1. The latest Vodafone Mobile Broadband, which can be downloaded for Mac or Windows. I found this from a Vodafone eForum post. When you install it, however, chances are that it will use the wrong APN name.
2. Correct APN settings. Unfortunately, the instructions at this eForum post are wrong. It says use "PP.INTERNET" as your APN. That's wrong. Use PPBUNDLE.INTERNET.

I had to find this page full of APN settings and look up Vodafone UK. But it is also wrong. Only a comment lower down is correct. You need ppbundle.internet as your APN name and "web" for the username and "web" for the password.

Very frustrating.

The only thing I think awards are useful for is if you understand why they are awarded. What did candidate A have that candidate B did not? The IT Pro awards appear to be a simple popularity contest. That is, random web site visitors had a set of candidates to choose from, and they chose for whatever reason. If the candidates were judged on criteria (e.g., originality, fitness for purpose, reliability, value for money) I would love to see how the winners (and losers) scored. But these awards are meaningless. There's no judging. Just popularity of clicks.What galls me is that Skype is tweeting (both @skype and @skype4biz) about how Skype for iPad was awarded "Business App of the Year" for 2011. The idea that Skype is a business app and that it is an app worthy of praise are both laughable. Unlike the folks over at IT Pro, I have criteria for these things.

What is a Business App?

To be a "business app," it has to integrate with my business. It has to do something—anything—to talk to some other IT system in my business. How does Skype do that? It doesn't. It doesn't have even the tiniest integration into anything other than its own contact list. I can't hook it up to LDAP, ActiveDirectory, or even my contacts at some other service like Hotmail, GMail, Yahoo! or AIM. If it is a standalone app with zero integration into my business, it is not a "business app." Sorry guys. You might call it "the app that is accidentally the most beneficial to business" but that's a different award.

As for it being a good app? You're joking, right? It works. That's the long and short of it. It will connect to other Skype users and you can talk to them. I have had rock solid, full-motion video calls over 3G using my iPad. I loved it. So, there's props for what they do right. Beyond that, it is an unmitigated train wreck of an application. Just look at the user interface.

Abuser Interface

Skype User Interface

I have taken the surnames off the users, but I don't have 5 contacts named Adrian or two contacts named Ajoy. There are 3 different Adrians there and 1 Ajoy, but a couple of the Adrians have more than one phone number. My Skype user interface (version 3.5.454 on an iPad2 running iOS 5.0.1) puts a single gigantic icon on the screen for each phone number. That's right, one icon per number, not one icon per person. With all this screen real estate on an iPad, they choose a layout that only puts 20 contacts on the screen at the same time! (Ironically, Apple's Contacts app only shows 12 at a time! Only 3 more than my iPhone 4) Where is the list of users? Why can't I have name down one column and phone number down the other (so I can see whether I'm dialing their work, home or mobile)? And really, in 2011, do we have the technology to understand that a single person might have more than one phone number!? This app is only a few months old. How did they write something this bad in 2011?

Contacts? We don't need no steenking contacts?

And I can't jump to groups of users by letter (e.g., can't jump to users beginning with A or M or P). I have about 300 users in my phone, which means about 700 icons on my iPad screen. Do you think I'm going to flick through these with gestures? Fat chance. So I can search at the top of the screen. That's helpful, but this UI design is still totally flawed and fundamentally useless. Can I sort by last name instead of first letter? No. Can I display "Lastname, Firstname"? No. App of the year indeed. The contacts list on my Palm Professional in 1998 was better than this.

And Skype contacts aren't shown alongside iPad contacts. They're over in their own separate page. By contrast, the way Apple gets stuff like this right is by hiding stupid details like the difference between a Skype contact and a phone contact. Think of how iMessage transparently works out whether or not it can use the data connection or must use an SMS. Skype should teach me not to care whether I'm reaching my colleague by Skype or by phone. You want to sell more Skype credit, right? Hide the distinction between real phone numbers and skype IDs a little better. Blur the lines. Let there be just one contact for "James Smith" and let it include his Skype, mobile number (for SMS via Skype credit) and other numbers. When I tap on James, ask me how I want to connect. But don't give me 2 unlabeled icons for James in this screen (one for home, one for mobile) and another unlabeled icon for him back on a different page (where his Skype account is).

Only one other feature left: history management

And the history. I can 'edit' my history, but that's a stupid feature. What does it take to delete an item from the history? Two taps no matter what. I can drag left to right to reveal the 'delete' button, and then I can tap delete. Or I can tap the 'edit' button and do two different taps: tap the red delete symbol and then tap 'delete'. But only one at a time. I can't tap a bunch of them and then delete all the ones I marked. So who cares? Why do I have two modes of deleting history items that both operate on items one at a time and both take two taps to delete an item?

This is not iDevice UI design. This is half-baked mimickry of other apps. Think of the bulk delete in the Mail app and you'll see what bulk delete is supposed to look like. Notice that the iMessage feature in iOS has a 'clear all' button and you'll see what Skype is missing in its history management. And what about deleting all history items from contact A while leaving the ones related to contact B?

And configuration options? Preferences? Tweaks to the UI to customise it to my tastes? None.

Conclusion

If I were nominating Skype for iPad as an Anything of the Year, it would be "Worst User Interface I was Willing to Put Up With Because the Features Were Compelling Enough". Or "Feature So Beneficial to Business that I Would Use It Despite It's Awful UI". This app only has a handful of UI features to begin with. And each one is amateurish and clumsy. It makes you wonder if the team members that work on Skype for iPad actually own and use iPads in their daily lives. It's hard to believe that they do.

You can do lots of restricting, in theory, and that's cool. But it's targeted at one specific user group: the kid whose parents control their iPhone / iPad / iPod. You can turn on the restrictions, and they (presumably) are enforced. For example, when I turn on restrictions to prevent any content except content rated '9+' (i.e., aimed at kids as young as 9), a bunch of my apps disappear. Cool. It has a bunch of shortcomings, though, to the point that I don't actually use it.

• You can't toggle the restrictions. That is, if you disable them, it forgets how they were set. To enable them, you have to go through all the different options and set them the way you want them all over again. I want to set up the restrictions, hand the device to my kids, take it back, and undo the restrictions. If I plan to give them the device again, I'll re-enable the restrictions. But that requires me to reset each and every setting all over again.
• You can't restrict individual apps. I can't turn off Mail, for example. I can prevent changes to the account, but I can't disable access to it entirely. You can't create a group of apps and restrict access to them by a name / group / genre, etc.
• The only way to restrict TV shows / Movies (aside from not putting them on the device to begin with) is via a ratings system. However, I put a lot of homemade content on my devices. Some are my (legally owned) ripped DVDs. Others are original movies I've made, but they have content I'd rather not expose my kids to. I can't find a way to tag a movie that I made with a content rating so that iOS will restrict it. (You can do this, according to MacOSXHints, using another app)
• There are some surprising things you can't restrict:
• SMS. Think of all the "text SUCKA to 23422 to donate £2 to goodness-knows-what" billboards around. There's no way to turn it off. With the advent of iMessage (which at the moment doesn't have the chargeable SMS feature), it would be awesome to restrict messaging to only the free iMessages.
• Phone. Again, think premium phone calling, international calling, calls over the plan's allowance, etc. Wouldn't it be great if you knew that the plan had 200 minutes and you could put a 200 minute restriction in the handset itself? Funny nobody has done this yet. With all the parents of teenagers who pay exorbitant bills, you'd think someone would have pushed this through. And then I'd put a list of always-OK numbers (so you can always reach mom & dad).
• Web settings. One good way to stop kids from visiting naughty sites on their phone is the same thing that corporations do: force all web traffic to go via a proxy. There are numerous net nanny services out there that will do that. But if you can't stop someone from changing the web settings, it is trivial to bypass those restrictions.
• Data / Data roaming. This is another chargeable feature. There is no way to limit 3G data usage. E.g., disallow it or put a handset-imposed limit on it. You also can't stop the handset user from switching on data roaming. Here in Europe, you don't have to go far to go from one country to another and suddenly start racking up international data roaming charges. And just ask people who live in New York or other northeastern US states about roaming charges from going to Canada.

Of course some of the things I mentioned can be restricted by calling up your phone carrier. You can disable SMS entirely, you can turn off data roaming, you can put content blocks on the internet connection, and you can disable access to paid / premium phone numbers. However, that's only effective for the same use case as the rest of these restrictions: when you want to turn it on, and pretty much leave it alone most of the time.

If you want to disable some features, hand it to someone else, and then take it back, this doesn't work for you. If you want to have the handset support you in keeping charges down (e.g., phone, text, internet), it won't.

Obviously the RSS feed doesnt include YouTube videos, and a bunch of other parts of the page. But it also doesn't include the ads! Some sites don't have an RSS version, so you don't get it. But where they do have it, it's so much nicer.

There are (at the time of this writing) six different services you can disable. Before you do that, though, scroll down on the System Services screen to the very bottom. There you will find an option for Status Bar Icon which is disabled by default. I enabled it, then I started noticing that my location icon was always on! I started disabling system services until I got to a behaviour that I thought was acceptable.

• Cell Network Search seems like a good use of your location.
• Compass calibration also seems reasonable.
• Diagnostics and Usage smacks of the problem we had a few months ago with Apple reporting all the places we had ever been with our phones. I say 'no, thank you' to that one.
• Location-based iAds. Really? Like there's someone out there saying "please, please, can you send me more effective and targeted advertisements!?" Who really wants that? Another way to look at it is that advertisers are getting some information about you, or even just aggregate information about the movement of people near them.
• I disabled Setting Time Zone. Seems like a reasonable thing to leave running, but what I found was that the Location Services icon was always active if I had that turned on. To me, that (a) is probably running down the battery, and (b) defeats the purpose of having the status bar icon come on and off. If there's a system service that keeps it on all the time, it's not a useful indicator.

So I recommend turning on the status bar indicator and then see how often someone is snooping on your location.

I need a "guest mode" on my device. If I want to hand it to a friend to browse the web, or give it to my kids to play games, I don't want it running in the same mode as when I use it. That is, I don't want my kids to be able to to make phone calls, read my emails, send text messages or any of that. They can play Angry Birds and browse the web, but I don't want them to mess with any of the open browser windows I have. They need to open new ones.

There are some firms where the executives have iPads and they're able to read their very confidential emails from that device. Maybe it's through Outlook Web Access and the device's web browser, maybe it's the actual mail application. We in the security industry worry about the device getting stolen and we're slowly seeing the necessary features being introduced to handle that situation. There's a long way to go, though.

What we're not covering is what happens when the owner intentionally hands it over to someone who shouldn't have access to some of the stuff on it. Like her kids, his wife, or a friend at a bar who wants to see that funny youtube video. They're only a few (innocent or not innocent) taps away from seeing confidential information.

Now, I don't have all that much proprietary information, but I have lots of different circles of colleagues, friends, and family. Some of them should not see certain things on my iDevices, but it's a risk I take every time I hand it over.

Here are some specific limitations.

- There are no keyboard shortcuts for doing things. For example, in mail there is no way to do new message (at least that Ive found). Likewise there is no way to send. I can start typing a persons name and I will get a list of possible completions. There is no way to say yes, thats the one, without touching the screen—even if there is only one possible completion.

- Things like Cmd-Tab ought to bring up the running apps, like double-tapping the home button does. Interestingly, double-tapping the home button on the bluetooth keyboard works the same as double-tapping the home button on the device. But, there is no keyboard based navigation (e.g., arrow keys dont do anything.)

- This keyboard has a magnifying glass key that jumps you to the search feature. I like that, but then I type a search term like word (to find wordpress) and Im back to no navigation. I can see wordpress in my search results but I have no way to get my cursor down from the searching box into the results and then hit enter to activate wordpress.

On the plus side, it acts very much like a real keyboard on a real workstation. For example, Ive just bought a US-layout keyboard and Ive hooked it up to my UK-localised iPad. It has the hash mark (#) on the number 3, whereas a UK keyboard has the pound sign (£) there. Just like any other US keyboard, I just press Alt-3 to get pound and Alt-Shift-2 to get Euro (€).

Also on the plus side, iOS seems to realise that I have an external keyboard, so it doesnt take up half the screen with a visual one. I can bring up the visual keyboard on the screen if I want to (doesnt make much sense), but its smart in that regard.

The particular keyboard I got also comes with a case that turns into a stand. I like that stand quite a bit, because I have bought an after-market sleeve for my iPad. My sleeve (from TeckNet) is a fair bit thicker than the usual Apple cover (and it cost £10 instead of £60). The stand from the keyboard works well, though.

Im interested to see how well this will hold up on a train, where it is quite bumpy. Sitting on a table, its brilliant.

I just discovered DenyHosts, a cool little program that monitors your logs for signs of brute-force login attacks and helps prevent them. I had to fix a few different things to get it to detect all the different attacks that I experience. I like it a lot, though it makes me nervous. I travel a lot and I can see this accidentally blocking me out of my own server.

Install from ports

It's easy to get on FreeBSD. Just portupgrade -N denyhosts.

Configure Logging

There's a lot to do to configure logging correctly. Out-of-the-box, FreeBSD logs all the authorisation failures to /var/log/auth.log. That makes it easy.

1. Change syslogd to run with -c. That requires putting syslogd_flags="-c" in /etc/rc.conf
2. Put a line in /etc/newsyslog.conf to rotate /var/log/denyhosts and look at /var/run/denyhosts.pid to find the process to signal.

   /var/log/denyhosts 644 7 1024 * J /var/run/denyhosts.pid

3. I like to put a line in syslog.conf that sends all the tcpwrappers output (service local7) to /var/log/wrapper.log

   local7.info /var/log/wrapper.log

4. I change the line in /etc/hosts.allow so that it looks at /etc/hosts.deniedssh and logs it to local7:

   ALL : /etc/hosts.deniedssh : severity local7.notice : deny

Customize DenyHosts

The standard configuration from FreeBSD ports is good. It looks in the right place and it parses the logs fine. You can set most of the values to be whatever you want. I had a slight problem, though. I have two services that get hammered: sshd and ftpd. I want to block any hosts that does a brute force against either one of them. What I love about DenyHosts is the possibility that I can block access to all services (including mysql, ssh, ftp, imap, pop, etc) as soon as the attacking host is detected on any one service.

SSH login failures look like one thing:

Jul  9 22:28:04 www sshd[78490]: Failed password for root from 1.85.2.121 port 48308 ssh2

FTP login failures look like something else:

Jul  4 05:00:15 www ftpd[72158]: FTP LOGIN FAILED FROM 41.78.57.37, charles

By default, DenyHosts only understands how to parse ssh log messages. I wanted to let it understand the FTP ones, too. It's interesting because FreeBSD's FTP daemon puts the user name after the host, instead of before like in SSH. I didn't figure it out myself. I took a look at this Japanese web page, without understanding a word of it. The 3 lines that the recommend look sensible.

The first seems to tell it "if you see either sshd or ftpd on the beginning of the line, parse it for login failures." The next two help it recognize the format of FTP login failures.

SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|ftpd.*:) (?P<message>.*)
USERDEF_FAILED_ENTRY_REGEX=FTP LOGIN FAILED FROM (?P<host>.*), (?P<user>.*)
FAILED_ENTRY_REGEX6=FTP LOGIN FAILED FROM (?P<host>.*), (?P<user>.*)

That's working. It's parsing both sshd and ftpd errors now. I like this solution a lot.

San Diego

My first impression was that it is San Diego. Arid, brown, lots of xeriscaping.

American

Maybe this is not a nice thing to say, but it feels American. That might be part of why it feels like San Diego.

Tel Aviv Shopping Mall (click to enlarge)

• Road signs are the same shape, color, and font as in the US.
• Barriers along the motorways are quite similar in design
• Lots of English everywhere. I even saw graffiti in English
• The shopping mall I went to had:
  • Nike
  • Billabong
  • McDonalds
  • Toys R Us

And yet, not American

They use the metric system for most things. They have Western European electrical outlets and telephones. The road markings that indicate "this lane for Tel Aviv" look more like the European roads than American ones.

I Love Shekels

The currency is so simple. They have shekels. Things are priced in shekels. Unlike Euros, Dollars, Pounds, Francs, or various other currencies, though, you simply have shekels. There's roughly 5 shekels to the dollar, so you have to deal with some bigger numbers than you would in dollars, pounds or euros. So my meal was 79 shekels instead of $16.00, but you don't need a decimal place. There's nothing less than one shekel. You don't see prices for things as 799.99. Of course they still write prices like 799 instead of 800.

What I love about it is the fact that all the coins I have are meaningful. They have 1 and 5 shekel coins, and notes for 20 on up. No piddly half-a-shekel coins or 1 hundredth of a shekel coins. The 1 euro and 2 euro cent coins, like their 1p and 1 US cent cousins are completely useless. They're a waste of space. In some Euro countries, they don't even use the 1 and 2 cent coins. I think it's Amsterdam where they don't give you coins for less than 5 euro cents. It's all just rounded. Israel's like that and I like it.

It turns out that I was mainly going to nice restaurants and hotels and things. If you do regular-people things like grocery shopping, you can pay in fractions of a shekel.

I Love the Food

I love hummus, tahini, couscous, salads, and all the other delicious stuff there. I have a chance to go there again in the near future and I'm looking forward to it.