Increasing number of GPL violations

As the frequent reader of this blog will know: In order to keep track about all the alleged/confirmed gpl violations, and the progress in their resolval, we're now using RT (request tracker).

Since the request tracker was introduced about one month ago, we've received an incredible amount of reports. Today I opened ticket number 64 (!).

I don't really have those kind of automatic statistics on the number of reported violations before, but it was certainly less than that number...

Moved ulogd repository from svn.gnumonks.org to svn.netfilter.org

ulogd has practically always been a sub-project of the netfilter project, but was hosted at svn.gnumonks.org for historical reasons. I've now cleaned this up.

ulogd-1.x is now hosted at https://svn.netfilter.org/netfilter/trunk/ulog/ulogd/, ulogd-2.x at https://svn.netfilter.org/netfilter/branches/ulog/ulogd2/.

More cases seem to be coming up, test purchases dropping in

Sometimes I really think that I'm insane. In the last week alone, I've spent some 7000 EUR in test purchases to prove GPL violations. Yes, I'll get reimbursed once those cases are over, but somehow I feel like giving loans to those companies who don't obey the license. If I'd put that money into a bank, I'd at least get some (crappy) interest rate.

There are so many cases that I would like to write/talk about, but cannot because they're still not over yet. *sigh*. Let's hope I can publish some news before I leave for my 11 day trip to Bangalore for FOSS.in.

When I'm back, I can be sure that there's a stockpile of devices to analyze. Wish I could spend that time with something more productive, though.

FOSS.in schedule

I've just done a quick browse through the FOSS.in schedule. I'm honored to give my two presentations in the "Stallmann Hall".

There's also an OpenSolaris track. I'm probably going to join that, since I know close to nothing about it (yet).

CardMan 4000 and 4004 drivers merged mainline

Finally, my ported/cleaned up Omnikey CardMan 4000 and 4040 (both PCMCIA smart card readers) kernel drivers have been included in 2.6.15-rc2 pre-release.

There's hope for running our own kernel on the A780

Ok, now I am in contact with one guy that managed to run a working kernel that he compiled himself from the source code that Motorola Hong Kong has published.

This finally confirms that the kernel (even though it was requested for E68) works on a A780 without further modifications. On the other hand, I'm a bit puzzled why it won't work here. To figure out where the problem is, I've asked him to pass me the exact source tar-ball that he was using, plus detailed information on his cross toolchain.

I've also started over again from a 'vanilla' Motorola kernel tree and will give it another try. If this works, I'll re-try with the serial console, and if that works, move on to the 2.6.x tree (which I'm planning to make public this weekend, btw).

Meanwhile, I have confirmed that the bootloader is actually based on blob, and thus also needs to be released under the GPL. This, in turn, should facilitate the development of a GPL licensed host-side replacement of PST for flashing the phones.

I'm a bit worried since I'm busy with many other things over the next couple of weeks. But even while travelling, I'll have the full toolchain, sources, and everything with me.

Proud owner of a GSM BTS

Starting today, I'm the 'proud' owner of a Siemens BS-11 GSM BTS.

If anyone has documentation on

• The polarity / signal / pin descriptions of the connectors
• The Siemens vendor specific extensions to Abis (The GSM protocol between BTS and BSC)
• Whatever other documentation/information on the BS-11

it would be greatly appreciated if you could contact me.

The whole purpose of this exercise is to do some [security] research in the GSM area, and to see whether it can be done to implement the BSC-side of Abis (and a minimum emulation of HLR, MSC, ..) in order to get a phone to talk to the BTS.

This is yet another of my many toy/pet projects, so please don't expect any even remotely useful code anytime soon. Chances are likely that this project won't go anyway due to lack of time.

2.6.14.y stable series lacks lots of netfilter fixes

It seems like DaveM was away, there was some communication problem that lead to the fact that none of the netfilter related fixes went into 2.6.14.y series (up to 2.6.14.2) so far. I'm sorry for that, and all the fixes have been submitted now.

So lets hope 2.6.14.3 will have no known netfilter related bugs.

Four more gpl enforcement cases

Today I've finalized my preparations (paperwork, etc) for passing four more gpl violation cases off to my lawyer. As usual, I don't state the names of the vendors/products at this time.

There has been quite some amount of backlog piling up, as I've been busy with other (more interesting, to be honest) stuff in the netfilter, openmrtd and OpenEZX world. Luckily we're now using RequestTracker and hopefully don't loose any reports of violating products.

netfilter patch-bomb

To be more efficient in flooding DaveM with netfilter patches, I've now hacked up a set of 'wrapper scripts' around my git tree. They enable me to efficiently apply patches to my tree, generate sequential sets, and send them off (actually not using a mail user agent).

This means, that for now my patch submissions are (like those of 99.9% of the other kernel hackers) not PGP/GPG signed. If I find some time, I'll add that feature to my script.

Anyway, I've sent off the first set of 10 netfilter patches and it worked like a charm.

Sony Root-kit allegedly is an LGPL license violation

Some of you might have already read it, Sony distributes a 'root kit' with their DRM-encumbered 'copy protected' Cd's. This basically allows Sony to control your computer, once you've installed the software contained on on of their audio Cd's.

While this in itself is already a security nightmare (especially since they don't inform and/or warn the user about this), it gets even worse: According to a number of sources, this software even contains a statically linked version of the LGPL licensed liblame homepage.

I guess this gives a really strong measure: In order to protect our valuable copyright on proprietary music, we don't give anything about the copyright of others, such as authors of free software.

nf_conntrack went mainline!

Ok, finally. After David Miller has returned from his holidays, nf_conntrack has 'magically' ended up in the mainline tree. Stateful IPv6 packet filtering in vanilla 2.6.15 is therefore reality.

Thanks to Yasuyuki, DaveM, Acme and everybody else who has made this happen.

Lecture on privacy and data protection issues at Potsdam University

Today I had the honour of holding a guest lecture at the Institute of European Media Studies of the University of Applied Sciences in Potsdam. The lecture was entitled "Privacy, Data Protection and Surveillance - Risks and side effects of modern communication technology".

To my big surprise, the lecture was very well received, and members of the institute have suggested that they are interested in some follow-up lectures on other topics such as copyright / software patent / GPL issues.

14443A with higher baudrates support

I've managed to add support for 212, 424 and 848 kBps 14443A support. 214 and 424 seem to be running quite stable, 848 is not very stable. I'm not sure whether there's something wrong with my configuration, or whether this combination of reader and smartcard just are instable at 848k.

Fixed some data corruption bugs in libmrtd as well, and made both librfid and libmrtd use autoconf. There's still lots of cleanup work to be done, but basically one could now start to write a GUI application on top.

MiFARE Classic Authentication works

While working on librfid support for the Pegoda Reader (which is basically 50% done now), I've discovered what my problem with librfid's MiFARE classic support was: I was using the wrong keys. Apparently Transponders issued by Philips have { 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 } as their default key, whereas Transponders from Infineon have { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }.

I seem to have Infineon samples, and I always tried with the Philips key. After fixing this, reading sectors off a MiFARE classic card seems to be working.

ulogd2 reaches beta state

ulogd2 has now reached beta stage, and it now has almost all the plugins of ulogd-1.x. Only the SQL database backends are missing. It also features a ctnetlink input plugin for flow-based accounting with 2.6.14 kernels.

Next, I'll be working on documentation, testing and on some simple IPFIX output plugin.

lots of netfilter.org releases

Today, I spent a lot of time doing releases of libnfnetlink, libnetfilter_log, libnetfilter_queue, libnetfilter_conntrack and the conntrack program.

The amount of manual XML editing, copying of files, checking in stuff, ... required to do a release is way too much. We definitely need some release automatization.

Philips Pegoda Reader has arrived.

In order to make librfid cover more readers than it currently does, I've obtained a Philips Pegoda (aka MF EV700) reader.

It's based on the CL RC500, one of the predecessors of the CL RC632 (which librfid supports natively). However, the low level protocol processing is implemented on a Infineon C161U (C166 core with USB interface), so the interface towards the reader will be on a very different level than for the Omnikey one.

Will I be able to visit Brazil again?

There are chances that I'll be able to make it to FISL 7.0, the 2006 incarnation of the Forum Internacional Software Livre.

This is not just any other conference visit. This is the possibility to visit Brazil for the first time after my departure from Conectiva in 2001. This means I'll be able to meet all those cool guys again (folive, lclaudio, matsuoka, epx, ... you know who you are). Only few of them are still at Conectiva, but to the best of my knowledge still somewhere in Curitiba or Porto Alegre ;) or Rio Grande do Sul

Anyway, I'd better organize my schedule in a way that permits me to spend some three weeks in Brasil next year :)

iptables-1.3.4 has been released

See the 1.3.4 release page and the ChangeLog.

My flight to Bangalore was scrapped.

Northwest Airlines has been heavily advertising their Seattle-Amsterdam-Bangalore flight, including special offers. And what do they do two days before starting that flight? They postpone it indefinitely.

This is certainly the right thing to do if you want to piss off new customers. There was only one reason for me to go for NWA: Because they have a direct flight to Bangalore, with no stopover in Mumbai or Delhi. Now that reason has vanished. And since there's now only four weeks before departure, there's even no chance I could get some other direct ticket for a decent price.

I'm yet waiting with my travel agent getting back to me. Apparently NWA first informs the press, and then slowly their customers at some later point.

Basic Access Control working!

After some massive hacking session yesterday, BAC is now working. I can now establish an authenticated and encrypted session to my passport samples, and read data off them.

Still remaining on the TODO list is: Passive Authentication, Active Authentication and a nice GUI frontend.

I have lots of netfilter and OpenEZX work pending, so it's unlikely that I'll continue with libmrtd during the next couple of days.

Basic Access Control

It seems like even though the specification looks quite verbose upon first sight, there are many tiny pitfalls in implementing basic access control according to the TR-PKI 1.1 specification.

Padding is such an issue. You always pad for DES en/decryption, _but not_ if you are in the mutual authenticate command ;)

I now have the key derivation, authentication and setup of session keys working. Secure Messaging still has some problems with regard to the DES retail MAC. Let's hope I get this finished soon.

Insurance against GPL violations

According to this zdnet.com article, there is now an insurance against legal risks from violating Free Software Licenses.

Strangely, that article claims the insurance is about "the risk of using open source software". This is misleading, since there is no risk involved in _using_ the software. There is, like with any other software, a risk when you violate the license.

One wonders when we'll get such an insurance for "the risks of using proprietary software [without obtaining a license]".

Bug reports after 2.6.14 is out.

I've already received three different serious bug reports about problems with netfilter/iptables in 2.6.14. This is frustrating, considering how long the 2.6.14 development cycle was. People should try new features of a new kernel _before_ there is a release. Afterwards it's too late.