Nov

21

Here I am, right here

10 years ago, mid-November | 7 Comments

Some time ago I wrote what I called the “Ramius” edition of my tracker application for the TomTom Go. The limitations of the Go SDK caused more than its fair share of grief and I shelved the project, hoping to revive it later. Now I’m thinking that it’s time to bring it back to life.

At the moment I’m selling my house in The Netherlands and moving back to the UK. Until the house sells I flit between the UK and Holland every couple of weeks. I’ve taken to using the Chunnel for this because it means I can drive through the night rather than have to bend to the ferry or flight schedules. The trouble is, my wife gets worried that I’m going to crash and burn. She does this every time I do the trip, in either direction. She wont go to bed until she knows that I’ve at least got to the Tunnel.

I brought the original code out of my archive and started looking at it, removing anything that was TomTom specific. I’m pretty sure that I’ll have a workable solution fairly soon, I may butcher the openmoko-agpsui2 application a bit too, just to add a face to the tracker application code. Obviously, it will need a network connection of some sort so I’ll be looking at starting and stopping a gprs connection, or using wifi when the GTA02 arrives.

On the topic of gprs and network connections, I was mulling over some points in my mind about this. Nobody wants their Neo to pull an iPhone, and give us all large bills because of roaming, so there needs to be some mechanism where the user can deny or allow access to things like gprs connections. These could be based on dates, times, even locations with the built in gps. The problem is not that it is difficult to do, the problem is that we need to be able to force applications to use an API to open gprs and wifi conections, and possibly even access the gps. There’s a whole kettle of fish here. Openmoko is opensource, not the Google kind of ‘opensouce’, the real kind. That in itself poses a few questions and perhaps some not so nice answers.

If we want to force people to use an API, then we have to make sure that they can only use the API and not bypass it. If they can bypass it, it’s useless because the malicious ‘l33t h4x0r’ is going to abuse your connection. The problem is, since we are opensource, the same abuser can simply replace the API. Sure you still have to install the application, but just think about it. Right now how many places do you update your Neo from with ipkg? If any one of those gets compromised or the owner deliberately alters packages, the first you’ll know of it is when you bill hits the mat with a thud rather than the usual ‘ftht’.

We can think about signed images or signed packages etc but that is not really going to help, this is opensource. As an application developer I’m going to want to publish applications, I don’t really want to have to get them certified or signed by someone else just so other people can use them. If you alert the user that an application or package is not signed, you know that they’ll just click ‘ok install it anyway’ and ignore it.

I think I’m going to have to ponder this one a little longer.



»crosslinked«

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tagged with:
November 21, 2007 14:49

Current Electricity Use (15min)


iPhone/Webkit RSS Reader

Links


Tags

1-Wire android api Apple arduino currentcost DDAR development DVD FIC freerunner G1 google Google Phone gphone gprs GPS hardware image image builds inspiration iphone jailbreak kiosk linux Mac monitoring Music neo 1973 Nokia openmoko opensource OSX Pachube personal qtopia rhubarb rikki Rio slimp3 slimserver software tracking Trolltech u-boot


Twitpic


Graphy Stuff






Nasty Spam Monkeys