IT

In an earlier article, I described my first experiences with Bluetooth. I had managed to get both my Palm Tungsten T and my Sony Ericsson T68i to sync with Outlook. I had since managed to get my laptop on the Internet via Cingular Wireless’ GPRS service.

Yesterday, I finally stopped procrastinating and configured my Tungsten T to browse the web and send/receive email via Bluetooth and GPRS. Cingular, like all other US carriers, very poorly documents its GPRS service but some Google footwork (and using Mergic Ping to find out their documented DNS servers do not work) got the job done.

Cingular doesn’t operate an outgoing SMTP server to allow its customers to send email, and any public SMTP server without authentication is likely to be blacklisted by spam filters as an open relay. Fortunately my company’s Postfix SMTP server supports SMTP AUTH, as does the Palm VersaMail 2.0 client bundled with the Tungsten T (no SSL/TLS, though, you have to use VersaMail 2.5 which requires a PalmOS 5.2 device like the new Zire 71 or Tungsten C).

All in all, this confirms my earlier assessment of Bluetooth as a technology not quite ready for prime-time yet. This whole set-up procedure is certainly nowhere near user-friendly, thanks in great part to voice-dominated wireless telcos’ general cluelessness about data.

Interestingly, Bluetooth works better between devices such as my TT or my T68i than between devices and my PC (where associations keep resetting), in spite of the limited software upgradability of these devices compared to a PC. Obviously, it helps that the TT-T68i combination is explicitly tested as part of an agreement between Palm and Sony Ericsson, but still, it’s rather worrisome for the likes of Microsoft that the PC’s software entropy defeats its higher capabilities. Admittedly iMac works better with Bluetooth than my PC, so this probably tells more about the immaturity of Bluetooth middleware stacks on Windows than the whole PC as digital hub approach in itself.

Browsing the web from my PDA is very neat, but I doubt I will use it very often, because of the incredibly high prices US carriers charge for wireless data. Cingular charges $6.99 per month for 1MB, with 3 cents per extra kilobyte. Compare this to Orange France, who charge € 6 per month for 5MB and 3 euro-cents for 10KB, i.e. US carriers charge almost ten times as much. Just checking out a handful of test pages ate up 15% of my monthly quota… (email is more efficient, however). Compare this also with how much Cingular charges for voice ($39.99 per month for 600+5000 minutes at 13kbps, $0.49 per minute afterwards, which works out to 7.5 cents per megabyte of voice).

Wireless carriers still consider wireless data a business-oriented service (i.e. license to gouge). This attitude explains in large part why in a recent Metrinomics survey, only 1 in 8 respondents thought 3G wireless would be their wireless data technology of choice over IEEE 802.11 “WiFi”. To paraphrase an old saying about IBM, telcos seem to think when they piss on something, it improves the flavor… (for a contrarian perspective, read this The Register article). Unfortunately, WiFi hot spots do not have universal coverage today, and you still need GPRS as a fall-back, but the new WiFi-equipped Tungsten C does not include a Bluetooth port (otherwise I would have bought one).

If you need help with such a setup using Cingular, don’t hesitate to drop me an email via the “Contact Me” icon for some tips.

Update (2003-09-04):

I tried to use GPRS while in the Chicago area over Labor day weekend. Unfortunately, when you roam, the GPRS settings of the other network do not match, in this case DNS lookups were failing. Since I had no way to determine what the correct settings for AT&T Wireless were, I had to fall back to dialup. Just more evidence of just how clueless mobile phone companies (and the standardization committees they support) are about data.

Update (2004-01-14):

Here is a cute real-life story of a wireless Internet via Bluetooth saving the day

One of the holy grails of networking is “always-on” connectivity, whether wired broadband or wireless (some telcos even thought there was a market for ultra-narrowband always-on at below 16kbps using ISDN signaling D channels). With the quiet but inexorable progression of broadband, this is coming closer to reality. All sorts of interesting applications become possible when you have such connectivity:

• Home automation: remote monitoring of alarms and thermostats, programming your ReplayTV/TiVo remotely

• Automated unattended network backup

• Self-hosted weblogs

• IP telephony and videoconferencing

One key enabler remains unaddressed: quiet PCs. Most PCs make too much noise (usually around 60-70 dB) to be left running all day (and all night).

Some vendors like Dell hide this information deep inside their websites, when they even bother to measure it. Some, like HP/Compaq list unrealistic figures (I have a Compaq Evo D315 rated at 26 dB (point of measurement unspecified but probably from an “operator position”), which I measured at 55 dB using a Radio Shack sound meter). Apple is the only mainstream vendor that has paid some attention to this problem, but even they have backtracked: the iMac G4, while relatively quiet, is still significantly noisier than the PowerMac G4 Cube it replaced.

Always-on connectivity will not realize its potential until computer makers seriously tackle this issue and make computers that are quiet enough to be left running all night in a bedroom.

This would require a change of emphasis from bleeding-edge processors, that are highly profitable, but also power-hungry (and thus require big noisy fans to cool down) when their power is almost always untapped. Just as many more ultra-thin laptops are sold in Japan than in the US because US consumers are not clamoring for them, the situation won’t change until users demand quiet PCs.

Most of the work on quiet PCs is done in more environmentally conscious Northern Europe and Japan. Some resources:

• A Swedish page on Silent PCs

• The Silent PC Review has some interesting articles.

• A number of quiet PCs using the mini-ITX form factor and the low-power VIA EPIA-M chipset can be found at www.mini-itx.com.

USB enabled flash memory drives have become popular as a floppy replacement (Dell actually offers them as such). They come in all sizes and capacities, most often 64 or 128MB, are usually shaped like keychain fobs. One model, the Intelligent Stick from PQI is particularly compact as they got rid of the USB connector metal shield to make it merely as thick as two stacked quarters. I keep mine in my wallet, with a basic toolkit of Windows debugging utilities and important scanned documents (passport, e.g.).

There’s not much to say about it – these gizmos are pretty much commodities nowadays. The remarkably thin design is very convenient, of course, although it also means the intelligent stick can’t be used on a keychain. The ferrule-free connector design mostly works, but in some rare cases it can lack traction and have problems staying put in a USB socket. In spite of the compact size, PQI managed to put a tiny write-protect switch (you can see it at the right of the stick on the picture) and an activity indicator LED, both nice touches.

Update (2003-11-07):

They are now also available in 256MB and reportedly 512MB sizes, and now ship with a USB adapter that has a complete metal ferrule for those rare situations where the simplified connector does not stay put.

Update (2004-12-07):

The Intelligent Stick is now available in 1GB capacity, and supports USB 2.0.

Phil Windley quoted me as a skeptic. Since his website is widely read and this is a hot-button issue for many people, I would just like to clarify my position on the issue.

I think open source is quasi-necessary but not sufficient for true security. Closed source solutions basically means blind trust in a vendor. I wouldn’t take relatively serious vendors like Oracle or Sun at face value, let alone one with a chequered past like Microsoft.

That said, the availability of source is not in itself a guarantee that security bugs will be found proactively, for two reasons:

1. The “with enough eyeballs, all bugs are shallow” fallacy. While this may be true of a known bug, security is like the proverbial weakest link in a chain. Once a security bug is identified, it is relatively easy to fix and distribute, the real problem is becoming aware of its existence in the first place. This can only be done by systematic source audits searching for patterns like buffer overflows. This kind of systematic audit, as practised by the OpenBSD team or some companies like SuSE is neither easy nor cheap. It will certainly not come about because a casual source browser stumbled upon an issue

2. Secondly, even a full audit of source code is not sufficient to identify all vulnerabilities. Ken Thompson, the inventor of Unix, demonstrated this in his classic paper Reflections on Trusting Trust (PDF) where he put a backdoor into the login program and successfully concealed his tracks in the source by moving the backdoor to bootstrapped compiler binaries.

From CNET News.com:

Flat-panel monitors to take market lead

Flat-panel monitors for desktop computers are expected to surpass traditional cathode ray tube monitors in revenue this year, a sea change for the display industry.

And a good thing too. CRT monitors contain large quantities of toxic materials such as lead, and their disposal comes at a terrible human cost. All my home desktop machines now have LCD monitors. If you are in the market for a monitor, please spend the extra $100 or so. Your eyes and the planet will thank you.