Continue reading »]]> The guardian’s series on internet freedoms (or otherwise) continues today with an article by Richard Stallman on the kindle and ebook publishing. Stallman makes a point I’d missed in my own commentary on the kindle when he says:

“Many other habits that readers are accustomed to are not allowed for ebooks. With the Amazon Kindle, for instance, you’re not allowed to buy a book anonymously. Kindle books are typically available from Amazon only, and Amazon doesn’t accept cash so users must identify themselves. Thus Amazon knows exactly which books each user has read. In a country like Britain, where you can be prosecuted for possessing a forbidden book, this is more than hypothetically Orwellian.”

One obvious way around this is not to buy ebooks from Amazon (or anyone else). The only books on my kindle are those out of copyright which I have downloaded from sites such as project gutenberg or other sites listed on portals such as ireaderreview. Of course you have to be careful that you do not add such books to your personal document archive or Amazon will helpfully copy and list them in your “kindle library”.

And I still haven’t really used my kindle except when on holiday.

(Note that Richard Stallman’s article is Copyright 2012 Richard Stallman under a Creative Commons Attribution Noderivatives 3.0 license)

Continue reading »]]> Some time ago my wife bought me a Sansa Sandisk Clip+ music player. When she asked me “what kind of MP3 player” I would like, I specifically specified the Clip+ because it could handle ogg vorbis encoded audio files. All my audio disks are encoded in this format. Picky I know, but there you go.

The version she bought me was the 8 GB Black which comes with (you guessed it) 8 GB of internal storage – sufficient for a fair number of audio tracks. But this version also has a microSDHC slot which will take a maximum of another 32 GB. That should enable me to carry most of my music collection (which currently runs to around 47 GB) if I cut out some of the obvious duplicates and exclude some of my more embarrassing ’70s choices. The device is small, neat and light and also has a pretty good battery life.

But Sansa have not been entirely honest in their advertising. Sure, the device will accept additional storage, but it is largely unusable. Once you get past around 6 or 7 GB on the internal storage and even as little as 3 or 4 GB on the additional card, the device is not capable of building its database of the collection. The symptom is pretty obvious. As soon as you disconnect the Clip+ from the USB connection used to transfer files (and incidentally to charge the device) the display shows “Refreshing your media” and a progress bar which slowly fills from left to right. If you only use the internal storage, there is no problem, but as soon as you get past the 3 or 4 GB additional store on the external card, the clip+ will sit there, refreshing away, for hour after hour if you let it.

Even after a firmware upgrade, the device wouldn’t do what it was supposed to, so I turned to the FLOSS community yet again. This time in the shape of rockbox.

Rockbox is a free, open source jukebox utility which runs on a wide variety of devices. The website provides detailed instructions on how to install and use rockbox and even comes with an installer for most operating systems so that you don’t have to get your hands dirty installing it manually. Most impressive of all however, is that the rockbox firmware can be installed alongside the original player’s firmware without danger of bricking the device. If you find that you don’t like rockbox (and what’s not to like about a free product that outperforms the paid for original?) you can still boot into the original firmware because rockbox provides a dual boot facility. And if you really don’t like it, then you can simply remove it and go back to using the original.

Thoroughly recommended.

Continue reading »]]> The UK Cabinet Office has announced the winning bidders to supply IT goods and services to UK Government under its new framework contract called “G-Cloud”. The winners are listed on a new website called the CloudStore which, supposedly, allows HMG procurement specialists to search for the goods and services they want to purchase. The new framework is supposed to break the old cosy relationships in HMG procurement circles between the big suppliers and HMG Departments. Politics and personal prejudice aside, I think Francis Maude’s intentions in setting the new services framework is actually quite honourable. But, frankly, the results baffle me.

I picked “Infrastructure as a Service” as my first choice and the list I was presented with gave several suppliers for which the description said “The supplier did not provide a description of this service, please click on the link to find out about this service.”. Of course, clicking the link merely confirms what the description says – no info. So I tried a search for “open source software” on the IaaS page and got no results. I also got no results when similarly searching “Software as a Service”. Excuse me? Am I expected to believe that not one supplier of the 255 successful companies even mentions open source software in their offering of IaaS os SaaS? Has no-one heard of the LAMP stack?

I then widened the search to include any and all service by any and all provider and got just one result – for some company called “Cloud Cache and Archive Limited”. The description says:

“Cloud Cache And Archive Limited is a privately funded software company with development based in London. Cloud Cache and Archive provides a game changing solution to allow the rapid integration of legacy applications and databases; and the deployment of new enterprise services and Web 2.0 applications on the Cloud. The solution leverages “big data” technologies; a 100% open source software; and cloud native platforms to provide Agile Information Integration and Agile Information Management all based on a cloud native platform. The proven solution is designed for Governments and large commercial organizations.”

I’m sorry, but that is just marketing drivel. WTF does that actually mean? What solution? To what problem? What is a “cloud native platform”? And how will this help a government procurement specialist (who, trust me, will not be an ICT specialist) choose a supplier?

Answers on a post card please.

Continue reading »]]> A slightly breathless new post over at omgubuntu proudly boasts that the market share of Linux on the desktop jumped “from 0.96% in January 2011 to 1.41% by the year’s end.” (That could equally be be written as a close to 50% rise in Linux’ popularity). No doubt this will scare the pants off Steve Ballmer.

I can’t help being amused by the comments below this post which run like this:

1. Thanks to Unity!

2. Despite unity.

3. Despite unity & gnome shell.

4. Thanks to gnome & despite unity.

5. Thanks to Ubuntu.

6. Thanks to Linux Mint.

This sort of united, combined front in opposition to proprietary software is exactly what will drive free software to say, oh around 2% of the desktop.

Continue reading »]]> Moxie Marlinspike, a security researcher probably best known for his SSL proxy tool, likes google even less than I do. His googlesharing website says:

“Google thrives where privacy does not. If you’re like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google account or not, they know everything you’ve ever searched for, what search results you clicked on, what news you read, and every place you’ve ever gotten directions to. Most of the time, thanks to things like Google Analytics, they even know which websites you visited that you didn’t reach through Google. If you use Gmail, they know the content of every email you’ve ever sent or received, whether you’ve deleted it or not.

They know who your friends are, where you live, where you work, and where you spend your free time. They know about your health, your love life, and your political leanings. These days they are even branching out into collecting your realtime GPS location and your DNS lookups. In short, not only do they know a lot about what you’re doing, they also have significant insight into what you’re thinking.”

His solution to this problem was interesting. He came up with the idea of a proxy system which would intercept all google queries, strip off identifying material (such as cookies and UserAgent strings and other HTTP headers) substitute new identifiers and mix the requests up with those from other users before forwarding to google. Implementation depended upon a Firefox addon (nothing for other browsers) which identified google queries and forwarded them to the proxy. All other traffic was untouched.

I stopped using google (except via scoogle) some time ago, and when Moxie’s new proxy first surfaced I thought it interesting but susceptible to the same problem I discussed in mid 2009 when writing about Hal Roberts’ experience of GIFC – all you are doing is shifting knowledge of your searches from google to a new intermediary. However, Moxie later addressed this problem with the release of version 0.20 of his addon so I thought I’d take another look at it. Unfortunately the addon won’t work with FF 9 (which I am using). Moxie’s proxy is not the only one out there however. Because he released the code under an open source licence, others have picked it up. I found one at gs.netsend.nl. They also provide an updated FF addon which will work with versions up to 15 (i.e. probably around next wednesday given the speed with which Mozilla is currently shipping new FF releases).

Once the addon is installed, it gives you two proxy options in the preferences settings – one is the original proxy.googlesharing.net, the other is gs.netsend.nl itself. In testing I found that the original googlesharing proxy seemed to be off-line, but when using the netsend.nl proxy I was reassured to see the message “Search results anonymized by GoogleSharing” added to the google homepage. I was even more reassured that my sniffer showed a connection to vps1101.pcextreme.nl on 31.21.98.201 and not to any known google network.

So, will I use it? Maybe. But the proxy mechanism seems to be unreliable. In many tests, the proxy connection seemed to be bypassed and the connection was obviously made direct to google (as evidenced by my sniffer). I think this failure is doubly unfortunate because it does not fail safe (i.e. the connection does not simply fail with an error message, it passes you direct through to google). This could lead the unwary to think that they are protected when in fact they are not.

I prefer not to use google at all. And in those cases where I do want to compare results with another search engine I prefer to do so via tor. But it is one more option in my toolkit if used carefully. And if using it pisses off google, then it is worth it occasionally.

Continue reading »]]> When I first tested running a tails mirror on one of my VMs, the traffic level reported by vnstat ran at around 20-30 GiB per day. I figured I could live with that because it meant that my total monthly traffic would be unlikely to exceed my monthly 1TB allowance. However, when I checked the stats on that server last week (around the 9th of Jan) I found that I was shipping out around 150 GiB per day and vnstat was predicting a monthly total of close to 3 TB. As the tails admins said when I told them that I would have to shut off the mirror on that VM while I sorted something, “Ooops”. Ooops indeed. I couldn’t chance a massive bill for exceeding my bandwidth allowance by quite that much. The actual stats for 4, 5, 6, 7, 8 and 9 January before I pulled the plug were: 34.23 GiB, 69.14 GiB, 178.31 GiB, 131.68 GiB, 99.05 GiB and 133.27 Gib. It turns out that tails 0.10 was released on 4 January and I hadn’t been prepared. A lesson learned.

Having shut down and had the DNS round robin amended, I attended to finding some way of throttling my traffic so that I could live within my allowance whilst still providing a useful mirror. I scratched my head for a while before stumbling on the obvious, I should be throttling at application level. (Sometimes I find that I miss simple answers because I am looking for complicated ones).

I started out by assuming that I should be using tc and iptables mangling, or something like the userspace tool trickle, all of which looked horribly more complicated than the approach taken by tor (which allows you to simply set the acceptable bandwidth rate to some limit, plus set an accounting period maximum of some total transfer limit per day/week whatever). And of course it turns out that my webserver (lighttpd) allows something similar. Just set the server limit to some chosen max transfer rate and, if necessary, also impose a per IP max rate. The magic configuration file options are:

# limit server throughput to 3000 kbytes/sec (~30000 kbits/sec)
server.kbytes-per-second = 3000
#
# and limit individual connections to 50 kbytes (~500 kbits/sec) – NB. I don’t actually use this
# connection.kbytes-per-second = 50

I tested this by pulling a copy of the tails iso from one of my other VMs which has a high bandwidth connection and got acceptable (and expected) results. So now I can go back on-line later this month safe in the knowledge that I’m not going to blow all my bandwidth in one week.

Continue reading »]]> OK, yes, I know there are probably already a gazillion web pages on the ‘net explaining exactly how to do this, but I got caught out by a silly gotcha when I tried to do this a couple of days ago, so I thought I’d post a note.

Firstly, X is not exactly a secure protocol, nor is it easy to filter at NAT firewalls, so the ability to tunnel it over ssh is hugely welcome. In fact, ssh can be used to tunnel practically any other protocol you care to name, so it should be your first port of call should you wish to connect to a remote system using an insecure protocol. (I use it to wrap rsync for example).

I don’t run X on my VMs (there is no need, they don’t run desktop software) and I had not previously seen the need to run X based graphical programs on those servers. However, a couple of days ago I thought it would be really useful to run etherape on one particular remote server so that I could watch the traffic patterns. Normally I use iptraf (which is ncurses based) when I want to monitor network traffic in real time, but etherape is pretty cool and gives a nice graphical view of your network connections. But it runs on an X based gui.

So. I changed the remote server’s sshd_config to enable X forwarding (“X11Forwarding no” becomes “X11Forwarding yes”) and restarted sshd. On my desktop I similarly changed my local ssh_config file to allow X forwarding (“ForwardX11 no” becomes “ForwardX11 yes”) to obviate the need to use the -X switch on the command line. I then installed etherape on the remote server and fired it up only to get the message “Error: no display specified”. Sure enough “echo $DISPLAY” showed nothing. But I had thought (and everything I had read confirmed) that ssh should take care of setting the appropriate display when X11 forwarding was set.

So I then tried setting a display manually (export DISPLAY=localhost:10.0 on the remote server) and then got the response “Error: cannot open display: localhost:10.0″. So, still no deal. I spent some time scratching my head (and reading man pages) and sent off a query to my local Linux User group in parallel asking for advice. They were gentle with me.

The first, and rapid, response, said:

On the server:

sudo apt-get install xauth

Then disconnect and reconnect the client.

Jobs a good un.

Thank you Brett.

So the moral is, make sure that you have X authorisation working properly on the remote system (check for the existence of $HOME/.Xauthority) if you experience the same symptoms I did.

Continue reading »]]> The reaction to Ubuntu’s move to Unity seems to be getting wider coverage. Over at LWN, Bruce Byfield blogged recently about the rift between the Ubuntu developers and its users. In particular he highlights Tal Liron’s entry to the Ubuntu launchpad bug wiki under bug number 882274. In that entry, entitled “Community engagement is broken” Liron gently rebukes the developers for their apparent lack of enegagement with the community, saying:

“The bug is easy to reproduce: open a Launchpad bug about how Unity breaks a common usage pattern, and you get a “won’t fix” status and then radio silence. The results of this bug are what seems to be a sizable community of disgruntled, dismayed and disappointed users, who go on to spread their discontent and ill will.”

Both Liron’s bug entry (and the subsequent commentary) and Byfield’s analysis of that discussion bear reading. I found myself frustrated by the obvious lack of understanding of (and impatience with) Liron’s position apparent in Mark Shuttleworth’s responses. Byfield concludes that:

“[Suttleworth] sounds impatient, resorting to personal attacks and invoking his personal authority or the necessities of design or standard practice instead of offering explanations. At times, he seems to address issues that at best approximate what others in the discussion are saying. Exactly why this change has happened is uncertain, but it adds a sting to Shuttleworth’s once-humorous title of Benevolent Dictator for Life.”

Meanwhile, over at El Reg, Liam Proven offers his analysis of the Ubuntu upheaval. In that article, Proven describes the differences between GNOME 3, GNOME 2 and Unity and explains how these changes (or more properly, the management of these changes) have led to the difficulties now facing a wide range of users. Proven concludes:

“Ubuntu is gambling that Unity will attract floods of new Linux users in such numbers as to outweigh those abandoning it for its spin-offs and rivals. If it’s correct, then Ubuntu will continue its rise to near-total dominance of the Linux desktop. But if it’s wrong, it will leave the Linux world more fragmented than ever.”

In my view Ubuntu (or more precisely Canonical and Shuttleworth himself) is wrong and will regret this decision not to properly engage with its user base. I don’t blame them for changing the desktop, after all, the GNOME developers have forced that change upon them. But I do agree strongly with Liron’s position. Ubuntu could do well to listen more.

And in a nice summary of Xfce, Scott Gilbertson today explains why previous GNOME users are moving to that desktop in the wake of the GNOME 3 and Unity changes. It seems I’m in the company of a growing number of other users.

Continue reading »]]> After exploring the alternatives to Ubuntu, I finally settled on Linux Mint Debian Edition (LMDE) running Xfce as the desktop. I am now Ubuntu free and have a desktop that looks the way /I/ want it to look rather than the way some design nut wants it to look. I am also hopeful that the desktop will stay that way in future.

My main desktop now looks like this:

and my netbook looks like this:

(click on either image to get full sized views)

I chose LMDE rather than Xubuntu partly out of pique with the way Canonical is taking Ubuntu, and partly out of a genuine desire to move to a distro which is closer to the ideals of the FOSS community which Ubuntu used to espouse and which Debian always has done. For me, LMDE now offers the best compromise between a truly useable modern desktop (with all that implies for proprietary codecs) and the purity and stability of Debian. I know where things are in Debian and I much prefer the Debian package manager to RPM (which immediately rules out Fedora or SUSE). Having now spent some time playing with Xfce I find myself surprised that I didn’t move to it much earlier. It is clean, relatively lightweight, fast and eminently configurable.

On my main desktop machine (which is running the 64 bit version to take full advantage of the 8 Gig of RAM I have installed) everything works as it should – even the dreaded flash (yes, I occasionally watch youtube). On the netbook (32 bit version) everything except the RHS card reader works. Hot plugging works on the left, and the right /will/ work if there is an SD card in place on boot. (But no, I /still/ can’t read Sony memory sticks. I have sort of given up on that now anyway since I no longer use the PSP to watch videos.)

Now to convert my wife.