Three's unfair lockup

Internet on the Train

As many of you know, I have a Nokia E65 from Three mobile.

Lately I’ve been enjoying the device and its unlimited Internet access by dialling through it from my Thinkpad X61. I’ve only just started using this cool feature, as Three were giving me scary mixed messages… I went into a store and they told me I would get charged extra for using Internet from my laptop. I think there might have been confusion WRT the Three USB dongle which I think most people are supposed to get “mobile laptop” Internet access via Three…

I want my mobile unlocked as I want to be able to use my mobile abroad with PAYG SIM cards from local Telcos. Example: I visit Israel. It’s insanely expensive to call local friend’s mobiles. It’s much cheaper to buy a PAYG SIM card in Israel and use that instead.

Why is it locked, especially since I’m on a contract? AFIAK Vodafone contract mobile phones are unlocked. You basically pay for the Three X-series phone in the very long 18month contract, which you can’t end without paying the whole contract off!

I called up Three and they told me they could unlock the phone for 20GBP. However in that case it will stop working with the Three network. WTF? I was asked a couple of mobile phone shops and they think like me, that’s bullshit. They also need one month’s notice for doing so. So basically if I want to follow Three’s unlock policy with my phone, I need to call a month before my contract expires. Unlock it. Then switch to a mobile operator which allows unlocked 3G mobiles like Vodafone. Isn’t that insane?

Another INSANE and incredibly annoying thing 3 UK has done is made the E65 impossible to upgrade. Nokia E65 sold by Three in the X-series program do not get firmware updates. I am not sure if you can change the Three specific product code to be a more generic Nokia E65 as others have ended up with a bricked phone.

I like the Nokia E65, but if Three has locked it and disallowed updates then it’s a unfair waste of money to me. :( It’s my phone and I want to exercise rights over it.

MM London Mobile UI comments

Acid2 on the hi-phones

Steve Ives talk I didn’t like. I didn’t like the thought that “user experience” testing was a novel thing. Putting the UI process down on paper is really basic. I also didn’t like the fact he advertised Taptu had 15-odd technology patents. He suggested I go to Google patent search to find what they are. No thanks and after visiting their Web page I don’t see anything innovative about mobile ring tone search. I wonder what kind of money they spend on doing “user testing” in their “mobile lab”. Opensource feedback channels are a lot cheaper and more valuable…

For example how do I leave a quick comment on Taptu’s feedback page? It says I have to log in! PLEASE. With Webconverger people leave really valuable feedback on a form that doesn’t even require an email.

My big problem with user experience testing described by Taptu and Scott Weiss was the short term nature of it. Getting a group of people in to test unfamiliar applications on unfamiliar devices for their impressions is just so naive. As mentioned before the opensource community feedback model is so much further advanced by being ongoing.

Scott Weiss’s Motorola comments were also disturbing. Using Motorola as an example of what happens when you don’t do their form of user experience testing was poor taste. His reasoning regarding RAZR‘s fourth soft key (wtf?) for Motorola’s poor performance of late was ever so slightly far fetched!

UI design and testing is rather relative. My collegue reminded me how first impressions of the Iphone was. Not good! Iphone won my respect over time. Another friend said to me how highly skilled testing really is. User experience is not really about getting people off the street and video-ing them.

Bryan Rieger’s talk on saving bytes by talking to your developers was better. But still a little misguided. Designers should know the limitations of CSS etc. on their target platforms like Iphone without “romancing” engineers. Bryan’s talk of a “less bytes” approach with say composite images was good, however he went too far by suggesting to generate graphics on the fly. Yes, that’s less bytes, but that’s very inflexible when you need a designer to change a graphic. Plus, most importantly, generating graphics from code doesn’t work on the most pervasive application platform on mobiles. The Web!

So uncharacteristically I didn’t ask any questions last mobile monday London UI because I thought I would just offend them if I spoke. To conclude I think their form of “corporate user testing” is far too expensive for the small company patent-free innovators. I don’t see how companies like Human factors can claim to have any “usability know-how”. Have you seen “Human factors” Web page? It’s overloaded! And the URL is laughable. If people are interested in usability and good UI design, check out useit and Edward Tufte.

Patent mistake

Kai in a wheelchair

It’s funny how people decide and rule on such things.

I heard on radio this morning that Adidas won a long running court case against a competitor who was using two stripes. Adidas fealt that it “prevented” (their own words) the use of their “Intellectual Property” of three stripes.

Yes, W.T.F. !

I want to fight this silly regulation. I wonder how best to go about fixing Intellectual Property laws. I’m particularly dismayed WRT software patents in the EU. However I can’t decide which organisation would be the most effective conduit of my time:

Are widgets popular?

Javascript is popular, but are widgets? We're well into 2008 now and 2007 was the year of the widget. ;)

I’ve been looking into widgets as they are defined by Opera and contributed to the W3C.

I believe widgets originally came from Apple dashboard. I personally don’t like it, though then again I don’t like MacOSX. Debian & dwm are much better. :)

So I tried some random widgets in Opera 9.27 yesterday and a couple of elements of the widgets struck me. The manage widgets didn’t divulge any security information and it’s kinda basic:

Manage Opera widgets 9.27

The next thing I worried about was since widgets are often touted in the sense of mobiles and scalability with SVG… doesn’t the fixed dimension properties of widgets kill that argument? I looked at the sources of a couple of widgets and the config.xml generally defines a widget’s width & height and generally the SVG graphics that go with it do too. I can’t figure out how to change widget size (scale!) on my desktop machine’s desktop. A difference between Widget&Web applcations is the viewport and I much prefer Web applications in a fullscreen tabbed environment. Floating windows is soo… Windows.

Anyway, the widget experience on mobile devices is probably better.
Opera mini by observation is Opera’s most popular mobile product. However since it’s Java MIDP based, it can’t run widgets on the mobile’s “desktop”. Doh. In fact anything Java I’ve discounted for this reason.

What about Opera Mobile then? Shurrely that has widget support? No it doesn’t on Windows Mobile 6 or the S60 in my test. Oh no, this isn’t looking good.

Widgets & Nokia

Ok, there must be another widget implementation! The Nokia Web runtime for example. “Unleashing the power of the Web with Widgets” the headline on Nokia’s page reassuringly says. Then it links the dead WebKit S60 port. Ummm… ok. I never tried widgets in this browser. Lets give application/x-gadget or even application/x-opera-widgets a try. Unsurprisingly widget support by Nokia does not work on my Three E65 device. I did find a porting guide, but I can’t find the Web runtime. WTF is it?

Update: You need an N95 8G with Nokia Feature Pack 2 to unleash widgets on Nokia. Unfortunately my collegue’s brand new N95 from Germany does not have FP2 installed. Goddam, upgrading Nokias requires Windows, time and an ability to endure pain. I suspect it’s even harder to upgrade if you have an N95 with Vodafone Live! branding, like it is with my Three E65 device.

So are the state of widgets really this bad? Or have I missed something? If we cut the hype, we should just call them (Offline) Web applications, in the near future.

Go faster Mozilla

Fennec VERSUS FF3b5

I’ve been using Firefox 3 (beta5) pre-release lately, because it’s faster than Firefox 2.

  • FF3 doesn’t seem work on China’s biggest portal. If the desktop browser can’t grok this, what chance does Firefox Mobile (think developing markets)?
  • Autocompletion with “AwesomeBar” (I think it’s called) sucks for me. How do I turn it off or make it act like it did in FF2?
  • Image zoom caught me off guard. [View -> Zoom -> Zoom Text Only] to disable. I look to a future of scalable images.
  • The bookmarks stuff seems like a disaster. I want it all removed. I prefer simple bookmarklets and
  • I need to update my extension for Webconverger
  • No OGG video support :(

Generally I don’t like their “session management” (browser.sessionstore.resume_from_crash false). It would be good if I could simply ‘lock’ certain tabs like Gmail, which really must be my first tab. I also want it locked so I can’t accidentally navigate away from it which I have done far too many times now.

I am most impressed by the improved “feel” or responsiveness of FF3. I really hope Mozilla can concentrate on re-factoring their code to squeeze it into their ‘fennec’ mobile browser. Update: Blassey kindley informs me Fennec and FF3 are the same rendering engine.

Mozilla’s mobile codename ‘Fennec’ is outperforming microb significantly already. That’s great though after reading a first look I am little bit disappointed to see talk of XUL. I’ve created extensions and I think XUL is crap. I much prefer working within the Web paradigms of JavaScript and CSS. Addon support is fantastic though then again, my experience of extensions/addons/whatever-they-are-now-called is that they can make Firefox slow. Which is bad bad bad.

Actually, when I think about it, an addon could be called a widget.

Iphone SDK doubts

OMG, the Iphone SDK has been with us a couple of months. Aren’t you blown away by those killer applications?

Mozilla/5.0 (iPhone Simulator; U; iPhone OS 2_0 like Mac OS X; en-us) AppleWebKit/525.17 (KHTML, like Gecko) Version/3.1 Mobile/5A240d Safari/5525.7

Yeah, what killer applications! Update: A friend kindly informed me no iphone applications will be on general release until version 2.0 of the Iphone is released. Currently we’re on 1.4. So that’s why. :)

The most amazing thing I’ve seen is video playback with iplayer which is… a Web application.

I see a number of problems with Iphone’s developer environment:

  • There isn’t a community (there is a “hacker” community I give you that)
  • You want to unlock your device and also work with Apple’s SDK? Er… good luck
  • Xcode IDE development stack IMO is very beta and unstable. for e.g. I can’t seem to “provision” my Ipod touch. w.t.f.
  • WHO the HELL is going to learn Objective C?
  • You can’t ssh to the device unless you unlock it. Bleh.
  • There no C/POSIX support AFAIK. If there is, please show me some sample code.
  • If you build an application you basically have to distribute it via Apple Itunes right? That’s incredibly limited.
  • Bad packaging
  • Developers need to be Mac users right? Those MacBooks are expensive.
  • Developing for Safari is so much easier. A webclip (“native” menu item for Web app) is painless for example and it’ll work on unlocked or locked Iphones!
  • You need an Apple Developer Community(ADC) login. PITA.

Ok, you could painfully install a proper GNU toolchain. But seriously. It’s so much easier on other devices like maemo, I just can’t be bothered. If then, I amazingly write an innovative native C application I (assume I) can only deliver it with on an unlocked Iphone. That’s so not great.

I really don’t see the “native” Apple Iphone platform working for 3rd party developers. The Web application platform, yes, though not this…

I’m left wondering why Apple don’t instead expose device APIs.

Brute force attack excuses

Ramekin & cream

When you hear of “Brute force attacks”, you can generally find flaws.

First off a brute force attack can EASILY be avoided by a correctly configured server or firewall.

If the server can’t raise an alert or throttle a brute force attack after say 5 wrong attempts it’s really badly configured.

With that in mind:

Companies who sell security products for example with:

  • long password lengths
  • choosing certain digits of a password (note they would have to store an unhashed password, which is dumb)

To offer better security by mitigating brute force attacks on the client side, are wrong.

Conclusion: Brute force attacks in most cases should be handled by extra logic in the server, not the user.

New Wordpress maintainer

Drawing domestic bliss

Since my DAM rejection earlier this year I’ve been trying to cut down on Debian work. Unsurprisingly (and perhaps surprisingly to some) I fealt a bit emotionally drained and demotivated from defending myself and working with debian security.

Lately I have been working with new maintainer Andrea De Iacovo and I am very pleased with his work on Wordpress. Wordpress takes most of my time, like the beautiful day of Saturday yesterday. :)

Unfortunately Andrea has had problems finding a sponsor, though a Wordpress security release expedited matters and got Nico Golde’s upload powers into action. :) So if you’re a DD and you use Wordpress, please help out Andrea.

Before I get unsubscribed from Debian Planet, I thought I should pimp my:

Both based on ikiwiki. ;)

Anyway, I am still around of course. Met some great people in the Debian community and sadly some pretty pedantic unfriendly ones too. Final suggestion for DDs: Revoke your GPG keys more often and go to less key signing parties. :P

Chip & Pin rant


I am in a foul mood as I left my card in my pin sentry device and hence had to survive without any money today. Fantastic tiny marvels of technology aren’t they?

Sidenote: Why the HELL does Barclays require the last five digits of my card? They already have my membership number. Are they trying to prevent a brute force attack?

Why not make a physical token robust and small enough to fit on my existing key ring?

Most ATMs in the UK still use the barcode strip, so umm… where is the security benefit of the chip?

The new generation of chip & pin cards (just had my nationwide card replaced with no warning) might be more secure, but why… WHY do they require my signature on them?

And my name, card number, expiry date, sort code and account number. A name, sort code, account number and phony signature is a enough to start ripping money out my bank account with direct debit. It’s even easier if you copy down my card number, expiry data and daft CVV numbers. So all the usual risks are still present.

If you really care about security, get rid of that insecure legacy crap on your new cards.

One step forward and two steps back. To all those security experts employed by banks who make my life more difficult, fuck you.

The Great Debaters critique

by Kai Hendry, on Flickr">Winning debating team :)

Last night I watched The Great Debaters and I have a few problems with the movie.

For me the skill and fun in debating is to:

  • not prepare speeches (more than say 10 minutes in advance)
  • to analyse the key arguments from both sides

Some of the most satisfying debates is when I would have to argue for something I loathe, like patents. In the movie, besides the “welfare” speech, I didn’t see the emphasis on the great debating skill of playing devil’s advocate.

The movie didn’t really detail how debating works. I recall there being just one reference to a fallacy in the film. This could have been explored far better by the writers, instead of a dull love triangle.

The affirmative = proposition and the negative = opposition. Grrr…

There was too much emphasis on dates, fact & figures, references and statistics. Any good debater knows to stay clear of that. Quotes (just one for me) are OK, but not to base a speech around!

The movie actually raises the age old classic example of Ghandi and his peaceful protest. I love to rip that argument to pieces, as a good counter-argument was the British Empire was too weak from the World War to hold onto India.

The big speeches in the movie were sadly generally emotive ones and played to their parts or rather to the the colour of their skin.