I have been using Mac OS X Lion for two days now. This is fresh enough to remember the issues I encountered when installing.

Installation

It took me several tries to find an installation method that worked for me. In the end, the successful method was :

1. Download the Lion image
2. Open the image (right-click, Show Package Contents) and extract installESD.dmg
3. With Disk Utility, burn installESD.dmg on a DVD disk. This makes it bootable.
4. Restart the Mac, press Command, Option, P, R at boot time to reset the PRAM
5. Boot from the Lion DVD. It takes 5 minutes to load.
6. Go to the Disk Utility and Repair permissions
7. Reboot again from DVD
8. Install Lion from DVD and take a 35 minutes coffee break

I followed this guide to create the DVD. It could as well be put on a USB stick, but it needs to be one larger than 4Gb.

Usage experience

Quite strangely, it seems that the Java VM was not part of the standard installation. When I accessed a web site requring  Java, OS X kindly offered to download and install it. I restarted the browser and could continue.

Mail.app is an application which is central for me. On first launch, it took one hour to rebuild my (very large) mailboxes. The new three column display is most welcome. I used to use Widemail to achieve this same result in earlier versions. At first, the folder list was hidden. When restored (click “Show” on the second button bar), it was displayed with large characters, pretty inconvenient with a 13″ laptop screen. Quite strangely, this cannot be adjusted through the Mail.app preferences. You need to go to the System Preferences/General, and adjust the Sidebar icon size. This will also change the value for the Finder windows.

As I expected, GPGTools  does not work anymore with the new Mail.app. According to the developers, work is underway to restore the compatibility with the new Mail.app version.

Mission Control replaces the Spaces app for those virtual desktops. It works a bit differently, but it just requires getting used to.

The IPv6 stack has a new version number, dated 2009. The previous one was ten years old. I failed to notice any new feature, though. No DHCPv6, and no GUI option to set the IPv6 Privacy Extensions. By default, it is off. To turn it on requires editing a configuration file. Whether those privacy extensions are a good or bad idea is another debate.

The mouse or trackpad behaves in the opposite direction than it used to. Scrolling to the top requires to slide you fingers down on the trackpad. This can be changed in the System Prefererences/Trackpad, first option.

Other than that, I did not notice major differences. This may explain why the new OS X version still runs happily on a 5 year old MacBook, with 2 Gb of RAM. Apple continues its strategy to make you a captive consumer. FaceTime and Apple Store are linked to your AppleID.

In the end, was the upgrade worth it ? Frankly, the new features in Lion are not something the world has been waiting for anxiously. There is  no compelling reason to upgrade.

Update: after 2 weeks of use, I notice that Lion is slower on the average than Snow Leopard was. After adding 2Gb of RAM to my Macbook, I regained most of the lost speed.

Les modems BBOX2 qu’utilisent une majorité de clients de Belgacom TV comportent des failles de sécurité importantes. Belgacom revendiquait 589.000 clients pour sa plate-forme TV l’été dernier. Une majorité d’entre eux utilise ce fameux modem. Une combinaison de facteurs ouvre la porte à des actes malveillants, pouvant être commis par des personnes sans connaissances informatiques particulières et pas seulement des ‘hackers’.

1. Les modems BBOX2 sont tous livrés avec le même mot de passe d’administration. On peut très facilement le trouver via un moteur de recherche: http://www.google.com/search?hl=en&q=BGCVDSL2
2. Belgacom prétend bloquer l’accès à distance de ces modems via Internet. C’est partiellement exact. Cependant, ces modems sont livrés d’origine avec une connexion WIFI active et non protégée. N’importe qui passant dans la rue peut donc se connecter à une BBOX2 non protégée.
3. Muni de cet accès administratif, on peut télécharger le fichier de configuration du modem et décrypter les mots de passe qui s’y trouvent. Là aussi, on trouve le nécessaire sur Internet: http://www.webalice.it/zibri/Deobfuscate.html

Après avoir récupéré les identifiants d’un abonné  à Belgacom TV (identifiants de la connexion PPPoE, pour être précis), un pirate peut utiliser ces informations pour perpétrer des actes malveillants en se faisant passer pour cet abonné.

Toutes les informations ci-dessus sont en possession de Belgacom depuis longtemps. J’ai moi-même interrogé l’opérateur, qui n’a pas daigné accuser réception, et encore moins répondu ou proposé des solutions.

Notons également que si cela s’applique aux clients de Belgacom TV, certains abonnés Internet, chez Belgacom comme chez les opérateurs alternatifs qui utilisent le réseau VDSL2 de Belgacom sont également concernés. Le propriétaire du réseau impose en effet aux autres FAI l’utilisation d’un modem semblable au sien, également pourvu d’un mot de passe identique pour tous les abonnés.

Quelques détails additionnels pour les intéressés. Pour l’illustration, nous utilisons ici l’interface graphique du modem. Cependant, cette technique fonctionne également via une interface en mode textuel (telnet), qui permettrait à des pirates plus organisés de récupérer automatiquement ces données, sans intervention humaine.

Mot de passe d’administration identique

Pour une raison inexpliquée, Belgacom a choisi d’utiliser le même mot de passe sur tous ses modems. Il est très vite devenu un secret de polichinelle. Qui plus est, Belgacom ne donne pas d’indication sur la manière de le modifier. Belgacom ne fournit d’ailleurs aucun manuel avec le modem.  D’autres s’en sont chargés, heureusement. Ce qu’on retiendra, c’est la nécessité d’utiliser d’obscures commandes via une interface textuelle qui est peu compréhensible par le public que cible l’opérateur.

Belgacom a également imposé aux opérateurs alternatifs qui passent par son réseau VDSL2 d’utiliser un mot de passe unique (OLOVDSL2, dans ce cas). Il est évident qu’il s’agit d’un problème majeur de sécurité.

Accès à la configuration

Suite aux menaces proférées il y a quelques par un pirate se faisant appeler Vendetta, Belgacom a décidé de bloquer l’accès à ses modems BBOX2 via l’Internet, en bloquant les accès sur les ports 80, 443 et 22. Ce faisant, Belgacom enlève également à l’abonné de gérer son modem à distance., ce qui retire pas mal de fonctionnalités. L’abonné à la possibilité de malgré tout ouvrir ces ports, Belgacom se contentant d’avertir qu’il y a un risque de sécurité, sans expliquer lequel. En tout état de cause, le remède est disproportionné par rapport au problème à traiter. Un peu comme si on confisquait les clés de voiture aux automobilistes au titre que cela diminuera leur empreinte carbone.

Les modems sont par contre très facilement accessibles via le WIFI, qui est actif et non protégé par défaut. En effet, Belgacom veut rendre la vie de ses clients Belgacom TV simple, y compris ceux qui ne sont pas férus de technologie.  En conséquence, le modem se configure de lui-même lors de la première connexion. Plus exactement, le modem est configuré à distance via le protocole TR-069. L’utilisateur n’a rien à faire de son côté, sinon enficher le câble du décodeur TV dans le modem. Le reste est automatique.

Qui plus plus est, l’abonné à Belgacom TV a souvent souscrit à une offre qui comprend aussi l’accès Internet, même s’il n’en a pas ou peu l’usage, ce qui ne l’encouragera pas à prendre les mesures nécessaires pour sécuriser son WIFI. Ainsi donc, il y a possiblement des milliers de clients de Belgacom qui ont un modem grand ouvert à tout le monde, sans le savoir. J’ai personnellement identifié près d’une dizaine de modems BBOX2 non protégés dans mes environs immédiats.

Déchiffrement des mots de passe

La BBOX2 utilise un micro-logiciel nommé OpenRG, de la société Jungo. Ce logiciel se retrouve dans de nombreux modems ADSL, et notamment la Livebox de France Télécom, également utilisée par Mobistar en Belgique.

Jungo a utilisé une technique de chiffrement que les informaticiens appellent plutôt l’obfuscation. Elle consiste à rendre la lecture plus compliquée de prime abord, mais sans introduire réellement de chiffrement. C’est une technique qui est connue depuis l’Antiquité. En l’occurrence, on procède par remplacement d’un caractère par un autre. Ainsi, une fois identifié les 26 lettres minuscules et majuscules, en plus des 10 chiffres, on peut très facilement construire un tableau de concordance et codifier le tout dans une petite routine informatique. Le site mentionné ci-dessus utilise le très répandu Javascript, mais il existe d’autres implémentations, en Python notamment (source), ce qui permettait à un pirate de facilement créer un programme de récupération automatique de ces identifiants.

La première étape est de sauvegarder la configuration du modem. Il suffit d’aller dans le menu “Admin Settings/Backup and Update”

On récupère alors un fichier texte, où l’on peut trouver les identfiants de l’utilisateur:

Dans l’exemple, ci-dessus, le mot de passe est ‘testing’, et c’est très exactement la valeur que retourne le site de déchiffrement mentionné ci-dessus.

La plupart des modems ADSL permettent de créer une copie de sauvegarde de leur configuration, bien utile en cas de panne. Cependant, les autres fabricants créent un fichier de configuration binaire, et donc illisible par un être humain. Jungo a choisi de rendre le fichier compréhensible, introduisant de la sorte une faille de sécurité, et le manque de précautions prises par Belgacom rend evidemment le problème plus grave encore.

Pour information, j’ai signalé ce problème de sécurité tant à Belgacom qu’à son fournisseur Jungo. En l’absence de réponse, je mets donc ces informations en ligne.

Santa has been kind to me. I just switched to a new ISP.  The results below speak for themselves.

2009-12-25

2009-07-20

That’s the good news. The less good one is that this whole VDSL2 infrastructure deployed by the incumbent telecom operator has some major security holes, on which I will post later, once I have finished my research.

Une fois de plus, vous manquez à vos plus élémentaires obligations contractuelles en me fournissant le service ADSL le plus merdique de Belgique. Je n’ai pas l’habitude d’utiliser des gros mots en public. C’est vous dire combien je suis exaspéré.

Vous m’avez reproché auparavant, et avec une mauvaise foi certaine, que je vous avais pas informé de la piètre qualité de vos services. Non seulement, je l’ai fait, mais d’autres aussi. Il y en a plein les forums de discussion. Mais puisque vous me prenez au mot, je vais effectivement me plaindre. Et que cela se sache.

Je vous propose donc de suivre en léger différé sur mon blog, les performances mesurées de vos services. On commence ce 20/7/2009:

2009-07-20

2009-07-20

[Update 21/7 10:35]  Toute connexion est absolument impossible vers quelque service que ce soit. Web, e-mail, timeouts partout.

[Update 24/7 15:49] Envoyé un e-mail au help desk le 21/7. Réponse le 24/7 sur le thême “on n’a pas suffisamment d’information”. Entretemps, la vitesse est revenue à des valeurs normales, avec des chutes de temps à autre.

Restez branchés pour la suite. Je mettrai le post à jour de temps à autre.

Avant que votre help desk n’arrive avec sa check-list de questions préformatées, je precise que oui, ma ligne téléphonique fonctionne, que oui mon modem est bien configuré et que oui mon ordinateur aussi. Et je ne vous permets pas d’en douter. On s’évitera ainsi deux jours de questions/réponses inutiles.

Allons au fait: que se passe-t-il dans l’infrastructure de Scarlet qui justifie d’aussi piètres performances ? A la limite, le pourquoi n’est pas mon problème. Ce qui m’importe, c’est de savoir quand vous prendrez enfin les mesures nécessaires pour offrir un  service correct à vos clients.

Et si vous n’avez pas de réponse à cette question, que vous niez les évidences et que vous considérez que je vous échauffe les oreilles, il n’y a qu’une solution pour me faire taire: acceptez une  une résiliation anticipée de notre contrat,  que vous êtes de toute manière dans l’impossibilité d’honorer.

Allez, bonne journée quand même.

Some ISPs would do anything to gain a new customer.

Last December, I switched ISPs. Although  my previous one, Dommel, provided a good and stable internet connection, their customer service staff was totally broken. They   seemed totally unwilling to answer any written question, be it in French, English or Dutch.  Further, they used the oldish ADSL infrastructure from the incumbent, Belgacom, and thus could only provide a 4 Mbit/sec connection. With 6 computers at home, this proved to be slow at times.

Hence, I took the opportunity to move to another ISP, Scarlet, which promised 20 Mbit/sec.  I was aware that theorical speeds may not always be reached due to different factors like copper line length, etc.

Much to my surprise, I was informed after the contract was signed that I would only get 6Mbit. Scarlet’s tech support confirmed today that the local phone exchange to which I am connected has not been upgraded to ADSL2+.  This ISP knew at the time they presented the electronic contract to me  that they were unable to deliver what they promised.

Their sign-in form stated “Congratulations, you can be connected to the ADSL20 network [...] The maximum download speed is dependent on the distance  from the local exchange, your computer configuration and its cabling “. Nowhere does it state that it is dependent on the exchange infrastructure.

The tech support guy was not able either to tell me when they expect the local exchange to be upgraded. This looks like ultra confidential information. Actually, we know more about battle plans in the Middle East, Iraq or Afganisthan than about an ISP’s infrastructure upgrade strategy.

Belgium once prided itself to be at the forefront of broadband deployment. If only it could be done by professionals who care about customers …

The next step will be to file a complaint to the telecom ombudsman. I do not expect much of a improvement, though.

In-flight magazines offered by airlines are usually the sort of thing one reads occasionally on boring long flights. So did I on my way from Vienna to Cairo last week.

Just like any other airlines, Austrian Airlines gives names to its airplanes. Contrary to other airlines, Austrian tries to make an effort to innovate. They have a range of Boeing B737-800 named Frank Zappa, Freddie Mercury, George Harrison, Gregory Peck, Kurt Cobain and Miles Davis . This is refreshing and much more original than using city names. Can I suggest the next plane be called The Dead Pop Stars ?

But above all, it is good to see an airline mentioning in bold letters on page 3 of its “Skylines” magazine that it will not tolerate that passengers be offended by others because of ethnicity, religion or gender. It encourages to ask the cabin crew to intervene. It is good to see a company that places ethical values before commercial considerations.  They may have lost a few racist passengers because of this policy, but they have now gained a new customer.

Last year, I started signing the DNS records for this domain (and ISOC.lu). At the time, it was what is called an ‘island of trust’ in DNSSEC-speak. Being a firm believer that one should eat his own dogfood, I took this now one step further. Both domains vande-walle.eu and ISOC.lu are now added to ISC’s DLV registry. In addition, they are also in UCLA’s Secspider DLV repository. DLV stands for Domain Lookaside Validation, it “is a mechanism for publishing DNS Security (DNSSEC) trust anchors outside of the DNS delegation chain”, according to RFC 5074.

There are a few lessons to be learned from this experience. First and foremost, the tools are now not yet ready for a general audience. If the dnssec-signzone man page is your favourite late night reading and if you like Unix shell scripting, you will have plenty of fun. On the other hand, if you are an overworked system administrator being told by the boss to ‘By the way, please switch on DNSSEC before your leave this afternoon’ , you are out of luck.  The best tool I found to make it a bit easier is ZKT.  However, this is not the friendly Graphical User Interface you would expect.

Lesson 2 is ‘check you secondaries’. I had secondaries with Xname.org. Although these nice folks provide good and free DNS service, their machines do not answer DNSSEC queries. Hence, I had to switch to new secondaries.

Lesson 3 is that few DNS resolvers currently support DLV. Bind does. Unbound will in the next release (the current development code already does).

Lesson 4 is that the current system to register a domain in the DLV does not seem to scale and looks more like a proof of concept. It would need to be seriously industrialized to be helpful for a bigger deployment.

Lesson 5 stems from 4 above. The whole thing would be a bit easier to deploy if the root zone was signed. But this is another debate.

Many thanks to the folks at NLNet Labs and the RESTENA Foundation for providing DNS secondary service, and ISC for running the DLV registry.

I got my mobile phone bill in the mail the other day and, again, I nearly got a heart attack.   It has been like this for over the last 10 years. Whatever I do, this bill is always way higher than expected.

I tried everything from switching operators to  spending hours figuring out the optimal subscription plan. I do not place calls from my mobile if I can avoid it, especially abroad. I avoid SMS when e-mail is possible. I do not even dare to use the data services, although I have a 3G phone.  Still no luck. The main issue is that I work in a small country, live in the country nearby and often go to a two other countries for shopping and leisure. I am roaming on other networks than my home one 75% of the time. While this may sound unusual, actually this is what the whole European Union construction is all about: abolish borders.

I decided last year to subcribe to Transatel, a MNVO (Mobile Network Virtual Operator). In short, they do not have a network on their own, but buy capacity from other operators. It looked attractive because they cover several countries. They give you a local phone number in each country you choose. This makes it cheaper for the people calling you.  I can receive calls on my Luxembourg number while in Belgium and no roaming charges will apply. Sort of. Because, actually, you only get a limited number of minutes each month for call transfers across countries. Once you have reached the threshold, you are billed for the call transfers. This is just roaming charges by another name. At the time of subscription, they promised my monthly bill would be 50% lower. It looks like my usage profile was not part of their statistical sample…

The European mobile market is very fragmented. Each country has 3 or 4 mobile operators. Even those self labelled paneuropean networks like Vodaphone or Orange are actually alliances of different national operators, loosely tied by a similar logo.  All the rest of their offerings is different: subscription plans, services, phone numbers and roaming charges.  As for roaming charges, I noticed on several occasions in the past that if your home network operator is a Vodaphone partner, it may sometimes be cheaper to select a non-Vodaphone network abroad.

Those alliances are another way to make the offers more opaque to better fool the customer. On the economics of the mobile market, there is this interesting post from Kurtis Linqvist (thanks to Patrik Fältström for the link) . Just like Kurtis, I agree that there is no such thing as free and open mobile markets  in Europe.  I, too, hope the European Commission will continue to regulate the market until such time that it will cost the same price to call a mobile in Stockholm from Madrid that it is to place call from Los Angeles to Washington.  At&T in the US has a subscription plan for unlimited voice calls throughout the US for USD99.99/month. Unfortunately, given the current market conditions, I do not see a similar paneuropean offer any time soon.

Gartner, the well known IT consulting company, has published a report on the new top level domains that will appear some time next year.

The report totally misses the mark. In a pure US centric vision, it focuses on “.com” as the must-have TLD, totally overlooking the fact that a “.com” is mostly worthless e.g. in Germany, where “.de” is the TLD one must have to succeed locally. There are many countries where the local TLD has much more value than a “.com”.

The report is also clueless in that it states that “proposals previously rejected by ICANN, such as the creation of “.xxx” for adult-oriented sites, are also likely to be commercially successful“, when everybody but Gartner knows that the newly adopted rules were designed to precisely avoid the “.xxx” debacle to happen again.

Going further down the path of ignorance, Gartner also states that : “we would expect that an extension such as “.movie” would have similar value“. I am afraid “.movie”, just like “.travel” or “.name” will only have modest success, because they are focused on the English speaking market, and have little value outside North America. In this specific case, my British colleagues usually use the word “film” rather than “movie”. Looks like “.movie” will not even be able to cross the Atlantic.

How much credit you give to this report depends on the credit you give to Gartner, of course. I am afraid this one is not going to help the company’s track record. Sometimes, silence is better.

I recently switched to a new position in my day job. I moved to another campus and office, where I found on my desk a computer with the default standard configuration. The default browser in this configuration is Internet Explorer 6.

I am still in a state of shock. Over the last four years in my previous position, I had been using Firefox as my main browser, mostly because of AdblockPlus, a remarkably efficient advertisement blocker.

With IE6, I have rediscovered how advertising on web sites can be distracting and invading. Suddenly, the pop-up windows, Flash animations and other nasties are there again. Unlike a paper magazine, when you only need to turn the page to ignore them, advertisements on web sites really prevent you to work until you close the pop-up window, stop the animation, turn off the volume, etc.

I guess one could say that Wladimir Palant, the developer of Adblock Plus, is one of the greatest benefactors to computer productivity over the last few years. Thanks, mate. Great job. I am forever grateful.

Found in an office of the Luxembourg Ministry of Finance:

For those who do not read French, it says: “The seat opening is 29 X 23 cm wide. If you miss the hole, please use the brush to clean. This brush is not a toothbrush”

Last Tuesday, a speed camera in a nearby Belgian town saw a car with my car plate driving at 105km/h where speed was limited to 50 Km/h. The problem is: at that time, I was at my office in Luxembourg, 50 kilometers away from the road where the picture was taken.

I have enough witnesses who can testify I was at the office and I trust the Belgian courts to finally come up to the conclusion it was not me, but rather someone who copied my car plate. This being said, this identity theft is the source of a lot of complications and it will cost me some time in the coming weeks in all sorts of paperwork. And I will not get compensated for the loss of time, money, etc.

Car plates, especially the Belgian ones, are easy to copy,  enough to fool a speed camera. They are by no means a reliable way to identify a car, much less a driver, just like e-mail addresses are not a reliable way to identify the real sender. For e-mail, we added things like S/MIME, PGP and DKIM to somehow make the process more trustable.

What could be done for cars ? Could we inbed RFID chips in the car so it can be traced by these cameras ? On the other hand, there have been reports that RFID chips are easy to crack and reprogram.

According to Google, the Belgian Official Journal may harm your computer …

If you are plain bored today, take a 5 minute break and check if you are a real nerd.

Thanks to Veni Markovski for the link

Arlon (Belgium) – for immediate release

The Next Net is pleased to announce the appointment of Betty, as its new Chief Gardening Officer. The appointment is effective September 14, 2007.

Ms. Betty brings more than 3 months of experience from the agricultural and gardening sectors. As the descendant of Dizzy, she will build on her family assets. She was very early in her carreer trained to the inticraties of cleaning up orchards and meadows from brambles and nettles. Prior to her appointment, she was a trainee at a family farm near Bastogne (Belgium).

“This is a tremendous and important development for us,” said family chair Patrick Vande Walle. “Betty is a talented professional, who is well-equipped to clean up the orchard. She is determined to make our property look good. She will also be in charge of bleating the family out of bed on Sunday morning. We are thrilled to welcome Betty to our staff and look forward to her involvement”. Ms Betty will form a team with Mr Flea, the CEO (Chief Entertainement Officer), a Labrador retriever puppy, pictured right.

Ms. Betty, who is a Mini Doe (Capra aegagrus hircus), has a MGA (Masters degree in Garden cleaning Administration) and is an undergraduate in cheese making from Goat University. She bleats in her own language, but understands some French.

Press Contact : Patrick Vande Walle.
Personal interviews with the CGO and CEO can be arranged on request.

There is a some parallel that can be drawn between the current dispute on the .EH TLD for Western Sahara and the .VL application. In both cases, the process is being used for political purposes to serve a goal for autonomy or independence. I am not taking sides on the .EH issue, as I do not feel I have enough information to have a meaningful opinion. On .VL however, I think that the 20+ years I spent in Flanders can give me enough background.

In the case of the .VL, there is a public image, posted in English on the ICANN web site, and a quite different one posted in Dutch on the proponents web sites. Some translated extracts, for the benefit of those who do not understand Dutch:

Why a .VL, according their web site:

It is all about being recognized, mostly by the international community. Flanders does have foreign affairs responsibilities, but try to explain simply to Israël that Belgium is made of regions and communities and that you are the Minister of foreign affairs for Flanders and not for Belgium. A specific TLD would enhance the visibility of Flanders in the world, and this can only be positive.

It is clear here that this is about political visibility and not about spreading a culture, like .CAT does. Indeed, this is well in line with the political agenda of the proponents, the Jonge Vlamingen group, which states on their web site (potentially racist humor deleted from the text):

Jonge Vlamingen wishes to promote the separation of Flanders (ed: from Belgium)… We want to build a network where young Flemings who choose for Flemish independence can meet.

As has been explained in a previous post on the subject, other organizations supporting the project have a similar agenda.

My advice to the ICANN community, should this proposal be formalized, is to be aware of the fact they would actually be used to serve a political agenda, rather than a cultural one. The issue of regional autonomy (and now independence) has been on the Belgian political agenda for nearly a century. This is a very sensitive and complicated matter. ICANN would be well inspired not to join the mess.

I finally decided to buy a a Nokia E61i PDA phone. This is a real nice phone. As usual with Nokia, the voice quality is second to none. I will not get into a detailed explanations of features, just google for it. Rather, here are some of the gotchas I ran into.

First, I needed to install the CACERT root certificate to securely access my mail server. Somehow, the Nokia does not like root certificates in either PEM or DER format. It wants the PKCS12 format exclusively. This post on the Nokia forum helped me solve this issue.

Syncing agendas and contact information works fine, both with MS Windows (at the office) using the Nokia PC Suite and at home using i Sync on a Mac. iSync requires a plugin to identify the phone, though.

Although the phone supports SIP-based VoIP out of the box, I also installed Fring, a Symbian application that lets you use Skype, Google Talk and MSN for VoIP calls. This is not yet tested.

The phone has WIFI built in and it connected with no problem to my home WLAN with WPA2. One thing you should be aware of is that the absence of a WLAN network will cause the phone to use GPRS to connect to the Internet instead. Although there is an indicator in the top left corner of the screen, it is small and you can easily miss it. Hence, if you do not wish to have an Internet enabled application to use the phone network, you need to tell it to use the WLAN only.

One thing I am missing on this phone (and other Nokias by the way) is a possibility I had on a previous Siemens S40 phone. I am living on the border of Luxembourg, Belgium and France. When at home, my phone keeps roaming on foreign networks, always trying to connect to the best signal it can get. Fine for quality but bad for the wallet. On the Siemens phone, I could create an ordered list of preferred networks. With this, it would try its home network first, only switching to another if there was no signal at all. I can force the Nokia not to roam at all, but it is a bit inconvenient.

More comments to come, I guess.

Now that Catalonia got its .cat domain, other regions are coming up with similar requests. One of those is lead by a group of associations from the Belgian Flanders region, claiming a .VL top level domain. The Jonge Vlamingen association is a nationalist group wishing to make Flanders independent from Belgium.

However, among these associations are also several hate groups. Voorpost is well known for its pro-nazi sympathies and propaganda. The Nationalistische Studenten Vereniging is an extreme right student group. One of its former members was Filip Dewinter, the current president of the extrem right party Vlaams Belang (formerly Vlaams Blok). Those groups are known for their racist positions in Flanders (against the Turkish and Maghrebian minorities) and in Belgium in general for their intolerance against anyone not Flemish.

As for the Taal Aktie Komitee, I can testify I have been physically molested by some of its members because I dared speaking French to some of my friends in a street in Flanders. It was 25 years ago, but my back is still hurting on wet days because of that.

DomainNews.com reports that the Flemish group will team up with the applicants for .cym, .bzh and .gal GeoTLDs. A word of caution to the Welsh, Breton and Galician groups: watch out who you are teaming up with. Do you want racists and revisionists in your group ? If not, you should better think twice before teaming up with the current .VL team, unless they distance themselves from those embarrassing supporters. Actually, they do. Sort of. However, the disclaimer is quite vague:

“Het vermelden van en linken naar deze organisaties en hun website betekent niet dat Jonge Vlamingen en PUNT VL de standpunten van deze organisaties onderschrijven of akkoord zijn met de inhoud van hun website”.

The references and links to these organizations and their web site does not mean that Jonge Vlamingen en PUNT VL supports the positions of those organizations or agree to the contents of their web site.

So, it is not clear however which views they support and which they do not.

Update 20 August: The proponents of .VL point out on their web site (in Dutch) that French Réunion (.re), Guadeloupe (.gp), Martinique (.mq) and French Guyana (.gf) have their own ccTLD. However, none of these French departments or territories use this for the political purposes of separating themselves from their country, and their ccTLD is administered by AFNIC. They also point out to .EU.

They seem to ignore that all these entities have their own ISO-3166 codes. Flanders does not. And unless they convince the UN Statistics Division they are a sufficiently autonomous territory from an economical point of view or an independent state, the VL ISO code is not going to assigned to Flanders any time soon. With regard to ICANN’s policy on new TLDs, I think it would be dangerous for ICANN to assign two letter TLDs which could conflict with later updates to the ISO-3166 list.

I am in the process of buying a new PDA phone and would appreciate your input. After reviewing what is on the market today, I came to the conclusion that the Nokia E61i may fit my needs. I looked at the Blackberry and Palm offerings. The Blackberry seems to be a thing for large corporations. Palm Treos do not include WIFI connectivity. Further, the newer ones are built on Windows Mobile. Everything Microsoft touches ends up becoming proprietary so I would wish to avoid Windows Mobile as much as possible.

My main requirements are that the device supports quad-band GSM, WIFI, IMAP4, POP3 and their TLS variants as well as custom SSL certificates. The device should synchronise calendars and address books with MacOSX (and Linux ?) via Bluetooth.

Your opinion is most welcome, especially of you are the owner of a Nokia E61i. If you do not wish to post in the on-line comments, please e-mail me .

Groklaw points out to a complaint filed in California against Yahoo! by Shi-Tao and other victims of the Chinese repression. They claim that the fact that Yahoo! gave to the chinese police the information needed to identify them has caused them a lot of damage. And obviously, reading through these 30 pages describing the inhuman treatements they went and are still going through, it is difficult to imagine that a normal human being could not admit there is a limit a business should not go over in search for new sources of revenue.

Not so with Yahoo! Today, the shareholders rejected a plan that would have created a human rights committee within the company. The mighty dollar smells blood. Think of it next time next time you use the company’s services.

Also, write to Jerry Yang (jerry@yahoo-inc.com) and David Filo (filo@yahoo-inc.com) and tell them you disagree.

Thanks to Lucy Lynch for the Groklaw link.