I’ve been doing more video processing lately, some of it HDTV quality, this was really demonstrating that 2GB was not nearly enough RAM for my system. Memory prices have dropped a lot since I did my frugal upgrade, at the time (early 2010) I spent $54 on a single 2GB stick. The other day I picked up 2x4GB for a mere $35 from CanadaComputers. Sure we’re now 2 years later, but to get four times the RAM for less?

In general I’ve had good luck with Patriot products, and looking at their warranty it looks like the have the standard limited lifetime warranty you’d expect.

My motherboard has 4 slots for RAM, so I could have left the 2GB stick in and added the two additional – but I decided against mixing things up. I figured 8GB was plenty for now, I can easily change my mind later. Installation was a snap, literally under 10mins including juggling all those cables.

Amazingly I got it right the first time, the BIOS showed me 8GB. Now as I’m running a 32bit version of Linux, I wasn’t surprised that the operating system couldn’t see all of my new RAM.

$ cat /proc/meminfo
MemTotal: 3482728 kB

So Linux can only see 3.3GB, I suspect why the value isn’t 4GB is due to the onboard video stealing some away from the OS.

The obvious upgrade path is to install the 64bit version of Ubuntu. It seems the smart path forward is to wipe and start again, however given that I’ve got a 1TB drive and it’s 60% full that’s going to be a long copy / install process. I mentioned this to a friend at work and he suggested that instead I use the PAE kernel, I’m glad he suggested it.

Physical Address Extension (PAE) is very easy to add to an existing 32bit Ubuntu installation. Assuming you’ve got a CPU that supports the feature (and with any current hardware you will), it’s a simple one line install.

$ sudo aptitude install linux-generic-pae linux-headers-generic-pae

After the install, a quick reboot and we’re running the new kernel. If you’re doing a clean install, recent versions of Ubuntu automatically add the PAE kernel if you’ve got enough RAM.

Now we can see all of the RAM

$ cat /proc/meminfo
MemTotal: 8072420 kB

This works out to 7.7GB, again some I believe is donated to the onboard video.

Why might you want to use PAE instead of running a 64bit version? If you elect to use 64bit mode, then all of your memory pointers need to be 64bits wide (aka double the 32bit size). This can cause some serious memory bloat depending on the type of application.

It should be no great surprise, but there is some work involved in getting applications to work in 64bit environments. For some applications, recompiling is all that is needed – however many have hidden dependencies on certain data structures being 32bit in size. It is for this reason that lots of software is still stuck back in 32bit – the mitigation is to run 32bit compatibility libraries.

With PAE, while the kernel can see all of the memory (up to 64GB) – each process is still limited to 32bit addressing (4GB max). You also miss out on some of the 64bit extensions to the instruction set, so you are leaving a little bit of performance on the table.

When I get around to doing a full wipe and re-install, I’ll likely move to a 64bit version of Ubuntu as it seems to be the recommended approach. I’m certainly glad I can put that off for a while longer and use PAE to get access to the increased memory with almost no effort.

When it was announced back in September 2011 I was quite excited about the HarmonyLink. I got one as a gift this Christmas and after some initial efforts with it, my enthusiasm is a little dampened, but I still think the device has a lot of promise. There are some serious flaws that need to be addressed by Logitech before it can replace my Pronto TSU 2000.

I was surprised that it didn’t use the same Harmony Desktop software that worked with the 659, then I got excited because it appeared to be web based. The model is log into website, configure your Devices and Activities on the web and sync to your device – nice. Sadly if you try to log into your account on myharmony.com from a non supported platform you get this message:

The following platforms are supported:

Microsoft® Windows XP or Vista with Internet Explorer 7+, or Firefox 3+

Microsoft® Windows 7 with Internet Explorer 8+ or Firefox 3+

Intel Mac OS® 10.4.8+ with Firefox 3+ or Safari 4+

The reason for this is they use a custom browser plug-in to do the initial setup of the device. This sort of makes sense, as the HarmonyLink is a wifi device that needs to be told how to connect to your wireless network. The initial setup seems to be the only time you’ll need the USB cable provided. I also found it a bit uncomfortable being asked by a website to enter my WPA2 password.

Logitech could have made things much simpler. Provided a very simple utility on Windows and Mac OSX to do the device initialization. Of course you need to program the device to enable it for your wireless network, they have all the code they need to do this in a reasonable manner so it seems like just a dumb design decision to include it as part of the browser plugin.

Security fail: The website myharmony.com also wasn’t able to accept a < character in my password. It gets better, the Android app (and apparently the iOS app too) doesn’t remember your password. So you need to type it in from time to time. Strike two for password security. They do require at least 4 characters, I can think of some great four letter words that might fit. So the user is torn between using a strong password or a convenient one. Everyone who might want to use the remote may need to know the password, that’d be strike three on their security story.

Setting up the devices was pretty reasonable, it does require that you know the model numbers of your equipment but will provide suggestions if you’re close to the right name. I had trouble locating the IR4PS3 device (for control of the PS3) in the device database, I ended up succeeding by entering Sony as the manufacturer and IR4PS3 as the model – then the correction offered by the website (IR4PS3/IR4PS3) worked.

The remote is setup around the idea of Activities, such as “Watch TV”. This is a bit different than the flow I have setup with my Pronto so it’ll take some getting used to. They have three basic activities: Watch TV, Watch Movie, Listen to Music. You can have multiples of one type of activity and give them unique names, but they provide only 4 icons – which is very silly given how easy it should be to have many different icons.

They very first time you connect to the HarmonyLink using your Android or iOS device running the remote control app, you’ll likely have a firmware update and a sync of your data from the web. The Android app hung on me during the firmware update leaving me waiting and waiting. It required a reboot of my Android tablet and I was back in business.

I haven’t warmed up to the Android version of the app yet. The power off path wasn’t immediately obvious to me, I’ll have to see how others that get a chance to use the remote once I shake out all the major issues react to it. Responsiveness to button presses is pretty good, there doesn’t feel like there is any appreciable lag. You can edit the button layout, with the exception of the 4 way navigation pad which seems fixed (this is unfortunate as the IR4PS3 mapping for ‘ok’ doesn’t map to X).

I was disappointed to discover that there wasn’t a web UI on the HarmonyLink itself. You must use a supported device (Android, iOS) and run the app. I’ll need to break out Wireshark and take a look at what needs to be done to fix that.

As I started with, I’m still optimistic this is going to be a nice addition to my home theatre – but only once they address some of the shortcomings. Engadget gathered a long list of great comments which felt pretty much on target. There is also a suggestion thread in the Logitech forums. I hope Logitech is listening.

I used to be one of those that strongly believed screen protectors were not worth the money. Over time I had a series a devices which I carried with me daily with no screen protection, sure after a year or two I’d inevitably end up with a small scratch but at that point the value of the device had dropped significantly anyways. The cost of screen protectors seemed outrageous, you could buy from a brand name and pay a big price – or opt for the super cheap knock offs from eBay. I assumed the cheap ones were not worth the money as the name brand ones were 10x more expensive.

The first phone I had with a screen protector was the NexusOne. It came to me with a Zagg invisibleshield installed. The invisibleshield model was one of the ones with the self healing property and had a slightly mottled surface. This felt a little different than a naked screen, your finger had a little drag. It was easy to get used to this. I never bothered to remove the screen protector during the time I had that phone.

Readers of this blog will know that the next phone I had was an HTC Desire. This came with no screen protector. The screen showed a few tiny (nearly invisible) scratches in the Gorilla Glass screen. The scratches were not enough to bother me in day to day use. When I bought a case for the phone from eBay, a cheap screen protector came along with it. I wrote back then that I was pretty impressed with the screen protector as it felt exactly like the screen.

My current phone is a well used Samsung Galaxy S Vibrant (i9000m). It’s got a few nicks and dings, and a handful of fairly deep scratches on the screen. Honestly you don’t notice them in normal use, but you can see them if you look up close as should be evident in the picture below. This is the lower part of the phone close up, a lamp is reflected off the screen but hopefully the scratch marks are clear (a deep one is centered, about 1/4 down from the top).

While I liked the case, it added a lot of bulk to the HTC Desire. This round I decided against a case but thought a couple of bucks was worth getting some screen protection. A screen protector can also help hide some of the existing scratches on a screen (true from my experience).

After looking around a little, I decided on an anti-glare screen. The cost was a little bit more than the clear ones, but less than a cup of coffee more. The youtube video demonstrating it also looked pretty cool. I made the purchase from eBay, but it turns out CitiGeeks has a web store and is based in Canada.

The packaging looked professional and included their logo. What was inside is pictured below.

You get the screen protector, a small card that you use to prevent air bubbles when installing, and a cleaning cloth. They have very good installation instructions on their website, and a youtube video which is very helpful.

The resulting installed anti-glare screen looks very good on the phone, turning it into a matte black surface when off. You can see the anti-glare properties in the photo below giving a soft halo reflection of the light. It also does a reasonable job hiding some of the small scratches, but not the deeper ones. Again, during normal use you don’t see any of the scratches.

I wouldn’t recommend the anti-glare screen having used it for a while. It does cut down on glare, but I find it adds a strange sparkle effect to images. If you look at the picture at the top of this post the right side of the image shows some of this as a multi-color graininess. This is difficult to capture in a picture, but is quite distracting in some situations.

I will recommend CitiGeeks. They provided a 20% discount coupon for my next order (if you search for this coupon online you should be able to find it easily). They also have pretty good email support, even at off hours. When I got my Galaxy Tab, I bought a crystal clear protector for it using the coupon and was able to get a better price than eBay. The clear screen protector is completely invisible, I had two Galaxy Tabs next to each other – one with a protector and one without – you could not tell the difference.

Low cost screen protectors do work well, and pay for themselves with the peace of mind they provide you when you accidentally toss your car keys into the same pocket as your phone. Should you get one? I think it’s still personal preference, I’m sold on them but only if I can get them at very low cost.

I own the domain lowtek.ca and host a couple of personal projects as well as this blog on it. One of the areas is behind a password and that part of the site I redirect over to https to ensure that the communication is encrypted. While the whole Certificate Authority infrastructure has currently become questioned, the value of having a SSL connection between your browser and (hopefully) a specific destination machine still has value. I found a humorous youtube video that describes SSL basics if this is new to you.

If you were watching the tech news, you’ll have seen several of the CA’s had security breaches. Even StartSSL which this post will talk about using had some issues, but it seems that it wasn’t as bad as the others. There has even been some research into how to attack / break SSL entirely. The web is a scary place if you think too much about this stuff. Today SSL is the most convenient web security story there is, and for the most part it works well enough.

For most people hosting personal websites the simple path is to use a self signed certificate.  The one downside to this is that whatever browser you are using will not recognize the certificate as valid, you’ll either be prompted to download and remember it – or just trust it for this one session. The manner in which browsers trust commercial web sites https connections is the certificates are issued by one of the root CA’s (Certificate Authority). The CA is a trusted 3rd party which the browser can check with to validate the certificate the website is offering up.

Ubuntu has some guides on creating certificates. What I’ll try to do here is provide a specific example of using StartSSL to generate a free certificate that is accepted by most web browsers. Much of the details come from another blog that I referenced when creating my StartSSL certificate.

You’ll probably want to use FireFox. The web interface at StartSSL.com can be a bit finicky and FireFox is known to work – I used the somewhat old 3.6.25 version. Of course the first step is to sign-up and create an account on StartSSL. They use email confirmation and my greylisting caused a bit of a hiccup here, waiting a few minutes and resubmitting the sign-up succeeded just fine. Then there will be a wizard that takes you through the rest of the sign-up process.

At the end of your account sign up you’ll be encouraged to back up the client certificate that has been installed into your browser. As I understand it, they use the client certificate as a form of authentication that it is really you they are connected to. The FAQ has details on backing up the client certificate. If for some reason you lose your client certificate they have a FAQ for that too.

Next we want to return to the “Control Panel” and use the “Validations Wizard” to do the “Domain Name Validation”. This will require another email validation to ensure that you are the owner of the domain (you’ll need to be able to receive email for that domain).

Now we can actually create a certificate. There are pay options for certificates, but we want to use the free version. Use the “Certificates Wizard” to create a “Web Server SSL/TLS Certificate”. Again I’ll reference the very useful blog post from jasoncodes.com that describes this set of steps (I will replicate here for completeness).

The first step of creating a certificate we can skip, as we plan to create our own Certificate Signing Request (CSR) locally. Execute the follwoing on your server, obviously replacing mydomain.ca with your domain name:

openssl req -new -newkey rsa:4096 -days 380 -nodes -keyout mydomain.ca.key -out mydomain.ca.csr

There will be several questions posed to you during this, here is a dump of the questions and some example answers:

Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:YourStateOrProvince
Locality Name (eg, city) []:YourCity
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SomeName
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:mydomain.ca
Email Address []:secret_email@mydomain.ca

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Some of the answers can be blank as should be evident above. If you’re having trouble with the 2 letter country codes, check on wikipedia. I did find a reference that suggested that the common name must exactly match the host name of your server, you might note that I’m not using a www prefix here. This will allow me to re-use this same certificate for email and other things in theory, it also follows the no-www approach. I opted to leave the challenge password blank.

The second step of the wizard on StartSSL for creating a certificate will ask for a cut & paste of the mydomain.ca.csr we just created. Paste the entire contents of the file in, and move on to the next step where you should see that the request was received.

Moving along the next step is to “Add Domains”, since we’ve only validated one domain this should be easy. As part of this process it will ask for one sub domain. I used “www” since that will still resolve correctly to the lowtek.ca domain.

The remainder of the steps should be straight forward, you’ll arrive at the “Save Certificate” screen. You’ll want to save three things: 1) Text box contents as mydomain.ca.crt, then save-as the 2) intermediate and 3) root CA certificates (last two should be sub.class1.server.ca.pem and ca.pem respectively).

Now we need to install into Apache2. I’ll assume you’re running Ubuntu.

We’ll start by copying the .crt and .pem files we saved from the final step on StartSSL into the /etc/apache2/ssl directory. We also want the .key file that was created when we made our CSR copied to the same directory.

Again I must credit jasoncodes.com, this is almost verbatim from his site. Run the following as root.

cd /etc/apache2/ssl
mv ca.pem startssl.ca.crt
mv sub.class1.server.ca.pem startssl.sub.class1.server.ca.crt
cat startssl.sub.class1.server.ca.crt startssl.ca.crt > startssl.chain.class1.server.crt
cat mydomain.ca.{key,crt} startssl.chain.class1.server.crt > mydomain.ca.pem
ln -sf mydomain.ca.pem apache.pem
chown root:root *.crt *.key *.pem
chmod 640 *.key *.pem

Now we need to modify the apache config file /etc/apache2/sites-available/ssl and add the following within the <VirtualHost> block:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/mydomain.ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.ca.key
SSLCertificateChainFile /etc/apache2/ssl/startssl.chain.class1.server.crt

Check that your Apache config parses as valid:

apache2ctl -t

And then restart Apache with the new config:

sudo /etc/init.d/apache2 reload

Here is the the verification process verbatim from jasoncodes.com:

Run the following after restarting Apache to check the certificate chain:

echo HEAD / | openssl s_client -connect localhost:443 -quiet > /dev/null

You should see something like:

depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0

A depth of 2 and a return value of 0 is good. If the certificate chain is wrong, you’ll probably see something like:

depth=0 /description=12345-ABCDEF123456/C=XX/O=Persona Not Validated/OU=StartCom Free Certificate Member/CN=host.example.com/emailAddress=hostmaster@example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /description=12345-ABCDEF123456/C=XX/O=Persona Not Validated/OU=StartCom Free Certificate Member/CN=host.example.com/emailAddress=hostmaster@example.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /description=12345-ABCDEF123456/C=XX/O=Persona Not Validated/OU=StartCom Free Certificate Member/CN=host.example.com/emailAddress=hostmaster@example.com
verify error:num=21:unable to verify the first certificate
verify return:1

I was pleased to see that it all verified correctly for me. Visiting https://lowtek.ca resulted in a green lock icon under Google Chrome.

The StartSSL certificate expires in 1 year, so next year around this time I’ll be doing the same process. There is another CA (AffirmTrust) I came across that offers free 3 year certificates, I have no experience with them but would be interested to hear if anyone tries them out. There is CACert as well, but it doesn’t appear to be included in any of the browsers – limiting the usefulness of a certificate from them.

One of the things that I look for in a phone is community support. For me there are two main reasons this is important: 1) It’s nice to have a large group of people you can ask questions of, or an active forum you can search for answers on 2) When later versions of Android are released, that community will hopefully build a version for your phone.

If you’ve been watching the tech news, there have been rumors that Samsung will support Ice Cream Sandwich (ICS) on the Samsung Galaxy S (SGS) and claims that it won’t. The latest news appears to be that they will not upgrade the device, a bit sad as it was only released 18 months ago. So not even kept current through the length of most cell company contracts. This is one area where the iPhone has done right for the consumer.

If you’re interested in getting ICS for your i9000 (or in my case the i9000m) skip over to the XDA Forum and read through the huge thread. The team behind it are the same folk who helped bring CyanogenMod to the SGS originally and are now working on CM9. This is an alpha, there will be rough edges and I don’t suggest people leap in unless they are very brave.

I originally tried Build 11 and that didn’t work well enough for me to switch from the 7.1 stable I was on but it was close. Build 12 appears to be quite good, with a few changes I needed to make for my usage, specifically adding dropbear (SSHD) and rsync so I can do nightly backups (which I’ll talk about at the end of this post).

The forum thread has these instructions for people coming from CM7

 Upgrading from CM7?

1. Do a Nandroid Backup!
2. WIPE (wipe data/factory reset + wipe cache partition)
3. Install the ROM from internal sdcard using ClockworkMod (CWM) Recovery
4. Optionally install the Google Addon

I would recommend that you consider getting CM7 first, it’s a good base to work from and there will be better how to and help to get it working. Experience there will translate over to working with the ICS Alpha.

Here are my steps I used when moving to ICS .

• Do some backups of your application data
  Backup SMS using SMS Backup+
  Backup Plume settings (and any other apps that support backup)
• Take some screenshots of your home screens, nice reference to what you have. Also consider grabbing a list of the apps you have installed
• Reboot into recovery – perform a backup in CWM
  “backup and restore -> Backup”
• Mount USB mode in CWM
  ” mounts and storage -> mount USB storage”
• Copy backup to PC (just in case something really bad happens)
• Copy new ICS Alpha files to phone
  teamhacksung_galaxysmtd-ota-eng.BUILD12.zip
  gappsv7.1.zip
• Now wipe from CWM
  “wipe data/factory reset”
  “wipe cache partition”
• Install the two .zip files we copied above, build12 first.
  At this point my heart always stops, as during the install of the firmware, the phone will reboot suddenly. Do. Not. Panic.
  It will automatically boot into ICS after the install. Now optionally reboot into recovery to install gapps.

There is a list of known issues in the main thread, you can post bug reports there but please search the thread so you don’t ask something obvious. There is another thread for discussion (ie: anything that is not a bug report).

Each time I’ve done this type of upgrade I seem to get burned by the Android Market treating the new ROM as if it were a new device, thus it doesn’t restore any of my apps. Good thing I had taken a backup of the list above. Having done this a few times, using a desktop web browser to the Market and installing from there to my phone is much faster.

My experience so far

The good stuff:

• ICS is very, very pretty
• Recent applications with preview is cool
• Quick access to camera on lock screen is nice
• Web browser handling of multiple windows more like iOS Safari
• Calendar is a big improvement, phone interface much nicer too
• It has USB mode instead of MTP

Why it’s still an alpha

• I was unlucky and had a sync problem with the calendar
  This is a known problem with a solution – flash the gapps_fixer.zip
• Every once in a while the lock screen has no touch response, lock/unlock again with power button fixes
• I had mapped long press menu to search, that CM feature isn’t supported (yet?)
• I miss “quiet times” from CM – using Sound Manager v2 to get same function
• Power-off sound comes a while after screen is dark – I disabled the sound to resolve

So far no major issues. Only 1 of the ~50 apps I use indicated it wasn’t compatible – and I’m sure that’s just how they’ve tagged it in the market. The battery life appears to be about the same as CM 7.1.

One observation was my modem didn’t change from KG3 unlike my experience flashing CM7 where the modem did change, it seems my understanding of how the modem is updated (or not) is flawed.

I also briefly tried out a pure AOSP from Onecosmic and while it seems a bit more mature than the CM9 Alpha, it didn’t fit what I wanted (personal taste).

Getting SSHD and rsync working

I had previously written about getting SSHD working on CM7.1 and that I used rsnapshot to do incremental nightly backups of my phone. This has saved me at least once when my phone got very sick and needed to be wipe and freshly installed, having a day old backup was nice. Also when going from version to version I’m able to grab configuration details like the dropbear configuration – this allows me to reuse the same keyed ssh login without having to repeat the entire setup.

The ICS Alpha was missing dropbear. It turns out that the version from CM7.1 can be used – I specifically picked the ones from nightly build 181.

First you need to remount the /system filesystem to be read-write.

mount -o remount,rw /dev/block/mtdblock2 /system

Grab dropbear, dropbearkey and rsync and put them in /system/xbin. Make sure to use chmod 755 on them to make them executable. Probably a good idea to reboot after this.

As I’m going to re-use my configuration files from my backup, I don’t need to use the setup steps from my blog post – I just use the abbreviated version below, but if you’re doing this clean follow the original write up.

# mkdir /data/dropbear
# mkdir /data/dropbear/.ssh

Copy the following files from backup to the phone

/data/dropbear/.ssh
/data/dropbear/.ssh/authorized_keys
/data/dropbear/dropbear_rsa_host_key
/data/dropbear/dropbear_dss_host_key

Then just fix the permissions

# chmod 755 /data/dropbear /data/dropbear/.ssh
# chmod 644 /data/dropbear/dropbear*host_key
# chmod 600 /data/dropbear/.ssh/authorized_keys

The ICS Alpha is also missing the ability to set the hostname, you can hack around it by using the following command.

# setprop net.hostname yourhostname

And of course, we need to launch dropbear

# dropbear -s -g

I still need to figure out how to get these into a script that will run on reboot, for now I’m just doing the last two command manually after every reboot.

I’ve been running Ubuntu as my home desktop for quite some time, and it’s been at least a couple of years since I did a clean install. I’ve moved motherboards and drives over that time and upgraded the distribution many times. Generally the upgrades resulted in improvements. Moving to 11.04 (Natty Narwhal) resulted in a change to the new Unity interface, I had seen and used it previously on a netbook so it wasn’t completely new to me. Having only recently upgraded to 11.10 a few things busted which I’ll write about here. I’ll focus on things that I noticed breaking between 11.04 and 11.10, but some of the tips will apply in general.

Some of these issues will be due to my avoidance of doing a fresh install, if you’re really stuck – make a backup and do a fresh install and work forwards. One day I’ll get organized enough to build a script that lets me restore my preferred state “fresh” from a clean install – a lot of that script could likely be built by introspecting the current install. More likely is that people will push most of their data into “the cloud” and the desktop will become pretty much throw-away. My Android phone is starting to work a lot like that it seems (but I rebuild it from a clean install more often than I want to admit).

Issue 1 – Automatic login. I rarely reboot my machine, but when I do I don’t want to be bothered with a login. For my personal desktop I’m ok with the less secure mode (work is a different story). This busted in 11.10, fortunately the fix was out there.

Search for "User Accounts" application. Select the account you want to autologin Toggle the Automatic Login switch to On

Issue 2 – Suspend stopped working in 11.10, well as I rarely reboot/power off – I need my machine to suspend. Attempts to suspend would appear to almost suspend, but immediately resume to the lock screen. Looking at the log file /var/log/pm-suspend.log helped me spot something odd:

Running hook /etc/pm/sleep.d/05_xhci resume suspend:
FATAL: Module xhci not found.

The log didn’t indicate this was causing a problem, but it seemed suspicious. I had added this file when I got the Core i3 as suspend wasn’t working. Well, it turns out removing this file fixes my suspend problem.

Issue 3 – I now needed to disable the lock screen on resume. This took a bit more digging to find the solution to, but again it was very simple once I found it. Simply run the following in a terminal.

gsettings set org.gnome.desktop.lockdown disable-lock-screen 'true'

In 11.10 the default mail application is now Thunderbird, which I used to use back when I was on Windows XP but stuck it out with Evolution when I moved to Ubuntu. I haven’t switched so I’m still on Evolution, but it’s clear Evolution isn’t quite right in 11.10 or the settings migration due to change in db shape was busted. I’ll have to sort that out at one point.

When I moved over to Unity in 11.04, I was missing a couple of the nice task bar indicators. I found Caffeine 2.2 to give me support for disabling auto sleep, and System Load Indicator 0.2 for some stats on the task bar.

I’ll toss out one other link to tweaks by Steve Klondik, I didn’t use any but it was a good reference.