FU-BAR

There is a successor for the Free Software phone that OpenMoko Freerunner was. While the Freerunner was officially called GTA02, this new successor is called GTA04 and there is a group buy effort going on.

I know the price isn’t very cheap, but we aren’t a big company able to order in bulk hundreds of thousands of devices, if not millions, so 449 € + shipping for the first batch if we get 400 buyers will help get this phone into the hands of some Free Software developers.

Some reasons to buy one of these (the tricky part is having a Freerunner case if you want to use it as a phone):

1. you are a programmer, you have some money set aside and you want to help develop a Free Software anti-vendor stack like wiki.freesmartphone.org/index.php/Main_Page
2. you are not a programmer, but you can contribute with other important stuff like testing, designing, and have the money to buy a device into which you’d be able to test your stuff
3. you only want to use a Free Software phone, and as such will have a lot of tolerance towards the inevitable bugs of new emerging platforms that don’t have millions of Euros to hire full time programmers, designers, etc.
4. you have some money and would like to give that phone as charity to one of the above
5. you are an angel with a lot of money, and would like to offer the first batch to the amount of registered buyers (under 400)

I would fit somewhere between 1 and 2 except I can’t afford 449 € on this, so I’m kind of hoping for someone circa number 5…

As some of you might know, I write a µ-blogging tool called elmdentica. It is a client side application developed with Elementary, an EFL library oriented towards small touchscreen interfaces. I only recently learned that Twitter is dropping Basic Authentication support coming next June 30th. They claim it’s insecure because:

1. with http credentials go in the clear (no problem here)
2. with https, some people may think it’s too expensive (only complete idiots)
3. applications have to store user credentials locally

As an alternative, they are making oauth mandatory for APIs that need authentication. While their reasoning may make sense in the context of massively concentrated web applications (think Twitpic and similars) this is absurd for client application like those running in your cell phones or computers.

Let’s take a look at the problem…

oauth gives you a consumer key and a consumer secret that authenticate your application. They don’t authenticate the user, they prove Twitter that you’re a legitimate and registered application.

If both key and secret became public, anyone could make an application pretending to be yours. While someone making a clone of your program isn’t a real problem, if someone writes a trojan horse… then there could be a problem, no?

Well, with oauth, both key and secret need to be known by the application during run time. So at any given moment, the computer running your application will have these two important assets. Either because they are embedded in your code, or because you download them live from a site. The fact remains: they are for all practical effects no longer secrets.

In web applications, no user accesses the only running copy of the software holding both key and secret, so oauth works there.

What about xauth?

I haven’t read much about xauth but after reading this page explaining what xauth is, I’m absolutely convinced the problem remains and wasn’t even tackled. The only issue that was solved, by requesting an user’s login and password only once, without need of local storage or visiting a web page, was an usability issue for client applications.

The real problem is still there, so Twitter is wrong and should not drop Basic Authentication from the https interface.

If they do, elmdentica will very likely not work on Twitter anymore. I don’t care much about that, but the users of elmdentica may care. That pisses me off.

What now?

Fortunately, there is a better alternative to Twitter if you value software freedom called identi.ca. More than just using, you can have your own “Twitter” by installing the Free Software that makes identi.ca, which is StatusNet.

At least they have no plans of dropping Basic Authentication. Hurra!

It seems the problem with those weird libcurl errors when you enabled the secure option (basically https) is that the ca certificate bundle is missing in SHR’s OE build (perhaps it’s on all OE builds, don’t know).

There is, fortunately, an easy way to fix it (as mentioned in the openmoko communiy list).

All you need to do is copy your own ca certificate bundle (in Fedora it’s /etc/pki/tls/certs/ca-bundle.crt ) into the proper place for OE’s path: /etc/ssl/certs/ca-certificates.crt

So now you can enable secure, rather than faster

As usual, the weekend at FOSDEM is awesome. It all started on the previous Wednesday as I flew from the day job towards Brussels. Still nobody I knew there, so I basically went straight to bed.

The adventure started at the capacity event conference organized by EDRi at the European Parliament. I enjoyed very much to finally meet some people I only knew online, some of them for quite a few years.

The theme was, of course, digital rights in Europe. ACTA is some scary shit, not so much about the undemocratic secrecy, but because of the few contents that have spilled out, like three strikes to take you off the Internet, criminal offences for copyright, trademark and patent infringement, etc. No wonder the European Comission representatives claim ACTA will not change european law, I mean… just add up the EUCD, IPRED1, Data Retention Directive, eventually IPRED2 and other Trade Agreements that are happening, by the time ACTA comes up all the scary military-state-like laws will already be in place.

So it’s true, it won’t change, because change is happening before ACTA comes to be. Fait accomplit!

More about this theme at a later posting, reflecting my summary of the event. Get ready for the real life pirates who are threatening our digital rights.

It was almost midnight when I learned that a good friend I was expecting to meet again was getting married the following morning, so I had to join @jwildeboer (who had just flown in) for one celebratory drink, which ended up with a few hours of a very interesting talk with @kanarip. He’s an amazingly interesting no-bull-shit guy, if you ever meet one. Respect!

Unfortunately I had to cut the event short and missed the last quarter, Friday afternoon, to join an OpenForum Europe meeting. At some point the warm fuzzy feeling of a family getting together was felt in the room

After that, dinner with more interesting people. Some came from the EDRi event, some from the OFE meeting, and one (@webmink, whom I felt very honoured to have personally met) was already waiting for us at Le Roi  before dinning, and let me tell you that before eating at the place Simon took us, the Roue D’Or at Rue des Chapeliers, I though there was no decent food in Brussels (even if you have to be a bit of a masochist with the service).

After that, realizing that the FOSDEM #googlebeer event at the Delirium was so packed it was impossible to stay there, Mark Taylor joined us as we moved to A La Morte Subite for a drink with some Java developers.

Next morning, FOSDEM. Met @stephwer and Jan for breakfast then came back for a couple of talks before meeting up with more people I haven’t seen for a while, like @zoobab who was kind enough to host me last year, and some of the great guys from Tux Brain, who buzz fixed my OpenMoko (and David Samblas posted a lot of pictures).

Then we left early, for #statuscheck, the Identi.ca meetup at A La Morte Subite. Finally meeting @evan, the founder of Status.Net (formerly Laconi.ca), the Free Software behind Identi.ca (it’s like Twitter but with the cool people), fellow OpenMoko user @pieterc, and some awesome guys like @rejon, @gbraad, @blizzard (whose beard is not at all nearly as black as his avatar’s) and all the others in the table:

#statuscheck meet up

@bugabundo (who could not go), asked me to send @evan a hug, here’s the evidence (thanks to @pieterc):

Hugging @evan

After #statuscheck, joined @webmink and some friend of his for dinner at Roue D’Or again (yum, yum), and then we joined a couple of Mozilla People, namely Patrick Flich, who together with @webmink and I stayed up until expelled from a bar which wanted to close down. Good excuse for going to bed

The day after I had to do some chocolate shopping before FOSDEM, so I missed half the OpenMoko talks at the devroom. Still… I arrived in time to meet heinervdm, mickeyl and GNUtoo.

Then I me @alxc from April, @floschi from LiMuX and attended @rejon’s and @vegyraupe‘s Ben Nanonote talk. A very interesting and promising device, I hope it’s successful enough to launch Qi Hardware into a bright future. Check it out! Now!

Then I had to get back straight to the hotel, as I was going to wake up at 4am in order to get back to Portugal, straight to my day job. It was like waking up from a dream.

I wish it was FOSDEM for all year long

Screenshot of account editor at the settings window.

Hi,

I’ve just release ElmDentica 0.8.0 with a bit more polished screens and exciting new features:

• you can have more than one account, and if you have many accounts, only a few of them enabled or disabled quickly.
• you have a messages and posts cache (albeit the last one is still incomplete)

So there you go, download if you’re too impatient to wait for SHR-unstable to update

• elmdentica-0.8.0.tar.gz (elmdentica-0.8.0.tar.gz.asc)
• elmdentica_0.8.0-r1.4_armv4t.ipk ( elmdentica_0.8.0-r1.4_armv4t.ipk.asc)

One of the problems people complain about my calls from the Freerunner is *bad*sound*. Lot’s of background noise, static, etc. I’m not talking about the familiar buzz problem, as I’ve had the buzz fix applied to my phone. However what I found to fix this problem on my phone model (GTA02v5 + buzz fix) goes totally against the official information. So much so that there’s at least one person who, from his very good knowledge about this subject (Really! This is *not* sarcasm!), thinks this fix is as good as putting some peanut butter over the microphone [1]

I know of at least one other person who claims to have better sound on remote end from this fix, but I think I need to drop the challenge. Can you try the current SHR Unstable, apply this fix and then report on the mailing lists your results?

You can? Good! So here’s the fix:

1. call someone who noticed your bad sound and check whether the sound is still bad, then finish the call
2. edit /etc/freesmartphone/alsa/default/gsmhandset
3. change control 63 (it’s also on line 63), so that it ends in 3 rather than in 2:
   1. Old value: 63:'Mic Sidetone Mux':1:2
   2. New value: 63:'Mic Sidetone Mux':1:3
4. call that person again and check the result

Alternatively, in one call, you can ssh into your phone and use alsamixer to change the same control, but this change will not be persistent until you do the steps above.

Old Value

New Value

So let’s hear your results, nothing like a good empirical experiment.

[UPDATE: Added sound recordings]

In the following recordings (complete set here), I said «The quick brown fox jumps over the lazy dog» starting with Mic2, then Right PGA, then Left PGA.

1. in perfect conditions;
2. with tv making background noise (news);
3. 2. + computer playing loud music («Te Quiero Puta» from Rammstein) at the same time.

Screenshot of release 0.7.0

Press a bubble for about 1s and magic action possibilities will show up.

Hi everyone! ElmDentica hasn’t had a new release for a while (*cough*cough* proving it works so well *cough*cough*), so I though I should share with you the new stuff in the development of this release.

The news are:

• Replacement of the side buttons by hover’s fired up by pressing for about 1s over the bubble
• Usage of inwins for entering user and domain data in the settings window
• Usage of hoversel to gain a few more space on the toolbar, specially for future features

So that’s about it… you can get the package from the usual places, the project’s web-site, by upgrading shr-unstable as it upgrades elmdentica on next autobuild, building it yourself, etc…

• elmdentica-0.7.0.tar.gz (elmdentica-0.7.0.tar.gz.asc)
• elmdentica_0.7.0-r4_armv4t.ipk (elmdentica_0.7.0-r4_armv4t.ipk.asc)

Remember when Nokia wanted to give a lesson regarding software patents to Free Software people? Like «they’re ‘m’kay? We know best, m’kay?»

Well, I was really anxious about the Nokia N900, the 4th Nokia GNU/Linux internet device which now has the ability to make phone calls! It’s an impressive device… cell phone (3G, yay), camera with enough resolution, GPS, wifi, decent graphics card, powerful processor, a half-decent amount of memory, more than decent storage, etc…

It is also being branded as so “open” that software freedom lovers would love it. This seemed like really good news, no? Well, like the saying goes… when it’s too good to be true… it most probably ain’t.

I tried to figure out how “open” the device is, and wasn’t really happy. After more than 70 comments, Quim (who works at Nokia) spills the guts:

Nobody claims Maemo is the 100% free mobile OS and the N900 is the 100% free mobile device. I claim is currently the most interesting combination for a free software lover thanks to its standard Linux stack, possibility to modify the platform and access to the root. The % closed helps Nokia getting a sustainable business model