Frustration grew to anger and much like my Facebook Deletion a few weeks ago, if I was going to talk about openness I have to live it. Part of my switch from Mac to Linux again full-time was that I grew tiresome of the walled garden. I preach the EFF/FSF talking points and support companies that support the community…except for my phone…

So here it goes, a switch to a more free device. In all honesty I would rather do the N900 route, but there is free and hackable; and free and usable. The N900 is far from usable and much like every N-series MID before it, Nokia has screwed over the community by not supporting the device for more than a year. The device near and dear to my heart is a Palm Pre, but the lack of new devices and questionable future turned me off. WebOS is a beauty and if in a year (I go through phones like toilet paper) there is a new device I will surely pick it up. For now though, its time for a switch to Android. Froyo SDK has really impressed me and while there are VERY rough edges I am willing to bleed for the cause.

Oh and switching might just include a flip to Sprint…Evo 4g…yummy…

Android

https://wiki.ubuntu.com/HardwareSupp…sPoulsbo#lucid

It is now possible to upgrade to 10.04 Lucid with no issues. In fact the previous gobi WWAN, sleep, and qcserial hacks are no longer needed. On first boot everything worked other than the videocard. Go Linux!

• Intel you suck…suck hard…your own Moblin distro can’t suspend because you feel that “embedded platforms shutdown and restart” Guess what sparky, they don’t always. Fix your damn IEGD driver
• Dell and Ubuntu screw you both for creating some custom driver to send out on Dell 12 laptops. The driver I install now was extracted from your blob. Hate Theo from OpenBSD as much as you want, but no blobs
• Windows drivers for this card suck pretty bad too. There is a video demo of the GMA500 Poulsbo playing Quake 3 off a MID. The driver in Windows XP-7 cannot play flash without massive frame drops. Totally unacceptable with the 10.1 Flash Beta to still have such trouble

The distro I landed with was Ubuntu 9.10. It pains me because it will never recieve the GNOME 2.30 install, but with PPA I am good with most everything else. I will use this as my hold over until Intel gets off their butts and produces quality code. I used to tell people that the Intel series of cards were the best in UNIX world for out of the box drivers. Yes+but=NO Don’t sour your good name Intel

Link to Support Matrix Spreadsheet if you browser does not support iframe

Links:

• Arch Linux Forum Post for PKGBUILD
• Compile IEGD on any Linux Kernel
• Why you are screwed with the Poulsbo
• Ubuntu Howto for Poulsbo Install
• Makefile hack to get around later kernels not compiling due to drm_agpgart on line 527

• Intel Atom Z supports VT instructions. Really neat to boot KVM up on a little netbook
• NetBooks are usually cheesy, this machine feels solid and well built. Sony does some nice engineering, but there in front of your face is a SD card and HG Duo…
• Battery life is OK, I am considering the extended the battery, but really don’t feel the need based on the 3 hours I get now
• Verizon built in is awesome! Riding the metro into work today I was on IRC (irc.freenode.net) loving life. On the way home I fired up a skype session with no issue

No good:

• GMA500 is a stupid and horrible video card. Intel I hope you punch yourself in the face. The card is crappy in Windows and Linux, but especially linux
• Linux support is pretty good, except for the GMA500. I dare say this, but I am in the process of dropping Windows 7 on the thing due to Intels lack of professionalism. In a day of Linux Netbooks and NetTops this is reprehensible to ship something like this.
• The right shift key is worthless
• SSD slower than industry approaches

Overall I rate the laptop highly. Well worth the purchase

sudo vi /etc/pam.d/gdm-autologin and add the italic lines below

#%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
auth    required        pam_permit.so
auth    optional        pam_gnome_keyring.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required        pam_limits.so
session optional        pam_gnome_keyring.so auto_start
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password

The first step was to get a current version of OpenVPN installed on the Ubuntu 9.10 server. I decided to go with the bridge setup rather than a routed so that I could play more easily with my VMware clusters at the house and the lab with my BeOS and OpenBSD boxes.

sudo apt-get install openvpn bridge-utils

Next I setup a bridged adapter to use on the Ubuntu 9.10 box that would give me transparent access. Open the /etc/network/interfaces file in vi

auto lo br0
iface lo inet loopback

iface br0 inet static
address 172.16.1.102
network 172.16.1.0
broadcast 172.16.1.255
netmask 255.255.255.0
gateway 172.16.1.1
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

Afterward you need to restart the network interfaces

sudo /etc/init.d/networking restart

Since I was using the desktop edition of Ubuntu rather than Server (this machine was a pseudo desktop for a little bit) I had to enable ip forwarding by editing /etc/sysctl.conf with vi and adding

net.ipv4.ip_forward=1

Next few steps are to setup the CA you need for certificate generation. Easy-rsa is pretty sweet for quick and dirty CA for these type of things. You can also use the openvpn tools to do static keys, but where is the fun in that?

sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo vi /etc/openvpn/easy-rsa/vars

Change these lines at the bottom so that they reflect your new CA.

export KEY_COUNTRY=”US”
export KEY_PROVINCE=”VA”
export KEY_CITY=”Alexandria”
export KEY_ORG=”oneguynick”
export KEY_EMAIL=”nick@notlikelytopostinanopenwebsite.com”

Now to generate your root

cd /etc/openvpn/easy-rsa/ ## move to the easy-rsa directory
sudo chown -R root:admin . ## make this directory writable by the system administrators
sudo chmod g+w . ## make this directory writable by the system administrators
source ./vars ## execute your new vars file
./clean-all ## Setup the easy-rsa directory (Deletes all keys)
./build-dh ## takes a while consider backgrounding
./pkitool –initca ## creates ca cert and key
./pkitool –server server ## creates a server cert and key
cd keys
openvpn –genkey –secret ta.key ## Build a TLS key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../

These next two up/down scripts setup the bridge when the server starts. This is the magic in not having to perform the routing you used to be required to do in OpenVPN1

sudo vi /etc/openvpn/up.sh

This script should contain the following

#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ifconfig $DEV mtu $MTU promisc up
/usr/sbin/brctl addif $BR $DEV

Now, we’ll create a “down” script.

sudo vi /etc/openvpn/down.sh

It should contain the following.

#!/bin/sh
BR=$1
DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ifconfig $DEV down

Now, make both scripts executable.

sudo chmod +x /etc/openvpn/up.sh /etc/openvpn/down.sh

Below is my example /etc/openvpn/server.conf Customize as you see fit

mode server
tls-server

local 172.16.1.102
port 443 ## i am running on 443 rather than the default for firewall bypassing
proto udp

#bridging directive
dev tap0
up “/etc/openvpn/up.sh br0″
down “/etc/openvpn/down.sh br0″

persist-key
persist-tun

#certs
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0

#cipher and compression
cipher BF-CBC # Blowfish (default)
comp-lzo

#DHCP
ifconfig-pool-persist ipp.txt
server-bridge 172.16.1.102 255.255.255.0 172.16.1.50 172.16.1.60
push “dhcp-option DNS 172.16.1.1″
push “dhcp-option DOMAIN geekyschmidt.com”
max-clients 10

#log and security
user nobody
group nogroup
keepalive 10 120
status openvpn-status.log
verb 3

Afterward restart the OpenVPN Server

sudo /etc/init.d/openvpn restart

Now it is time to generate your client certs that you will need to copy to each device. I use n900 as the name here, but you can replace with whatever you wish. I try to keep names and machines close for my poor memory

cd /etc/openvpn/easy-rsa/
source ./vars
./pkitool n900

You will be left with a few files in your /etc/openvpn/easy-rsa/keys directory you need to copy to the device. In my case I copied them to the MyDocs/openvpn area of my N900 to be sure the applet could see them. Most linux machines store them in /etc/openvpn. The list of files to copy is below. Keep in mind that mine are named n900 due to the above pkitool n900 command.

1. ca.crt
2. ta.key
3. n900.key
4. n900.crt

Once those are on the machine you need to generate a config file. Here is mine from the n900.

### Client configuration file for OpenVPN

# Specify that this is a client
client

# Bridge device setting
dev tap

# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote notlikelytopostinanopenwebsite.com 443

# Client does not need to bind to a specific local port
nobind

# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule.
##You may need to comment it out.
resolv-retry infinite

# Preserve state across restarts
persist-key
persist-tun

# SSL/TLS parameters – files created previously
ca ca.crt
cert n900.crt
key n900.key

# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth ta.key 1

# Specify same cipher as server
cipher BF-CBC

# Use compression
comp-lzo

# Log verbosity (to help if there are problems)
verb 3

On the n900 you will need to install from extras-testing the openvpn packages

sudo gainroot
apt-get install openvpn openvpn-applet

Thats it! Click in your status bar with the n900 and import the config file stored in MyDocs/openvpn from earlier. It will import the keys into the correct locations and allow you to test the connection.

playback_mime_types=video/mp4-generic, video/quicktime, video/mp4, video/mpeg4, video/3gp, video/3gpp2, application/sdp, audio/3gpp, audio/3ga, audio/3gpp2, audio/amr, audio/x-amr, audio/mpa, audio/mp3, audio/x-mp3, audio/x-mpg, audio/mpeg, audio/mpeg3, audio/mpg3, audio/mpg, audio/mp4, audio/m4a, audio/aac, audio/x-aac, audio/mp4a-latm, audio/wav
playlist_formats=audio/x-scpls, audio/mpegurl, audio/x-mpegurl
audio_folders=.sounds/, .videos/, Music/
video_folders=.videos/, Video/
icon_names=phone-nokia-n900
folder_depth=2
coverartfilename=cover.jpg
coverartfiletype=jpeg
coverartsize=200

is_audio_player

Why the gadget lust when I have a top-of-the-line iPhone? Easy, I am a geek. While I enjoy the hell out of having nice and easy to use devices, deep down I want to tinker. My original move to Mac was because I didn’t trust myself to have a Linux or BSD machine with me on the road. Every waking moment would be spent tweaking the kernel or compiler options for just a little bit more speed. Bleeding Edge, you betcha.

Linux though has become a lot easier to use as of late. My days of Debian 1.3 are long gone and it has evolved to grandma levels. Can the same happen on a phone? The n700/800/810 I once owned were not able to.

The geeky things I care about:

• SDK that allows for quick-n-easy cross compiling of code
• Active user community
• nmap/kismet/libpcap based tools available
• IM client with encryption
• Terminal
• Multiplatform support

The shiny-side things I care about:

• Skype support
• Syncable media player
• Browser that can surf standard web
• Google Voice Support
• App support
• Multi-touch
• Maps
• Sync with the cloud

Things that annoy me:

• Steve Jobs
• iTunes
• DRM
• No published spec

When the device arrives I plan on walking through the device with each of those areas. I will pop the SIM card from my iPhone and turn it off for the period of time I have the demo unit. Results to follow in the coming weeks.

http://myn900.files.wordpress.com

http://bit.ly/4BYJer

When I started adding up the components for bluetooth, wifi, storage, and a remote the cost jumped. I ended up around 470 dollars and what would amount to a bundle of wires everywhere.

Wire Mess

At this point the laptop is just as nice an option with the amount of wires and dongles needed. I started to think about the Mac Mini as an option as the specs for the base model are about the same:

Depending on where Black Friday pushes the prices, it looks like a Mac Mini for me. News to follow on the buildout