Ownership of Laptops for Work

September 4, 2009 | etbe

Jetstar has announced some new changes to the way they manage their IT infrastructure [1]. Some parts of it are obvious things that people have been doing (or wanting to do) for a long time – such as using thin clients with no moving parts (not even cooling fans).

But the really interesting part is their plan for managing laptops. They are using a virtual machine image on a flash storage device that can run on any system. So deploying a new system will only require installing the virtual machine software and inserting a storage device. Moving a user’s environment to a different system (EG due to hardware failure) will merely require inserting the storage device in a new system.

That raises the issue of ownership of the device. It seems that Jetstar are considering using systems that are owned by employees, Stephen Tame said “In two years’ time a laptop should be a condition of employment, and this includes bringing your own laptop“. When introducing that I expect there would be some resistance by employees who don’t want to spend the money. However
I have previously estimated the costs of running a car [2] which works out to more than $1,650 per year for insurance, registration, basic maintenance, and the interest that would have been received if the car had not been purchased and the money had been invested. Laptops can be purchased for significantly less than $1000 (currently the EeePC 701 is on sale for $219) and can be expected to last for three years or more if you are careful to avoid damage and don’t run demanding software. So a job that demands ownership of a laptop is asking for a much smaller financial investment than one which demands ownership of a car. But I expect that many employees won’t see it that way.

The up-side for employees to bring their own laptops is that they can choose a model that suits their preference. Everyone has preferences regarding the size of keys on a keyboard, the distance that they travel and the pressure required to register a key-press. For desktop machines it’s easy to swap keyboards but for laptops there is no such option. Then there’s the issue of the trade-off between physical size and weight vs display resolution, personal preferences in this regard will depend to some extent on the body mass and strength of the employee.

Now there are a number of security issues related to personal laptop use. Obviously if the laptop has a Trojan-horse program installed then it could sniff any data that goes past on the network. The most trivial case of this could be addressed by running VPN software inside the emulated environment. This would force a Trojan to compromise the virtual environment (EG by modifying the address space) or to compromise the files on disk (insert a Trojan inside the filesystem for the virtual environment). The former would be tricky to get right while the latter would be trivial. Both attack methods have been used in the past and proven to work. This is why many companies prohibit their employees from connecting their own systems to the corporate network.

One example of a system that is based around running virtual machines for all desktop operations is the NSA NetTop project [3]. NetTop involves a SE Linux system that runs multiple instances of VMWare for different desktop environments. Each VMWare instance runs at a particular sensitivity level and uses a VPN connection to a back-end network running at the same level. The aim of NetTop is to prevent applications in the different VMWare instances from communicating with each other. The significant difference between a typical NetTop installation and what JetStar might be doing is that NetTop runs on a secure base – it’s hardware that has been purchased and installed by a military organisation and is run in a secure facility. While personal laptops that are owned by employees can be expected to be infected with viruses and Trojan-horse programs.

In the past I have suggested that an employment package for any skilled employee should include some budget for buying things that facilitate the work [4]. It seems to me that a company like JetStar could best achieve their goals by assigning a budget to each new employee to buy a machine for their use. The employee then gets to choose a machine up to that budget – which would only be for work purposes. Then when the employee leaves or the machine becomes due for replacement it could be sold at auction. When considering all the costs involved in hiring a new person, spending something less than $1,000 to buy a laptop is nothing.

Finally if buying machines for work purposes, you really don’t want employees using them for surfing porn. Porn sites tend to be particularly bad for malware distribution. To reduce the incidence of such problems I think that work machines should have their sound hardware disabled and laptops should not be purchased with overly large displays. There is no need to make work machines totally unsuitable for porn surfing (which would also make them less effective for work), but making them less suitable than a $500 budget PC should dramatically reduce the scope of the problem.

Healthcare and Free Software

September 2, 2009 | etbe

The Washington Monthly has an interesting article about healthcare and Free Software [1]. It seems that a free system named “VistA” from the US Veterans Affairs department (not to be confused with the unpopular OS “Vista” that Microsoft released a few years ago) is competing against a range of proprietary software for managing patient data.

VistA has apparently performed very well, it’s cheap and easy to install, the data can be shared with other programs, and it was largely written by doctors and nurses so it’s optimised to their needs. It has been proven that VistA has saved many lives through better management of medicines and through permitting statistical analysis of the results of various treatments. It has also allowed medical staff to work more quickly which reduces waiting times and medical expenses.

But as you would expect in the US, whenever there is a way of saving lives while also saving money there are companies lobbying for the opportunity to make money while allowing innocent people to die. Of course there are established medical companies who are doing this now and have been doing so for some time.

But the latest news is that Microsoft, Intel, Cisco, and Allscripts, are sponsoring the Electronic Health Record Stimulus Tour – an aggressive measure to railroad doctors into buying proprietary software now.

MS is known for totally ignoring the law when it gives them an opportunity to gain market share, but this is a new low. What will MS do next? Sell drugs to children?

[1] http://www.washingtonmonthly.com/features/2009/0907.longman.html

The Streisand Effect and Chinese Barratry

September 1, 2009 | etbe

Bruce Everiss has received two threatening letters from a NSW law firm representing the Chinese game company Evony. Here is the latest where they whinge about his publication of their first letter [1] (NB if threaten to sue a blogger you have to expect your letter to be published, it’s not discourteous it’s just the way things work). Here is the first letter from the law firm [2] – Bruce has illustrated the post with one of the advertising pictures that Evony uses (apparently ripped from a lingerie catalog).

I’ve seen some of the Evony adverts on my blog, the ones with a provocatively dressed woman (lingerie advert?) and the title “Come Play, my Lord“.

Ken has an amusing and insightful post on the issue [3] – which also makes some amusing jokes about the Australian legal system.

Bruce’s blog has some good insights into the gaming industry and culture, I’ve added his blog to my feed.

It seems that Bruce will gain a lot of readers due to these legal threats, while Evony seems unlikely to gain anything other than bad PR.

Free K-12 Text Books

August 29, 2009 | etbe

The CK12 project is developing free (CC by SA) textbooks for the K-12 market (with a current focus on the early years of high school) [1]. Their primary aim seems to be flex-books – text books that can be localised and modified to better suit the needs of the students. But of course there are many other benefits, according to my best estimates storing text books on an ebook reader or one of the lighter NetBooks is necessary to avoid childhooh back injuries [2].

Another major benefit of flexible text books is the possibility of teaching a wider range of subjects. A subject does not need the level of interest that is required to get a publishing contract (which generally means acceptance by the education department of a state) to have a text book. Independent schools and home-schoolers can select subjects that are not in the mainstream curriculum.

The information for potential authors of text books is here (they didn’t make it particularly easy to find) [3].

One thing I would like to see is a text book about computer security. I really don’t think that this would be an overly difficult subject for an 11yo who is interested in computers. When I was 11 I read a text book on nuclear physics in the form of a comic book, I don’t think that computer security is inherently more difficult or harder to teach than nuclear physics. Naturally full coverage would require several texts aimed at different ages. But that’s possible too. It would probably be easiest to start with an age of ~16. Also as computer security is a subject that is both difficult at one end of the scale and essential at the other it would be necessary to have A and B streams (as is done with maths in the Australian education system).

Please leave a comment if you are interested in participating in the development of computer security related text books. Incidentally it would be good to get a contributor who has had experience in teaching teenagers even if they don’t have any knowledge of computer security – I don’t expect to find someone with good technical skills and teaching experience.

NBD and PXE Booting on Debian

August 23, 2009 | etbe

I have a Xen server that I use for testing which is fairly lightly loaded. I considered making it diskless to save some electricity use (which also means heat dissipation in summer) and also some noise.

The first step is to setup a PXE server. This is reasonably well documented in the Debian Administration article on setting up PXE [1]. Basically the DHCP configuration needs to include the line “filename “pxelinux.0”;” to tell the workstation the name of the file to download. This file is downloaded from a TFTP server, so you need to install one (I chose the tftpd-hpa package). The pxelinux.0 is provided by the syslinux-common package, I believe that the Debian Administration article errs in not mentioning this fact, they recommend using wget to download it which means that there is no verification of the file contents.

It appears that the way PXE works is that you are expected to have a directory named pxelinux.cfg under the root of the TFTP tree which then contains PXE configuration files. The Debian Administration article gives an example of using a file named default but you can also name a file for the MAC address of the workstation, a number which appears to be a GUUID for the workstation, and the IP address in hexadecimal (if that doesn’t exist then it will be truncated one nibble at a time, so 10.10.10.100 will result in searches for 0A0A0A64, 0A0A0A6, … 0). That’s what my HP test machine does.

The Debian Administration article shows how to configure PXE for installing Debian. But I wasn’t interested in that, I wanted to convert a system that is running as a regular workstation to be diskless. The first step in doing this is to install the nbd-client package which results in rebuilding the initrd to have support for diskless operation. Then you have to install the nbd-server package on the file server. The documentation for this package suggests that it is designed to serve regular files as block devices, but it appears to work OK with LVM devices. Adding an export section such as the following to /etc/nbd-server/config causes an LV to be exported via NBD:

[export]
exportname = /dev/vg0/workstation0
port = 12345
authfile = /etc/nbd-server/allow
listenaddr = 192.168.0.1

Then it’s just a matter of copying the filesystem from the hard drive to the LV that is used for NBD. I piped tar through ssh to copy the root filesystem of a running system. But I could have copied the block device or used debootstrap to create a new image from scratch.

NBD has an interesting design in that it exports block devices (which can be backed by files or real block devices) to a particular set of IP addresses and uses a particular TCP port for the export. So if you have two NFS exports from one server you might have 192.168.0.1:/home and 192.168.0.1:/data as exports but if you have two NBD devices you might have 192.168.0.1,12345 and 192.168.0.1,12346. This could be considered to be very sensible or utterly wrong.

The final thing to do is to setup a PXE configuration file. I put the following in a file named pxelinux.cfg/default, if I was going to deploy this seriously I would replace default with the IP address of the system.

DEFAULT lenny_i386

LABEL lenny_i386
kernel lenny/vmlinuz-2.6.26-2-686
append selinux=1 nbdroot=192.168.0.1,12345 initrd=lenny/initrd.img-2.6.26-2-686 root=/dev/nbd0 ip=dhcp --

The only things I needed to change in the image that I’m booting after transferring it from the hard drive is /etc/fstab and the network configuration /etc/network/interfaces – obviously if the network start scripts change the IP address of the workstation and thus make the root filesystem unavailable then things will break.

Wouter has some more background information on this [2]. He recommends using partitioned NBDs, that’s a matter of opinion, if I was going to use this in production I would use two NBDs, one for the root filesystem and another for LVM which would be used for everything else. I really like to be able to create snapshots and to change the size of LVs at run-time.
The down-side of LVM is that it can be really inconvenient to access LVM volumes when not running the machine that owns them – there is no support for using an LV as a PV (IE nested LVM) or for having two VGs with the same name running on the same machine.

Wouter also seems to be planning to write Debian Installer support for using NBD as a target. This would be a nice feature.

Now the next thing is to use Xen. Xen makes it a little more exciting because instead of having two essential files to be loaded (the kernel and the initrd/initramfs) you have three (the Xen kernel plus the other two). So we need to chain to a different boot loader. The Gentoo Wiki has good information on installing this [3].

The summary is that you need to chain the mboot.c32 loader from PXE which is then used to load the Xen kernel, the Linux kernel, and the initrd. Below is an example that I attempted. This loaded the correct files, booted Xen, and then hung. I didn’t investigate the cause.

DEFAULT mboot.c32 xen-3.2-1-i386.gz dom0_mem=258048 --- lenny/vmlinuz-2.6.26-2-xen-686 ro xencons=tty console=tty0 selinux=1 root=/dev/nbd0 ip=dhcp nbdroot=192.168.0.1,12345 --- lenny/initrd.img-2.6.26-2-xen-686

The configuration for mboot.c32 is particularly ugly. I think it would be better to have a replacement PXE loader which includes the mboot support.

I ended up deciding not to use NBD for the machine in question, the process of upgrading kernels (which is not uncommon on a test machine) would be made more difficult by the process of copying them to the tftp server, I guess I could write a script to rsync them. I had a problem with the system shutdown scripts killing the nbd-client process and hanging the system, I guess I could patch the shutdown scripts to ignore certain processes (this would be a good feature) or I could use SE Linux policy to prevent nbd-client from being killed by any domain other than sysadm_t. But generally it seemed to be more effort than saving 7W of power is worth.

Mail Server Security

August 20, 2009 | etbe

I predict that over the course of the next 10 years there will be more security problems discovered in Sendmail than in Postfix and Qmail combined. I predict that the Sendmail problems will be greater in number and severity.

I also predict that today’s versions of Postfix and Qmail will still be usable in 10 years time, there will be no remote security problems discovered other than DoS attacks.

I’ve been having arguments about MTA security with Sendmail fans for over 10 years. I would appreciate it if the Sendmail fans would publish their own predictions, then we can wait 10 years and see who is more accurate.

I don’t recommend using Qmail (Postfix is what I use). But I think he wrote code that is unlikely to be exploited.

The Lack of Browser Security

August 18, 2009 | etbe

For a long time the use of HTTP cookies [1] for tracking the web browsing habits of users has been well known. But I am not aware of any good solution to the problem. A large part of the problem is the needless use of cookies, it seems that many blog servers use cookies even though they provide no benefit to the user. A major culprit in this regard is the Google Analytics service which sets a cookie with a two year expiry time when you first visit a web site. The CustomizeGoogle.com Firefox plugin allows you to block the Google Analytics cookies [2] and much more.

It’s unfortunate that Firefox/Iceweasel seems to lack the cookie management functions of Konqueror. Konqueror (the KDE web browser) can be configured to prompt the user for the appropriate action when a cookie is offered, the options include once-only accept or reject and permanent accept or reject status for the site in question. Of course even this has some issues, when a web site is on the “permanently block cookies” list it is one that has obviously been viewed intensively on at least one occasion (IE many page views) or viewed on multiple occasions, in some situations this may be a fact that the user does not want revealed. An option to store a list of the hashes of the names of web sites which should be blocked would be useful. It’s also unfortunate that Konqueror (like most browsers) is unable to use Firefox plugins, so given a choice between Konqueror and Firefox I’m always going to lose some features.

Update: Andrew Pollock points out that Firefox does allow you to control when cookies are accepted [5]. It’s listed as “Keep Until” with the value of “ask me every time“.

The next issue relates to the storage of cookies. It is a good security feature to have certain types of cookie expire after some period of time. Unfortunately the expiry process requires that the user run the web browser in question. So if for example my browser preferences were to change then I would probably end up with the cookies from the old browser remaining in my home directory for years after their planned expiry date. My home directory has the untouched configuration and data files of many programs that I have not used for four years or more. I’m not sure whether any of them include cookies from web browsers (I have used many web browsers over the years).

I think that the best solution to this problem would be to have a common directory such as ~/.session-state which has files with an MTIME indicating when they should expire. A program that wants to store such session data could create a subdirectory such as ~/.session-state/Firefox and then use one file per cookie under that directory. Then the user could have a cron job which deletes all session state files that are older than the current date. Such a cron job would not need to know anything about the actual data in the files, it would just delete the files that are out of date. The exact format of the files would be determined by the application, so if there were thousands of cookies (which would lead to a performance problem on some systems if one file was used for each) then there could be one file for each week (if deleting the old cookies as much as 6 days too late is a serious problem then you are probably going to suffer anyway). Such a state directory could be used for any data which has a fixed expiry time, it would not need to be limited to cookies.

This would be a minor misuse of the mtime field, but it’s the most reliable way of implementing this and making it difficult to mess it up (in terms of exposing private data). Note that the MTIME would not have to be the sole source of such data, an application such as Firefox could reset the MTIMEs on the files to values it considers appropriate (based on file name, file contents, or some metadata stored elsewhere). It is expected that certain backup/restore operations among other things can result in the timestamp data on files being lost.

Now cookies are not the extent of the problem. It seems that Macromedia/Adobe have some similar functionality in the Flash player [3], but the insidious thing is that Flash cookies are used to respawn HTTP cookies if the user deletes them! After reading about that I discovered some Flash cookies that were stored on my laptop since 2005 (which was probably the last time I ran Flash). It seems that if you desire security you need to first avoid software from companies that are at best disinterested and sometimes seem overtly hostile towards the privacy needs of users – this is why I haven’t used Flash on machines that matter to me for many years. If I had a lot of spare time I would help out with the GNASH project.

One thing I have been considering is to change my browsing habits to use a different account for untrusted content. The switch user functionality that has been in most Linux distributions for a few years seems to have the potential to alleviate this. I am considering setting up a system to allow me to ssh to a guest account to open a web browser window. Then I can switch to the X desktop that has untrusted web sites open and read them. It would be nice if I could extend a web browser to add an extra entry to the menu that is displayed when the secondary mouse button is pressed on a link, then I could make that run a script to launch the URL in a new window. I could also use that when I’m at home to launch the URL on a different system.

One thing that I have to do is to get XGuest (the SE Linux Kiosk Mode) [4] running in Debian. It’s been in Fedora since version 8. With the XGuest used for untrusted browsing nothing gets stored.

This is not the extent of security issues related to web browsing. It’s just a small set of issues that need to be fixed, we have to start somewhere.

Child Abuse and Censorship

August 16, 2009 | etbe

In Australia we are currently in the middle of a long drawn out saga about Internet censorship [1]. In summary we have fundamentalist Christians wanting to prevent anyone from accessing X rated material, many clueless people wanting to “protect the children“, and most members of parliament totally ignoring the advice that is offered by everyone who knows anything about the Internet.

There is an ongoing trend world-wide to create new laws related to the Internet which are entirely disconnected from any rational idea of how to enforce them. Such laws also tend to be radically different from laws related to older forms of communication (telephone, the postal service, etc).

I think that anyone who wants to advocate a new law related to the Internet should first consider similar laws related to other methods of communication, the laws for old and new forms of communication should be roughly synchronised. For example any material that can be sent by the government postal service should be permitted to be sent via email. So if something is to be banned from transmission via email then it should be banned from the government postal service, if email is to be searched then the postal service should be searched too.

Now if we are going to have new laws compelling the censorship of all web browsing in the name of preventing child abuse then we should also consider censoring older forms of broadcast media and determine which achieves the greatest good with the minimal expense. It has been claimed that the Australian Federal Police Online Child Sexual Exploitation Team has had their budget cut at the same time as budget was being allocated towards censoring the Internet – this leads me to believe that spending money on censorship involves taking money away from the police work of investigating and prosecuting people who abuse children.

A current ongoing drama in Australian politics involves the abuse of a child on a live radio show [2]. A 14 year old girl was strapped to a faux lie detector and asked questions about sex. Here is a relevant quote from an article in The Age:

She revealed she had been raped when aged 12. When her mother asked in the broadcast whether she was sexually active, the girl replied: â€˜â€˜Iâ€™ve already told you the story about this â€¦ and donâ€™t look at me and smile, because itâ€™s not funny.â€™â€™
When the girl said she had been raped, Sandilands responded by saying: â€˜â€˜Right, is that the only experience youâ€™ve had?â€™â€™

Here is a second quote from the same article:

A group of 15 high-profile psychologists, academics and child advocates wrote to The Age calling for the show to be axed, suggesting it had been the venue for child abuse and a gross violation of human rights.

Currently most of the discussion about this incident is focussed on the actions of Kyle Sandilands [3] and Jackie O [4]. But it seems to me that the majority of the blame should fall on the management of 2Day FM [5] for creating an environment where child abuse is going to happen. Radio stations have the technology to quickly switch from any content which fails to meet their guidelines, all it would take is a push of a button to switch to music or advertising. Any decent people in the management would realise that a segment which is based around coercing an underage girl to talk about sex is destined to get a bad result and therefore shouldn’t be approved.

It is very difficult (almost impossible) to implement censorship of the Internet. But it is very easy to control radio broadcasts. If the government is serious about blocking broadcast of material related to child abuse then the best thing that they could do implement a new law specifying that the radio frequency allocation will be removed from any TV or radio station that abuses children. That would be a major incentive for broadcasters to do the right thing, it would be simple to implement and cheap to enforce – and not require taking any more budget from the AFP!

As a final note, in Australia we do have a justice system. So while it would be fun to just pull the plug on 2Day FM without any advance notice the right thing to do is to have a trial first. Unlike the proposed laws for filtering the Internet which don’t even allow anyone to know which sites are to be filtered.

Water Dogs – Good for Uplift?

August 10, 2009 | etbe

Update: I am now convinced that the Aquatic Ape theory is wrong [0]. So much of this post is irrelevant. But I still believe that we should be uplifting animals.

Elaine Morgan gave an interesting TED talk about human evolution and the theory that our ancestors lived in the water [1]. The aquatic ape theory explains why humans are the only primates that have almost no body hair and why we can consciously control our breathing (which is essential for speech and which is apparently rare among land mammals).

So it seems that when (not if) we start a program of uplifting animals to the same status as humans a good starting point would be animals with an aquatic history. So we want animals that are friendly towards humans, reasonably intelligent, and which can be trained. Animals that can work well on dry land would be most convenient as are animals that can be owned domestically, so dolphins are not good candidates.

There are a number of dog breeds that have been specifically bred for operation in water [2]. This includes dogs bred for assisting fishermen (such as the Spanish Water Dog) [3] and for hunting in marshes (the majority of Water Dogs [2]). Even dogs that have not been bred for aquatic work can be very expressive in their barks (as I’m sure every dog owner has observed), so an aquatic dog should have the potential for greater speech.

So it seems to me that the Norwegian Puffin Dog offers great benefits for dexterity [4] which combined with slightly more speech potential from some water dogs should give a good start to the breeding program.

CNN has an interesting article on the intelligence of dog breeds [5]. It seems that the top 5 are:

Border collies
Poodles
German shepherds
Golden retrievers
Doberman pinchers

The Poodle being a water dog and the second most intelligent breed of dog seems to have some good characteristics for uplift, so a Poodle/Puffin-dog cross should do well.

Recently I have been reading Michael Anissimov’s blog at AcceleratingFuture.com which concerns Transhumanism, AI, nanotechnology, and extinction risk [6]. A large part of Michael’s blogging concerns the development of Friendly Artificial Intelligence (FAI) [7], this is a type of AI that would not destroy us by accident or malice if it gains the ability to self-improve at a rapid rate (and therefore vastly exceed human capabilities in a small amount of time). It seems to me that if we can uplift dogs to a level equivalent to humans and have them still like us then we will have achieved a significant step towards developing general non-human intelligences that are sympathetic to us.

How to Choose a NetBook

August 8, 2009 | etbe

I’ve previously written some suggestions for people choosing a portable computer [1]. Basically it’s about how to start by choosing the correct type of portable computer – if you don’t know whether you want a NetBook or a Laptop then you are really lost.

Now there are a range of NetBook type devices which vary greatly in size, weight, price, screen resolution, and keyboard quality.

Probably the first thing to consider is whether a NetBook will be your only portable PC, or even your only PC. I have an EeePC 701 and a Thinkpad T41p (old, but still more than adequate for my needs). When I’m at home I have a server that I use for compiling and other heavy tasks. So while my Thinkpad is old and I wouldn’t consider using it for all my work, as I have a server to use I find that I don’t need anything better. My EeePC is small and under-powered for even medium size compiles, but for most other tasks works quite well. The low screen resolution is annoying as is the tiny keyboard (which prevents me from touch-typing). But my plan is to spend much more time carrying my EeePC in case of emergencies than I will ever spend using it – so saving size and weight is more important than having a more capable computer.

If I had no laptop then I would have chosen a more powerful NetBook (such as an EeePC 900 or 901 – I bought my EeePC when it was outdated). If I had no server then I would have bought a more powerful laptop a while ago (at least something that can run Xen and KVM).

Now in terms of specific features, the first thing to consider when choosing a laptop or NetBook is whether you can touch-type. If you can then having a keyboard that permits it is a major feature. Which then drives the decision of whether your NetBook use will be intensive enough that touch-typing is required (my use of my EeePC does not require touch-typing – I’m annoyed every time I type on it but I deal with it). Of course I do have the option of using a USB keyboard.

When considering reviews of NetBook keyboards one issue that seems relevant is the size of your hands. If the reviewer has fingers that are significantly thinner or fatter than yours then the review of the keyboard may not be relevant to you. I suggest always testing a keyboard before making a purchase decision on a portable computer.

The screen resolution on NetBooks is a significant issue. For most tasks my EeePC 701 is adequate (not great) but there are some programs that require higher resolution, among other things this rules out playing most games (of course the slow CPU also rules out many games). Note that if you hold down the ALT key you can click on the middle of a window and drag it around, so you can work with windows that are larger than your screen (this is essential for programs that have large dialog boxes).

The low resolution of the screen on my EeePC means that there is little space for a task-bar or for windows to be tiled. So while I can comfortably work with 10 windows on one desktop on my 1400*1050 resolution Thinkpad I struggle with 5 windows on the 800*480 display of my EeePC. Some coding and sysadmin tasks can best be done with multiple Xterms open at once, my performance on those tasks is significantly decreased when using my EeePC. So while either machine can be used effectively for a single SSH session, if I need to have 8 sessions open at once then I will have to use my Thinkpad. If I was going to be routinely doing such tasks while on the move then I would have bought a NetBook with a greater display resolution.

The next issue is storage. The machines that are most commonly identified with the NetBook image use flash storage. This makes them resistant to being dropped but also dramatically reduces the storage space (or increases the price). If you have a bigger machine at home then a NetBook with flash storage works well. The 4G of internal storage in my EeePC plus the 8G SD card I always have installed works quite well for me. But I also carry a few USB flash storage devices for extra capacity. Anyone who is to use a NetBook as their primary PC would need to buy a model with a hard disk, and even for some more casual uses the storage capacity of the flash based models may not be adequate.

It seems to me that anyone who requests advice on buying a NetBook without specifying some detail about these issues will end up receiving recommendations for devices that fit the usage scenarios of other people. A machine that perfectly meets the needs of one of your friends may be totally inappropriate for your use.

My final suggestion is to consider the outdated models as well as the current ones. For certain usage scenarios the original EeePC is still a better machine than most of the newer and more expensive NetBooks that are on the market now. My use case of carrying an EeePC everywhere just in case a server happens to crash (or I need to check my mail) is one where the EeePC 701 is slightly better suited than most newer machines – saving a small amount of weight and space is important enough for me to accept the significant feature loss as a reasonable trade-off. As an aside I’m disappointed in the apparent lack of small NetBooks on sale at the moment, it seems that every manufacturer is now making NetBooks which are significantly bigger than the original EeePC and only slightly smaller than Laptops.

[1] http://etbe.coker.com.au/2008/09/14/laptop-computer-features/

etbe – Russell Coker

Linux, politics, and other interesting things

Tag Archives: Most Popular