Archive for November, 2010

Xperia X10i

November 26th, 2010

In January this year, I decided that my old pink phone would no longer cut the mustard. I’d had it for over 15 months, since I’d stupidly smashed my o2 XDA device 1 month into an 18 month contract. Here’s to the stupidity of not buying insurance.

Well, I decided to go with the Xperia as it seemed to have the best hardware. I fancied an Android phone, as I quite liked the possibility of developing an app on it, and as I did not have any apple hardware (my iTouch was unfortunately stolen whilst abroad) – getting an environment setup where I could develop for iOS would have been prohibitively expensive.

After purchasing the phone, I was massively impressed. It looked great, had a very clear screen, and integrated very well with my Google account. Perfect for backing up contacts and calendar appointments. I was massively impressed with the syncronisation between the google servers and the phone – even when in low bandwidth areas. All I have to do is add a contact to my phone, and it appears in my Google contacts online. Yes, this is how tech should work.

However, there was one major bugbear – battery life. Whilst I’d been used to 3+ days between charging using my older SE phone and the iTouch, this Xperia X10 was lucky to get 10 hours. My flatmate told me I should have left it on a 36 hour charge when I bought it, and therefore the blame was left at my door. Thinking him right, I decided not to pursue the issue with SE, but just let it annoy me quietly.

Whilst cycling across the peak district in September, a disaster befell me. After taking a nice pub lunch as a break from a 36 mile cycle, I dropped my phone onto the concrete car park whilst unlocking my bike. It landed right on the corner and left the screen smashed, but usable. It took me about ten minutes to remember that this time I had bought insurance, so spent the day quite pleased with myself; also pleased that the new phone would get the 36 hour trickle charge it deserved.

When the new phone arrived I decided to do it properly. I read through the manuals, had it delivered to work, and left it on charge for the 36 hours required, as to avoid the poor battery life from the previous phone. Suffice to say, that only three days later the battery life seemed to reflect that of the old device. Ok, maybe it was a little bit better, but that may have been down to me not installing so many applications onto the phone – an attempt to improve battery life in anyway possible.

When the announcement that the Xperia was going to receive an upgrade from 1.6 to 2.1 I was pretty pleased, as one of the core ‘improvements’ was meant to be to battery life. Despite the delays, when I finally got my hands on 2.1, battery life was about 10-15% better.. but 10-15% of 10 hours was not significant enough to be usable. If I went to work, and headed out straight from work, I could consider myself ‘phoneless’ from about 7pm.

On Sunday night this week, I lay in bed playing ‘Angry Birds’ – what every ‘cool’ 24 year old bloke does these days I believe. When I got stuck on level 3-7. It really wound me up, so I quit the game and had a look on the android market for alternatives. Not being one to look in the right place, I found myself browsing the ‘top free apps’ rather than top free games, when I noticed z4root. It claimed to be a way to root your phone using a single click. Tired, and fed up, I decided to do it.

The phone went black.

5 minutes later the phone came back up, and it appeared as it was before. I was thankful nothing had broken, and with an early start the next morning, I set my alarm and went to sleep.

At work on the Monday, I decided to take a browse on the net at lunch to find out what the benefits of a rooted phone were. I still didn’t quite believe that I had actually got it rooted, but was interested all the same. I found the following article which claimed to speed up the phone by removing timescape. So I did.

Thinking nothing of it after the 20 minutes or so it took me, I didn’t believe I’d seen a massive speedboost on the phone. The second thread talked about it just being a placebo, so I was quite sceptical of whether or not it had actually helped the speed. Needless to say I installed a couple more apps (QuickBoot), attempting installing OpenVPN and failed, and also failed with Barnacle WiFi tethering.

The next day I came into work, had a pretty hectic day, and didn’t manage to look at my phone until about 3pm. I’d left the house at 7am, unplugging the phone at 6.50am at the latest, and at 3pm, with 8 hours I had only used 8% of my battery. I was so chuffed that I posted the following to twitpic:






Incredible!


So there you have it, I didn’t want to root my phone, and ended up doing it by accident. But if what you get is a phone with a battery life that far exceeds expectation – then it’s worth it surely. Hopefully SonyEricsson will see the light and remove their apps to make the phone work better. Either than or I’m going to have to switch back to a phone with fewer ‘features’ and a better battery life. Simples.

PCI DSS

November 18th, 2010

Over the past three years, I’ve been gaining plenty of experience in managing Gnu/Linux systems. One of the most interesting projects I’ve worked on over the last three years has been the PCI DSS requirement set for companies holding credit card data.

When I first came across these PCI requirements, I was still very much ‘wet behind the ears’ and ended up having a fairly backseat role in the System Design and implementation. However, we successfully went live with the systems, and since then it was pretty much left to me and a couple of others to keep the systems running smoothly.

Since getting back from India, over 50% of my time has been spent working with a larger team on PCI compliance. The hardest thing about making a previously non-compliant business into a compliant business isn’t just about technical details, but making sure all the processes and procedures are effectively audited to make sure that none of them break compliance. For a medium sized organisation this takes effort, and kudos must go to the people in the organisation for allowing previously valid methods to be scrutinised and broken; all in the name of compliance.

The best thing about the PCI compliance though, was that we’ve been able to achieve it using 100% open source software. At time I’ve been tempted to suggest that maybe our efforts are best placed in getting some commercial software that can do the management of our logging, can do our alerting and reporting, and make sure that our time isn’t spent doing that. However, in relying on a third party service, we realised that would just make us complacent. If we were to manage the systems, we needed to know every bit, thus we came up with a solution together.

It’s been awesome working on this for the last 11 months. We’ve had our highs and lows (as any team has), but we’ve also been able to deliver a pretty stable system. We’ve got a LogViewer setup (which I wrote in django – probably going to be another post later on), our IDS and Application Firewall, and Nagios and Munin for spotting trends in our growth and alerting us to any problems with the systems.

The biggest bonus though, is that we have a team that are 100% committed to success. It’s something that you can’t buy. When I’ve fallen short, they’ve been there to stand in ad finish off a job, and we’ve got a real good camradarie. It’s got so good that we’re even writing each others documentation!

So I’d just like to post a public Thank you! The guys know who they are and I look forward to continuing my work with them for the foreseeable future.

Comodo SSL + Zimbra

November 15th, 2010

I recently had to install a Comodo SSL certificate onto a Zimbra Server. Unfortunately, if you already have a certificate there is no simple way of installing a SSL certificate that you’ve already purchased, hence the need for these instructions.

When you purchase a SSL cert from Comodo, you’ll end up with three files:

  • $hostname.crt = your cert file
  • $hostname.ca-bundle = the bundle file
  • $hostname.key (the key you produced and used to create the Signing Request).
  • Once you have these three files, copy the first to to your /tmp directory, and copy the key file to:

    /opt/zimbra/ssl/zimbra/commercial/commercial.key

    Once you’ve done that, you need to download an extra couple of certs from Comodo, depending on when you purchased your certificate. I used the pre-March 2009 version, from here Comodo Downloads.

    Once you’ve downloaded them, add them to the end of your ca-bundle file.

    With that done, as root, run

    /opt/zimbra/bin/zmcertmgr verifycrtchain comm /tmp/$hostname.crt /tmp/$hostname.ca-bundle 

    Providing that doesn’t error out, then you’re good to deploy.

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/$hostname.crt /tmp/$hostname.ca-bundle

    Switch to the Zimbra user:

    su - zimbra

    Then restart all zimbra services:

    zmcontrol restart

    Your new certificates are now installed!