Running Linux on a Thinkpad R40

So the new Laptop is an IBM Thinkpad R40, and I’m pleasantly surprised how smoothly Fedora Core 1 works with this machine. While some stumbling blocks remain in getting Linux to run smoothly, solutions for most are readily available — and the res…

So the new Laptop is an IBM Thinkpad R40, and I’m pleasantly surprised how smoothly Fedora Core 1 works with this machine. While some stumbling blocks remain in getting Linux to run smoothly, solutions for most are readily available — and the rest just works.Some lessons: In order to actually use the entire mouse assembly (touchpad with two mouse buttons, trackpoint with three (!) mouse buttons), it’s best to use a patched version of GPM in repeater mode. For the internal modem, the only thing that works so far is a recent SmartLink driver. Note that the Agere drivers recommended by IBM don’t seem to work. The final and surprising problem was getting the laptop’s infrared to work: An old-style IRQ collision between te IRDA chipset and a PCMCIA card was the problem; to solve this, I just made sure that PCMCIA isn’t started before IRDA.The one thing that isn’t working, yet, is the built-in Centrino Wi-Fi. But there is hope.

Needed: Non-crappy e-mail address verification and a Google bomb.

Chris Ambler discusses TLD strings and is concerned that ICANN could worry too much about the problems new TLDs have had in the past, with code that would claim that anything with a TLD segment of more than two or three characters was an invalid d…

Chris Ambler discusses TLD strings and is concerned that ICANN could worry too much about the problems new TLDs have had in the past, with code that would claim that anything with a TLD segment of more than two or three characters was an invalid domain name.I sincerely hope that Chris is wrong about that — for two reasons: One, fools are inventive enough to not just assume 2 and 3 letter TLDs (Google hit #1 for address validation javascript), but to also check for the now-existing gTLDs, while essentially sticking to the same broken design — or, worse, not even being flexible with three-letter TLDs. Two, what I’ve heared on this topic in Rome sounded extremely reasonable. While John Klensin’s RFC 3696 on the topic wasn’t mentioned there — at least in the public forum –, others have recognized that the easiest cure is probably to implement (or just find) free sample code for domain name and e-mail address verification, and to Google-bomb that code.In other words: Let’s help the market take care of that.

Phishing, SSL, and WHOIS.

Via comp.risks: Netcraft: SSL’s Credibility as Phishing Defense Is Tested. The unsurprising news: SSL certificates (mostly) deal with domain names. Only that match can be verified by a web browser, and signalled by a closed pad-lock. The security …

Via comp.risks: Netcraft: SSL’s Credibility as Phishing Defense Is Tested. The unsurprising news: SSL certificates (mostly) deal with domain names. Only that match can be verified by a web browser, and signalled by a closed pad-lock. The security is ultimately based on a match between a domain name and the “site” the user wants to visit — that is, “Amazon,” “Deutsche Bank,” “Earthlink,” “Microsoft,” “IBM”, as opposed to, e.g., “ibm.de” or maybe “ibm.com.” Linking the “site” (i.e., the user’s idea of who the merchant is) to a domain name is, realistically, left to trademark law and the UDRP. This doesn’t work for little-known marks. Less realistically, it is left to WHOIS, which, as many proponents of open access tell us ever again, is used by consumers to “verify” online merchants. This doesn’t work at all — most “ordinary” net users I know don’t even have an idea what WHOIS is, and then again, we all know the database is inaccurate, can’t be made accurate, and doesn’t even have the data elements you’d ask for. When consumers are confused about the domain name they are visiting — be it due to typo-squatting, be it due to cleverly crafted deceptive URLs –, though, SSL, WHOIS, trademarks, and all that stuff don’t even have a chance to help them. It’s this kind of confusion that the latest phising expeditions exploit.How do you fix this? Make sure users can’t easily ignore information about the merchant that’s behind a site. Display it in a state bar that can’t be scripted. And don’t take it from WHOIS, but take it from the SSL certificate.

What Laptop should I buy?

I’ve started looking for a new laptop — that trusty old Dell is asking ever louder questions about retirement benefits and less travel. There are three key criteria: The machine must be robust. It must have a good and extremely robust keyboard, s…

I’ve started looking for a new laptop — that trusty old Dell is asking ever louder questions about retirement benefits and less travel.There are three key criteria: The machine must be robust. It must have a good and extremely robust keyboard, since I’m typing much and fast. And Linux must run on it. By “Linux must run on it”, I don’t just mean “Linux boots”, but rather “can be used as a daily Linux workhorse.” That includes well-working networking and Wi-Fi equipment (though continued use of the good old PCMCIA cards I use with the Dell is an option), and that also includes that the graphics adapter must be supported by X11 — including that external VGA plug I need to plug in a beamer now and then! (Bad past experience with the Dell.) I don’t care much about Megahertz numbers and the like — in terms of processing power, about anything that’s availabe now would do.I don’t think a new Dell is an option — I’ve made some bad experiences in terms of hardware robustness (including a mouse button breaking off just because it’s being used), and the keyboard is so worn off it’s torturing me daily (after two years of not being used by the original owner, and one and a half years of heavy use under my hands). Right now, an IBM Thinkpad looks tempting; maybe one of the R40 or R50 devices.Thoughts, experiences, recommendations?

TLD proposal X is a bad idea. So what?

On the IP list, Karl Auerbach explains why a TLD for “mobile content” is a bad idea, even though it’s backed by major industry players. Karl’s arguments are convincing. But whom could Karl convince? I hope he does not convince ICANN: Because it is…

On the IP list, Karl Auerbach explains why a TLD for “mobile content” is a bad idea, even though it’s backed by major industry players. Karl’s arguments are convincing.But whom could Karl convince? I hope he does not convince ICANN: Because it is not (or, rather, should not be) ICANN’s business to decide whether a TLD proposal is a good or a bad idea. ICANN’s task should be to enable bad proposals to fail in the marketplace.Question: What should ICANN do when a seemingly “good” idea and a “bad” idea compete for the same TLD string? Auction?

“Protest! This policy is illegitimate!”

… that’s the ALAC statement that Karl Auerbach suggests we make everywhere until we have all the regional organizations in place. I’m sure that this input would be appreciated. But I’m also sure that it would have precisely zero influence. The G…

… that’s the ALAC statement that Karl Auerbach suggests we make everywhere until we have all the regional organizations in place. I’m sure that this input would be appreciated. But I’m also sure that it would have precisely zero influence.The GNSO policy processes are not waiting until we can convince enough at-large structures to join ALAC and to provide some legitimacy. The processes are running. We have some ways to lobby participants and to provide some analysis from an individual user’s point of view. In my view, it would be entirely irresponsible not to make use of the — admittedly limited — possibilities we have.(Also, “we are involved there and there and there” is a much sexier — but maybe not sexy enough — marketing message than “with a lot of luck, we might have a chance to get involved there, but we haven’t tried yet, so we can’t tell you.”)

MUC: W-LAN as it shouldn’t be.

I’m now sitting at Munich airport, using Vodafone’s hot-spot here. 30 minutes Internet access cost me about 4 Euros (1,300 Star Alliance miles would have been the alternative — quite a price tag) — and several minutes for figuring out how to dea…

I’m now sitting at Munich airport, using Vodafone’s hot-spot here. 30 minutes Internet access cost me about 4 Euros (1,300 Star Alliance miles would have been the alternative — quite a price tag) — and several minutes for figuring out how to deal with the billing system that Vodafone put in place here. The system works by submitting credit card information through a web form, and then receiving a PIN through SMS on a mobile phone.For the customer, this system brings a large number of disadvantages over an open WLAN network; also, it’s unaccessible for anyone but subscribers of a few domestic mobile phone operators. What’s so difficult about providing free and open WLAN access as a commodity that just works when you neeed it?Later: It fits into the picture that the e-mail receipt arrives two days later and consists of a PDF file that’s tagged as plain text.