It would also mean that it was non-trivial to get programs running on the device (meaning that non-techies would be protected) so that rogue programs would not be a problem for the general population, keeping the normal folk’s devices clean.

As for the spin that hobbyist code risks crashing the iPhone/Touch. Well, if it was allowed to then the iPhone/Touch’s OS is rubbish and there has been no evidence of this happening on similar (in hardware terms) devices such as the Nokia N770/800/810.

Apple have missed a great opportunity here for good will and (potentially) a bigger uptake of their platform with very little risk to themselves.

Edit: I’ve just thought of a way around 1(a). Get the Calendar application or AddressBook to store the data for you! 🙂

Computer Security: Oh dear, oh dear.

I’ve just read this article in the on-line edition of the New Scientist.

Of course, the “technique” which allows the contents of main memory to be held on the hard disk is not exactly new. Indeed, BSD derived operating systems had that as the default until the last 90’s. That is pre-allocating memory pages in swap and doing a copy them to disk on modification to them so that they’re continuously up to date. This has the downside that processes take longer to start up (as you have to set up the memory both on disk and in main memory) but has the advantage of deterministic memory+swap allocation so that a processes can be guaranteed that the resource is there when they actually use it. It also allows processes to be “swapped out” by merely invalidating their memory pages and not writing to disk at all.

However, as this shown in this posting from Alec’s blog, there is a rather serious downside to this when it comes to security and cryptography on a working system, notably, the unencrypted data will be left on the hard disk and it could be difficult to scrub.

Of course, I’m sure that’s just what any forensic investigator would like.. but it’s also what any malicious attacker would like as well.

So, which would you like, personal/system security or poor security for everyone so that detectives can gain evidence against a small minority?

It’s your choice… oh, sorry, it’s not, it’s the Xxxxxx Government’s (where Xxxxxx is the country in which you live). Somehow I think we’re going to have unsecure computers RealSoonNow(tm).

Christmas 07: Days 1 and 2

And so it begins…

Christmas is here once again. How did that happen? It doesn’t seem five minutes since the beginning of the winter term at work.Anyway, on with the holiday diary bit:

Saturday 22nd.
I started off from home at just after 10am and it was stil frosty. The GPS traffic warnings were showing problems with fog on the M4. Thankfully, I didn’t encounter any real fog on either the M4 or M5. By the time I’d got to Taunton services the external temperature had risen from freezing up to 12C, quite a shock to the system. Also by this point the car was fully encrusted by black salt throuwn up by other vehicles. You could hardly see the lights.

Firther along the journey the weather changed yet again and by Bodmin I was driving through torrential rain. Talk about changable weather! And by the time I’d reached my destination the rain had stopped and the sun was on the horizon. At least the rain had washed the salt off the car.

After dinner I set up the Wii and my Dad and I had a brief play.. this could be a good purchase for all those days where there’s nothing on the telly!

Sunday 23rd.
Not a ot to report about today, really. After getting up late we popped into Tesco’s in Helston to stock up for the week. The afternoon and evening were just lazy.