Orewa college requiring laptops: Good. Recommending the iPad: Bad.

UPDATE (August 2014, 3 years since I published this article): I hate to brag, but I told you so…

There’s been a story going around the media about Orewa college adding laptops to its compulsory stationary list. Furthermore, Orewa college has recommended the iPad as the best ‘laptop’ to use for this purpose, due to its ‘ease of use and long battery life.’ Apart from journalists managing to confuse the two previous statements to invent the headline ‘Orewa college requires iPad on stationary list’, my main gripe is with the specific recommendation of an iPad.

In order to recommend a device, you have to keep in mind what the purpose of the device is. With the points mentioned below in mind, I would love to see the recommendation of an iPad defended in the context of a normal school day.

What’s wrong with the iPad?

For the sake of argument, I’m going to weigh up the Apple iPad ($779) against the Asus Eee PC 1005P ($536).

It’s expensive. With well over $200 separating the two, the iPad has to have some meaningful advantage over the Eee PC to be a sensible recommendation. Those on a tighter budget could go for a Acer Aspire One D255E ($375), which is just as capable as the other two as far as schoolwork is concerned, although it does represent a compromise in terms of battery life.

It’s optimised for anything but schoolwork. Let’s compare the two in the context of some common subjects:

    History — Laptop use would presumably be focussed on accessing web references to research and bolster arguments. No particular advantages either way, just about any device these days can display a webpage.

    English — Research is no different as above, but when it comes to writing essays, the Eee PC has an actual keyboard, whereas the iPad would fall back on a touch-screen keyboard which is much slower and fatigue-inducing to use. Eee PC wins.

    Maths — Pop OpenOffice spreadsheet or GNU Octave (both free software) on the Eee PC and you’re drawing graphs, playing with linear algebra, whatever you like. iPad’s calculator is inferior to a standard calculator that has been in maths class for the past many years. Eee PC wins by a wide margin.

    IT — Software development on an iPad? Apple put up perplexing barriers to software development on their devices, completely barring free experimentation with programming, and knocking out any nascent software engineers before they can even start. Eee PC wins.

    Workshop/electronics/graphic design — Apple iPad? Just ridiculous; unheard of. Windows/Apple PC? Yes; fantastic, free, open source software all over the internet. Eee PC is the only solution worth even considering.

    Wasting time posting facebook updates — Apple iPad is definitely quicker for this one.

In short, the social-network-centric nature of the iPad versus the maturity and popularity of Linux/Windows means that the iPad is just useless for freely exploring the possibilities of computing, programming, mathematics, electronics, graphic design, engineering, etc. Considering that an iPad might replace a desktop PC in the home due to some family’s tight budgets, this seems completely ridiculous.

The iPad is a luxury toy for people who already own a proper computer, and want a fashion item to show off to their friends.

What’s wrong with Orewa college’s purported reasons for recommending the iPad?

According to the story, Orewa college has recommend the iPad due to its “ease of use and long battery life.” Other advantages claimed by Orewa college (at this link) are also covered below.

Ease of use? — The Apple iPad is so easy to use because, as mentioned above, it doesn’t really do anything other than take mediocre photos, display web pages, and a bunch of random games and web services. It’s only hard to get anything wrong on the iPad because you can’t get anything remotely useful done at all.

Battery life? — The Eee PC boasts a battery life of 11 hours, longer than any school day for sure.

No viruses — Anyone who knows anything about computer security knows that this is like saying a ship is unsinkable – extremely ignorant. Also, it’s wrong.

“Abundance of apps!!!!” — There’s a great abundance of “apps” for PCs too…

“Voice recording apps useful!!!” — I can’t believe someone actually wrote this; Windows comes with a sound recorder built in. If you want some fancy program that automatically organises the recordings or whatever, there is going to be some open source software out there to do this for you. The idea that Apple apps are some amazing new idea is astonishing. Yes, it’s new for phones. But PCs have supported software written by anyone since they were introduced in the 1970s.

“Useful for all the family” — This looks like it is just copied-and-pasted marketing gibberish straight from Apple.

What I find so amazing about Orewa college’s list of advantages of the iPad is that it all looks very convincing and exciting, until you analyse the contrapositives – i.e., what they’re implying about PC laptops:

“PC laptops don’t have battery lives of 10 hours.” Wrong, some do.
“PC laptops don’t have cameras built-in.” Wrong, most do.
“PC laptops don’t have auto-update of system software.” Um, yes they do, it’s called Windows Update.
“PC laptops are not useful for all the family.” This one deserves some elaboration to say the least.
“PC laptops don’t have an abundance of freely available apps.” This is just idiotic, as pointed out above.
“PC laptops can’t record voice.” What, is the microphone just for decoration???

Thanks for reading. Do you think I’m being too harsh on the iPad? Let me know in the comments below!


Setting up gmail as a relay host in postfix (without creating certificates)

When your linux box needs to send email (e.g., mail sent by a webpage, cron job output, etc), postfix can normally send the email directly to the recipient. However, if your ISP blocks port 25 outbound, or you want to keep a nice log of all outgoing messages, or want replies to arrive in your gmail account, this may not be ideal. One alternative is to use a Gmail as a relay host, i.e., postfix will basically pretend to be a gmail user, and send all mail through that account.

There are already a number of guides on the internet explaining how to set up postfix to relay outgoing email via Gmail:

These guides are excellent, I wouldn’t have been able to set up my server without them. However, they all demand the creation of CAs and self-signed certificates. If you don’t know what I’m talking about, then you’ve come to the right place! And if you do know what a CA is, then the purpose of this post is to point out that creating one is completely pointless in this case. So I’m proud to announce…

A simplified guide: setting up postfix to relay through Gmail

  1. Add the following lines to /etc/postfix/main.cf:
    relayhost = [smtp.gmail.com]:587
    smtp_use_tls = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    # The following line is optional, but recommended (see below)
    smtp_tls_CAfile = /etc/ssl/certs/Equifax_Secure_CA.pem

    The last line is not necessary for postfix to successfully send messages, but it prevents ‘certificate verification failed’ warnings. I believe the /etc/ssl/certs/ directory is populated by installing OpenSSL.

  2. Place the following in a new file at /etc/postfix/sasl_passwd:
    [smtp.gmail.com]:587 gmail-username@gmail.com:gmail-password
  3. Hide your password, and do some other magic stuff:
    $ cd /etc/postfix   
    $ postmap sasl_passwd          # creates sasl_passwd.db
    $ chmod 600 sasl_passwd sasl_passwd.db
  4. Restart postfix:
    $ service postfix restart      # this varies from system to system
  5. Test:
    $ echo 'It works' | mailx -s 'Test message' test@example.com

What if doesn’t work — debugging

If you find that the recipient (e.g. test@example.com) doesn’t receive an e-mail, have a look in the log files. They’re located in different places depending on your configuration settings/distribution, but have a look in /var/log/mail.err, /var/log/maillog or /var/log/mail for starters. If the problem isn’t self-evident from looking at these messages, have a look at the official Postfix Debugging Howto for more help — or, leave a comment on this post!

Forwarding emails sent to usernames on your linux box

Utilities (e.g. at, cron, mdadm, etc) often send emails to the user if errors occur. The emails default to username@domain, where domain is the FQDN of the system. If you want these messages to be sent to a different address, create .forward files in the home directory of the relevant users:

# Forward messages for your user
$ echo you@example.com > ~/.forward      
$ echo 'It works' | mailx -s 'Test message' username

# Forward messages for the root account
$ echo you@example.com > ~root/.forward  
$ echo 'It works' | mailx -s 'Test message' root

Setting the ‘From’ name

Take with a grain of salt, there’s probably a better way than falling back on the sendmail emulation provided by postfix:

$ sendmail -F 'Name to Appear in From Field' test@example.com

But wait, if we provide no certificate, will the emails be encrypted? [Optional!]

Yes. The email is encrypted; this can be confirmed with tcpdump. Encryption is accomplished using TLS (see Diffie–Hellman key exchange for an explanation of how two computers can communicate securely with no pre-arranged secrets or certificates.) Certificates are quite separate; they are used to verify whether the Gmail server is really the Gmail server, not some imposter. Of course, certificates and encryption are easily confused, as they’re always found together — there’s no point preparing a secure, encrypted channel to an imposter.

So, Gmail provides the certificate; and postfix can verify the authenticity of this certificate using file provided via smtp_tls_CAfile in step 1 above. The connection is then secured. Postfix then proves its identity using the plain old username and password (which is pretty much the only identity proof that we have at our disposal as a mere Gmail user) and the emails can be sent.

But why does postfix have configuration options to accept certificates and keys? What about configuration options starting with smtpd_ ? [Optional!]

The server/client distinction is very clear cut with many protocols, like HTTP — the web browser is the client, the web host is the server. Postfix is not so straightforward, because it acts as a middle-man — it’s a server when its receiving mail from the outside world, and then it’s a client when it relays that mail towards its final destination. So, postfix can be thought of as an SMTP server (smtpd) and client (smtp) combined. The configuration options are divided into smptd_* and smtp_* accordingly.

If we wanted our postfix server to accept mail on a secure connection from other computers on the network, and provide a certificate proving its authenticity to these other computers, then this is when these other options would become useful. But because we’re only accepting mail from localhost (for now), these options are completely irrelevant.