Caliban - Opinion and Righteous Anger

UPS: no, not the company that delivers parcels all over the world. I'm talking about Uninterruptible Power Supplies.

It was about time the house had one, so I took the plunge and purchased one. In fact, I did this about two weeks ago. It arrived a few days later and was still lying in its box in the hallway until yesterday.

It wasn't just laziness that kept it in its packaging. It's an APC Smart-UPS RT5000 XL, which is quite a heavy-duty unit. As such, it needed its own heavy-duty electrical group in the house, which meant that a qualified electrician had to come to perform the work.

One of the parts that the electrician needed for the job took a week to arrive, so it wasn't until yesterday that the work to install the UPS was completed. At last, the UPS, a hulking great thing weighing in at around 60 kg, could be lugged downstairs to the cellar and installed in the cupboard under the stairs. More bright LEDs to peer back at me from the darkness!

I seized the opportunity to have the electrician rewire one of the other electrical groups, so that one of the sockets in my office is now routed via the UPS. This means that my desktop computer, monitor, telephone and fax can all connect to it, which saves me from having to buy a separate unit for the office. That's very cool.

Downstairs, my Linux server, the ReadyNAS NV+ storage server, a USB-attached hard drive, an Ethernet switch and the DSL modem are all connected to the UPS. Assuming I haven't forgotten a vital piece of infrastructure, we should now be able to continue to use the Internet and make phone calls in the event of a power-cut.

All of the above equipment is good for a load of about 12% (the load fluctuates depending on whether I'm compiling code, whether the monitor's turned on, etc.), which means that the UPS's battery will provide back-up power for about 95 minutes. I can get an extra 15 minutes out of it if I turn off inessential equipment in the office.

I actually made a blunder when researching this product. It has a network management card, which is basically an Ethernet card with some bells and whistles, such as a port for attaching a temperature probe. I thought it additionally had a USB port for direct monitoring via a cable, but I somehow imagined that detail. Smaller units do have this feature, because they're typically missing the Ethernet interface.

The only reason I wanted the ability to monitor the UPS over a USB cable was because that's what the ReadyNAS box requires in order to be able to automatically shut down when the UPS's battery is running low. Large disc arrays really don't like it when the power just disappears and I wanted my box to be able to gracefully shut down.

Where there's a will, there's a way, though; well, sometimes, anyway. I set out to find a fix for the problem today.

It turns out that the ReadyNAS uses Network UPS Tools (or NUT for short) to perform its UPS monitoring. Reading NUT's documentation, it became apparent that it has a number of back-end drivers for monitoring UPSes. One of these is snmp-ups, which, as the name suggests, uses the SNMP protocol to monitor UPSes.

My APC UPS can be queried and configured using SNMP, so this seemed like a good avenue to explore.

snmp-ups supports a number of MIBs. If you don't know what a MIB is, think of it as a formalised set of questions that can be asked of a device. One of snmp-ups's MIBs is called apcc, which is designed for use with APC units. Bingo.

Well, snmp-ups is an experimental driver and its man page warns that it's not suitable for production use, so I wasn't sure whether it would work. However, once I had installed NUT on my Linux server, configured it and started the server daemon, upsd, I was able to query for the status of the UPS from any host on the network.

The ReadyNAS has a feature that allows it to monitor a UPS attached to a second or subsequent ReadyNAS unit elsewhere on the network. Since those units are also running NUT, all the ReadyNAS is doing when it performs this remote monitoring is contacting the NUT server on the other unit. By installing a NUT server on my Linux box, I was hoping to pass it off as a second, UPS-backed ReadyNAS unit in the eyes of my ReadyNAS.

I went into the ReadyNAS's FrontView interface, went to System -> Power -> UPS Configuration and gave it the IP address of my Linux server as the system to be monitored. Sadly, an error message popped up, informing me that a connection couldn't be established.

I delved into my sysadmin toolkit and pulled out a perennial troubleshooting tool, tcpdump(8). This utility is used to analyse network traffic.

Within a few seconds, I was able to see where the communication was going awry: the ReadyNAS expected the system it was querying to have information available about a device called UPS. I had called my UPS apc in the NUT config.

Once I had renamed the monitored device and restarted upsd, the ReadyNAS was happy to believe that the NUT instance on my Linux server was, in fact, a second ReadyNAS box with which it could communicate.

Here's the pudding containing the proof:

I'm very happy I was able to get this to work, because having auto-shutdown on the ReadyNAS was the one thing that had prompted me to invest in a UPS in the first place. It would have been a bummer if precisely that feature hadn't been available to me.

I also want my Linux server and desktop to automatically shut themselves down in the event of a power-cut. I could use NUT, but because the snmp-ups driver is marked experimental, I consider it safer to use the very mature apcupsd software. After all, apcupsd is designed specifically for use with APC UPSes.

apcupsd is actually a package I had on my list of things to investigate eight years ago when I was working at Linuxcare, but it's taken me until now to actually delve into it. It's very easy to configure and does exactly what it's supposed to do.

There's also a nice little GTK2 GUI client that will talk to an instance of apcupsd. It's called gapcmon and is trivial to get up and running. You can put an icon for it in your tray and call it up whenever you want check the status of your UPS.

In conclusion, a UPS isn't a very interesting device to add to your network. It's expensive, heavy and you hopefully won't get much use out of it. As is often the case with insurance, however, it can be very painful to discover after a catastrophe that one should have had it. For that reason, I feel good about my purchase.

Besides, this UPS has a few interesting aspects to it. For a start, it's networked, which is always a desirable quality. It also works with Linux without the need for any proprietary software, which is another very desirable quality.

I hope that Netgear will add the snmp-ups driver to a future release of the ReadyNAS firmware. That will obviate the need for an extra computer to function as a NUT server.

There's an infrequently recurring problem with our home-made MythTV DVR that is, despite its rare occurrence, quite irritating.

Under certain circumstances that I haven't been able to meticulously define, and when multiple tuner cards are simultaneously recording TV programmes, the machine can hang when another tuner card fires up to record yet another programme. It's rare, but it happens. I think there's some kind of race condition in the underlying Linux ivtv driver.

After living with the problem for a couple of years (which just means rebooting the machine less than once a month on average) things came to a head during our recent holiday when the MythTV box went down not once, but twice during our absence.

I had to call a friend and ask her to go over to reboot the box. On the second occasion, she couldn't make it over until a couple of days later, so a lot of programme recordings were missed while the box was frozen.

That, for me, was the straw that broke the camel's back. A solution had to be found, so I did some research one evening in a hotel and eventually found myself reading about the ePowerSwitch-1 Guard, manufactured by the German company, Leunig.

This is an overpriced, but pretty cool device. Basically, you plug it into the mains, network it and then plug some other device into it. At this point, you're able to log into the ePowerSwitch via its built-in Web interface (or via a serial cable or small Windows executable) and tell it to turn off, turn on or simply restart the device that it manages.

If that was all it could do, it would already be quite a useful device, but, in my use case, I could still lose a few days of recordings if, due to travelling, it took me a few days to notice that the MythTV box had gone down and get to an Internet connection to reboot it.

Therefore, the pièce de résistance of the ePowerSwitch is its guard function. Essentially, this is a network monitor that checks the status of the device being managed and reboots it if it stops responding. Monitoring can be performed using ping, port scanning or both.

Now, if our MythTV box hangs, it will be rebooted within a minute with absolutely no involvement or intervention from me.

The device is very easy to configure and is up and running within a couple of minutes. I did have to buy a new power cord for the MythTV box, though, because the ePowerSwitch doesn't have a normal plug socket for the device to be managed.

The only other thing I needed to do was modify a setting in the MythTV box's BIOS, so that the machine would automatically turn itself on when power was restored after having been removed. Otherwise, the box would remain off after the ePowerSwitch cycled the power.

Leunig has other models of the ePowerSwitch that can manage four or eight devices. You can even configure master and slave set-ups. It all depends on what you need to control.

It took me a little while to find an on-line dealer prepared to sell one of these to a private individual rather than a company, but I did eventually find one and the device had already been delivered to a neighbour when we returned home from holiday.

In short, the ePowerSwitch-1 Guard does exactly what it says it does. It's rather overpriced, but there's nothing else quite like it on the market, thanks to its guard function. The four and eight device models are better value, but for my needs, the single device model was exactly what I needed.

I wrote last year how the Nokia Communicator E90 telephone had no ability to permanently accept an untrusted (e.g. self-signed) certificate when picking up e-mail over SSL. This omission required the user to go through the rigmarole of setting up a certificate authority (CA) with which to sign the certificate, thereby vouching for its credibility.

Well, I upgraded the firmware of my E90 a couple of days ago from version 7.40.1.2 to 210.34.75 (don't ask me about the change in version number schemes).

This update doesn't appear to do very much, apart from improve Flash functionality in the Web browser. However, one small yet significant improvement that has probably gone unnoticed by most other users is that it's now possible to permanently accept an untrusted certificate, without having to go through the bother of becoming a CA to vouch for it.

It's a small change, but significant to a few people like me.

With the recent arrival of our truly excellent ReadyNAS NV+ box, the time had come to upgrade the house's internal network to gigabit Ethernet, i.e. 1000 Mbps instead of 100 Mbps.

The house's internal cabling is all CAT5e, so all that was required was to purchase some gigabit switches. I finally settled on a trio of Netgear products, the 16 port GS116 for the server cupboard under the stairs, the 8 port GS608 for my office and the 5 port GS605 for the TV area in the living-room. More switches will doubtless follow at a later date, but that's all we need for now.

In fact, even now, we scarcely need that kind of speed. It's handy for the short bursts of high traffic that our network occasionally sees, such as when performing back-ups at night, but not for much more than that. Once we start sending video around the house, though, the network's new-found agility will come in very useful.

The switches are all operational, but the one in the office is still only operating at 100 Mbps, so I suspect the wall socket has been hacked, and four of the CAT5 wires split off to wire a second socket to provide service to a telephone. I'll have to look into that and, if necessary, unsplit the port.

I haven't done any testing to determine how good our network throughput now actually is, nor to test how fast NFS reads and writes to the ReadyNAS are performed. Jumbo frames are enabled on the network, though, and you should take care when selecting gigabit equipment to ensure that anything you buy provides this feature. Otherwise, you'll needlessly surrender 10 to 15% of your potential network performance and put a higher load on your equipment.

Apart from back-ups, basic file sharing service and providing the music storage for our Sonos system, the ReadyNAS is now also providing the accommodation for some of our MythTV recordings.

Since MythTV 0.21, the system has had the concept of storage groups. Basically, this allows one to define a set of storage directories and give the grouping a unique name. Subsequently, when telling MythTV what to record, one can dictate which storage group is used for any given recording. In this way, the storage load can be split over two or more file-systems.

MythTV doesn't actually do much in the way of load-balancing, however. It won't use the second directory unless two recordings are scheduled to record the second time, or the first directory fills up. Consequently, not a lot of programmes will get recorded onto the NAS unless I explicitly set it as the storage group for some of our recordings. Currently, only live TV viewing and Eloïse 's episodes of Nijntje are explicitly set to record onto the NAS.

In short, after a couple of weeks with the ReadyNAS, I'm enormously happy with it. Just having the protection of redundant network storage is already a great feeling, but upgrading the network to gigabit speed unleashes its full power.

My LaCie Ethernet Big Disk gave up the ghost last Monday after just one year of service. This device functioned as a basic NAS (Network Attached Storage) unit on our network and accommodated, amongst other things, all of our Ogg Vorbis and MP3 music files.

All of this stuff was backed up, of course, so we didn't lose any data, but we did lose an integral part of our network. For example, our Sonos system was now able to play only Internet radio stations. More significantly, we had lost one of our back-up devices.

it was therefore important to find a replacement device as soon as possible. I could have just rushed out and bought another disc of the same model or a drive from a rival make, but I wanted to improve on the LaCie and get something a little more professional.

It would be nice, for example, but not essential, to have a box that supported NFS in addition to CIFS. It would also be nice to have redundancy in the disc configuration. After all, any single-disc system, such as the LaCie, is an accident waiting to happen. It would be nice to be able to lose a disc without losing any data.

For several months, I've had a browser tab open, pointing to the Infrant ReadyNAS NV+. The tab has literally remained open for the last few months, to remind me to look more deeply into the product when I have a moment. I still hadn't got around to it, but this week's events forced me to make it a priority.

I know several people with a ReadyNAS unit and all of them are very enthusiastic about the product. As I read about it, it quickly became apparent that the ReadyNAS device would be the way to go. The death of the LaCie was the perfect excuse for the outlay of cash.

Infrant was bought by Netgear at the start of May and their products now carry the Netgear badge. I wanted the largest ReadyNAS available at the time, so it wasn't long before I decided on and ordered the ReadyNAS NV+ RND4410. I ordered it last Monday and it arrived Friday afternoon.

It's a small unit, but quite heavy, because it houses 4 SATA discs, totalling some 4 Tb of disc space. 4 discs is the maximum that can be accommodated in the ReadyNAS. It's not quite as capacious as it sounds, though, because when configured with Netgear's patented X-RAID volume management and further gnawed on by file-system overhead, the usable disc space drops quite drastically to 2.6 Tb. If you then enable snapshots, you'll reduce the user-writeable data area yet further.

It comes at quite a price compared with basic consumer NAS products, but the ReadyNAS is a beautiful piece of kit. It's easy to configure, but offers powerful, advanced options for file-sharing and protecting data. It supports all the common file-system protocols, such as NFS, CIFS and AFP, and even has a built-in rsync server. Very cool.

I spent yesterday evening tweaking the configuration. Today, it was time to start copying our data onto it. So far, I've copied over 72 Gb of music, back-ups of caliban.org and home directories.

Since the ReadyNAS serves up NFS, my server in the cellar has been retired as the home directory server and replaced by the new boy. The disc in that server has seen a lot of activity over the years; it was our file-server back in Mountain View, so it's seen its fair share of seeks, reads and writes. It had started to give errors via SMART monitoring, so decommissioning it really didn't come a moment too soon.

I do love it when a product comes along that is simply great at what it's supposed to do. Whether it's Postfix, Ruby, MythTV, Rockbox, Sonos, FRITZ!Box or now the ReadyNAS NV+, they're all excellent at what they're supposed to do.

Of course, I could still have done without the death of a disc and the ensuing demands on my time, not to mention the unforeseen expense, but we do now at least have a system that will grow with us into the future and that offers the peace of mind of knowing that, if a disc fails, it's no big deal. We can simply hot-swap a new drive into the unit and the RAID array will rebuild itself.

I think the time has come to buy a few gigabit Ethernet switches for use by certain machines in the house. Then we'll really be able to tap into the full power of the ReadyNAS.

Beta books are a great idea. Why don't more technical publishers (or even publishers of any work of non-fiction) do this?

Take the Pragmatic Programmers, Dave Thomas and Andy Hunt, and their publishing company, the Pragmatic Bookshelf. Dave's currently working on the third edition of Programming Ruby, updated for Ruby 1.9. The finished product will be in the shops a few months from now.

Nothing unusual about that, you might say, but rather unconventionally, the book is already available for sale. How is that possible?

Firstly, the Pragmatic Programmers have taken the entirely logical step of selling PDF copies of their books. If you buy the paper + PDF bundle, you get them for less than the sum of the two. A PDF of a technical book is a grand thing, because it's a lot easier to use a computer to search a file than it is to use one's fingers and eyes to search a stack of paper.

PDFs are also cheap to produce and not just user-friendly, but environmentally friendly, too. Extending the idea, why not produce PDFs of books that aren't quite ready yet. Offer them to your readers and, as with a piece of beta software, you'll get errata reports back. Reader feedback is important to an author, so why not get that feedback while you write the book, instead of after it's published, by which point it's only useful for the next edition, which is almost certainly a few years away. And that edition will have its own problems, too.

So, I already have my copy of the third edition of Programming Ruby and am happily using it. Whenever the manuscript is updated, I get an e-mail, which allows me to go to the Web site of the Pragmatic Programmers and regenerate the PDF for myself.

I think PDFs of technical books make perfect sense. Beta PDFs of not yet finished books make even more sense, if you can improve on perfect.

My new crosstrainer was finally delivered on Friday. It's a 2008 model Tunturi C85, purchased locally.

I'm glad I bought it locally and had the guys bring it upstairs and assemble it. I couldn't believe how many pieces it came in. There were a million little screws and washers. The assembly instructions are very complex.

I spent Friday and yesterday preparing a new release of Ruby/AWS, so I had no time to play with my new toy until today. This afternoon, however, I sat down and read the manual (yes, I'm the theoretical person about whom you always wondered whether he existed: the man who first reads the manual) and then climbed up for my first training session.

And what else would I choose but the Fat Burner 1 programme? Let's face it, I have fat to burn, figuratively and literally.

I must say, the half an hour I spent on the machine, I really enjoyed myself. It did, indeed, bring back memories of my daily visit to the Google gym. One negative thing that reminded me of those visits was the annoyingly familiar numb feet by the end of it. I'm going to have to think of a way to avoid those.

Off the crosstrainer, a quick, refreshing drink, and then into the steam shower. Lovely! And all of that without even having to leave my own house. Wow.

I'm looking forward to literally putting the C85 through its paces in the days and weeks ahead. It has all kinds of amusing features. It even has a couple of USB ports for updating the firmware, storing programmes and music files, etc.

After last week's rewiring and laying of cables, I settled down Monday evening to install my latest gizmo, a FRITZ!Box Fon WLAN 7170 from the German manufacturer, AVM.

Now, FRITZ!Box may just possibly be the worst-name ever devised for a product, but the product itself is as sound as a pound.

Basically, the 7170 is a combined DSL modem, IP router and PBX. The DSL modem/IP router combo is a common one nowadays, and more and more are appearing with RJ-11 sockets for attaching analogue telephone equipment, which can then be used for Internet telephony, a.k.a. VoIP.

Where the 7170 leaves most of its peers behind is in the inclusion of the PBX. Not only can analogue equipment be connected, but on the Annex B model, there's also an S0 bus for attaching ISDN equipment. The 7170 is then connected to your ISDN NT1. (The Annex A model is for attaching to an analogue line.)

But that's only where the fun begins, because you can also define up to 10 VoIP carriers and then put together a comprehensive dialing plan.

The telephone hardware topography is now as follows. The ISDN line enters the building in the meter cupboard and the signal is split for DSL and telephony. The alarm is connected directly to the ISDN line at this point. Our legacy NEC ISDN PBX is located here, too.

A cable carries the NEC PBX to the patch panel in the cupboard under the stairs, where most of our server and network equipment is located. There, the NEC PBX is connected to the S0 bus of the FRITZ!Box and the analogue telephone is plugged into the appropriate socket. The FRITZ!Box is then patched back to the meter cupboard, where the DSL and telephony join the ISDN NT1 box.

Our fax machine is still attached to the NEC PBX, as I couldn't find a way to make it call out using the correct number when attached to the FRITZ!Box. It will answer the right number, but it calls out using the main ISDN number. No matter, having it attached to the NEC means that we keep an analogue socket free for future use on the FRITZ!Box.

Next comes the dialling plan and that's where the magic really begins.

As we all know, different carriers have different tariffs and some are cheaper than others in one area, whilst being more expensive in a second. The situation is further complicated by the fact that some carriers cannot be used to call certain numbers at all.

The dialling plan allows you to determine how your telephony is routed. You do this by categorising numbers based on their initial digits.

Our dialling plan ends up looking like this:

Here, we see that emergency calls and information services are routed via the fixed line. In the case of emergency calls, that's for the sake of reliability. In the latter case, it's because some (but not all) of these numbers can't be dialled usng VoIP.

Other XS4ALL subscribers are contacted over XS4ALL's VoIP network, because such calls are free and this is the shortest path.

All other calls are routed via VoipCheap, because this carrier has the cheapest rates available, as far as I can ascertain.

VoipCheap works like this. You deposit €10 of credit, which allows you to make calls on their network. However, it also entitles you to 90 days of 300 minutes per week of free calls to large parts of the world. This basically includes Europe, North America and New Zealand, which are the places Sarah and I are most likely to call.

You may have noticed that our dialling plan will default to routing calls to Dutch mobile phones also through VoipCheap. That's because VoipCheap offers such calls at the rate of 10 cents per minute, which is cheaper even than when I call a mobile number from my own mobile phone. It's amazing to me that a foreign carrier can offer cheaper calls to Dutch mobile numbers than any Dutch carrier (including all of the mobile operators), but there you go.

Once your 90 free days are up or you go over your 300 minutes per week of free calls, calls are charged at VoipCheap's normal rate, which is basically 1 cent per minute to the destinations I listed. That's still cheaper than any of the alternatives, before you even consider the 90 days of free calls per €10 of credit.

Yes, it's actually cheaper for me to call another number in Amsterdam via a foreign carrier than it is to use a Dutch carrier, unless I sign up for a flat-fee subscription with the latter, but those are priced in such a way that it's cheaper for us to just pay as we go. We simply don't make enough calls for it to be economical.

The end result is that we can now pick up any phone in the house and make a call without having to first think about who we're calling. That we happen to pick up an ISDN or an analogue handset says nothing about how the call we make will be routed. The ISDN handset could have its call sent out over the Internet. The analogue handset, which we had previously attached to our SpeedTouch 780 DSL modem and could therefore use only for VoIP calls, could now just as easily send a call over ISDN.

The one area where the dialling plan lacks sophistication is that you can't configure time-based rules. Our ISDN Bellvrij Weekend subscription, which we need for the alarm system, gives us free calls to any destination in the Netherlands at the weekend.

Ideally, we would route any domestic weekend calls over ISDN instead of through VoipCheap, since a fixed line is always more reliable than VoIP. Additionally, we would preserve some of our 300 minutes per week of free calls or, if we had already used them up or were past our 90 days of free calls, still be able to make free calls.

If we really cared, we could still elect to make a fixed line call at the weekend for a number that wouldn't ordinarily be routed that way by prefixing the number with *111#. That allows you to manually select the fixed line for an outgoing call. Similarly, you can also manually select a particular VoIP carrier.

The FRITZ!Box has a lot of useful (prefix) codes like this. For example, by picking up a handset and typing in a code, I can turn off or on the radio transmitter, thereby disabling or enabling the WLAN facility.

Using another such code, I can start or stop the FRITZ!Box's telnet daemon that allows me command-line access.

What a cool toy the FRITZ!Box is, in spite of its appalling name. There are a few disadvantages, however. Given the wealth of features and settings on the box, it's rather surprising to find that some things that I regard as basic are missing.

For example, you can't configure static DHCP addresses. Any hosts that you require to always have the same IP address must be manually configured at source, outside the defined DHCP range.

Staying with DHCP, it's not possible to pass a list of extra or alternative DNS servers to clients. The FRITZ!Box always configures hosts with itself as the DNS server. This proved problematic yesterday when I somehow ended up with a negative cache entry (or something with the same effect) for gmail.com, so that Sarah spent the whole day unable to read her e-mail until I was able to troubleshoot the issue.

Another minor issue is that once a host has obtained an address over DHCP, it remains in the list of known hosts long after its lease has expired. The only way to flush this table is apparently to save the FRITZ!Box's settings to a file and reload them. Why not make them manually deletable?

As I mentioned earlier, another issue is that I can't find a way to make an analogue device make an ISDN call using an MSN other than the main number. Perhaps it can be done, but if so, it's not obvious how.

Finally, WLAN range seems to be a little less than with the SpeedTouch 780, but it's not a big difference.

Small niggles aside, the FRITZ!Box is great. For the money (about €160), it's hard to imagine a more intelligent and flexible device. To get more flexibility than this, you'd be looking at expensive, rack-mountable devices for the business market. In particular, the ability to connect to an ISDN fixed line and to allow the definition of up to 10 VoIP carriers are, for me, its main selling points.

Telnetting in, it was nice -- and not altogether surprising -- to discover that the FRITZ!Box is, in fact, just another Linux box, running a 2.6.13 kernel on a MIPS processor. It's always nice to support a company using Linux, as long as the product is actually any good, which, in this case, it clearly is.

The FRITZ!Box has a million features. Here, I've touched only on those of most importance to me, namely the ones that allow me to call transparently and cheaply.

I mentioned the other day that the KPN explicitly forbids the use of its flat-fee Surf & Mail mobile Internet package for VoIP services in its fair use policy.

Nevertheless, I've put it to the test and can reveal that they've currently taken no technical measures to stop you from using VoIP. It remains to be seen how long I can continue to use their 3G UMTS data network to conduct my voice calls, but until they ask me to stop, I'm going to arrogantly flout their terms and conditions.

What's the advantage of doing this?

Well, calls are much cheaper this way. Using my Internet provider, XS4ALL, I can make calls from my mobile phone against XS4ALL's VoIP tariff. I then pay KPN's flat-fee €9.95 per month for Surf & Mail, plus whatever XS4ALL charges for the VoIP call. That effectively means I can use my mobile phone anywhere in the Netherlands to call any number within the EU or the US for next to nothing, just one or two cents a minute.

It gets better, though. By requesting a second (free) VoIP phone number from XS4ALL, I can now get free calls from our home phone to my mobile and vice versa, because XS4ALL charges nothing for calls between its subscribers, which also includes one subscriber's calls to himself using multiple phone numbers.

Normal calls to mobile phones, however, are still around 15 cents per minute, whether or not I use my KPN Mobiel subscription. In fact, they're still slightly cheaper if I use my standard voice subscription, so VoIP doesn't help here. The same applies, obviously, if I need to check my standard voicemail or call KPN's customer service.

The only disadvantage (apart from the fact that I'm breaking the rules laid down by the supplier of my data network, the KPN), is that I have to maintain an open data connection to be able to receive VoIP calls on my mobile phone. That's not good for the battery, but it's a small inconvenience compared to the benefits.

Obviously, as VoIP grows in popularity and more mobile phones become capable of conducting VoIP calls (either over GPRS, UMTS or WiFi), more people are going to see the advantages and the KPN is going to have to take active steps to stop people from using its data network to conduct voice calls.

Until then, however, I don't feel obligated to comply with a clearly anti-competitive clause in the fair use policy.

A couple of years ago, I wrote about how to solve the problem of the Nokia 9500 complaining about an untrusted (self-signed) certificate when picking up one's mail over SSL/TLS.

Well, the E90 suffers from the same problem and, again, there's no way to elect to permanently (until its expiry) trust the untrusted certificate at the time it is presented.

As with the 9500, there is a solution, but it's rather more convoluted. You can't just add a new certificate as you could with the 9500. Instead, you have to create a certificate authority (CA) and use that to sign your mail server's certificate. Then, instead of registering the mail server certificate with the phone, you register the CA's certificate. The phone will then trust any certificate that has been signed by the CA.

The procedure is more or less the same for any Symbian S60-based phone and, happily, someone else has done all the legwork.

Follow this procedure and, once again, untrusted certificate warnings will be a thing of the past.

If you have a Nokia N95, see Jules' comment below for how to add the CA's certificate after transferring it to your phone.

Iceland is an extremely civilised country, its whaling policy notwithstanding. Reykjavík is the hub of that civilisation.

Unlike Amsterdam, Reykjavík has a mesh of random cafés and bookshops that offer free, open 802.11b/g WLAN access. The net effect is that one can have a stroll from Ausurstræti, across to Bankastræti and up Laugavegur, hopping from network to network as one goes.

Not only can one therefore pick up one's e-mail on the go, but the wonders of VoIP mean that I can make a phone-call over the Internet for negligible cost. One only has to make use of this facility a few times before one becomes very used to it.

In Amsterdam, open networks are few and far between. Cafés tend to offer hotspot access from one or other of the various overpriced network operators, such as T-Mobile. No thanks. What a shame people aren't more public-spirited back home.

Various mobile phone providers, such as KPN, offer an unlimited Internet access package these days, over GSM (GPRS) or UMTS (HSDPA). KPN's offering is called Surf & Mail. For just €10 per month, one can access the Internet to pick up e-mail, browse the Web, etc. from anywhere in the country with network coverage.

What about VoIP? Aha, there's a clause in the contract that explicitly forbids you from using KPN's data network for conducting voice calls. KPN doesn't want you using their data network to circumvent their voice network. What a cynical move. If their voice tariff was at all competitive, we wouldn't care about using their data network to conduct VoIP calls.

Since my last posting, I've started to get e-mail asking me how to configure the E90 to work with XS4ALL's VoIP. The following settings work for me with firmware 7.40.1.2 and should work for other types of Nokia phone that offer Internet calling.

Menu -> Tools -> Settings -> Connection -> SIP settings:

Name: Default
SIP profiles: XS4ALL

Once you've configured the phone, type in the number you want to call, then select:

Options -> Call -> Internet call.

After a few months of patiently waiting for production problems to be remedied, I have finally got my hands on a new mobile phone, a Nokia E90 Communicator. This phone is the logical successor to my trusty 9500 Communicator, which I've been using for the last couple of years.

The new phone is both a logical progression and a quantum leap from its predecessor. The basic facility of a vibrating alert is thankfully now available. That was possibly the most glaring omission on the 9500. On the other hand, the fax functionality is gone on the E90 and, for the life of me, I can't imagine why Nokia might have removed it.

The only guess I have is that they didn't consider it worth porting to the E90's new Symbian S60 3rd Edition platform. The 9500 was an S80 series phone. On the few occasions I had reason to use my mobile phone's fax facility, I was very happy to have it, so I lament its passing. As far as I can tell, it's the only application the 9500 had that the E90 doesn't.

The E90 remains an incredibly difficult phone to locate. I first spotted one at the end of July, at which time Nokia had made it available in extremely small quantities. Soon after that sighting, the E90 was beset with production problems, including a keypad that scratched the inner screen and the fitting of an inferior microphone. Those problems, together with very high demand, made the phone almost impossible to lay one's hands on; and not just in this country, but worldwide, too.

None of the shops in Amsterdam have the phone, but I found a retailer in Rotterdam with some new stock, so I drove over there yesterday to pick up a unit, together with a 4Gb MicroSD HC card.

Nokia has changed the bloody AC adapter pin yet again, so that necessitated a new car charger, too. A Noreve case to protect my new gadget completed the package.

The phone is bursting with functionality, which makes it quite a heavy unit (210 g) for its size, which is considerably smaller than the 9500. Apart from quad-band GSM, it also offers the much-vaunted 3G functionality, which means that it can be used on UMTS/HSDPA networks. In addition, there's a GPS, Bluetooth, (E)GPRS, 802.11b/g WLAN, a SIP client for VoIP calls, voice-dialling, spoken menus, a 3.2 megapixel camera with flash and even an FM radio. In actual fact, there are two cameras; there's an extra one on the inside for making video calls.

The SIP client was a bit tricky to configure for XS4ALL, but after a few minutes I had it working. Now, wherever I am in the world, all I need is an open wireless network to enable me to make VoIP calls against local Dutch tariffs. I've made a couple such calls already over the home WLAN and am impressed with how well it works.

The Web browser and mail client are vastly improved over those on the 9500. They're fast and don't appear to choke went confronted with large amounts of data.

New firmware for the E90 came out at the end of October, so I flashed my device with the new version (was 7.38.0.2, now 07.40.1.2). Doing so erases all data on the phone, so it makes sense to do this as soon as you take possession of it, before you've spent any time configuring it and amassing data. Otherwise, you'll need to perform a back-up and restore operation.

Once that was done, I used Bluetooth to copy over my telephone directory from the 9500, plus a few custom MP3 ringtones that I had added myself. With PuTTY installed, I now have everything in my arsenal that I need.

In my opinion, this is the absolute top end of the mobile phone market at the moment. Absolutely nothing else can compare, especially the de rigeur fashion accessory of the moment, the Apple iPhone.

Here are just a few things conspicuously missing from the iPhone: 3G capability, a removable/replaceable battery, GPS, expandable storage, a real keyboard, instant-messaging clients, and browser Flash support. The iPhone's camera is a 2 megapixel model with no flash and there's no built-in SIP client for VoIP calls.

I also take exception to the fact that Apple is SIM-locking these very expensive phones. This is not a free phone whose true cost price needs to be recouped by tying the customer to the offering carrier's network, so there's really no acceptable excuse for locking people into a single carrier like this. Thinking consumers like choice and Apple is all about taking that away.

OK, you can unofficially unlock the iPhone these days, but do you really want to be lining the coffers of a company that actively tries to prevent you from using the device that you purchased with your own hard-earned money in the way that you see fit?

Apparently, unlocking the iPhone is a risky business, too, as Apple states that future firmware upgrades may render unlocked devices inoperable. Nice. This could just be a ploy to scare people off, but either way, it seems to me that the interests of Apple are once again diametrically opposed to those of their customers.

One thing that I can't take away from the iPhone is that it is a great-looking gadget. A lot of people have spent a lot of time perfecting that UI. The screen is also razor-sharp and a pleasure to behold. With that comment, however, everything good about the iPhone has been stated.

Will any of this (significantly) injure sales? Of course not. Apple has managed to capture the imagination of a generation of technologically enabled fashion victims, who will happily purchase overpriced, inferior technology as long as it looks good. Apple is to the electronics industry what Rolex is to the world of wristwatches.

We can expect to see more pocket-sized monuments to form over functionality for as long as Apple's thoroughly undeserved customer loyalty endures. It certainly shows no sign of abating in the near future.

Meanwhile, if you want a phone that does just about everything (except fax) and you can afford the purchase, get an E90.

After 57 days without a working ADSL connection, Internet access has finally been restored by my ISP, XS4ALL; as of midnight on 3rd November, to be precise.

Our new ADSL modem kit (a Thomson Speedtouch 780WL(i) turned up on Thursday afternoon and was installed by me late Friday evening.

In stark contrast to every other aspect of the Herculean effort exerted to obtain DSL in the new home over the last 57 days, this final hurdle was leapt without incident and the DSL light on the modem illuminated unassumingly within a minute of connecting it to the phone line and powering the device on. Even the fact we have ISDN here, not an analogue phone line, didn't throw soot over the proceedings.

There should have been rumbling from the skies, quaking of the house and choirs of angels singing hosannas, but the simple anti-climactic fact of the matter is that the system just worked; and that's all I ever wanted.

So, it was with great gratitude that I moved all of our networked devices over to the new network and said goodbye to the mystery neighbour, through whose open WLAN all of our traffic had been routed over the last couple of months. Mystery neighbour, I salute you for your community spirit!

Did you know you can reboot and reinstall a car? That's what happened to ours today, when I took our trusty A6 Avant down to the Audi dealer to have its MMI (user interface to you and me) updated.

The car emerged two hours and a few CD downloads later, sporting version C6-HU 34.6.0 0647 of the MMI software (hitherto C6-HU 21.2.0 0534, in case you wondered). As if by magic, the car now also speaks Dutch (and a few other new languages, such as Portuguese and Russian) when instructing me how to get from A to B.

The navigation system now offers a 3D view, with the camera angle slightly tilted to give the impression of being somewhat elevated above the ground. Perhaps the software update has added other useful new features, but I didn't encounter them on the short drive home.

The new 3D view is nice, because the viewing angle compacts the field of view, which means one can see more of the surrounding area than when in 2D, even when the zoom is set identically, say at 400m.

It also works well with 'junction zoom', whereby the system zooms in ever closer as one approaches a junction at which a new manoeuvre is required, such as turning left or right.

The only thing I don't like about the 3D view is that most streets don't have their name displayed along them, which is the case at the same zoom level in the 2D view. It also seems impossible to obtain north orientation for the map (even though you can configure it for same), probably to avoid confusion or perhaps impractically sharp viewing angles when travelling east or west. Who knows?

Since Audi had a special offer going, I took the opportunity to avail myself of the latest Western Europe DVD for the sat-nav system, too, so perhaps the woman with the dulcet tones will now be less determined to send me via the perpetually languid Overtoom when I ask for directions to pretty much any destination inside the ring (A10).

Poland and Hungary have been added to the list of countries for which there are maps and guidance data, which could prove handy. Hungary would have been good to have a year ago, but at least we're now covered if we choose to return.

It's strange to witness a car being rebooted and reprogrammed, as I tend to still think of them as predominantly mechanical machines, but they've really been powerful computers on wheels for quite a long time now. Nevertheless, it still amuses me to think that a car can be improved and have features added by installing a new version of the software.

Similarly, it can have new bugs introduced in the same way, so I hope not too many of those have crept in.

I'm very pleased to have made the pleasant discovery today that Mozex is not dead. It had just lain in a coma for a while.

In case you don't know, Mozex is a Firefox plug-in that allows you to edit Web form textboxes in the comfort of your favourite editor, which in my case is Vim. This was more of a breakthrough in the days before Firefox 2.x, when a browser crash could signal the pre-publication loss of, for example, a long and detailed blog entry, meaning an hour's work down the drain.

Since Firefox 2.x, we've been treated to session recovery, which can also recover your draft textboxes, but Mozex can do a lot more besides. For example, you can choose to use an external program for viewing the source of HTML pages. Although Firefox's internal viewer is pretty good these days, it's nice to have advanced syntax highlighting and the ability to search within a page, using regular expressions.

I'd missed Mozex since upgrading to Firefox 2.0, but it's nice to know that it's now available once again.

For improved session management and more tab-related control than you imagined possible, I would also suggest installing the Tab Mix Plus plug-in.

The Free Software Foundation has launched its Play Ogg campaign for a "legally, ethically and technically superior audio alternative to the proprietary MP3 format".

Even though Ogg Vorbis truly is legally, ethically and technically superior to MP3, I doubt this will turn the market for downloadable music upside-down. The superior product often doesn't triumph.

V2000, anyone?

I mentioned the other day that I would like to see a Web controller for the Sonos music system to supplement the remote controller and the (to a non-Windows, non-Mac user) largely useless desktop controller software.

Well, it tuns out that an inventive user has done just that, and written a Web-based controller in Perl. It actually works as advertised, too, although it's not quite as functional as either the remote controller or the desktop controller. Still, I can now manage the Sonos from the comfort of my laptop, which -- let's face it -- is where I spend a lot of my time.

How it works is quite clever. You install it on any system that can run Perl, so I put it on our MythTV box. When run, it starts a Web server on port 8001. Pointing a browser at the server yields a menu that allows one to select a UI and various plug-ins. Once that is done, one can access most Sonos functions, including the all-important ones, such as selecting zones, playing music and altering the volume.

On the back-end, a UPnP control point listens for UPnP events and talks to the Sonos boxes. With my scant knowledge of UPnP, this has the appearance of happening rather magically.

I'd like to see Sonos take this piece of software and continue its development. There's clearly a need for a controller that one can manage from one's Web browser.

A few days ago, we had a Sonos system installed in our house. Six ZP100 ZonePlayers make for six so-called zones in the house, one per major room on each floor, and we have three CR100 controllers, one per floor, to control the music in that floor's two zones.

Each zone allows separate music to be played in that zone, meaning that we can have six different audio sources booming out around the house. In practice, we're unlikely to do this.

One nice feature of the system is the ability to link zones, so that the same music can be played, for example, in both the living-room and the sitting-room. Then, if someone else wants to use one of those two rooms, you just drop one of the zones from the link group. This means that you can add zone B to zone A, then drop zone A from the group, which effectively allows you to pass music sources between zones. Very clever.

The zone system is very sensibly implemented and it's therefore possible to control any zone in the house from any of the remote controllers. So, I can be in the living-room on the ground floor and turn on music in the guest room two floors higher up. The logical extension of this idea is setting alarms, so that music can be automatically be made to play in any zone at any time. Again, the simplicity of the software makes this child's play to configure.

After a session in the listening room of the hi-fi shop (where Sarah was close to vomiting and Eloïse was going mental to go home: not a terribly relaxing environment for listening and making well-informed decisions), we finally settled on a mixture of KEF, Bowers & Wilkins and Paradigm speakers for the house. The living-room has the KEF pillar speakers, whilst the sitting-room has B & W speakers hung in the corners. A REL Quake subwoofer completes the picture in the sitting-room.

The first floor rooms already contained built-in speakers, left behind by the previous owners, so we simply hooked up the two ZP100 ZonePlayers to those. We think they're B & W, but we're not sure. They sound pretty good; good enough for bedrooms, at any rate.

The second floor has the Paradigm pillar speakers in the guest-room. In the office, I simply hooked up the ZP100 up to the line-in socket on my computer's sound card, which plays through some fairly decent Klipsch speakers. Most of the time I'm in there, it's late at night and I have to listen on headphones, anyway. I may get better speakers for the office later on, if the need arises.

The ZP100 in the sitting-room is wired over Ethernet; the other five operate wirelessly over an AES-encrypted protocol on top of 802.11 (which Sonos calls Sonosnet). The single Ethernet-wired ZonePlayer is an installation and usage requirement, as it functions as an Ethernet bridge, allowing the other units to request and be assigned IP addresses over DHCP. The ZP100 units also conveniently feature a four port Ethernet switch on the back, which allows one to network other devices. Depending on whether the ZP100 unit in question is wired or wireless, it functions in this capacity as either an Ethernet or a wireless bridge.

The system is able to automatically check for new firmware versions and install them. It's also able to automatically refresh its list of Internet radio stations, which is great for having new stations added and updating the URLs of stations that move around. I really like systems that are able to perform self-maintenance in this way.

The whole system appears to works very well. After a few days of use, I have few complaints. The only ones that spring to mind are:

• Internet radio stations must support WMA or MP3 streams to be usable by the Sonos system. RealAudio streams, for example, don't work. By way of contrast, the MythMusic module of MythTV can do this.
• Only SMB network shares are supported for accessing one's music collection. Samba to the rescue.
• Whilst one can shuffle the play order of songs, there's no smart mode, whereby songs are picked pseudo-randomly, weighted according to the number of previous plays. Again, MythMusic has this feature and it's great for picking songs out of a hat, but with a bias towards the music that one prefers.
• All the features and functions of the remote controller are also available via the so-called desktop controller, which is a piece of software that runs under either Windows or MacOS X. This makes it very inconvenient for me to use and I would like to have seen a Web-based controller operating via the Ethernet-wired ZonePlayer.
• The person who installed the system had already flashed the various units to the latest version of the firmware at his workplace. Unfortunately, this required him to register the system using his own name and e-mail address. Surprisingly, after calling Sonos, it turns out to be impossible to later rectify this situation without performing a reset of the entire system to the factory default state. On the plus side, having everything registered in my own name doesn't actually appear to matter very much.

All in all, then, it's an impressive system with a lot of flexibility and it beats installing PCs all over the house.

As promised, I've been beavering away on the photos we took during our recent trip to the United Arab Emirates and Oman. Many deletions, rotations and captions later, the albums are finally available for your viewing pleasure.

The completion of this task now leaves me free to crack open and play with our new Canon EOS 400D SLR camera. The kit lens has been supplanted by an EF 24-105mm f/4 L IS USM lens, which will be our lens of choice for the vast majority of our shooting. Like our faithful old Minolta A2, it features an image stabiliser, which is great for us, as we almost never carry a tripod.

Our initial results with the camera today in the Vondelpark were pleasing, but we'll sorely miss the ability to voice-caption our photos. That feature really is unmissable for the itinerant traveller and I'm not sure how we'll cope without it.

This is our first SLR and we're now eager to delve deeper into the science and art of photography, so that we can obtain the results we know a camera like this is capable of. I'm always disappointed by our holiday photos, as almost all of them fail to capture the glory of the moment. Good photographers can achieve the opposite effect, namely that the photo makes the moment in question look better than it actually was.

Anyway, I'm pleased to have the latest holiday photos on-line and must say that I'm missing the region considerably since having returned. On the plus side, the last couple of days have seen glorious spring sunshine warming the city and encouraging us to make for the zoo and the Vondelpark, where lots of other people had obviously had the same idea.

I found out at the weekend that we're soon to be offered ten days of free viewing of the Film1 film and sport channels as a promotional stunt. Now, I have no interest in the sport channels, but there could be some good films on the film channels.

Unfortunately, during most of the ten day free period, we'll be in the UAE and Oman. So, how to ensure that we don't miss any good stuff?

Enter the latest version of tv_grab_nl_upc, 0.6.1, which is the grabber I wrote to feed my MythTV system with programme schedule data for UPC's digital television network. This new version is able to look up the IMDB viewer rating for each of the films that it finds. This rating is actually a very good indicator of the true quality of the film in question, as it reflects the opinion of real viewers and, usually, with sufficient quantity that a reliable average results.

The only thing that remains to do is produce a custom recording rule in MythTV; and here it is:

program.stars >= 0.75 AND MONTH(program.starttime) = 2
  AND DAYOFMONTH(program.starttime) >= 16 AND DAYOFMONTH(program.starttime) <= 25
  AND channel.callsign LIKE 'F1%

This says to record any programme that has a star rating equal to or higher than 0.75 (equivalent to a 7.5/10 rating on IMDB), when the start of the broadcast is in February, between the 16th and the 25th of the month, and the broadcast channel is any of the Film1 channels.

Using tv_grab_nl_upc and the above rule, we should have a few decent films to watch when we return from holiday.

Again, I find the above a great example of the power and flexibility of MythTV. No other PVR gives you this level of control.

Whilst in the US, I took receipt of the new laptop that I'd had sent to Sarah's folks' address. It's an IBM Thinkpad T60, following on from my last laptop, a T43.

I've been a Thinkpad user for the last seven years now. Before that, I had a Toshiba laptop from the company I was working for at the time. All of these laptops have had in common that they provide a Trackpoint as a pointing device. I tried to get to grips with a Touchpad a few years ago, but just couldn't adjust to it.

So, given my adeptness with the Trackpoint, it was natural to go looking for a machine that had one. I didn't want to have to learn new work practices unless they offered the suggestion of greater productivity (unlikely, since most of my time at the computer is spent thinking what I'm going to do next).

That left me looking at Thinkpads, plus selected models from Toshiba and Sony, since almost no-one else offers machines with Trackpoints. Everyone else offers only a Touchpad.

Try as I might, I couldn't seriously entertain the higher end Sony models that carry a Trackpoint. There's just too much proprietary hardware inside and it's doubtful whether most of it works or will ever work with Linux. I don't like to pay for things I can't use, so that alone was pretty much enough to rule out the Sony as an option. On top of that, however, there's the issue of poor battery performance and the question of machine reliability as a whole.

So, to the Toshibas. What can I say? They just didn't excite me and a friend warned me off them, even though the one I used eight years ago was a good machine. I saw no immediate advantage to them over a Thinkpad and, since I'm less familiar with them, there's the potential for nasty Linux-compatibility surprises.

I was then attracted to the Apple Macbook Pro, because of its beautiful 17" screen. However, some serious shortcomings immediately put me off:

• Very poor battery performance.
• Red-hot running temperature.
• No Trackpoint.
• A single button mouse.
• Not a true PC (for example, no BIOS, so no hibernation mode).
• No PCMCIA slot.

I'm not on the move with my laptop very much these days, so poor battery performance is something I could probably make do with.

Being able to use a laptop on top of my lap, however, is something very important to me. I principally use my laptop on the couch and I don't want to use one of those breakfast-in-bed style tray stands, so a tolerable running temperature is essential to me.

Similarly, the absence of a Trackpoint is almost insurmountable for me, but the one button mouse makes things even worse. Real mice have three buttons: no exceptions. Many X applications work well only with a three button mouse; even a two button mouse with third button emulation is a pain in the arse. A one button mouse means that one has to use keys in combination with mouse clicks to drive applications and what typist wants that? No, in spite of its reputation for having a great user interface, as far as I'm concerned, a Mac is and always has been an ergonomically handicapped machine.

So why consider a Macbook Pro at all?

Well, as I said before, the 17" LCD screen is stunning and I love the MagSafe power connector that jhttp://www.apple.com/macbookpro/design.html just pulls right out of the computer when tugged. That makes it highly babyproof and tripproof. Wrenched power connectors have ruined two otherwise good laptops that I've used in the past.

The fact that Thinkpads are poorly available in this country was probably the major factor in favour of the Macbook. I would have to order the T60 overseas, but I could have the Macbook by walking into a shop and purchasing it over the counter.

And so it came to pass that I actually did visit the Apple shop with a view to purchasing a 17" Macbook Pro. I had almost convinced myself I could learn to live with its many shortcomings, that I would learn new working habits and even purchase a lap stand in order to not bake my balls.

But in the end, as I was standing there in the shop, eyeing the thing, I just couldn't help but think to myself, 'What a pile of overpriced rubbish. What am I doing?' I just knew it wasn't the right decision and certainly not for that amount of money.

So, I biked home and ordered a T60 on-line a couple of days later, a considerably superior machine for around €400 less. Granted, it doesn't have the 17" screen, but the extra two inches just don't matter to me; not when you weigh up all of the other sacrifices I'd be making to get them.

I installed the system whilst in Providence and now have a dual-boot Fedora Core 5/Windows XP system. I didn't want to bugger around with fiddly Linux tools for the partitioning (for one thing, the copy of XP that comes with the laptop has no installation media -- the installation files are in their own partition on the hard drive, so a slip-up can be fatal), so I went against the grain and purchased Acronis' Disk Director Suite for Windows XP by electronic download. It's actually a very nice piece of software. I had tried the free trial version first, but it wouldn't commit the changes I had made, so I was forced to purchase it.

The machine I've bought has a scaleable 2.33 Ghz Core Duo T2700 CPU, 100 Gb 7200 RPM SATA-150 hard drive, built-in 802.11a/b/g WiFi card, a DVD-RW drive, 2 Gb RAM and a 9 cell battery. Those are the configurable options that can be purchased to suit one's own needs. Non-configurable options include Bluetooth, a fingerprint scanner, ATI Radeon X1400 graphics, Analog Devices sound and Intel gigabit Ethernet.

Most importantly, there's a Trackpoint, but even the Touchpad is useful, as the Synaptics driver allows circular-scrolling, which is even better than Apple's two-finger scroll.

Most things were easy to get working and are supported directly by FC5. Ease of configuration was greatly helped by Joshua David Starmer's excellent T60 installation guide and the equally excellent ThinkWiki wiki.

Components that needed some effort were:

• Hardware accelleration of the ATI Radeon graphics chip.
• The ipw3945 802.11a/b/g card.
• The fingerprint scanner.

Of all of those, the fingerprint scanner was the only truly awkward thing to get running properly.

To get this device working at all, one must install UPEK's TouchChip TFM/ESS FingerPrint BSP (Biometric Service Provider). One also needs the BioAPI libraries, plus pam-bioapi in order to interface with PAM, Linux's authentication framework. These latter two packages appear to be poorly if at all maintained at the moment.

Anyway, once all of those are compiled and installed, one can mess around with the PAM configuration files and require use of the fingerprint scanner for authentication. I soon had su and sudo working, plus gdm for logging in to X. Log-in at a virtual console also works as expected and the net result is quite impressive when you're not used to it.

gnome-screensaver was another matter, however. The fact it doesn't run as root is problematic, so I had to download a newer version with code to work around the issue (at least 2.15.3), sort out the dependencies and compile it. That eventually worked, but then I noticed that gnome-screensaver would no longer scan fingerprints after the laptop had resumed from a suspension. To fix that, I found I needed to add the following udev rule:

BUS=="usb", DRIVER=="usb", SYSFS{product}=="Biometric Coprocessor", GROUP="bioapi", SYMLINK="misc/fingerprint", RUN+="/bin/sh -c 'chown ianmacd /proc/$RESULT /dev/$RESULT'"

This ensures that ownership of the USB device corresponding with the fingerprint scanner is always set to me. It's a hack, because it works only for the user ianmacd (me), but since I'm the only user of this system, I can live with a non-universal solution. Now gnome-screensaver consistently works, save for a minor display issue that I can't get too worked up about.

I'm exceptionally happy with this new laptop and expect years of faithful service from it. I just wish Thinkpads were essier to obtain in this country. They do exist, but the dealers have a very poor selection and the prices are just plain silly. Luckily for me, I had a trip to the US coming up, so I was able to order one ahead of time and pick it up when I got there.

Having just about finished configuring our home-brew PVR/DVR, I was, of course, interested to see an announcement from UPC that they will soon be offering their own PVR/set-top box in one.

On the face of it, this might be reason to groan about the amount of time, money and energy I've invested in our <