Okay, just did some playing around, and I now have wireshark/dumpcap configured to use a password from my user account. (This is to prevent someone from using a trojan running as you to sniff your packets, if you’ve set up dumpcap to run setuid root, or with linux capabilities.)

To start wireshark, I run:

$ sudo -g netcap /usr/bin/wireshark

This prompts me for my own password the first time I run it, then sudo credentials take effect for whatever policy you have set on your system.

Instructions for making this happen on Linux Mint 17.2:

0) Read all these instructions and make sure you understand them before actually running them. If you have any concerns about them, check with someone you trust. If you break your system, you get to keep both parts, etc.

1) create a netcap system user:

$ sudo addgroup netcap

*don’t add yourself to the group* — by default, you _don’t_ want to be in the netcap group.

2) You can either use sudoers or newgrp to acquire group netcap permissions. Here’s the sudoers way:

In /etc/sudoers.d, create a text file with no “~” or “.” in the name (for instance, “netcap”), and add a line like this:

scott ALL = (:netcap) /usr/bin/dumpcap, /usr/bin/wireshark

(Replace “scott” with your own username.)

What this does is tells sudo that you can sudo to the netcap group for running either dumpcap directly, or running wireshark.

3) Use Linux permissions to only allow users in the group “netcap” to run /usr/bin/dumpcap or /usr/bin/wireshark (for good measure):

$ cd /usr/bin
$ sudo chgrp netcap dumpcap wireshark
$ sudo chmod o-rwx dumpcap wireshark

4) Enable the necessary Linux capabilities on dumpcap:

$ sudo setcap ‘CAP_NET_RAW+eip CAP_NET_ADMIN+eip’ /usr/bin/dumpcap

5) Double check that dumpcap is set up properly:

$ ls -l /usr/bin/dumpcap
-rwxr-x— 1 root netcap 77080 Mar 10 2014 /usr/bin/dumpcap

$ getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip

6) Finally, make sure it works:

$ sudo -g netcap /usr/bin/wireshark


You could also make dumpcap setuid root, but that’s overkill, and not recommended. wireshark uses dumpcap to access interfaces, so wireshark doesn’t require any special permissions on its own. DON’T RUN WIRESHARK AS ROOT.

Let me know what you think.


An acquaintance has brought up the possibility of keyloggers grabbing sudo passwords.  Prevent that with:

$ SUDO_ASKPASS=/usr/bin/ssh-askpass sudo -A -g netcap wireshark

Script it, and you’re good to go. ūüôā



This article is in response to one posted by an online acquaintance, found here:


In which Mr. Tim begins,

“This musing comes as a result of a topic brought up over on Usenet.

The crux of this article is around a fictitious headline of:


Take a few seconds to consider how you would feel, then maybe be kind enough to hear my view.”

His conclusion: ¬†“Bad idea? Yes completely, here‚Äôs why.” ¬†And he makes some good points. ¬†Unfortunately, some of the premises of his argument would not seem to follow.

And looking at everything that follows, I suspect I may have been too wordy with this post.  But maybe it had to be said.

So, let me lay out my view:  I think Office on Linux would make Linux more viable for enterprise desktops, which is an area where it has the potential to shine.

In fact, I think most enterprise desktops would do fine with the LibreOffice suite. ¬†However, as a practical matter, I suspect many businesses have processes dependent on Office, such as complicated Word documents, or complicated Excel spreadsheets. ¬†Loading these files into LibreOffice, and then cleaning them up, might be prohibitively expensive — especially when were talking about saving OS licensing costs. ¬†But for some office managers, this isn’t an issue, they just “want Office”. ¬†Okay, give it to them on Linux. ¬†Why not?

It should be mentioned regarding maintenance costs:  in the modern world, more and more Windows system administrators are gaining Linux experience, and have probably booted one or two desktop distros themselves, just to see what all the shouting is about.  Besides, their web site is probably running Linux anyway.  In short: Linux is not the black-box mystery to Windows administrators that it was (say) five years ago.

So there are the arguments made by Mr. Tim regarding how Microsoft’s software in a Linux ecosystem would cause it to suffer. ¬†One premise he makes is that the software would exist as part of a distro, and that there would be some kind of marketing (read: monetary) encouragement for a distro to “push” MSFT Office over other office suites in its default software manager. ¬†But this is a bit of a slippery-slope argument — because why would MSFT want to entrust the distribution of its software to the default software manager? ¬†I believe it would be more likely to be an online purchase, downloaded and installed by the user. ¬†Other commercial packages for Linux are the same way — why would it be different for Office?

(Note that this is different from the idea that I originally proposed — that Microsoft begin selling, and supporting, its own Linux distribution with the capability to run Windows software, which would include Office. ¬†Crazy? ¬†See below.)

Another factor — and certainly one to make one cautious — is that Microsoft has been a bad actor in the past, and not just with regard to Linux. ¬†Yet many folks may not realize that Microsoft is making contributions to the Linux kernel. ¬†Though those contributions (if I am not mistaken) are to help Linux run better under HyperV, they are still contributions to the Linux community that allow more people to run Linux (even if that is in a scary HyperV environment). ¬†Yes, Microsoft is guilty of a great many sins — but at some point, there needs to be recognition that they may be trying to pivot to being good actors in the global software ecosystem — though, certainly, there is reason to regard such activities with skepticism and suspicion.

So then we arrive at the crux of the matter: ¬†at what point do Microsoft’s contributions to free software show that they are acting in good faith, and have atoned for the sins of their past? ¬†In other, more “religious” terms: ¬†What is the “penance” Microsoft must undergo to be absolved from their sins?

I don’t think I am building castles in the sky with this question, and here’s why: ¬†Mr. Tim makes mention of the Usenet. ¬†Once upon a time, servers that operated to the Usenet’s detriment could be “punished” with something called the “Internet Death Penalty” — a harsh term, but adequately describes when the Usenet Cabal (tinc) would collectively stop listening to a particular server.

So consider, then, as similar idea: ¬†the “Market Death Penalty”. ¬†For some Linux and FOSS enthusiasts, there is no “penance” that Microsoft can undergo that will absolve them of their sins — to them, Microsoft deserves a speedy corporate death, no matter what they try to do to atone for their past behavior. ¬†This is the camp I’ve sat in for over a decade, and I’m still not sure that it isn’t a good idea.

In the field of ethics, this isn’t an idea without precedent: ¬†we know from game theory that the strategy for maximum benefit in iterated Prisoner’s Dilemmas is cooperation, unless the other player is determined to be a “scorpion” (one who never cooperates). ¬†(It’s a counterintuitive strategy, one that many can’t accept, preferring the “tit-for-tat” strategy.) ¬†Folks much smarter than I am have developed ethics based on such mathematical certainties. ¬†And even though they may not use these terms, those that advocate a “Market Death Penalty” for Microsoft have identified them to be a scorpion.

Of course, the world is a much more complicated place than “iterated Prisoner’s Dilemmas”, and we would be guilty of the fallacy of “sweeping generalization” to regard it as such. ¬†As one noted online tome[1] about logic points out, “This fallacy is often committed by people who try to decide moral and legal questions by mechanically applying general rules.” ¬†But, the concept of “scorpion” is useful, so let’s not through that away yet. ¬†Which brings me to my question:

Is Microsoft a “scorpion”?

I think the discussion all boils down to that. ¬†And with MSFT’s admission that they now only have 14% of the total markets that they operate in, I think we have them right where we want them.

Don’t believe me? ¬†Have a gander at this:


(Indeed, this was the link I originally posted to the Usenet, with the Subject heading, “What Nadella’s Manifesto means for Linux?”)

And what is the crux of that manifesto?  Here it is:

“More recently, we have described ourselves as a “devices and services” company. While the devices and services description was helpful in starting our transformation, we now need to hone in on our unique strategy.

“At our core, Microsoft is the productivity and platform company for the mobile-first and cloud-first world. We will reinvent productivity to empower every person and every organization on the planet to do more and achieve more.”

As Ars Technica rightly pointed out, these conflicting reports are very conflicting. ¬†After all: ¬†aren’t “devices and services” another name for “mobile and cloud” — in other words, mobile devices and cloud services?

I’ll skip the issue with mobile devices and talk about the Microsoft “cloud services”, which is essentially Azure. ¬†Simply put, they can’t hold a candle to what one can find with Linux. ¬†Linux is king of the “cloud world”, and a lot of that has to do with its licencing. ¬†AND, if you want to build your own Linux-based private “cloud”, all the software to do so is available for free, and the hardware is commodity hardware.

But, whither Azure? ¬†You can’t build your own private Azure “cloud” (cluster). ¬†(You used to be able to buy one from Microsoft, but I’m not sure that’s even available anymore.) ¬†So it’s a very limited cloud universe with Azure, one that is actually a bit orthogonal to the “real” world of cloud computing.

So that’s what I mean when I say “we have them where we want them.” ¬†I suspect — with some skepticism — that they will adapt to the realities of today’s IT world, and try to become a “good actor”. ¬†That adaption means working within the current software ecosystem, and atoning for a lot of sins of their past. ¬†If they ignore those realities, and continue to act in bad faith, we will start to see signs of that “Market Death Penalty”. ¬†If they act like a scorpion, they will eventually die in the market.

It’s almost like the days of yore with IBM — you would never get fired for recommending IBM, until their day was done.

Also — and I know I’ve been long-winded about this — there’s one other matter that needs to be considered. ¬†I don’t know if there’s any “law” already named for this, so I’ll just call it “Doty’s First Law of Organizations” until corrected:

“Every organization can be broken down into competing factions, all the way down to individual persons.”

This isn’t useful for mitigating Microsoft’s sins — because when the company does something, it’s the whole company that is responsible. ¬†However, when trying to predict future behavior, we often pigeonhole the entire organization as having one mindset. ¬†It’s easier to think about organizations in this way, rather than what they actually are: ¬†a collection of factions, all tugging in directions that may or may not match.

And within Microsoft, there is a free software faction. ¬†MSFT would do well to give great weight to anything they have to say. ¬†Because without their input, MSFT may continue to consider their software as part of an “economy”, rather than an “ecology” — the former being money-oriented, the latter being organic. ¬†While the former isn’t necessarily “ruthless” and “being a scorpion” in the business world, it does seem the larger a corporation is, the less conscience it develops. ¬†In today’s world, rare is the megacorp that isn’t widely hated — and Microsoft is certainly no exception to this rule, by far.

Finally, Mr. Tim did make an important point which I do partially agree with. ¬†The issue of host Microsoft Office software may become moot, if they transition to Office 365 overall. ¬†However, I don’t think he appreciates the virtual panopticon that comprises legacy media, nor that people’s reaction to privacy issues around “the cloud” have actually been quite outspoken (even if reporting on such outrage is sparse). ¬†So I daresay there is a chance that these huge cloud systems that we currently see on the landscape may be replaced, in time, with smaller, more private, clouds. ¬†Will there be a place for a hosted MSFT Office in such a world? ¬†I suppose time will tell.

It would also be interesting to see more cloud providers getting better marks on list such as this:


[1] http://infidels.org/library/modern/mathew/logic.html#accident



I wrote a comment on a news story posted by +NBCNews on Google+, linked here:


It reads as follows:

+Jimmy Norris The reason you don’t see other party members being elected is that the legacy media doesn’t take them seriously, so they don’t get the same press coverage.

Meanwhile, the people who own the legacy media like to keep us divided, “red vs. blue”. It’s “trolling for dollars” — good for ratings, and supports the status quo. Look who is in power in DC, and look who owns the legacy media. This is no longer “red vs. blue” but “up vs. down”.

Fortunately, this new media, this Net, is an end-run around the established structures that abuse the populace. For instance, take the Arab Spring — could it have happened without the Net? I doubt it.

By the way, I guess you could say I’m a “war veteran” as I served during Gulf War I. But I never saw combat, nor did I even end up in Iraq. And U.S. troops were effectively in & out in something like a month. Much different than today.

I firmly believe everybody has a conscience — just that some people learn to not listen to it. There are vets coming back from Iraq and Afghanistan today who were taught to ignore their consciences, and many have crises. Meanwhile, that word — conscience — is almost never used nowadays, even though it is more important than ever.

What our governments seem to have forgotten is that there will always be people of conscience to blow the whistle on evildoers. Maybe our governments should learn to be on the right side of history, rather than authoritarian, oppressive, and draconian.

And finally, for those of who who think “it can’t happen here in America”, I have only this to say: It already has.


Dear Senator Boxer,

The reform we need to see on the Internet is not redundant legislation to protect megacorps, but new legislation to protect the rights of We the People.

I am co-founder and CTO of Sonic.net, Inc., an Internet Service Provider here in California.¬† Since we opened our doors in 1994, we’ve seen much change on the Net — and not all of it has been good.

For example, our latest industry challenge is reinstatement of the requirement for incumbent carriers to offer loop and sub-loop fiber to competitive carriers.¬† This would fix the damage to our industry from the Triennial Review Order/Triennial Review Remand Order that currently grants an effective monopoly to incumbent telecom carriers — a monopoly to infrastructure bought and paid for by consumers many times over.

If this infrastructure were to be opened up to other competitive local exchange carriers (CLEC’s), the well-known capitalist mechanisms of true competition would vastly improve the reach and cost of broadband in the U.S. As it stands now, we — the country that invented the Internet — groans under the weight of duopoly trusts in virtually every U.S. market, which is regarded through most of the first world as third-rate service.

( Indeed, if it weren’t for the FCC’s program of “multimode competition” — where incumbent cable operator “competes” with incumbent telecom carrier — there would probably be no need for discussions of “network neutrality”.¬† Free and competitive markets would naturally adjust and remain neutral, punishing any internet service provider that tried to bias traffic. )

Another matter is one very dear to me, the matter of consolidation of media conglomerates in U.S. legacy media.¬† This has left a terrible bias within U.S. legacy media, which would be terrifying, were it not for alternative media available over the Net.¬† It’s no wonder that the last few years of Pew polls on the subject show that today, more Americans get their news from the Net, rather than newspapers.

As Milton posited in his _Areopagetica_ of 1643: when Truth and Falsehood grapple, Truth always wins in a free and open encounter.¬† But that cannot work if we enact legislation to codify China-esque censorship in our U.S.¬† Because — as we’ve seen happen in other countries already — once a censorship mechanism is in place, it becomes an “attractive nuisance”, where misguided leaders co-opt that censorship for other uses.

So when I see the PIPA/SOPA issue framed in terms of the events of the last four years, I can’t help but be cynical about the construction of such draconian and onerous censorship mechanisms.¬† Bluntly put:¬† without the Net, there would have been no social networks to facilitate the Arab Spring.¬† Without the Net, there would have been no President Obama in the White House.

During President Obama’s 2008 campaign, he would talk much about ending up “on the right side of history.”¬† Frankly, supporting PIPA/SOPA in any form is to cozy-up with the wrong side of history.

Because for Truth to win, the encounter must be free and open — without censorship.

We’ve seen it before, over and over again:¬† DHS abuses the tools they have been given, and there is no doubt that they will abuse such a censorship tool.¬† And with the SOPA/PIPA Internet blackout, We the People spoke with one voice, saying:¬† do not censor this.

Thank you for your time and your service,

-Scott Doty
co-founder, CTO, and VP: Sonic.net, Inc.


A discussion came up on a mailing list I frequent about the “economic cost” of SOPA.

Executive summary:  very, very expensive.

The email itself:

Date: Tue, 10 Jan 2012 23:47:30 -0800
From: Scott Doty <scott@sonic.net>
To: A mailing list for Foo Camp alumni
Subject: Re: [FooCampers] Economic cost of SOPA/PIPA implementation (for America)

Duane quoted:
>From the Paris Convention for the Protection of Industrial Property “Under the provisions on national treatment, the Convention provides that, as regards the protection of industrial property, each contracting State must grant the same protection to nationals of the other contracting States as it grants to its own nationals.”

I’ve always looked at this from the standpoint that some automated feed would be developed that would contain the names of domains to be blocked.¬† This is what the federal government, primarily the executive branch, wants:¬† an “internet kill switch” for selected domains, aka “Internet Death Penalty”.¬† I would be very surprised if the DHS wasn’t thinking of the same control they have through CALEA, as well as proposed “CALEA for broadband”.

I do not think any one government should have such a capability, let alone the executive branch of one government.  Because if they have their Internet Death Penalty, it _will_ be abused.

This isn’t CT — it’s their track record with the intercept powers given them under the Patriot Act, as well as bypassing the FISA courts that were supposed to keep egregious uses of intercepts in check.¬† Indeed, the FISA courts were designed for individual intercepts — not the mass monitoring that is going on today.

And I know one site that will be unviewable in the U.S., should DHS get their Internet Death Penalty:¬† Wikileaks.¬† (Which is a major impetus for all this nonsense in the first place.)¬† Think about it:¬† if they had had IDP before the Wikileaks fiasco, would it have been employed in stopping Wikileaks?¬† And if so, would there have been an “Arab Spring?”¬† After all — it’s fair to say that Wikileaks disclosures “destabilized the region”, which has been a huge Middle East boogieman since as long as I can remember.

And this isn’t just one isolated case — it is a systemic problem.¬† Our parent’s generation, who in our government tell themselves that they are “in charge”, act as if they have two parts authoritarianism and one part cluelessness in their makeup.¬† They act as though they do not have the _courage_ to trust We the People.¬† And the U.S. 4th Estate is all but destroyed, eschewing fact-checking for bullsh*t controversy — because, baby, controversy sells.

If you were to trust what passes for “news” today in our fair nation, you would be seeing serial killers behind every tree, and terrorists behind every bush.¬† A lot of people do see just that.¬† The U.S. media has trained We the People distrust our neighbors and our fellow countrymen — even if they aren’t Muslim.

I could go on, but you had a specific question:¬† what would be the “economic cost” of SOPA?¬† One could try to make the case that it would be very expensive, but I’m not sure that it would be accurate.¬† Because it can be done very cheaply and fairly automatically — DHS would have their blacklist (at a url or feed of some type), and ISP’s will be required to grab the IDP feed and use it.¬† Nameserver software would be modified.¬† And anyone DHS wants to penalize with Internet Death will go *poof* to the U.S. internet.

That’s the cheap part.

The expensive part will be enforcing the provisions that those in the U.S. may not circumvent SOPA mechanisms.¬† Because enacting SOPA would usher in a dark, cypherpunk, dystopian future, much like we all got excited about as teenagers.¬† Anyone with an eye toward freedom will be using anonymizing networks, such as tor, to reach the sites killed by a DHS IDP.¬† And it’s ironic that tor itself was developed for just this purpose, with funding from our own State Department — but for places like Iran and China.

It is said that the Internet regards censorship as “damage”, and routes around it.¬† So places like Finland won’t just be hosting web servers, but hosting vpn’s as well.¬† So part of your “economic cost” will be however much the U.S. government will spend with draconian, dystopian crackdowns on vpns and tor exits in Finland and other free countries.

Friend, this is bordering on crazy talk — but it’s exactly what SOPA proponents want to do.¬† And personally, I am fed up with these bad, bad bills moving to being one or two votes away from becoming law.¬† (Or actually making it into law, such as the new codification of indefinite detention in the last NDAA.)

There is a status link on here:¬† https://www.torproject.org/¬† if you want to try to estimate how many tor exits they’ll have to go after.¬† I’m not sure how you’d estimate the number of non-U.S. anonymizing proxies, or the number of existing anonymizing networks.

Hope that helps.



Having spent very little time studying the humanities, I’m always coming across terms in soft science papers that everybody agrees with, but nobody bothers to define.

One is the “Moral Project“, for which I finally broke down and Googled, finding this:

Moral Project

I don’t know if that’s the right definition, but from the context, I think it is probably good enough for our purposes.

The document discusses the flow of information between specialized disciplines. its “transdisciplinarity”.¬† It concludes, in part:

The advances in modern science lead one to forsee the birth of a new rationality, infinitely richer than that bequeathed to us by the scientific hopes of the 19th century.

So it sounds like a good goal — a truthful and honest information exchange between disciplines to reach conclusions that otherwise would not be possible to reason out, to arrive at a better position of morality.

I debate with folks in other venues about morals all the time, and have arrived at a working definition that I am probably not first to have noted:¬† Because, what is “morality”, except the ethics of human conscience?

But what good is such a “moral project” to “Joe Everyman”, if such ideas are not allowed to inform our democratic self-government that we hold so dear in our democracies?

There’s a movie from my generation called Turk 182, where a young man fights a corrupt system that is delivering injustice to his injured brother.¬† He does so with a series of hacks (in the larger sense) against the city’s mayor, which eventually embarrass the mayor enough that he gives up and “does the right thing”…even though said mayor had also been called out on illegal (or at best, shady) activities.¬† The hero calls himself “Turk 182”, which is his brother’s nickname, coupled with his brother’s fire department shield number.¬† And if it isn’t already clear:¬† Turk 182 was anonymous, until the end of the film.

It’s a great movie, but I always thought the mayor’s final reaction when he “gives in” was unrealistic — sure, it ended the movie, but people don’t give up that easily.¬† Having newly found out the name of the secretive “Turk 182”, you can bet that said mayor would be coming at the boy with “both barrels”.¬† But as far as the movie goes — information got to the people thanks to an “end run” around the existant media power structure.

Fade-out, fade-in.¬† We now have a “group” (actually, more of a “movement” or even a “shared pseudonym”) that is engaging in their own series of hacks — and as before, they aren’t just embarrassing the subjects of their hacks, but actually uncovering illegal, and in some cases, unconstitutional actions being taken by various bad actors.

But instead of focusing on (say) the very great damage being done to victims of U.S. foreign policy, our fourth estate makes statements of extreme prejudice against anons, as well as someone “they” are supporting: Julian Assange.

In some cases, radicalized politicians in our own United States have called for the execution of Assange.¬† But even this example of extremism doesn’t seem to be enough to awaken the U.S. media to the fact that their own very narrow “corridor” of “acceptable political spectrum” has shifted so far to the right, that they are reporting what amount to illegal death threats from tea party radicals.

So let’s ignore the legacy media behind our own version of the “Iron Curtain”, something I’ve begun calling the “Gold Curtain”:¬† they have made plain that King Dollar is in charge of their “news”.¬† They have determined that the way forward, pointed to Fox News, is the hole down which U.S. press has gone:¬† eliminating investigative journalism, and even fact-checking.

Thus, they report lies, and therefore, are a hindrance to the moral project.¬† They have their pile of gold.¬† They have their mammon — and I hope they’re happy with it.

Fortunately, said fourth estate has not — yet — found a way to bottle up the Pandora’s box that is the Internet.¬† Indeed, for the last three years, more people get their news from the Internet than from newspapers.¬† That’s where the real news can be found — and rather than return to a position of journalist integrity, our U.S. fourth estate has abdicated their responsibilities, leaving us with no choice but to seek other sources of information…and if they keep going down that road, I daresay U.S. legacy media is doomed to economic ruin.

Meanwhile, it’s clear that we placed too much reliance on the top-down “journalism” that we’ve relied on since the advent of newspapers and television.¬† It was too easy for them to lie, to act against the moral project¬† Today, it is easy to criticism their faulty “journalism”, pointing out flaws that — if sent back to the media companies through their “ordinary channels” — would be summarily ignored.¬† Today, we call out the liars, who for the most part, are whistling past the graveyard, wondering how they can “kill the messenger”…sometimes literally, messengers like Assange or even the notorious Sgt. Manning.

But what are our authorities in government up against?¬† We the People, demanding that our wishes be carried out.¬† Because as secrecy increases, the moral pressure of human consciences resists — until, when the illegal and immoral information can no longer be borne, the information will eventually leak out, informing We the People of the evil deeds being committed in their name.

Though I actually don’t think Manning was the source of the cable leaks, but I think it clear that he has become a symbol of “shoot the messenger”.¬† No, they haven’t shot him — yet — but they would seem to be using some tactics that North Korea used against U.S. soldiers to crush their spirits and extrude false confessions.¬† We can also see the treatment Assange has undergone — defamation and violation of his rights.

Couple to this the fact that we are talking about an information flow from one discipline (secret foreign policy decisions and actions) to another discipline (We the people, who are ultimately responsible for those actions), and it becomes clear that this complex issue can be made sense of through these two theorems of the “ethics of conscience”, morality:

1) Information about activities that violate clear reason and good conscience will always, eventually, leak, and

2) Should that information be leaked, the person leaking it is best protected by remaining anonymous.

And if anybody has an alternative to those two theorems, I’d love to hear it.¬† Otherwise, anonymity is vital to the moral project.




Learning Linux in school can be compared to French Immersion. Just as students in the French program still learn English, students learning Linux will still be exposed to Windows and Mac computers sufficiently to learn what they need. Linux, as well as French, can open up career opportunities that otherwise may not be possible.


Recently, a blogger over at Radar.oreilly.com posited his “Five Reasons iPhone vs. Android isn’t Mac vs. Windows“.¬† There, the gentleman states:

“As the title underscores, I am a big believer that to understand what makes mobile tick, you really need to look beyond a device’s hardware shell (important, though it is), and fully factor in the composite that includes its software and service layers; developer tools and the ecosystem “surround.”

The gentleman, bless him, seems unaware that iPhone vs. Windows Mobile (or even WINCE) would be a more apt comparison, since Android doesn’t have much of anything to do with Windows or Microsoft.

Or perhaps he had considered that touting the superiority of the embedded OS X in iPhones,over the embedded Linux in Android could not be defended, even off-handedly.

But first, a caveat:¬† readers of this blog know that I am a fierce Linux advocate.¬† And OS advocacy, like Unix editor advocacy, can quickly devolve into religious discussions.¬† Nevertheless, I see the need, and usefulness, of both OS X and MS Windows on desktops, despite my misgivings about their development and distribution models.¬† Not to belabor the point:¬† this is a specific application of “Toleration” found at the Stanford Encyclopedia of Philosophy.

Indeed, I am more than just “tolerant” of OS X, since I use Snow Leopard on my not-often-used Mac mini.¬† But all my other desktops are Linux, as well as all of my servers hosted over at our datacenter, because:¬† I find Linux superior to all other solutions for these uses.

This includes the embedded realm.¬† I’ve incorporated embedded Linux in my networks:¬† I’ve used a Meraki for wireless services, and my current wireless router (Ubiquiti Bullet) uses embedded Linux.¬† And — knock on wood — I’ve found these to be very stable solutions.

So it really is no small matter that my Motorola Droid runs an embedded Linux distro as its OS:¬† I would daresay there are far more person-hours invested in embedded Linux development than embedded OS X development.¬† When we consider this, it’s no surprise that Google would select Linux as the OS upon which to build their Android platform.

But when it comes to Android itself, it’s only recently that it has become a true contender as a mobile platform.¬† Before the Moto Droid was released, there wasn’t any way to use Android on anything but a gsm mobile network:¬† leaving one with the choice of T-Mobile or AT&T as their mobile provider.¬† Since these carriers do not have the 3g coverage that I need, I wasn’t willing to switch from Verizon to these alternate carriers…and if that sounds like a Verizon ad, let it be known that I’d much rather use a ubiquitous, open carrier than anything available on the U.S. market.

So, many folks — myself included — couldn’t take Android seriously, until it was available on Verizon’s network.¬† Indeed, there were no mobile devices in the Droid’s class offered on Verizon’s network until last October — and until then, I was a die-hard user of my Palm Treo 755p running PalmOS 5.¬† (Poor Palm:¬† If a WebOS phone had been available before the Moto Droid on Verizon’s network, that’s probably where I would have jumped, along quite a few other Verizon customers.)

Having said all that, let’s consider what the Droid’s interface has, which can’t be found on an iPhone:

  • Folders
  • One-Touch Contact Icons
  • Multi-Screen Desktop
  • Extreme Social Media Integration
  • Integration with Google Contacts
  • Integration with Google Calendar
  • Ability to use Google Voice as voicemail (including email/sms of voicemail transcripts)
  • Can spawn a terminal /bin/sh session via USB connection, as well as a whole slew of developer assistances


In short:  These are only part of a tsunami of capabilities, which only recently begun gaining momentum in the mobile space.

This year should be interesting for Android advocates.


The new heart to my home network is a Layer-3 Switch:  a Cisco Catalyst WS-C3750G-24T.

This replaces my Linux box w/CentOS, which could do everything I asked it to do.¬† Alas, the Cisco is lacking in just one area:¬† it doesn’t seem to be able to do NAT with the crypto (ssh-capable) IOS.¬† Fortunately, I had an IP pool that I could set up for DHCP addresses.

Those who know Cisco gear might be thinking my choice of “home” router is like killing a mosquito with a sledgehammer — and they’d be right.¬† But I wanted to keep my feet wet with Cisco IOS configuration, as well as develop a kind of “working lab” in my home.¬† (Who knows, maybe I’ll test for a CCNE certification.)

I also have a few ideas regarding DoS detection using flow stats, (possibly) coupled with tcl scripts running on the router.  Maybe.

I might also set up a vpn link to my colo for purposes of developing a secured virtual network for handling sensitive traffic, such as talking to Sonic.net systems.¬† This would also require setting up Linux to be a vpn client to our Cisco vpn concentrator — something I’ve done with Fedora already, with the NetworkManager-vpnc package.

For starters, I thought I’d cover the DHCP setup.

I’ve configure the Cat to act as a DHCP server for easy config of devices on my network.¬† The configuration looks something like the following (but with assigned, globally-routeable IP addresses):

ip dhcp pool PUB
 domain-name ponzo.net
 lease 5
 class CLASS1
 address range

Once the pool “PUB” is globally-configured, you can reference it in a vlan interface definition:

interface Vlan1
  ip dhcp client class-id CLASS1

Again, these are dummy IP addresses.


At CES2010, Steve Ballmer extolled the virtues of media center on win7, and seemed enamoured with the idea of watching net.video on a TV.

As usual, Linux users have been far ahead on this trend. For instance, my media PC plays videos from Youtube, Hulu, and anywhere else that Linux can play from — and I can run MythTV if I want dvr and tuner capabilities.

So — as usual — it should be pretty clear what $MSFT ‘s strategy is…it is the old paradigm of “embrace and extend” that they’ve been following for over a decade.

To be sure, $MSFT has had their Media Center for quite a few years…but I daresay it still doesn’t match the flexibility of a Linux media PC.¬† Their web site says it all — snooze-o-rama!

Compare with the capabilities of MythTV, which is also easy-to-use, and more flexible when it comes to multiple tuner cards in multiple computers.

Speaking to the latter, equipment for my (previously stalled) Free-To-Air (FTA) satellite installation is on its way, and I already have a DVB-S card in my main Linux workstation downstairs that I’ve been playing with.¬† Once I have the new dish up with the LNB and motor, I’ll be watching FTA stations on my workstation downstairs, with the ability to record anything interesting.

And since MythTV’s backend — the “media server” chunk of MythTV — can use the DVB card, I’ll also be able to run MythTV’s frontend on the Media PC upstairs for FTA viewing in the entertainment center.

In fact, back when I used to have Comcast, I had mythbackend set up with my cable box, and could use mythfrontend to watch a news channel from the office, ala “slingbox”.¬† I haven’t set this up with DirecTV yet, though, since I haven’t felt the need to watch talking heads at Sonic hq for quite a while now.

Anyway, I can see a post about setting up and watching FTA via MythTV through the DVB-S satellite tuner/control card might be useful to folks thinking about doing the same thing, so I’ll do that when I get it all set up.

Next Page »