More smartphones shenanigans: Ireland and the unlocked phones

In my previous rant I have noted that in Ireland it’s next to impossible to buy unlocked phones. Indeed when I went to look for a phone to travel to China at Carphone Warehouse (which at least in the UK is owned by Samsung), while they had plenty of selections for the phones, they all came with contracts.

Contracts are useful for most people, since effectively the carrier is giving you a discount on a phone so that you commit to stay their customer for a certain amount of time. When you do this, they lock you to their network, so that you can’t just switch to another carrier without either giving them their due in subscriptions or paying back the discount they gave you on the phone. In general, I see this approach as reasonable, although it has clearly created a bit of a mess to the market, particularly on the cheaper phone scale.

I have to admit that I have not paid enough attention to this in Ireland up to now simply because I have been using my company-provided phone for most of my day to day travel. Except in China, where it would not be really appropriate. So when I had to go back to Shanghai, I found myself in need of a new phone. I ended up buying one at Argos because they could source one for me by the following day, which is what I needed, and they also had last year’s Sony flagship device (Xperia X) at a decent discount, particularly when compared to the not-much-better Xperia XZ. Alternatively, Amazon would have worked, but that would have taken too long, and the price was actually lower at Argos, for this particular model.

As it is usual for most Android phones, the device started running through a number of system software updates as it was turned up. Indeed, after three cycles the device, which started off with Android 6.0, ended up on 7.0. Not only that, but by now I know that Sony appears to care about the device quite a bit. While they have not updated to 7.1, they have pushed a new system software — I noticed because my phone started downloading it while in Changi airport, in Singapore, while connected to a power pack and the Airport’s WiFi! With this update, the phone is running Android security update as of May 1st 2017.

That made me compare it with the Xperia XA, the locked phone I bought from Three, and that I now managed to unlock. The phone came “branded” by Three Ireland, which for the most part appeared to just mean it splashed their custom logo at boot. Unlocking the phone did not make it update to a newer version, or de-brand itself. But despite being the cheaper version of the X, and theoretically the same generation, it was still stuck on Android 6.0.

Indeed, before the last update, probably released at the same time as the latest Xperia X firmware, the security patch level was reported as April 1st 2016, over a year ago! Fortunately the latest update at least brings it to this year, as now the patch level is January 5th, 2017. As it turns out, even the non-branded versions of the phone is only available up to Android 6.0. At least I should say hat tip to Sony for actually caring about users, at least enough to provide these updates. My Samsung Tab A is at security level 1st June 2016, and it had no software updates in nearly as much time.

There is officially no way to de-brand a phone, but there are of course a number of options out there on how to do that otherwise, although a significant amount of them relied on CyanogenMod and nowadays they will rely on… whatever the name of the new project that forked from that is. I did manage to bring the phone to a clean slate with somewhat sketchy instructions, but as I said even the debranded version did not update to Android 7.0 and I’m not sure if now I would have to manually manage software update. But since the phone does not seem to remember that the phone ever was branded, and there is no Three logo, I guess it might be alright. And since I did not have to unlock the bootloader, I’m relatively safe that the firmware was signed by Sony to begin with.

What I found that is interesting in from using the tool to download Sony’s firmware, is that most of their phones are indeed sold in Ireland, but there is no unbranded Irish firmware. There are, though, a number of unbranded firmwares for other countries, including UK. My (unbranded, unlocked) Xperia X is indeed marked down as a UK firmware. Effectively it looks like that Ireland is once again acting like “UK lite” by not having its own devices, and instead relying on the UK versions. Because who would invest time and energy to cather to the 4.5M people market we have here? Sigh.

My horrible experience with Three Ireland

I have not ranted about the ineptitude of companies for a while, but this time I have to go back to it. Most of the people who follow me on Twitter are probably already fully aware of what’s going on, so if you want to skip on reading this, feel free.

When I moved to Ireland in 2013, I evaluated quickly the mobile providers available and decided to become a customer of Three Ireland. I was already a customer of Three back in Italy, and they had the same offer here than they had there, which involved the ability to be “Three like at home”, roaming on foreign Three networks for free, using the same allowance of calls and data that you have on your own country. Since my expectation was to go home more often than I actually did, roaming to Three Italy sounded like a good deal.

Fast forward four years, and I ended up having to give up and moved to a new provider altogether. This all precipitated since Three Ireland took effectively four months to fix up my account so I could actually use it, but let’s take one step at a time.

Back in January this year, my Tesco credit card got used fraudulently. Given I have been using Revolut for most of my later trips to the States, I can narrow down where my card was skimmed as one of three places, but it looks like the MIT Coop store is the most likely culprit. This is a different story, and luckily Tesco Bank managed to catch the activity right away, cancelled my card and issued me a new one. This is something I talked about previously.

The main problem was migrating whatever was still attached to that card onto a different one. I managed to convert most of my automated debits onto my Ulster Bank MasterCard (except Vodafone Italy, that’s a longer story), but then I hit a snag. My Three Ireland account was set up to auto-top-up from my Tesco Bank card €20 every month. This was enough to enable the “All you can eat data” offer, which gave me virtually unlimited data in Ireland, UK, Italy, and a few other countries. Unfortunately when I went to try editing my card, their management webapp (My3) started throwing errors at me.

Or rather, not even throwing errors. Whenever I would go to list my payment cards to remove the now-cancelled card, it would send me back to the service’s homepage. So I called them, and I’ll remind you this is January, to ask if they could look into it, and advised I won’t be able to take call because I was about to leave for the USA.

The problem was clearly not solved when I got back to Ireland, and I called them again, told me I would be contacted back from their tech support and they will give me an update. They called me, of course always at awkward times, and the first thing they asked me was for a screenshot of the error I was shown, except I was shown no error. So they had to go back and forth a couple of times with them, both on the phone and over Twitter (both publicly and over direct messages).

At some point during this exchange they asked me for my password. Now, I use LastPass so the password is not actually sensitive information by itself, but you would expect that they would have built something in place where they can act as one of their customers, for debugging purposes, or at least be able to override the password, and just ask me to change it afterwards. Since the second auto-top-up failed and required me to make a manual payment, I decided to give up, and send them screenshot of both the loading page and the following landing page, and send it to them as requested.

Aside note here: the reason why these auto-top-up are important, is that without these, you get charged for every megabyte you use. And you don’t get any notification that your all-you-can-eat expired, you only get a notification after you spent between €5 and €10 in data, as that’s what law requires. So if the auto-top-up failed, you end up just using your credit. Since I used to spend the credit on Google Play instead (particularly to pay for Google Play Music All Access — my, what a mouthful!), this was not cool.

By end of March, when the third auto-top-up failed, and I ended up wasting €15 for not noticing it. I called them again, and I managed to speak to the only person in this whole ordeal who actually treated me decently. She found the ticket closed because they did not receive my screenshot, so she asked me to send them directly to her address and she attached them to the ticket herself. This reopened the ticket, but turned out not to help.

At this point I’ve also topped up the €130 that were required to request an unlock code for my Sony Xperia XA phone, so I decide to request that in parallel while I fight with trying to be able to configure my payment cards. Since the phone is Sony, the unlock code comes directly from them and Three advises is going to take up to 21 working days. When I send the request, I get an email back telling me the unlock request was not successful, and to contact the customer support. Since I was already bothering them on Twitter, I do so there, and they reassure me that they took care of it and sent the request through.

Also, this time I give up and give them my password, too. Which became even funnier, because as I was dictating it to them I go to “ampersand” and they reply “No that’s impossible, it’s not a valid character for the password!” — as it happens it is indeed not a valid character, now. When I set my password it was valid, but now it is not. I found out after they fixed the problem, because of course by then I wanted to change my password, and LastPass generated another one with the & character.

It took another month for them to finally figure out the problem, and another three or four requests for screenshots, despite them knowing my password. And a couple of times asking me to confirm my email address, despite it already being in the system and all. But at least that part got fixed.

Now remember the unlock code request above? 21 working days in most cases mean around a month. So a month after my unlock code request I call them, and they inform me that the 21 working days would expire the next day, a Friday. The reason is to be found in Easter and bank holidays being present, reducing the number of working days in the month. Fair enough, I still ask them what’s going to happen if the 21 days promise is breached, and the guy on the phone denies it is even possible. Of course the day after I got to chat with them again, and they realize that there was no update whatsoever and there should have been at least one.

They decide to request an urgent unlock, since on the Thursday I would be leaving for China, and they promise me the unlock code would be there by Monday. Goes without saying it didn’t work. When I called on Monday they told me that only Sony can provide the unlock, and since it was a long weekend they were not going to answer until at least the day after (May 1st was bank holiday, too). At this point I was pissed and asked to speak with a manager.

Unfortunately the person at the phone was not actually human, but rather was replaced by one of those call center scripts kind of drone and not only kept telling me that they had nothing personal against me, which I did not care if they did, to be honest, but refused to redirect me to a manager when I pointed out that this was ludicrous after fighting four months to get the other problem solved. They kept saying that since the ticket is closed, there was nothing they could talk to me about. They also insisted that since the unlock code hasn’t arrived they couldn’t even offer me a trade-in with an unlocked phone, as that is only available if the unlock code fails to work.

I ended up having to buy myself a new phone, because I could not risk going to China with a locked phone again. Which turned out to be an interesting experience as it looks like in Ireland, the only places to buy unlocked phones are either corner shops selling Chinese phones, or Argos. I ended up buying an Xperia X from Argos, and I’m very happy of the result, although I did not intend to spend that money. But that’s a story for another day, too. Of course the unlock code arrived the day after I bought my new phone, or should I say the day after I gave up on Three Ireland, and moved to Tesco Mobile.

Because at that point, the drone got me so angry that I decided to just spend all of my credit (minus €20 because I hit the usage limit) buying movies and books on Google Play, and when I picked up the phone on Tuesday, I also picked up a SIM for Tesco Mobile. I found out that MNP in Ireland takes less than an hour and just involves a couple of confirmation codes, rather than having to speak with people and fill in forms. And I’m indeed happy on Tesco Mobile right now.

Why am I so riled up? Because I think Three Ireland lost a big opportunity to keep a customer, the moment when I expressed my dissatisfaction with the service and with the lack of unlock code. They could have offered me a trade-in of the current phone. They could have given me the credit I spent because of their issue back. They could have even offered me a new, any new phone, locked to their network, to make it harder for me to leave them. Instead they went the road of saying that since the problem has been solved at all, there was never any problem.

I found this particularly stupid particularly compared to the way Virgin Media and Sky Ireland seem to have it down to practice: when I called Sky to ask them if they had any better offer than Virgin, back when I used TV service, they told me they couldn’t do better broadband, but they would offer me a lower price on the TV package so that I could unbundle it from Virgin. When I called Virgin to remove the TV package (because at the time they were going to increase the monthly fee), they offered to lower their price for a year to make it still more convenient for me.

Sniffing on an Android phone with Wireshark

In my review of the iHealth glucometer I pointed out that I did indeed check if the app talked with the remote service over TLS or not. This was important because if it didn’t, it meant it was sending medical information over plaintext. There are a few other things that can go wrong, they can for instance not validate the certificate provided over TLS, effectively allowing MITM attacks to succeed, but that’s a different story altogether, so I won’t go there for now.

What I wanted to write about is some notes about my experience, if nothing else because it took me a while to get all the fragments ready, and I could not find a single entry anywhere that would explain what the error message I was receiving was about.

First of all, this is about the Wireshark tool, and Android phones, but at the end of the day you’ll find something that would work almost universally with a bunch of caveats. So make sure you get your Wireshark installed, and make sure you never run it as root for your own safety.

Rick suggested to look into the androiddump tool that comes with Wireshark; on Gentoo that requires enabling the right USE flag. This uses the extcap interface to “fetch” the packets to display from a remote source. I like this idea among other things because it splits the displaying/parsing from the capturing. As I’ll show later, this is not the only useful tool using the interface.

There are multiple interfaces that androiddump can capture from; that does include the logcat output, that makes it very useful when you’re debugging an application in realtime, but what I cared about was sniffing the packets from the interfaces on the device itself. This kept failing with the following error:

Error by extcap pipe: ERROR: Broken socket connection.

And no further debugging information available. Googling for a good half hour didn’t bring me anywhere, I even started strace‘ing the process (to the point that Wireshark crashed in a few situations!) until I finally managed to figure out the right -incantation- invokation of the androiddump tool… that had no more information even in verbose mode, but at least it told me what it was trying to do.

The explanation is kind of simple: this set of interfaces is effetively just a matrioska of interfaces. Wireshark calls into extcap, that calls into androiddump, that calls into adb, that calls into tcpdump on the device.

And here is the problem: my device (a Sony Xperia XA from 3 Ireland) has indeed a tcpdump command, but the only thing it does is returning 1 as return value, and that’s it. No error message and not even a help output to figure out if you need to enable somethihng. I have not dug into the phone much more because I was already kind of tired of having to figure out pieces of the puzzle that are not obvious at all, so I looked for alternative approaches.

Depending on the working system you use to set the capture up, you may be able to set up your computer to be an access point, and connect the phone to it. But this is not easy particularly on a laptop with already-oversubscribed USB ports. So I had to look for alternatives.

On the bright side, my router is currently running OpenWRT (with all the warts it has). Which means I have som leeway on the network access already. Googling around would suggest setting up a tee: tell iptables to forward a copy of every single packet coming from or to the phone to another mac address. This is relativel expensive, and no reliable over WiFi networks anyway, beside increasing congestion on an already busy network.

I opted instead to use another tool that is available in extcap: ssh-based packet captures. In Gentoo these require the sshdump and libssh USE flags enabled. With this interface, Wireshark effectively opens a session via SSH to the router, and runs tcpdump on it. It can also use dumpcap or tshark, which are Wireshark-specific tools, and would be significantly more performant, but there is no build for them on OpenWRT so that does not help either.

While this actually increases the amount of traffic over WiFi compared to the tee option, it does so over a reliable channel, and it allows you to apply capture filters, as well as start and stop capture as needed. I ended up going for ths option, and the good thing with this is that if you know the hardware addresses of your devices, you can now very easily sniff any of the connected clients just by filtering on that particular address, which opens for interesting discoveries. But that’s for another day.

Technology and society, the cellphone example

After many months without blogging, you can notice I’m blogging a bit more about my own opinions than before. Part of it is because these are things I can write about without risking conflicts of interests with work, so that makes it easier to write, and part of it is because my opinions differing from what I perceive as the majority of Free Software advocates. My hope is that providing my opinions openly may, if not sway the opinion of others, find out that there are other people sharing them. To make it easier to filter out I’ll be tagging them as Opinions so you can just ignore them, if you use anything like NewsBlur and its Intelligence Trainer (I love that feature.)

Note: I had to implement this in Hugo as this was not available when I went to check if the Intelligence Trainer would have worked. Heh.

Okay, back on topic. You know how technologists, particularly around the Free Software movement, complain abut the lack of openness in cellphones and smartphones? Or of the lack of encryption, or trustworthy software? Sometimes together, sometimes one more important than the other? It’s very hard to disagree with the objective: if you care about Free Software you want more open platforms, and everybody should (to a point) care about safety and security. What I disagree with is the execution, for the most part.

The big problem I see with this is the lack of one big attribute for their ideal system: affordability. And that does not strictly mean being cheap, it also means being something people can afford to use — Linux desktops are cheap, if you look only at the bottom line of an invoice, but at least when I last had customers as a -Sysadmin for hire- Managed Services Provider, none of them could afford Linux desktops: they all had to deal with either proprietary software as part of their main enterprise, or with documents that required Microsoft Office or similar.

If you look at the smartphone field, there have been multiple generations of open source or free software projects trying to get something really open out, and yet what most people are using now is either Android (which is partly but not fully open, and clearly not an open source community) or iOS (which is completely closed and good luck with it.) These experiments. were usually bloody expensive high-end devices (mostly with the excuse of being development platforms) or tried to get the blessing of “pure free software” by hiding the binary blobs in non-writeable flash memory so that they could be shipped with the hardware but not with the operating systems.

There is, quite obviously, the argument that of course the early adopters end up paying the higher price for technology: when something is experimental it costs more, and can only become cheaper with enough numbers. But on the other hand, way too many of the choices became such just for the sake of showing off, in my opinion. For instance in cases like Nokia’s N900 and Blackphone.

Nowadays, one of the most common answers when talking about the lack of openness and updates of Android is still CyanogenMod despite some of the political/corporate shenanigans happening in the backstory of that project. Indeed, as an aftermarket solution, CyanogenMod provides a long list of devices with a significantly more up to date (and thus secure) Android version. It’s a great project, and the volunteers (who have been doing the bulk of the reverse engineering and set up for the builds) did a great job all these years. But it comes with a bit of a selection bias. It’s very easy to find builds for a newer flagship Android phone, even in different flavours (I see six separate builds for the Samsung Galaxy S4, since each US provider has different hardware) but it’s very hard to find up to date builds for cheaper phones, like the Huawei Y360 that Three UK offers (or used to offer) for £45 a few months back.

I can hear people saying “Well, of course you check before you buy if you can put a free ROM on it!” Which kind of makes sense if what constraints your choice is the openness, but expecting the majority of people to care about that primarily is significantly naïve. Give me a chance to explain my argument for why we should spend a significant amount of time working on the lower end of the scale rather than the upper.

I have a Huawei Y360 because I needed a 3G-compatible phone to connect my (UK) SIM card while in the UK. This is clearly a first world problem: I travel enough that I have separate SIM cards for different countries, and my UK card is handy for more than a few countries (including the US.) On the other hand, since I really just needed a phone for a few days (and going into why is a separate issue) I literally went to the store and asked them “What’s the cheapest compatible phone you sell?” and the Y360 was the answer.

This device is what many people could define craptastic: it’s slow, it has a bad touchscreen, very little memory for apps and company. It comes with a non-stock Android firmware by Huawei, based on Android 4.4. The only positive sides for the device are that it’s cheap, its battery actually tends to last, and for whatever reason it allows you to select GPS as the timesource, which is something I have not seen any other phone doing in a little while. It’s also not fancy-looking, it’s a quite boring plastic shell, but fairly sturdy if it falls. It’s actually fairly well targeted, if what you have is not a lot of money.

The firmware is clearly a problem in more than one way. This not being just a modified firmware by Huawei, but a custom one for the provider means that the updates are more than just unlikely: any modification would have to be re-applied by Three UK, and given the likely null margin they make on these phones, I doubt they would bother. And that is a security risk. At the same time the modifications made by Huawei to the operating system seem to go very far on the cosmetic side, which makes you wonder how much of the base components were modified. Your trust on Huawei, Chinese companies, or companies of any other country is your own opinion, but the fact that it’s very hard to tell if this behaves like any other phone out there is clearly not up for debate.

This phone model also appears to be very common in South America, for whatever reason, which is why googling for it might find you a few threads on Spanish-language forums where people either wondered if custom ROMs are available, or might have been able to get something to run on it. Unfortunately my Spanish is not functional so I have no idea what the status of it is, at this point. But this factoid is useful to make my point.

Indeed my point is that this phone model is likely very common with groups of people who don’t have so much to spend on “good hardware” for phones, and yet may need a smartphone that does Internet decently enough to be usable for email and similar services. These people are also the people who need their phones to last as long as possible, because they can’t afford to upgrade it every few years, so being able to replace the firmware with something more modern and forward looking, or with a slimmed down version, considering the lack of power of the hardware, is clearly a thing that would be very effective. And yet you can’t find a CyanogenMod build for it.

Before going down a bit of a road about the actual technicalities of why these ROMs may be missing, let me write down some effectively strawman answers to two complaints that I have heard before, and that I may have given myself when I as young and stupid (now I’m just stupid.)

If they need long-lasting phones, why not spend more upfront and get a future-proof device? It is very true that if you can afford a higher upfront investment, lots of devices become cheaper in the long term. This is not just the case for personal electronics like phones (and cameras, etc.) but also for home hardware such as dishwashers and so on. When some eight or so years ago my mother’s dishwasher died, we were mostly strapped on cash (but we were, at the time, still a family of four, so the dishwasher was handy for the time saving), so we ended up buying a €300 dishwasher on heavy discounts when a new hardware store just opened. Over the next four years, we had to have it repaired at least three times, which brought its TCO (without accounting for soap and supplies) to at least €650.

At the fourth time it broke, I was just back from my experience in Los Angeles, and thus I had the cash to buy a good dishwasher, for €700. Four years later the dishwasher is working fine, no repair needed. It needs less soap, too, and it has a significantly higher energy rating than the one we had before. Win! But I was lucky I could afford it at the time.

There are ways around this: paying things by instalments is one of these, but not everybody is eligible to that either. In my case at the time I was freelancing, which means that nobody would really give me a loan for it. The best I could have done would have been using my revolving credit card to pay for it, but let me just tell you that the interests compound much faster on that than with a normal loan. Flexibility costs.

This, by the way, relate to the same toilet paper study I have referenced yesterday.

Why do you need such a special device? There are cheaper smartphones out there, change provider! This is a variation of the the argument above. Three UK, like most of their Three counterparts across Europe, is a bit peculiar, because you cannot use normal GSM phones with them, you need at least UMTS. For this reason you need more expensive phones than your average Nokia SIM-free. So arguing that using a different provider may be warranted if all you care about is calls and text, but nowadays that is not really the case.

I’m now failing to find a source link of it, but I have been reading this not too long ago (likely on the Wall Street Journal or New York Times, as those are the usual newspapers I read when I’m at a hotel) how for migrants the importance of Internet-connected mobile phones is significant. The article listed a number of good reasons, among which I remember being able to access the Internet to figure out what kind of documents/information they need, being able to browse available jobs opening, and of course to be able to stay in touch with their family and friends that may well be in different countries.

Even without going to the full extreme of migrants who just arrived in a country, there are a number of “unskilled” job positions that are effectively “at call” — this is nothing new, the whole are of Dublin where I live now, one of the most expensive in the city, used to be a dormitory for dock workers, who needed to be as close as possible to the docks themselves so that they could get there quickly in the morning to find job. “Thanks” to technology, physical home proximity has been replaced with reachability. While GSM and SMS are actually fairly reliable, having the ability to use WiFi hotspots to receive text and SMS (which a smartphone allows, but a dumbphone doesn’t) is a significant advantage.

An aside on the term “unskilled” — I really hate the term. I have been told that delivering and assembling furniture is an unskilled job, I would challenge my peers to bring so many boxes inside an apartment as quickly as the folks who delivered my sofa and rest of furniture a few months ago without damaging either the content of the boxes or the apartment, except I don’t want to ruin my apartment. It’s all a set of different skills.

Once you factor in this, the “need” for a smartphone clearly outweighs the cheapness of a SIM-free phone. And once you are in for a smartphone, having a provider that does not nickel and dime your allowances is a plus.

Hopefully now this is enough social philosophy for the post — it’s not really my field and I can only trust my experience and my instincts for most of it.

So why are there not more ROMs for these devices? Well the first problem is that it’s a completely different set of skills, for the most part, between the people who would need those ROMs and the people who can make those ROMs. Your average geek that has access to the knowledge and tools to figure out how the device works and either extract or build the drivers needed is very unlikely to do that on a cheap, underpowered phone, because they would not be using one themselves.

But this is just the tip of the iceberg, as that could be fixed by just convincing a handful of people who know their stuff to maintain the ROM for these. The other problem with cheap device, and maybe less so with Huawei than others, for various reasons, is that the manufacturer is hard to reach, in case the drivers could be available but nobody has asked. In Italy there is a “brand” of smartphones that prides itself in advertisement material that they are the only manufacturer in Italy — turns out the firmware, and thus most likely the boards too, are mostly coming from random devshops in mainland China, and can be found in fake Samsung phones in that country. Going through the Italian “manufacturer” would lead to nothing if you need specs or source code. [After all I’ve seen that for myself with a different company before.

A possible answer to this would be to mandate better support for firmware over time, fining the manufacturers that refuse to comply with the policy. I heard this proposed a couple of times, particularly because of the recent wave of IoT-based DDoS that got to the news so easily. I don’t really favour this approach because policies are terrible to enforce, as it should be clear by now to most technologists who dealt with leaks and unhashed passwords. Or with certificate authorities. It also has the negative side effect of possibly increasing the costs as the smaller players might actually have a hard time to comply with these requirements, and thus end up paying the highest price or being kicked out of the market.

What I think we should be doing, is to change our point of view on the Free Software world and really become, as the organization calls itself software in the public interest. And public interest does not mean limiting to what the geeks think should be the public interest (that does, by the way, include me.) Enforcing the strict GPL has become a burden to so many companies by now, that most of the corporate-sponsored open source software nowadays is released under Apache 2 license. While I would love an ideal world in which all of the free software out there is always GPL and everybody just contributes back at every chance, I don’t think that is quite so likely, so let’s accept that and be realistic.

Instead of making it harder for manufacturers to build solutions based on free and open source software, make it easier. That is not just a matter of licensing, though that comes into play, it’s a matter of building communities with the intent of supporting enterprises to build upon them. With all the problems it shows, I think at least the Linux Foundation is trying this road already. But there are things that we can all do. My hopes are that we stop the talks and accusations for and against “purity’ of free software solutions. That we accept when a given proposal (proprietary, or coming out a proprietary shop) is a good idea, rather than ignore it because we think they are just trying to do vendor lock-in. Sometimes they are and sometimes they aren’t, judge ideas, formats, and protocols on their merits, not on who propose them.

Be pragmatic: support partially closed source solutions if they can be supported or supportive of Free Software. Don’t buy into the slippery slope argument. But strive to always build better open-source tool whenever there is a chance.

I’ll try to write down some of my preferences of what we should be doing, in the space of interaction between open- and closed-source environments, to make sure that the users are safe, and the software is as free as possible. For the moment, I’ll leave you with a good talk by Harald Welte from 32C3; in particular at the end of the talk there is an important answer from Harald about using technologies that already exist rather than trying to invent new ones that would not scale easily.

I’m happy I didn’t replace my phone!

Since I’ve been to the US, I’ve been thinking of replacing my cellphone, which right now still is my HTC Desire HD (which I was supposed not to pay, as I got it with an operator contract, but which I ended up paying dearly to avoid having to pay a contract that wouldn’t do me any good outside of Italy). The reasons were many, including the fact that it doesn’t get to HSDPA speed here in the US, but the most worrisome was definitely the fact that I had to charge it at least twice a day, and it was completely unreasonable for me to expect it to work for a full day out of the office.

After Google’s failure to provide a half-decent experience with the Nexus 4 orders (I did try to get one, the price was just too sweet, but for me it went straight from “Coming Soon” to “Out of stock”), I was considering going for a Sony (Xperia S), or even (if it wasn’t for the pricetag), a Galaxy Note II with a bluetooth headset. Neither option was a favourite of mine, but beggars can’t be choosers, can they?

The other day, as most of my Twitter/Facebook/Google+ followers would have noticed, my phone also decided to give up: it crashed completely while at lunch, and after removing the battery it lost all settings, due to a corruption of the ext4 filesystem on the SD card (the phone’s memory is just too limited for installing a decent amount of apps). After a complete re-set and reinstall, during which I also updated from the latest CyanogenMod version that would work on it to the latest nightly (still CM7, no CM10 for me yet, although the same chipset is present on modern, ICS-era phones from HTC), I had a very nice surprise. The battery has been now running for 29 hours, I spoke for two and something hours on the phone, used it for email, Facebook messages, and Foursquare check-ins, and it’s still running (although it is telling me to connect my charger).

So what could have triggered this wide difference in battery life? Well there are a number of things that changed, and a number that were kept the same:

  • I did reset the battery statistics, but unlike most of the guides I did so when the phone was 100% charged instead of completely discharged — simply because I had it connected to the computer and charged when I was in the Clockwork Recovery, so I just took a chance to it.
  • I didn’t install many of the apps I had before, including a few that are basically TSRs – and if you’re old enough you know what I mean! – including Advanced Call Manager (no more customers, no more calls to filter!), and, the most likely culprit, an auto-login app for Starbucks wifi.
  • While I kept Volume Ace installed, as it’s extremely handy with its scheduler (think of it like a “quiet hours” on steroids, as it can be programmed with many different profiles, depending on the day of the week as well), I decided to disable the “lock volume” feature (as it says it can be a battery drain) and replaced it with simply disabling the volume buttons when the screen is locked (which is why I enabled the lock volume feature to begin with).
  • I also replaced Zeam Launcher, although I doubt that might be the issue, with the new ADW Launcher (the free version — which unfortunately is not replacing the one in CyanogenMod as far as I can tell) — on the other hand I have to say that the new version is very nice, it has a configurable application drawer which is exactly what I wanted, and it’s quite faster than anything else I tried in a long time.
  • Since I recently ended up replacing my iPod Classic with an iPod Touch (the harddrive in the former clicked and neither Windows nor Linux could access it), I didn’t need to re-install DoggCatcher either, and that one might have been among the power drains, since it also schedules operation in the background and, again as far as I can tell, it does not uses the “sync” options that Android provides.

In all of this, I fell pretty much in love again with my phone. Having put in a 16GB microSD card a few months ago means I have quite a bit of space for all kind of stuff (applications as well as data), and thanks to the new battery life I can’t really complain about it that much. Okay so the lack of 3G while in the US is a bit of a pain, but I’m moving to London soon anyway so that won’t be a problem (I know it works in HSDPA there just fine). And I certainly can’t lament myself about the physical strength of the device… the chassis is made of metal, I’d venture to say it’s aluminum, but I wouldn’t be sure, which makes it strong enough to resist falling into a stone pavement (twice) and on concrete (only once) — yes I mistreat my gadgets, either they cope with me or they can get the heck out of my life.

I’ll be at FOSDEM

This is just a short post to let my followers know that I’ll be at FOSDEM next month. I’ve booked the flight back in September and I booked the hotel yesterday, so it’s all set. I just hope not to get lost through Bruxelles.

The only reason why I’m posting this is, actually, that I need some suggestion from somebody who knows Belgium: both my phone operators lack dedicated roaming up there, so I’ll probably end up with an hefty bill waiting for me back home. Given in Italy you really can’t get a local pre-paid SIM to user your phone if you’re a tourist, I’m not sure if the same holds true in Belgium. And most importantly, whether I could re-use such a SIM over the years (as I plan on coming to FOSDEM with regularity, if I survive the trip alone this time).

At any rate, if you want to discuss anything in person, I’ll be the guy with the strange hat and the purse satchel (geek points for getting the reference), hanging around with the Gentoo or libav folks.

Hardware doubts: USB-based chargers

It seems like a huge number of phones and general portable devices, nowadays, charge with the help of USB-based chargers; these usually consists of extremely compact devices with a power plug, and an USB socket (type A) and come with a standard USB cable (usable for data as well as pure power) using either type mini-B (for older models) or micro-B (for almost all modern models, as they seem to have standardised with the help of the Open Mobile Terminal Platform.

I have to note that sometimes, even if the charging happens over the USB port, the manufacturer provides you not with a generic USB charger, but rather with a (sometimes model-specific!) charger that have from the terminal side the proper mini- or micro-USB plug, but is hardwired into the adapter. Motorola used to do that at the time of the V3 models (and many others; including their bluetooth headsets; I got a very old, very cheap one yesterday for my Milestone), and Samsung seems to be doing that, at least with the Corby.

At any rate, this is actually handy: I can leave a single charger in my bedroom, and one ready in my bag; then have around just a few cables (one for the iPod, one for the Milestone, one for the BT headset). On my office, I use the USB ports on my computer to charge them; this wouldn’t work as well, if I didn’t have this nice Belkin HUB that provides even ports with half an Ampere per port (the maximum standardised by USB); without that it would split the 500mA between multiple ports, and then it would take æons to charge.

But while travelling the past weekend to be at a fair to help some friends out, I noticed that sometimes, I really need to charge both the iPod and the cellphone, and bringing around a single charger while handy stops me from doing that. Luckily I remembered that a friend of mine suggested that there are many dual-USB chargers out there. I found some by Belkin as well, in a Saturn store near here, but unfortunately they seem to have a different problem.

As I said the computer USB ports are rated at an output of 500mA; on the other hand, the charger that Motorola gave me with my Milestone is rated for 850mA, and the iPod charger is rated at 1A (1000mA). This is pretty useful, as the higher current should allow for faster charge… and still not burn anything out. So, looking at dual-USB wall chargers, you’d expect them being rated for total output of 1.7A-2A, so that each port can output the equivalent current to the single-output chargers. But browsing through the above-mentioned store, I noticed that about half of them are rated for total output 1A (0.5A per-port, like a computer) and half of them are not rated at all on the box, or not clearly. For instance, the Belkin ones say they have “two USB 1A ports”, can’t really tell whether the charger has two 1A-ports or two ports for a total of 1A.

I hate when the specifics on the boxes don’t really make it explicit what you’re going to buy. Does anybody know these products and can shed some light over the matter?

Nokia’s silliness

No, I’m not referring to Nokia’s involvement with Qt, nor I’m going to speak about the N900 (which still tempts me somewhat). I’m speaking about the good old classic Nokia phones and accessories.

Last week a friend of mine tells me about a special code to get a 20% discount on all Nokia hardware, and since I was looking for a pair of bluetooth headsets (one for the Nokia E75, and the other for the Siemens VoIP phone, for when I have to wait for an hour on the phone be it for personal situations or, most likely, business reasons) I decided I could go with either one or two depending on one particular factor: whether Nokia was ready to send me one with an UK power adapter.

My reason for wanting a bluetooth set with the UK adaptor is that since I’d like to go back to London (and actually I already booked tickets and room for going back at the start of November with a friend of mine), I would be needing either to use again the adapter or to get an UK Nokia power adapter… since I have about ten different Nokia adapters home, and they insist on giving me a new one with each purchase, another Italian adapter would have been superfluous, and at that point getting a UK one would have been a good choice, in my opinion.

So anyway, since I’m a registered freelancer with a valid European VAT ID, I wanted to have a proper invoice for the headset(s), so that I could then declare it a work expenses (it is). Strangely enough, while Italian eshops never had trouble with invoicing me, European shops often seem to have trouble; some have different websites (like Alternate and Apple’s); other have no way to send me a VAT-valid invoice, and in the case of Nokia’s, they ask me to call them. Well not a problem for me, calling to order stuff.

Not in general at least; the problem is that the operator who answered was definitely not Italian. Don’t get me wrong, I have no problem with foreigners, not even with those working on call-centers and the like; everybody got to work, and if they are hired to do that job, I’m fine with that. But at least they should ensure that the guy can understand what he’s being told. In this case, he really had no way to it seems.

First of all, he wasn’t even sure whether he could order me the BH-104 headset with the UK adapter… he seemed to ask, either to someone else or me, whether that could be possible, and then said “No, I don’t think so”. Sigh, well okay, I’ll just get one instead of two then (the other I’ll get once I am in London). I start giving him my data, starting from my name… he asks me to repeat it a couple of times… I finally spell it letter by letter, using the classic Italian method for spelling: city names. It seems like my friend here didn’t know them either… indeed, he wrote down “Iettno” as name, rather than the correct “Pettenò”… not a good start is it?

After 40 minutes on the phone for something that, online, would have taken about 5, I get to do something else waiting for the confirmation email (where I finally see the wrong surname); I open a request at Nokia right away to tell them that they got the wrong name, address (number 155 rather than 125) and even the name for the credit card (which is still my old name, not the new one). I also ask again please if they can replace the SKU# with the SKU# of the UK version, but I get no answer. I’m told a confirmation email would arrive when the order is shipped, so I don’t give too much credit to the fact I read nothing, I expect the order to be cancelled (since Visa should refuse the use of the CC with the wrong name, at least so I thought)…

I read or think nothing about it till today; this morning an ex-schoolmate of mine, whom I have seen a few months backs after probably around ten years, and who lives at 800m from my home, calls me up “I just received a package from the Netherlands directed to you… the courier was going to send it back because they couldn’t find the address… I’ll bring it to you this afternoon”. Now, a couple of words thanking Murphy that at least left one thing right, and to my friend who received the package. Obviously, this was the Nokia’s headset.

And here another bad surprise: not only the name is wrong, but the operator didn’t write down my VAT ID! Which makes the invoice unusable as work expense! Terrific!

Okay, okay, at least the headset looks good, I try to pair it with my E75… to no avail. Maybe I’m doing something wrong? I call up a friend of mine to help me out (since he was coming here anyway) and he tries with his E61 (my old one)… works fine; he tries the same with my E75… nothing. Okay, let’s see with the E71… it also works fine at the first try. Fun ensures.

A quick google around later, I found one interesting forum post with an “out there” trick: deleting the SMS Inbox (and outbox as well). Well, what had I to lose? 500+ messages in my inbox… they are there just because it’s too cumbersome to delete them each time, they have no value to me, so I just clear them out… I try with just the inbox first and… uh it works.

What the heck!

Now, Luca actually brought in a good point: my SMS inbox came ported from the E71; and it passed through a firmware update as well; it’s not too far fetched to expect that the database would be in need for some kind of vacuum or something; or maybe while the messaging application could deal with older data format, the bluetooth one couldn’t. Since bluetooth messages are sent like any other message, it’s possible that the two are linked and that might have caused the trouble. In any case, this definitely shows that there is something totally wrong with Symbian!

Really, are we serious? Nokia you made me waste a non-null amount of money with your mistake. I’m definitely going to complain until I can get somebody to at least explain to me why that had to happen in the first place. I start understanding how it is that this trimester has been negative, if this kind of problems is getting common. I definitely didn’t remember this with Nokia.

Cellphones… sigh!

There is a lot of talk about the Linux-based cellphones out there, I guess lately mostly due to Nokia’s release of the N900; I sincerely am sticking still with the Nokia E75, after switching last year to the E71 (well, it’s not my fault if 3 is giving me chance to switch phone paying it 14 of what it’s worth on the market…), but I start to wonder if it was a good idea.

Don’t get me wrong, the phone is good, as mostly is the software on it; unfortunately there are quite a few problems related to it, although I really don’t know how better/worse other systems can be:

  • While most of the software in the phone let me choose the “Internet” aggregated connection as default connection (something very good Nokia added with this release of their S60 firmware), the mail client doesn’t… that means that it continues asking me which connection to use when it has to check the mailbox. Yes, I could tell it to use the direct connection, but then it would try to use it even when I were outside of the standard 3 network coverage, and that’s definitely bad. Plus I prefer to use WiFi if I have it available.
  • Again the mail client: it doesn’t tell me whether there are subfolders with unread messages, I have to check them all by myself, which is quite boring when you want simply to see if you got mail.
  • The browser is a bit puny sometimes; yes it works most of the times, but there are a few things that do bother me tremendously, one of which is the fact that, while it remembers passwords set in forms, it doesn’t remember HTTP digest auth passwords! Which is what I’m using, ça va sans dire.
  • The Contacts on Ovi application (an XMPP client) is definitely strange; even though I have the latest version, sometimes it goes crazy with the contacts, and there are people who I used to have as contacts in there that I cannot find any longer; the fact that they don’t allow to just use any XMPP account, but just Ovi accounts, doesn’t really help.
  • Non-latin characters cannot be displayed; not only Japanese text (for track names of Japanese music for instance), but also little things like the dashes (—), typographical quotes (“”) and arrows (→) cannot be displayed, neither in the webpages nor in the mail messages. This is pretty upsetting to me since I ♥ Unicode.
  • And most importantly, writing applications for Symbian is nigh impossible, at least without using Windows, since I don’t see anything changed since then. And since I’m a developer, sometimes I’d wish I’d be able to just write my own applications for the stuff I need.

Now I guess I’ll have to start considering some ideas on what I’ll go with next time. The choices are most likely iPhone, Android and Nokia’s N900; neither look really short-term to me because they all involve pretty expensive phones — I didn’t pay more than €120 for my current phone. But before I can even think about a decision, I need some further information and I’m not really keen on going on to find it right now because I can barely find the time to write this while I wait for two compiling processes to complete, since I’m fully swamped with work, so I’m writing them here and maybe some of you can help me with them…

Are they able to switch between 3G and WiFi connectivity as needed? Can they blacklist 3G while roaming, and then whitelist a specific network? (This is because when I’m under another 3 network, outside of Italy, the Nokia detects roaming, but the same local tariffs apply so it really should feel like home network for the phone as well).

I know that the iPhone does, but what about the other two? Do they support IMAP with IDLE command? Since GMail implements it I expect at least Android to…

Do the other browsers remember authentication information?

Do they have a IM client compatible with Jabber/GTalk? I guess Android does, I hope so at least. I would prefer for a native client, not something that connects to a middleware server like Fring does.

Can they display Unicode characters, which include Unicode punctuation and Japanese text? I’m told the iPhone does…

Can they sync with something, and I mean that with keeping as much information as possible about a person; I have a very complete Address Book on OSX right now; I haven’t imported it in Evolution in quite a while, I should find a way; neither Ovi Sync, Google Sync and Yahoo! Sync seem to work fine with the amount of details I keep around; Google is probably the worst on that account though. Being able to sync with Evolution directly is definitely a good thing.

How possible is it to write applications for them? I have read very bad things about the Palm Pre; I know that the iPhone has a complete SDK (which I should also have installed already but never used) but it only works on OSX; I do have that system but I would rather work from Linux, so I’m curious about the support for the other two. There’s an Android SDK for Linux but I have no clue how it works. Important detail here: I have no intention whatsoever to crack (“jailbreak”) the device; if I buy something I want that to work as good as possible without having to fiddle with it; if I have to fiddle, then I might as well go with something else, which is probably my main reason against getting an iPhone.

Bonus points if I can write open source applications for the device, since that’s what I’d very much like to do; I’d rather write an open source (free software) application and eventually “sell” it for a token amount on the store for the easiness of installation than write a closed source application and keeping it gratis.

Among other features I’d be needing there are support for Voice over IP (standard SIP protocol) over-the-air (that is, over 3G network as well) and the ability to deal with QR Codes. More bonus points if there is a way to access QR Codes decoding from custom applications (since that would allow me to refine my system tagging to a quite interestingly sophisticated point.

More: having a software able to reject calls from a blacklist of numbers (including calls without a caller ID) would also be appreciated, since I haven’t stopped it since that call (and I keep updating it with numbers of nuisances as needed). Even more bonus points if there is also an SMS antispam that can kill the promotional messages that 3 sends me (they get old pretty soon, especially considering I’m using a “business” account).

Now, all the functions might as well be handled by external apps not part of the firmware, that’s actually even better since there’s a better chance that they’d be updated rather than the firmware. But obviously if I have to spend another €150 just to get the software I need I might simply decide for another family.

At any rate, if you can help me with the future choice, I’d be definitely glad. Thanks!

Tagging… computers

You might remember that some time ago I was looking for some kind of hardware registry to handle some kind of database with the configuration data of various computers I support from time to time for friends and customers.

Unfortunately the only solution I found – GLPI – is written in PHP for MySQL, and both are taboo pieces of s…oftware for me, so I simply ignored the whole issue for quite a while. This till the past few days because one computer I patched up in July came back to me: the disk was faulty already, and I warned the owner at the time that it might not have lasted long, and now it was dead in the water.

What became a problem was that the same person brought me three computers at the time, and I had to find out which one of the three this one was when I went looking for the correct Windows XP Home installation CD; luckily I was able to find it by grepping for the product key, but that really upset me since it took me more than it should have to recognize the computer; it’s easier when I have a direct relation between owner and computer, but that wasn’t the case.

So I went looking for some solution; the first problem was, obviously, finding a way to “tag” the computer; either by using some serial number already visible, or by going one step further and create one of mine. Since not all computers have serial numbers, and they are pretty wild to find sometimes, I decided it was much simpler if I were to create my own code for them; but if I used a mnemonic code, it would be understandable by the owner as well, and might actually wonder why I did choose such a name for the system. One step further: I used as identifier a mnemonic’s MD5, so that it could only be seen as 32 random hexadecimal digits.

At that point you might wonder “how the heck are you going to be able to type in all the digits every time you search for the box? Well it’s actually much easier than that: I set up a private URL on my personal server (protected by HTTP digest), using that 32-character string as filename, and then encoded it… in a QR code thanks to Nokia’s service at that point it was only a matter of printing a label (I have them at home) with the code on it, and then attach it to the box. Thankfully, my E75 mobile phone is able to read such codes, and has Internet access, so just opening the barcode reader application and scanning the label is enough for me to access the page with all the details I need.

Of course in this picture I’m still lacking the server-side support; since GLPI is no-go for me (because of the PHP/MySQL dependencies), I first considered using a Wiki; of course it had to be something using what I already had on the system, which meant, mostly, Rails, so I tried Instiki upon Alex’s suggestion. Let me tell you it was a bad choice. It was really meant as a very quick and “dirty” approach: no authentication embedded in the application, added support for SVG and MathML directly into the (X)HTML, included the log on each page, no way to customize the appearance without changing the view files directly… and added to that, pretty unreadable on the phone.

At that point, I remembered that I dislike webapps for semi-static content so I thought about it a couple more minutes: I’m the only one who has to edit that data; I only need it to be searchable when I know what I’m looking for; I usually go around with my laptop; and git is pretty sweet for handling websites. So I ended up just using static HTML pages (for a moment I thought about using XML and a custom XSLT; while I haven’t decided against this just yet, it’s not really that much of a priority for me; if I were to publish fsws then I might actually consider adding something along those lines so that it could be seen as a standard and then used to import/export, maybe auto-generating some data directly on Linux (like logging the PCI IDs and stuff like that). But for now this will do.