Of course, I am biased, but I think my new N810 is an amazing little machine.

When I pulled it out of its packaging I was pleasantly surprised by the quality of the device and how much is included. What looked like plastic to my eye in pictures of the N810 turns out to be brushed aluminum. The back plate is carefully manufactured, more reminiscent of Japanese design than American or Taiwanese, the parts are finely machined and very detailed. It has heft which might make people think it is too heavy, but I like its weight. It comes with a case which the iPhone I received did not. It comes with a stylus and charger, again, the iPhone had neither. There is also included a mounting bracket and a USB cable that connects directly to the device.

All in all it feels as if I can do what I want to do right out of the box with my tablet, with the iPhone there are still hoops I haven’t jumped through; I need to pwn it to change the carrier, the GPS does not work until that is done, I need to port my phone number, etc. None of that is required with my tablet. Plus there are no additional hoops to jump through for development, I don’t need to get official approval from Nokia like I would with the iPhone, I can just send my ssh key to maemo and get started developing right away. Apple is a bit fascistic about their platform because they like to have complete control over the user experience and their partners leaned on them to limit the device to specific networks. But this type of control has been already easily bypassed and Apple is having trouble with developer accounts too apparently. Rogue iPhone apps are popping up on the internet, something that is the bane of any software distributor who wants to completely control the user experience. I am not convinced that the closed Apple model is sustainable, time will tell.

So take my review with a grain of salt, but I think this tablet is far superior to the iPhone and already the experience has been better than my expectations.

I’m no expert on security. As a debian GNU/Linux user I have been spoiled by a dedicated security team that looks after all the packages in debian, both stable and testing, so I don’t have to be an expert in security. I just rely on the security team to keep me updated.

I have done a little security work however and I understand how difficult it is, especially when you have a complex system. One of the mantras that I hear is “security is a process.” I think this is true, security is a process, not just an add-on or a patch. Security has to be thought of from the beginning through development to deployment – not just when the end user has it in their hands and is started to hack on it.

I would like to tap into the views and expertise of the community and try to establish a discussion around security in Maemo and in its ecosystem. Since Maemo is built upon a foundation (Debian) known for stability and technical quality, Maemo inherits some of Debian’s infrastructure regarding security. But what more could be done? Furthermore, what should be done?

I hope that we can bring forth the ‘best practices’ and innovations that the community around Maemo has, develop methods to protect users, maybe even hammer out policy. But all of this has to be done in the open I feel, it has to be driven by the community.

So what do you think? Do you worry about exploits? Do you test your code for buffer overflows or run it through valgrind? What would a Maemo security team look like? How does one balance open access with system integrity?

I look forward to the discussion.

EDIT: More info on Maemo security policy here.