chandanlog(3C): Netbooks and the end of the Laptop Decade

15 Nov 2008 Netbooks and the end of the Laptop Decade

If you are in the computer industry, it is not uncommon that friends or family often consult you to recommend a computer or a laptop. There are several things that make answering it difficult, especially for an average consumer who may be buying their first laptop with hard earned money:

A. good $1000 laptop does not offer value-for-money to someone wanting to use gmail and Internet
B. It will be obsolete in an year and newer software will run slower

When I first heard about the features of OLPC - (One Laptop Per Child) especially its battery life and networking features etc., my reaction was that those features should be part of any average consumer computer - trying to sell it to kids made it look like a scam. If I had 400$ to spend for a child's education, there are a dozen better ways to spend it. A computer would be near the bottom of that list.

Since then a number of commercial small low-cost, efficient and Internet oriented laptops have appeared in the market. These are also called Netbooks (v/s Notebook)

Number of companies making them suggests that these are becoming popular. While the hardware used is pretty awesome, the software stack has to catchup. The personal computer software industry has a long way to go before it is ready for the average consumer.

Especially focus has to be on making software run faster, simpler and more usable. Bloatware should be avoided and software should be able to run with limited resources. System should be able to boot in a couple of seconds and response time for any click should be strictly less than 100 milliseconds (except where the network latency comes into picture).

It seem to be a trend that the common software, (such as browsers, mail clients, games and operating systems) get bloated and slower with each revision. The Gnome desktop my OpenSolaris Indiana takes almost as much time to load up as the system takes to boot up. There is probably one drastic solution to it, that software developers should use old systems which were made 5 or 6 years ago. That way, regressions in performance become visible as soon as they are introduced.

Link | Comments [3]

10 Sep 2008 Home Theater Architecture

At the computer history museum in Mountain view, piles of old machines are displayed row by row chronologically, as if each row represents a decade of design. Computers made in 60's look like washing machines or dishwashers, while those made in 70's look like Technicolor typewriters. The machines designed in 80s are black rectangular plastic boxes that look like VHS video cassette players or audio receivers today. Or is the vice versa?

Majority of home theater equipment today seems to be stuck in the VHS era - they measure like 2 feet in length and breadth, and half a feet in height weighing at least 10 kilograms. If you are in the market for home entertainment electronics, there are hundreds and thousands of gadgets in the market. However finding something that meets my few requirements was challenging. My requirements were:

Small size, fewer components - home theater should not make living room like an electronic junkyard - should blend with home decor
Support best of technology - HD video and audio from multiple sources such blu-ray disks, cable and over the air HDTV, FM, streaming video and news from Internet.

In terms of inputs and output connections it must have the following:

Home Theater Box requirements

WiFi or Ethernet for streaming Internet media
USB and Firewire for connecting peripherals such as memory cards, external disks, mp3 players, keyboard, camera etc.,
ATSC, DVB tuner with CableCard support to get HDTV from cable or antenna or any PAL/NTSC sources
FM/AM/SW HD-radio tuner and analog audio input from mic, stereo and may be digital audio inputs like optical toslink or s/pdif
Infrared remote control
Should play Blu-ray, DVD and audio CDs
output to HD screen
output to 5.1 surround sound speakers

Surprisingly, there aren't many (or any) boxes out there in the market that do all the above. Wast majority of the systems you may find at a local electronics store meet only couple of the requirements above. You would need to stack a bunch of them in order to setup a home theater. it seems like the manufactures making these devices copy each other, even to the price tag, and yet no one ever built a modern system.

One option is called an HTPC (Home theater PC). There are a couple of systems which currently available, some made by Sony (VAIO TP series) are priced at $3000. Another recent one which caught my attention is Dell Studio Hybrid. Mac Mini could have been considered if only it came with a bluray drive and optical audio. One problem is finding a good software for these systems. Last time I evaluated opensource home theater software (such as MythTV), nothing matched the Apple's frontrow or Sony's media bar interface.

My current home theater setup (built more than a year ago) looks like this:

Playstation3 caters for requirements 1, 2, and 6.
Pioneer HTS surround sound system does 4.
Samsung HDTV tuner does some of 3, Cable settop box does others.
A Sony programmable remote control takes care of 5

PS3 is a good and fast blu-ray player, has great potential as an Internet media device. I am eager to see PS3 Life software. Beware of players which take more than a couple of minutes to load a blu-ray disk, players which cant be upgraded.

Pioneer HTS series audio system when I bought it was the only few its kind in the US, where a compact audio receiver is built into the subwoofer and hardly noticeable compared to 2ftx2ft beasts. The speakers are off white and blend with my wall and floor and aren't conspicuous. These days Sony also makes such compact audio systems. Beware of or avoid systems often called as HTIB which are DVD players with 5 speakers, but cant receive surround sound audio from other devices such as Cable TV STB.

A Sony programmable universal remote switches devices/functions can learn signals from various remotes. You can packup all the original remotes to reduce clutter. It operates all the devices transparently except Playstation. Beware of or avoid remotes that don't have "programmable" or "learning" feature.

All the devices and a Mitsubishi HD projector are hidden in a ventilated side table next to sofa in the living room. The projector projects a screen 9ft in diagonal on the opposite wall. A subscription to netflix provides a supply of high quality blu-ray movies to watch in the evenings. We see life size news anchors and weather experts walking across our living room. This setup caters to most of the requirements, however getting streaming video from Internet like Reuters news or Hulu or youtube requires a DLNA server. Watch this space for future posts discussing HTPC architecture.

Link | Comments [1]

03 Sep 2008 Can you lend me your iPhone for a minute?

A recent news item about Google Chrome bowser's license terms (the phrases "publicly perform, publicly display") reminds me of this legal trivia:

Can you lend your iPhone to a friend for making a call?
If you read the iPhone terms of use [pdf], it clearly says:

"3. Transfer. You may not rent, lease, lend, sell, redistribute, or sublicense the iPhone Software ..."

in other words, if you handout your iPhone to friend, and he or she uses the software, you have committed a crime (of license violation)! As per the same terms, if you have violated any terms of the license, you are required to cease all use of the software.

By the way, can you show or display your iPhone or MacOS X desktop to others?
Suppose you are making a presentation to a group of people, before your slideware takes up full screen, portions of the default wallpaper or other software get displayed on a projection screen, or the copyrighted ringtone music gets 'performed' in front of passengers in a metro train.

The corresponding licenses and terms of use do not grant you the right to publicly perform and publicly display the software or hardware to others. While it does not explicitly say "you can't perform nor display", the license terms don't say you can!

Interpret it in what ever way you want, publicly displaying a copyrighted work without a permission is called copyright infringement! If a thief steals your money, you having not given any explicit right to take that money, it is still called theft.

Anyway Sun's lawyers had done their homework and CDDL opensource license explicitly grants you the permissions to display or perform. See also this license comparison.

Link | Comments [2]

25 Aug 2008 Doing the same thing again and expecting different results

I was shooting a herd of Wapiti which were jumping into freezing white waters of Athabasca river near the Ice Fields parkway in Canada. My Canon SLR stopped working and gave the dreaded Err 99.

Later Canon service folks diagnosed and asked me to parcel the dead camera to their factory service center in Irvine, California along with a copy of original receipt.

Not having preserved the original receipt, I went to the electronics supermarket chain I bought the camera. The customer service specialist there took my creditcard and worked for about five minutes on the LCD screen and said "Sorry! you will have to try at the shop you bought your camera... We cant print your receipt here". Then I drove ten miles to the shop where I had purchased it.

Customer service specialist there took more time, couldn't figure out how to print a duplicate receipt. The boss in that store came down. He gave his experienced gaze at the terminal and he suggested something. The service specialist then went inside and came out with a printout of an excel sheet containing all the purchases I had ever made with that company.

Then I called Canon, to check if that spreadsheet is acceptable, but they insisted on giving the original proof of purchase. I went to the nearest store again, but this time the customer service person there swiped my credit card, and my duplicate receipt came out the printer in matter of seconds!!

Someone defined insanity to be doing the same thing over and over again and expecting different results, but might work for you when you call for customer service help.

By the way, Canon replaced my SLR camera's shutter assembly and sent it back in a week.

Photos from Canada are here

Canada

Vancouver

Link | Comments [2]

18 Aug 2008 To prevent auto-reply e-mails

To keep some of the Sun's internal processes rolling my crontab(4) has accumulated a number of scripts that are run daily. These scripts send out emails of anything from a "gentle reminder" to gory details of process steps to follow.

In return for that service, a dozen or so vacation auto reply messages would get bounced at me automatically everyday when ever these scripts run. Looking at my mails I know who is on vacation or who is traveling.

So far I had a server-side filter that would filter out such responses. However is there way to stop these vacation auto-replies at the source?

It seems there is a way to tell the auto responders to ignore sending a reply to a mail, if the mail contains the header:

Auto-Submitted: auto-generated

Headers indicating an email to list can also suppress the autoreplies:

Precedence: list

After I added these to my scripts, I haven't seen any reply so far...

Link | Comments [1]

30 Jul 2008 Secure your Wi-Fi networks now!

Last time I visited an Internet cafe in Bangalore to scan a few documents I was in for a surprise. They asked for a photo ID before they offered me any service, even if it is just to scan a couple of documents to my USB stick. That is a good thing - makes it difficult for terrorists to operate and communicate.

This person apparently had his WiFi network wide open for anyone to access and abuse it. It is suspected that terrorists used his network or mail account to send a warning email hours before the blasts in Ahmadabad where about 54 people were killed.

He says "I'm not an IT professional. I have no idea how all that works". It is as good an excuse as saying "I am not a locksmith. I have no idea how to lock my doors". Search google or ask a friend.

Some amount of blame rests with folks who make these Wi-Fi devices and not making them easy to operate in a secure by default mode.

Link | Comments [4]

28 Jul 2008 Notes from the 20th FIRST conference in Vancouver

I was at 20th FIRST Conference Vancouver last month. Forum of Incident Response and Security Teams is a community of folks who work behind the scenes to keep the world running - from people securing your banks to people protecting your national infrastructure. Here are pointers to some of the interesting topics from the conference:

Fast Flux networks Fast Flux nets are where compromised computers are used to temporarily host malware.
A talk on "Applied Security Visualization" demoed state of art of network visualizations and tools. There is a live CD project called DAVIX which aggregates the tools.
An interesting demo was of "RFID hacking" - where Adam Laurie demonstrated duplicating company badges and electronic passports with gadgets that cost less than $100. He could take his scanner near a passport with RFID (aka E-passport) and display holder's information including passport photo
A Keynote presentation from former security chief of OLPC (One Laptop per child) talked about features of OLPC as something as a great advancement in security - for eg. the ability that only a open dialog box can open files! (BTW, that sounds very similar to what we call in the UNIX setuid - that only password command can change passwords)
A presentation about Mozilla development process talked about how testing is done: they are always running enormous number of test suites against the latest tree. They don't rely on the developers to do the testing for changes.
Honey spiders - that crawl spam and phishing sites in search of malware and execute or analyze them.
Atanai Sousa showed how a phishing malware operated in Brazil, giving insight into how the spyware and malware have an upper hand in capturing your bank passwords weather you type them or use any other practically useless mechanisms invented to circumvent keyboard spys.

Overall it was good listening to stories direct from people in the battleground, to get an understanding of real world problems and threats they face. It also gave a good opportunity to meet product security folks other companies and CERT folks from around the world - many whom we communicate over email daily.

Link | Comments [0]