Harald Welte's blog

Voting Machines: Complaint against last German Bundestag elections turned down

As several sources have reported, the German Bundestag just decided that the formal complaints of voters against the use of insecure voting machines in the last Bundestag elections are void.

The Bundestag decided to reject those complaints by using pre-worded statements from the Ministry of Interior, some of which can be technically proven to be wrong. It is a real pity - but what do you expect if you ask those people who got elected, whether they accept that election ;) It's also quite embarrassing to see such complaints to be dragged on for more than one year. We're talking about complaints about the Elections on September 18, 2005. I think this says a lot about the state of democracy in this country, and the carelessness of those in power towards a fair and equal election process.

This is why the original plaintiffs now are preparing a lawsuit in front of the federal constitutional court. In order to be filed, some 100 signatures of German voters in support of this lawsuit are required. This shouldn't be a problem, since a petition against the use of voting machines has drawn some 48,000 supporters without any trouble. You can find more information about how to support this complaint of unconstitutionality on the Homepage of Dr. Ulrich Wiesner.

RFIDiot - a python-based RFID tool

By accident, I've discovered RFIDiot, a RFID exploration library and tool written in python. There is quite a bit of overlap with what librfid tries to achieve, from a functional point of view (written in C, of course).

So on the one hand, there's a lot of functional overlap on the high-level like mifare reading/writing, ePassport reading, ... - but on the other hand, all the lower levels seem to be missing in RFIDiot. I guess that's the price you have to pay for vendor-lock-in with a proprietary serial protocol like the ACG readers.

Once I find some time again (next year, feb/march), I'd definitely like to see whether there can be some kind of integration/cooperation between RFIDiot and librfid/libmrtd.

Seen "Kabhi Alvida Naa Kehna" in the cinema

Just by coincidence I noticed that yesterday was the only show of "Kabhi Alvida Naa Kehna" anywhere near Berlin _at all_. So no matter that it was some 60km away, and I had to drive all the way to Potsdam, I had to go. And that decision was right. It definitely has become of my personal "all-time top ten" Hindi movies. It could have been a bit more serious, according to my taste. But apart from that: Great music, fabulous choreography, camera, costumes, acting, .... - everything!

So as soon as it becomes available here, I have to buy the DVD. Oh, and yes, I still have to buy that LCD projector for my home cinema, the one I intended to buy for several months now...

I need a break: Debugging a driver for non-existent hardware

For the development of the OpenMoko system on the Neo1973 phone, we have two different development platforms, one is the phone prototype - the other being a generic S3C2410 development board. Obviously that generic board doesn't have all the phone specific bits on it - but it can interconnect to a GSM modem via DB9 serial port, providing a very close match to the actual product hardware.

For the better part of yesterday, I apparently forgot that this is not true for all the hardware devices. For hours and hours I tried to debug a problem with the power management unit (PMU) driver. The I2C core just didn't want to talk to it.

It is only today morning that I realize: The development board doesn't have this PMU. Doh! Obviously only the phone prototype has that PMU! For god's sake, it looks like I need a break (but can't afford one, time-line wise).

Now why am I 'broadcasting' this embarrassing notice in a blog? To demonstrate: We're all human beings, we all make - apparently stupid - mistakes from time to time.

Secure Linux Administration Conference

Just one day after returning from India, I'll be one of the first speakers on the first day of Secure Linux Administration Conference (SLAC), where I'll be talking about hardware selection and low-level tuning for achieving best Linux networking performance.

Some details about the GSM infrastructure on the Neo1973 / OpenMoko

I've posted this publicly to some mailing lists in mid-November, but thought it was good to have this information in the blog, too:

First of all, there is a ts0710 multiplex layer, architecture-wise similar to what Motorola uses in their 2.4.x kernels. This ts0710 (de)multiplex takes care of handling GSM TS 07.10 "advanced mode" (the HDLC framing). It will be easy to add "basic mode" for chips that doesn't support advanced mode, and I'm also planning to add support for the Motorola proprietary 07.10 extensions (see OpenEZX wiki) once Neo1973 has been released.

This demultiplex is implemented as a line discipline. Therefore some userspace program (in our case the GSM daemon) attaches as a line discipline to the underlying physical UART.

devices that don't have a physical UART (such as the Motorola phones) will provide a small glue layer that provides a virtual UART on top of e.g. USB as underlying layer.

The GSM mux layer then provides itself one virtual serial port per DLC of the multiplex.

On top of those virtual serial ports, there is a GPRS line discipline, or a PPP line discipline for implementing full in-kernel data connection support, with no need for sending data packets for network traffic from/to userspace.

Both the GPRS line discipline and the ts0710 multiplex are written according to the style and requirements ("good taste") of kernel code, and will be submitted to the mainline kernel as soon as the Neo1973 goes public. I really hope to make this a standard component of the mainline kernel, supporting as many GSM modems as possible over time.

On top of the virtual serial ports, we have a GSM daemon. This daemon takes care of almost all communication with the GSM modem. The daemon initializes AT+CMUX and then attaches the kernel line discipline. It also attaches GPRS line discipline to a virtual serial port afterwards.

The daemon provides a Unix domain socket based protocol for other applications (at some later point this might become a network-enabled protocol by running it over TCP). The "other applications" (such as the contact manager, the dialer program, etc.) link against a library called "libgsmd" which wraps the protocol into a C language API.

This means that programs have a high-level API for initiating and receiving voice calls, for receiving and sending SMS, obtaining list of operators, reading/storing contacts from/to SIM card, etc.

The daemon will be GPL licensed, for the library we're not sure whether to GPL or LGPL it (probably LGPL). All applications shipped on the Neo1973 linking to the library are GPL licensed, so there will be enough example code for people to understand how that API works.

The gsmd/libgsmd code will be run (just like any other program on the Neo1973) as any other free software / open source program. Please understand that while FIC sponsors the OpenMoko project, they don't really exert control over it. So as soon as the device and code is released, I'm happy for any input and discussions the community has on improving such a system, including support for more devices, etc.

Oh, and yes, the daemon has a plug-in interface for vendor-specific extensions, since every GSM modem vendor has commands beyond the GSM07.07 specification. Also, the C API and the Unix domain protocol provide for transparent pass-through of AT commends from application to daemon. This is not meant to be a single-vendor-single-product code, but is at least designed to make it easy to add support for other devices.

Anyway, even without gsmd/libgsmd, I think the kernel-level serial multiplexer (which is not a very complicated thing) is a valuable feature to anyone doing GSM/GPRS on Linux - be it on a PC with GSM modem, or a smartphone.

The reason for doing this (de)multiplex in the kernel:

the individual virtual serial ports have all the features of real serial ports. hardware/software flow control, modem status lines, etc. - and the kernel has a standard API, well known in Unix over decades, to work with serial ports from a userspace program
especially when it comes to data sessions (packet data or circuit switched data), then you don't want to push all data to userspace and back in the kernel. you want to have a fast path for that, both from a CPU consumption (battery!) point of life, but also from a latency point of view. mobile data latencies are already high enough, we don't want to have additional unneccesary latencies in the handset

Please understand that at this time I have to focus on OpenMoko development, and cannot engage in lengthy discussions. This is about all the information I wanted to add about what's actually happening in our project, and this is the architecture the OpenMoko software on the Neo1973 phone has. Please bear with me until January. Once the code is out, I'm happy for any kind of discussion, modification, contribution, etc.

Petition against obnoxious WEEE implementation in Germany

There is now an official Petition to re-work the obnoxious WEEE implementation in Germany (see my detailed posting earlier in this blog. This is good, and definitely a step forward in getting regulations in place which are supportive of small and medium-sized companies, rather them getting them out of business. I've spoken to lawyers about the current regulations, and they e.g. have severe doubt that they are even constitutional.

If you are German, and/or operate a business in Germany, please consider signing the above-mentioned petition!

btw: I'm planning to start a petition against hosting petitions of the German Bundestag at a University in the UK, anybody interested in joining it?

My reason for being away from OpenEZX

This post should have been posted months ago, but only since very recently I'm allowed to talk about the real reason. You might have read about it, if you read my full blog, but I'm posting this again in the 'a780' category to make it appear on planet.openezx.org

I've been hired to be key element in the design and implementation of the OpenMoko platform and the first device it supports: The Neo1973 phone. While there is no provision in the contract preventing me from working on the OpenEZX project at all, this assignment has just sucked up all available time like a vacuum cleaner.

To OpenEZX developers, users and supporters: Please be assured that most of the work done on OpenMoko will eventually benefit OpenEZX quite a lot. So please stay tuned, and concentrate on the low-leve device-specific issues that need to be resolved with the Motorola EZX hardware :)

Hacking librfid mifare support in Indian sleeper train

I'm currently on a train ride from Bangalore to Sangli(Miraj Jn), which is a 15 hour ride. Since there's quite a bit of noise from other passengers, and the bed (berth?) is not all that comfortable, I didn't get more than some five hours of sleep.

For librfid users this is good news, since I managed to get quite a bit of work done. First of all, mifare classic authentication is now way more reliable than it was before. With regard to the CL RC632, apparently you have to first issue the LOAD_KEY command before filling the FIFO with the key, rather than the other way around.

Also, mifare classic data block (16 byte) writes are now fixed, so you can finally actually read and write data blocks. Next I've implemented parsing (and compiling) functions for the obnoxious mifare permission bit encoding.

Last, but not least, the auto-detection has been enhanced and it an now correctly distinguish between mifare classic and mifare ultralight.

Stupid extreme AC has made me sick again

Just like the 2003/2004, the insane amount of air condition at J N Tata Auditorium has made me catch a cold once again. This is not a surprise, considering that I had a hard time typing while sitting in there, having to regularly warm up my fingers by sitting on my hands.

This is just something that I will never understand. When there's a reasonable, comfortable temperature outside (let's say 25 degrees Celsius), why would you ever do more than just exchange the air inside the hall (e.g. just blow air from the outside into the room, and remove 'used air')? Of what use is it to chill the room down to sub-20 degrees?

Interestingly, a lot of Indian people seem to be used to it, since they were wearing short-sleeved shirts, while we were freezing even wearing t-shirt plus long-sleeved shirt...

This consumes _a lot_ of energy. The AC in the main hall is at least in the order of 30..50 kW, if not more. No wonder that India wants more nuclear power plants. I don't want to imagine the amount of power consumption by ACs nationwide.

Some ventilation is more than efficient in many cases. Even during two weeks of Kerala in March this year, I was using the AC only once at a single hotel.

Please, think twice before using an AC or even turning it to ridiculous amounts. Is the energy waste and increased health risks (think of not regularly cleaned filters, etc) really worth a slight increase in comfort? How weak have we become if we can't even tolerate temperatures up to, let's say, 30 centigrade?

Sorry

I want to say sorry to the many people whom I had almost no chance to talk to during my FOSS.in visit. I know it's no excuse, but believe me, I'm just too involved with way too many things at the same time. For any rational reason, I should not have attended the conference, because I cannot afford that amount of time. I have even skipped OLS in Ottawa earlier this year, Linuxtag and Linux Kongreess in Germany, as well as I have turned down an invitation from linux.conf.au in early 2007. I always was (and still am) a big fan of lb/FOSS.in, that's why I thought I got to be there, even this time.

My work schedule of the last couple of months has been optimized to work at least 12 hour per day, seven days a week, with no external interruptions and almost no interaction with the outside world apart from checking the most important emails about twice per day. No going out to clubs, no parties, no movies, no TV, and close to zero meeting with friends either. Not even time for filing tax declarations in time.

Now being at the conference, I'm suffering severely since my backlog of work is basically growing by one day every day I'm here. This is very stressful, and I apologize if I cannot respond adequately to those who actually are interested in my work, or even want to offer help. I know this is not helpful, but please accept that this time I just can't help it. My reactions have come down to self-defense. If you ask me anything, even the smallest thing that I'd have to add to my TODO list, you will trigger a defensive reaction, rather than a polite and helpful one.

I hereby ask you for your understanding. I am at the absolute limit. Give me a break. Thanks.

First impressions from day1 of foss.in

The first impressions of FOSS.in/2006 are very positive. Not only were the security guards clueful enough to not have everyone open their bags at the entrance, but also the WiFi network was fully operational even before the opening ceremony started.

So far, everything is running verry smooth and pleasant.

On my way to FOSS.in 2006

I'm now in the final stage of packing my suitcase for my third trip to India this year. The schedule mainly consists of attending the FOSS.in 2006 conference and meeting some potential business partners regarding OpenPCD and OpenBeacon (which is another open RFID related project that isn't really public yet).

This time there will be a five-person "Berlin delegation" at FOSS.in, which is quite impressive. First, there's Tim Pritlove of CCC fame. Next Brita + Milosch of bitmanufaktur, and finally Sarah and myself.

I'm looking forward to see how this years incarnation of FOSS.in turns out. It's again in the IISC J.N. Tata Auditorium, where the organizers (and the event) suffered quite a bit a couple of years back. But this time, everything shall be fine.

The new woman in my life: Sarah.

After more than half a year after my separation from Elisabeth, there is a new woman in my life, Sarah. The most amazing thing is, that I didn't actually have to look out / search for a new girlfriend, but she just happened to come into my life. There also wouldn't have been any other chance, since I actually have zero time to go out, and even less time to think about anything not related to paid or unpaid work.

She's intelligent, and probably the most geek-compatible type of woman you can imagine. Not that I would ever consider this an important factor (I'm not a typical geek either), but it definitely helps things a lot, if she just understands the way geeks talk, has lots of experience with geeks from previous relationships.

It's the kind of pleasant small surprises like learning that she's running Linux on her computer[s], and that she understands a lot about the net and the FOSS world, without having to start to explain your whole world from its very beginning. As indicated, those facts in themselves are not really important at all. But imagine: Everything else seems to match, and you get those details [right] in addition to the 'usual' partner compatibility :)

It's been a very intense three weeks, and I have to admit that I never happened to get to know somebody in that short period of time, at least not to that level. Actually, it makes you frightened a bit, if everything goes that fast... wondering whether this is real, whether it is sustainable.

Anyway, it has been extremely pleasant, and I'm very happy about that. I'll continue this "experiment", keeping up the pace of this relationship by taking her along to India for FOSS.in 2006 next week. Before meeting Sarah, I probably would never have considered such a step - taking somebody along a long distance trip, whom you barely know for a couple of weeks. But then, if you can hardly imagine being apart from her during that time, there's probably also a lot of egoistic reasons for taking her along, too ;)

OpenMoko / FIC Neo1973 GPL clarification

Since there have been some misinterpretations / rumors in the press about the amount of Free Software in the OpenMoko / Neo1973 product, I felt obliged to release a couple of further details on the GPL situation.

First of all, I'm surprised that somebody would think that I would engage in a project that would use something like binary-only drivers. I don't think that's ever going to happen ;)

Anyway, looking at the current development version, there is not a single in-kernel piece of software that is not GPL licensed. No proprietary drivers, no proprietary flash file systems, nothing.

In userspace, there only one single component that is not going to be under a Free Software License: It's our GPS daemon. The reason for this is, that the specific high-sensitivity assisted GPS that we wanted is only available in something like a "soft modem GPS", e.g. one that does most of the GPS signal processing in software.

Oh, and yes, the bootloader is u-boot (as the frequent reader of this blog might have guessed). So that is GPL licensed, too.

My no longer secret project: OpenMoko Linux GSM phone

Yesterday, it was finally revealed on what kind of secret project I was working for the last four months: A quite unique, really free and open Linux GSM (smart-)phone produced by the Taiwan-based manufacturer FIC

In this project I'm responsible for the system-level software design and implementation. This means: Kernel, drivers, GSM communication infrastructure, etc.

So why is this project so exciting? Because it's [yet another] Linux phone? No. It's because this is the first time (to the best of my knowledge), that a vendor is

involving (hiring) prominent community members to do the actual architecture design and implementation
planning to completely open up their Linux distribution for any contributed development, e.g. use a package manager that can access arbitrary package feeds
trying very hard to make sure almost everything will be Free Software, from drivers up to the UI applications
actively providing documentation and interfaces for third party development on any level of the system, from debug interface, boot loader, kernel, middleware through the UI applications
using X11 to allow users to run any existing X11 Linux application (within resource constraints)

So basically, from a Free Software community level, this is exactly the kind of phone you want to get involved with, and play with. Yes, it's not the perfect phone. It runs a proprietary GSM stack on a separate processor. There are some minor, self-contained proprietary bits on the back end side in userspace. But well, it's probably the best you can do as a first shot of a new generation of devices, and without too much existing market power to put on upstream vendors.

No news is good news

You might have noticed that the posting frequency in this blog has decreased quite a bit recently. In this particular case, no news is good news. There's been a lot of progress in a number of work related projects.

Some more thoughts on the results of GPL enforcement

Just a small personal note: Yes, this blog is currently seeing close to no updates. This is because I'm literally working every minute that I'm awake, with no time for anything else.

But to get to the main point of this entry: The results we see from GPL enforcement. I don't want to write about the legal results, since they have always been successful, in 100+ violations that I've been dealing with so far.

I'd rather want to talk about other results. They mainly fall into two categories:

Structural results, how I like to call them, show that the vendors / "the industry" now understand the GPL [better] and thus adopt policies and business practises that are more likely to be GPL compliant from now on. This is good, since it has the potential to prevent further GPL violations down the road, presuming license compliance is something that we value and strive for.

But how does Free Software actually benefit from GPL enforcement? I'm talking about the actual software, and not the movement, the community, the advocates, etc.

How many times have you seen some code coming out of a "GPL code release" from one of the many (mostly embedded) vendors that was actually useful to be contributed back to an existing Free Software project, or even that spawned a new Free Software project? I for my part am certain to say: Zero. The actual number might be close to zero, but very small anyways.

The next logical question is to ask ourselves, why it is like that. First of all, the code quality is usually extremely bad. Looking at kernel patches from the various vendors, I'd say the code quality is _by far_ off any scale that would ever even remotely be considered to be suitable for upstream inclusion. Not only do those vendors not care about any CodingStyle (which could be easily fixed), but they ignore any existing standard API's (why use them if we can reinvent our own?), don't ever spend a single second on portability issues such as SMP, DMA safe allocations, endian issues, 32/64bit, etc. This code is "throw-away software". Fire and forget. The complete opposite of the long-term maintainability goals of about any FOSS project I know.

I would be the most embarrassed man if I ever was involved with any such software. Having your name associated with such poor quality would be like a stigma. Any technical person would laugh. And yet, the managers of those respective companies proudly announce the availability of their so-called "GPL code releases". If they only understood how ridiculous they make themselves in the technical community. It's like if they were proudly presenting a drawing from a three-year-old kid as the new Picasso. They just don't notice because the number of people with a taste of art is apparently larger than the number of people with a taste of source code quality and aesthetics.

The next big problem is the perpetual preference of vendors, even in a market with only six month product life-cycles, to use ages old software to base their code on. Of what use is e.g. an obscure netfilter patch that was developed against kernel 2.4.18, something that is many years old and of no relevance to current stable kernels or even current development?

Now you might argue "What about projects like OpenWRT?". While they are no doubt very useful, it is quite simple. Those projects mainly benefit only the customers of the (probably formerly GPL infringing) embedded devices. Therefore, they benefit specific customers, and not Free Software Users in general. Even if OpenWRT or others invest huge amounts of work and manage to clean up / re-implement some of the awkward sources released by embedded manufacturer X, and push it into the upstream project (e.g. Linux kernel), it is something that most often only a very specific user base that benefits from it. All the really interesting bits, if there are any at all, are kept proprietary by the respective manufacturers, using legally extremely questionable practises such as binary-only kernel modules.

If one thinks a bit more, this whole sad process could have envisioned before. It's a myth to believe that Linux and other FOSS is so popular in the embedded market because vendors think it is more reliable, or secure, or even because of the maintainability, audit-ability, or even the benefits that users and developers get from being able to run modified versions of the software. If they were, we would see clean code and regular security updates. In reality almost every product is one gaping security nightmare. None of those potential benefits are of any interest to embedded vendors.

The response to the 'why' question is quite simple: They use GNU/Linux because this way they can avoid per-unit royalties that are very popular with alternative (proprietary) embedded OS's. It's a cheap commodity. Thus, it's not surprising how they treat GPL compliance. Disgruntled, not understanding the issues behind, releasing only the most incomplete non-building source code snippets that make any reasonable developer vomit at first sight. And since they themselves lack the skilled developers internally (they're not cheap!), their management goes ahead and releases something that is embarrassing. If I wanted to evaluate the technical skill-set of a company before making large-scale business with them, I'd [have somebody] look at their source code releases. It can tell a lot about technical expertise and corporate style :)

Please don't get me wrong. I'm not complaining that there is any legal shortcoming in those "GPL Code Releases" though there often is, but that is not the point of this article). But if somebody asks me, how much the actual Free Software source code benefits from the code that was released by the vendors, my honest reply would be simple and sad: None.

While this whole post might sound bitter and resignated, and like I wanted to give up GPL enforcement since it's not worth it: This is not the message that I want to put out. GPL enforcement remains important. I never assumed that there would be a lot of actual mainline-mergeable source code coming out of it, so I'm not disappointed with the enforcement. I just have the constant feeling that many people are driven by misconceptions, and nobody outside the hacker community really knows what's going on on a technical level.

QNTAL concert in Berlin

One of my favourite band for many years, QNTAL, have been playing tonight in Berlin. The concert was fantastic, and due to my recent high workload, I apparently actually missed their last album relase. They did very well with that latest release.

However, apparently day 15 of the tour (one concert every night) has already left quite some traces on Syrah's otherwise brilliant voice. It was still extremely good, but you could notice she's [again] having some problems :( What kind of torture must it be, to be an excellent singer with classical training, with a crystal clear voice - but then having chronical problems with your throat..

To my big surprise, the support band Unto Ashes was actually extremely good. I'm not saying this because I thought Unto Ashes was bad, but rather because support bands generally suck quite a lot. Maybe it's just me being unlucky, but this was actually the first concert with a great support band that I've been to.

All in all definitely a memorable evening. If it didn't eat that much productive time...

Linux World Expo in Utrecht, The Netherlands

Due to Armijn (of gpl-violations.org) involvement in the programme committee of the linuxworldexpo.nl 2006, I have been invited to do a session called "Free Software Master Class" together with Georg Greve from the Free Software Foundation Europe. Georg presented on "the business value of Free Software", whereas I was talking about "how to be GPL compliant".

The presentation went quite fine, and there were good questions coming from the audience. Hoewver, you could clearly tell that the organizers didn't really have any experience with holding conference/seminars, but just trade shows.

First of all, the seminar area was not reasonably shielded from the background noise of the trade show. Therefore the volume of the PA had to be quite high to combat that background noise.

Secondly, the light situation was way too bright for the audience to be able to read the image projected by the LCD projector. I mean, there were dozens of neon lights (that couldn't be switched off) directly above the screen, that just cannot work.

My third point of criticism was the organization of speaker travel and accomodation. If it wasn't for me meeting with Armijn at the night of arrival, I wouldn't have known to which hotel to go to. Furthermore, the hotel was located in a different town (so you couldn't just go back to the hotel during the day, to drop some stuff, or change clothes, or whateer). Then that hotel was undergoing a complete reconstruction. I could only take the question "do you need a wake up call" by the receptionist as an ironic joke. At 7.45am the power drilling started - way after all the other noise that started about half an hour earlier.

Luckily I had arranged for my own travel. Georg has received his ticket information only on Monday afternoon (and was leaving on tuesday!). This is not exactly how you professionally organize any kind of event.

I don't want to overly complain, but I just want to give motivation to improve that situation the next time.

Dual-Opteron liquid cooling leaking

I'm not really having that much luck with the liquid cooling system of my main workstation. Today, one of the CPU coolers (dual socket 940 board) started leaking. Unfortunately it was the cooler of the CPU sitting above the AGP and PCI-X slots, spilling coolant on th Radeon 9200 and E1000 cards.

Coincidentally all that happened while I was having a bath, but that just as a side-note.

Now the box still boots up and is accessible from the network. Just no graphics output. Pretty bad for what I use as a dual-head compile and development workstation. So far it looks like at least that AGP card has died. I already bought a used one on eBay (you can't get any Radeon 9200 these days, and that's the really last 'free' graphics chip out there [apart from Intel on-board stuff]...). It could also be the AGP socket or something completely different. I don't have any spare AGP cards, just PCI... 5V PCI that don't fit in the 3.3V-only PCI-X slots, so I couldn't test it with a different card right now.

Now since this is the second time I'm having quite big trouble with that liquid cooling system, this is a good time to re-think whether it was that good an idea. I still think it was. I mean, for the better part of two years, this system has been running day and night, without any problems. In fact it is so quiet that I now regard my Quad G5 (unloaded, all fans at minimum) as extremely loud. And it is that quiescence which I love so much, and it is even worth at least those two times I've now had problems.

Nedap voting machines in Europe

The regular reader of this weblog might have noticed that for more than a yearI've had an interest in the use of voting machines in elections, specifically Germany.

While my many other interests and projects have not allowed me to look into this subject as much as I wanted, some of my friends of the Berlin CCC have collected a lot of information on voting machines (German) and also actually had a chance to do some hands-on security research together with our Dutch hacker friends

Yesterday, their joint activities became public. First in a TV show that has been aired in the Netherlands. German media reports are catching up today. Expect some more coverage following-up the CCC press release, such as this one.

Now what was actually discovered? In short,

There are many possibilities for manipulations
That a proof-of-concept firmware for election manipulation on a Nedap machine has been developed
That the Nedap machine can be re-programmed just like any other computer, e.g. to turn it into a chess computer
That the Nedap machines actually have spurious emissions that can be used to detect which party / candidate is currently being voted from a range of at least a couple of meters distance by using a small radio receiver with earphones.
That any contemporary cell phone or Digital TV set-top-box has employed more security mechanisms than those voting machines. Cryptographically signed boot process? Signed applications? Trusted Computing? Such technologies are only employed for the protection of important data, such as commercial audio and video recordings. Unimportant matters such as democratic and free elections do not require any such secure technology, but use 1980's home computer technology.
That the legal requirements on the technology of voting machines in the Netherlands and in Germany do apparently not even come close to identifying (and preventing) the most basic IT security threats.

Therefore, the use of such voting machines must be halted immediately, at least until an independent board of renowned international IT security experts has been drawn to specify new technical requirements on their security, and until all old machines have been upgraded or replaced by such machines that follow those requirements.

Because any reasonable set of security requirements will inevitably lead to machines that are by far more expensive than those currently in use, it becomes even more questionable to build and use them in the first place. Why should a few hours quicker election results ever be worth even only the slightest increase in risk of election manipulations?

Bollywood Musical in Berlin

Tonight I've been to Bollywood - The Show, a Bollywood musical that is touring through (I guess among other countries) Germany for the next couple of months.

It was truly amazing. First, there is the irony of playing a story that is remotely based on a true story - probably an idealized form of the story of the musicians and choreographer family behind this musical: The Merchant family. Secondly, the number of dancers is actually quite limited, so they need to danca and dance and dance for hours. What is usually done in many takes (with breaks) when shooting the song sequences of a Bollywood movie - those musical dancers have to do it all in one row. One some days even two shows on one day. What an amazing talent and stamina.

It's too sad to learn that such musicals can only exist in the west, since their cost of production is just too expensive for India, plus apparently the lack of a musical culture there.. quite strange, isn't it? I bet a lot of Indian Bollywood fans are definitely sad to lack the opportunity to see this (or another upcoming one, such as the Bharati).

Obnoxious RoHS/WEEE rules and their German implementation

You might have heard about RoHS (Reduction of Hazardous Substances) before. I always thought it is a well-meant and important contribution of the European Union to reduce the amount of hazardous substances in electronic waste. As a supporter of many environmental groups, and an occasional voter for the Green party, I definitely support such a goal.

If I was to manufacture electronic equipment, then certainly I would consider it as my moral duty to pay for the cost of processing ('recycling', how they call it, if that was ever possible)the resulting waste. No debate on that at all.

Now I actually am involved with producing small quantities of electronic equipment, and suddenly those issues come up again. The product obviously only uses RoHS compliant components, no question on that. We do want to reduce the environmental impact, after all.

Now enter EU and German bureaucracy, combined with lobbying of large industrial electronics manufacturers, and you end up with the German implementation called "ElektroG" (Gesetz ueber das Inverkehrbringen, die Ruecknahme und die umweltfreundliche Entsorgung von Elektro- und Elektronikgeraeten [Law about distribution, withdrawal and eco-friendly disposal of electrical and electronic devices]). That law basically regulates and delegates the administration of the RoHS/WEEE guidelines to an authority called EAR (Stiftung Elektro-Altgeraete Register [Foundation for Registry of Electrical Devices]).

The way how this system works is:

All manufacturers and importers have to register themselves with EAR
They also have to register the quantity (weight) of produced/imported goods every month
They furthermore have to produce proof of having made a deposit on the amount of money required to "recycle" the resulting electronic waste, even in the case of bankruptcy of the producer/importer

This all sounds very reasonable and well-thought. Given the facts stated until here, I would still be an avid supporter of such a system.

Now enter the disaster: The minimum quantity that this system can deal with is the metric ton. This is very suitable for large manufacturers, but what about a small company that produces 100 units of 180grams of weight every year? It will take more than 55 years to fill up that metric ton. Now, if they actually allowed you to pay for one ton every 55 years, then that would be great. Obviously, they don't. Rather they employ an undisclosed lottery algorithm, which elects one registered producer/importer who has to take care of recycling one specific container that was filled last at the electronics waste collection station. Yes, every time one container is filled, they elect another lucky lottery winner. And in order to make sure that every possible "winner" could actually afford the disposal of that container, EAR has the "proof of bankruptcy-safe deposit".

You might think: Well, quite a fancy system, but assuming that algorithm was tuned right, there still is no problem, even for small producers, since the probability of them being chosen by the lottery is very low. And in fact it is. An EAR person has publicly stated in an interview that only producers having produced more than 3.5 metric tons of electronics are eligible to win that lottery. Great, since in our example that would be in 194 years. Son nothing to worry about, right?

Wrong. The administrative fees of EAR.

155 EUR one-time fee for registration is still quite acceptable.
85 EUR per product that is put on the market is fine, too.
100 EUR for each notice of change in production quantity is a bit steep, given the inevitable flux of that figure.
455 EUR for the validation of the proof of having made the deposit
215 EUR annually for the re-validation of the proof of having made the deposit

Now what kind of bull**it is this? This means that during those 55 years we would fill one metric ton, we'd have to pay 12066 EUR only in administrative fees for validation and re-validation of the bankruptcy-save deposit? All that for the disposal of one ton of electronic waste, which costs [now] between 200 and 400EUR ?

I would be very surprised if such fees would not violate anti competition rules of the EU somewhere at some point. This is the creation of a serious market entrance barrier for small manufacturers of electronic equipment and nothing else.

Bavaria's best gothic/dark wave/industrial/ebm club "Top Act" about to close

I'm sad to hear that the best club "close" (50km) from my old home city is about to close at the end of the year. This is extremely sad, and I suppose it will have quite an impact on the subculture there.

I can only hope that I'll find some spare time for a goodbye visit in November or December this year. A night at Goettertanz or La Nuit Obscure has always been a deeply touching, emotional and aesthetic event. No other club anywhere else has ever managed to make me feel anywhere close to how I felt at Top Act back then. Excellent DJ's, great choice of music, the right kind of people, 18+ limit for admittance, and a gothic dress code(!). Call that elite, if you want - I'll tell you: The result was spectaculous. People would travel 150+ km every weekend to get there.

Good bye Top Act. Thanks to Thomas Manegold and his crew, thanks for hosting that many memorable events. Thanks to Kodachi (didn't forget you!) for first recommending that location to me.

FOSS.in Call for Papers still open until Oct. 08

Many of you know that for the last three years I enjoy the conference for Linux, Free and Open Source Software formerly known as linux-bangalore, but now known as FOSS.in.

Compared with other big international events, FOSS.in call for papers is always tremendously late, which means that it actually is only some 10 weeks in advance of the event. The same goes for the event website. Please don't consider this as a sign of weak organization. It's just like this, it has been like this, and it worked well. This 'late start' has never compromised the vitality and success of the actual event.

If you have some interesting and technical topic in the Free and Open Source software which you want to talk about, I suggest submitting a proposal with the FOSS.in speaker registration website. Expect an excited audience of up to 3,000 attendees.

OpenPCD press release, online shop

Ok, after a painful day full of shippin rates, insurance, taxation issues, etc. Milosch finally worked out how to ship our product to about any country of the wokld. This means that the OpenPCD shop is now online, and we're accepting orders from those people who don't want to fabricate the four-layer PCB themselves ;)

We also sent out the Press Release, in the hope that some press actually might be interested in free hardware project.

On OpenPCD.org we now also published the first binary firmware images (source code has always been in svn), including full USB DFU (device firmware upgrade) support.

If I manage to resolve some of the problems I still have with the SAM7 SSC controller, then the PICC simulator should also get working some time soon.

gpl-violations.org prevails in court case against D-Link on the GPL

A couple of weeks ago, I mentioned in this blog that there was legal victory in a ground-breaking court case on the validity and enforcibility of the GPL.

Today, I have released this press release stating some more details on the case, including the name of the defendant: D-Link.

I'm quite happy to see that our arguments have convinced the court outright, and that we didn't have to go through a lengthy procedure of calling several prominent kernel developers as witnesses, and getting statements from technical experts or the like.

If you're interested in the (German) judgement of 16 pages, you can find it at my lawyers' website. An English translation is in the works, but will take another week or so.

We've already received some press coverage, mainly in Germany so far. Interestingly, in a statement of D-Link quoted by heise.de, D-Link seems determined to not take this to a higher court... which means that this judgement will soon be considered legally binding, and be one more tiny step in the clarification of legal questions on the GPL.

I'd like to thank my fellow developers Werner Almesberger and David Woodhouse, as well as my lawyer Dr. Till Jaeger and his colleagues for all their support and work. A lot of time and effort was spent in preparation of this case, and as it turned out, exactly that preparation brought the case to a quick ending.

Panasonic R5 battey life

On the trip back to Berlin (from netconf in Tokyo) I had the first real-world test case for my new Panasonic R5 laptop. This really is the best laptop I ever had, I'm very happy with it. The advertisements of 10..11h battery life time don't seem to be an overstatement. I'm not flying for more than 10 hours, but given the power readings that ACPI gives me, 11 hours should be very much possible, given the total power consumption of 4.3W while doing text file editing, such as writing program code or this blog entry.

Doing a kernel compile brings the total power consumption up to something like 8.9W, still pretty impressive (and should give about 6.5hours given the battery capacity of 57Wh).

On the driver/hardware support side: I got display backlight control to work with the out-of-tree pcc_acpi module, and ipw3945 also worked straight ahead. Now I basically only need to find some useful thing to do with the TPM that I unvoluntarily got with this device. Has anyone figured out a way to use it for dm_crypt key storage or something like it? That would be neat. And yes, I know, if the device breaks, my data is gone. But that's what backups, version management, IMAP servers and the like are for.

My latest toy: Panasonic R5

I was already assuming that I'd be spending some money in Akihabara (Tokyo, Japan) before I actually went there or knew for what it was going to be spent.

Browsing through the hundreds (literally!) of local electronics stores, I once again realized how nice and small laptops (sub-notebooks ?) are available in Japan. One really wonders why those devices never make it to the European market.

Anyway, I bought myself a Panasonic R5, which is a 512MB RAM, 60GB 1.8" hard disk, Intel U1300 CPU, 10.4" 1024x768 device that weighs 999grams and is actually really cute ;) Wi-Fi is provided by an Intel 3915 a/b/g chip, and graphics is an Intel 945 PCIe - so no problem with free software drivers at all (remind me to re-implement that binary-only daemon for the new Intel chipset if nobody else does it until the end of the year).

Debian unstable installed fine (from a USB stick, before Windows booted the first time, so it's still a virgin), Xorg is running, everything seems fine. One thing that I didn't realize until after the purchase, though, is that Intel's mobile CPU's apparently don't have the x86_64 extensions (or EM64T how they call their AMD copy), which is sad. This is actually the first 32bit system I'm using for a quite long time :(

Jamal also got one at netconf, and seems equally excited about his new toy...

netconf'06 over

Three days in fast-fowrard, this is how you could probably best describe how netconf was. In-depth technical talks, just like it is supposed to be. And I have to admit that even though I've basically paused my kernel network development in early 2006 (will be back next year!), I could still follow everything, so the risk of loosing track quickly is apparently not that high.

There are many exciting areas of work (and even more with interesting design ideas/discussions), so it's just too sad that I'll have to stick with other work for the rest of this year... embedded Linux, RFID and GPL enforcement :(

As usual at the end of the event, we had to think of where and when to hold the next one. After northern America (twice) and Asia/Pacific (once), it's definitely time for Europe next year. We haven't yet decided on whether to go to Sweden, Germany or Switzerland. I'll try to locate some scenic venue and sponsoring, maybe we can hold it in Germany after all.

At the dinner today both JamesM and myself did our best to promote FOSS.in 2006 among the networking crowd. It seems like Rusty, Jamal and Yoshifuji got hooked ;)

In other news, I couldn't resist but to buy one of those ultra-small notebooks that are only available in Japan but nowhere else. Specifically, it is a Panasonic R5, featuring 24.2 x 18cm size, exactly one kilogram of weight, 60GB hard disk, 10.4" screen, 512MB RAM (needs to be upgraded) and a ultra-low-power U1300 Intel CPU.

I've managed to install Debian unstable during the last sessions of netconf, up till now basically everything is running and I'm happily typing this blog into my usual vim-in-uxterm-in-ion3 setup. Let's hope this new notebook will end the suffering of my legs due to the exctremely hot (and power-consuming) Turion64 based MSI laptop.

A1200 LSM / SELinux update

James Morris got quite interested when I told him that the A1200 uses SELinux to lock out the users (owners!) from their own phone ;) So we both did some further analysis, and it turned out that Motorola had actually released the source code to their own policy engine (MotoAC) with the A1200 kernel sources on opensource.motorola.com, whcih is good.

Still we didn't understand why you would use an unmaintained, at least three years old version of SELinux to base a forked policy engine on it - but obviously this is the world of Free Software and everybody is allowed to make his own decisions.

I've also catched up with the A1200 in general and found out that people have already managed to flash their own kernel into it, whcih is great. I wish I had more time to put into OpenEZX at this point, turning it into something that is actually useful. HINT: Skilled volunteers needed.

Pavel Machek apparently got one and is annoyed by the restrictive SELinux policies. By now I'm quite sure that it's not all too difficult to get rid of them ;)

First time in Japan, visiting netconf 2006

I've just arrived in Japan for netconf 2006. It's quite a pity that I'll only stay one week, but my current business-related schedule doesn't allow for anything more (actually, it wouldn't even allow for netconf, but some events are just too important...).

So here's my report on the first couple of impressions:

Everywhere (airport, train stations, inside trains, ...) it is extremely quiet. Almost nobody talks - and if, then very silently. This is extremely convenient, and I would love to see this to a similar degree in other places...
At the airport, there was somebody "defragmenting" the luggage on the conveyor belt, i.e. assuring that the maximum number of suitcases fit onto it, rather than causing a queue of incoming luggage because of an apparent "full" belt.
At the immigration, an extremely long queue formed. At some point a baby started crying. Immediately one of the immigration officers left his booth, made his way through the queue to escort father + baby (mom was not in the queue) directly to his booth, giving them preference. I'm impressed.
At the airport train station, a ticket vending machine ate my 1000 Yen bill and responded with some buzzing and the very descriptive "Not Ready" error message. While I was still undecided whether that is a malfunction, or the machine is just checking that bill very thoroughly, some JR staff member was running towards me, apologised, and disappeared in some small service room. Two minutes later, he opened a small window next to the ticket vending machine, where he handed me back the bill. I'm even more impressed!
Japan seems to be the only place (at least as far as I can tell) where "The Coca-Cola Company" has managed to produce soft-drinks that do not contain ridiculous amounts of sugar or artificial sweetener. (and I don't even know how it's called because there is only a Japanese name on it)
At the airport I used WiFi. This is the first time that I used a public hotspot that did actually use stateless IPv6 auto-configuration to give you a valid IPv6 address. I praise those responsible for that... stunning!
The only negative aspect so far is the lack of a GSM network here. Too sad...

OpenPCD - A 100% Free 13.56MHz RFID reader design

Finally, after a lot of delays, I am happy to announce - not yet the public release of the schematics, PCB layouts, and firmware source code - but at least a homeapge and photograph of OpenPCD, the completely free 13.56MHz RFID reader design. You can use it to talk to ISO 14443 A+B, ISO 15693 and related 13.56MHz transponders. We're still busy cleaning up the code and fixing the bugs in the schematics, but expect them to be released within this week.

This reader design is particularly interesting in everyone interested in RFID protocols and security, because of its many interfaces. You can modulate arbitrary waveforms onto the 13.56MHz carrier by bypassing the RC632 modulator/encoder and using the PWM (Pulse Width Modulation) or SSC (Synchronous Serial Controller) of the AT91SAM7 micro-controller. On the RX side, you can also bypass the RC632 decoder and use the SSC to sample arbitrary data, provided it is on a ISO-ocnformant sub-carrier frequency.

Many of the internal signals can be routed to U.FL connectors on the PCB, e.g. if you want to look at certain intermediate signals on an oscilloscope, spectrum analyzer or even sample it with some high-speed ADC like the USRP SDR.

So far we have only produced some five readers of this latest design. But for those of you not interested in re-building it from scratch, we will obviously be offering the ready-built reader in a web store soon.

Meanwhile, the openpcd.org team is constantly working on producing the counterpart, a 100% Free and Open RFID transponder simulator for 13.56MHz. Progress is steady [but slow]. Expect some more exciting news soon ;)

Meeting Michael Lauer (OpenEmbedded) for two days

The last two days, I've been meeting with Michael Lauer from OpenEmbedded. Among things that I cannot talk about, we've also been talking about OpenEmbedded on the EZX phones, as well as the Amida Simputer.

Victory!

Today I have receive news that we've won the first regular civil court case on the GPL in Germany. This is really good news, since so far we've only had a hand full of preliminary injunctions been granted (and an appeal case against an injunction), but not a regular civil trial.

The judge has ruled, but the details of the court order have not been publicised yet. I'll publicised the full details as soon as thus details are available in the next couple of weeks.

[p.s.: If you're from the press: Don't bother asking me about further details on who the defendant was, or whatever else. Patience. All shall be revealed soon]

ROKR E2 Linux Phone review

There has been an extensive review of the Linux based Motorola ROKR E2 phone at osnews.com.

10 common misunderstandings about the GPL

I'd just like to point out the excellent article on 10 common misunderstandings about the GPL by Bruce Byfield.

Meanwhile I'm still working in India, just returned back from Mumbai to Bangalore. Two more days and I'll be back to Germany. For one week, at least.

Wanted: Author and/or sources for EZX "qonsole" application

The original author of the KDE "Konsole" program, Lars Doelle, is actively looking for the Author and/or the source code of the "qonsole" program, a terminal program for the Motorola EZX platform that is apparently derived from GPL licensed Konsole.

Since the legal status of qonsole never was clear, I always refused to host it on any of the OpenEZX project resources. I didn't really know of any GPL violation going on, but had a somewhat strange feeling.

If any of you has information on where the qonsole program originates, please make sure to inform either Lars or me about it. We know by now that it appears to originate from some chinese or singapore mobile phone forums.

It's good to see more software authors of GPL licensed programs actually caring about enforcement of their license :) I sincerely hope this can be resolved and qonsole either distributed in gpl-compliant way, or a re-implementation be found/made.

GPLv3 conference in bangalore

It's already four days ago, but I just couldn't find some time to write about it in this blog. The 4th international conference on GPLv3, held in Bangalore/India.

I've been to three of those four confrences now, and I guess that makes me the only one apart from the FSF to judge how it actually went, compared to other events.

And I'm sorry that I have to say that it was by far the worst of these events :(

They closed down registration at some fixed limit (270?) because the auditorium couldn't hold more people. However, since the registration was free, only 50% fo the people who registered were actually present. And this at the expense of people apparently have been turned away after the quota was filled. Now we had a half-empty auditorium, and people who wanted to come but were rejected.
The programme. Basically RMS and Eben did not only give there usual (every time updated) great presentations on the spirit and the wording of the current license draft. But then they were kept alone on the stage to reply to questions for about the same time. Nobody else but them was giving any presentations on something that is really GPLv3 related.
The panels. What is the point of a "business panel" if all(most) you have represented there is some small three-men-in-a-garage companies that are run by free software enthusiasts? Where have beeen the Infosys, Wipro, ... companies? Don't they have something to say about the GPLv3?
The audience. How can you come to a conference on the GPLv3 and then ask questions that
- everybody knows will upset rms because they use Linxu with no GNU/ in front
- are totally unrelated (how can I make Autocad work on Linux
- reveal that you haven't even bothered reading the GPLv3 draft
Where were the GPL-savyy lawyers, free software developers and industry representatives that had made their way to the Barcelona and Porto Alegre event?
The [non-existing] moderation. Why was there nobody stopping all that off-topic crap like endless discussions on why gnucash isn't conforming the Indian accounting standards. I'm sure those are important problems to be adressed (and somebody should just hack that code into gnucash if he has a need for it). But who the hell cares about this on a conference specialized to license questions?

Getting a Simputer

Today I've been paying a short visit to Geodesic Information System Ltd. Bangalore Group (formerly PicoPeta Software), one of the two companies behind the Indian Simputer project.

Now most of the readers of this blog will probably think "oh, that computer for poor Indians", which is just not true, but the result of both media (and some government officials) misrepresenting the idea of this project.

Anyway, they'll give me one of their high-end Amida models to hack a bit on them. I guess one of the first thing I'll want to do is to create an OpenEmbedded machine description and kernel package for it, in order to be able to use all the available OE packages on it.

This is _not at all_ to say that I dislike the software that is pre-installed in the device (which provides a top-of-world-class and extremely unique user interface). But it's extremely useful to be able to choose between the pre-installed software and existing software packaged in OpenEmbedded. Maybe some of the existing GPL (or otherwise free licensed) Simputer software can be packaged as OE ipk packages and then be seamlessly integrated.

Off for two weeks of India (GPLv3 Conference Bangalore, plus some Mumbai)

I'm off for two weeks of India. The first hop will be the 4th GPLv3 Conference held in Bangalore. After that, I'll be relaxing for a few days at my friend Atul's place, only to go for some business appointment in Mumbai, before finally returning on Sept 3rd.

As usual. I'll be working "on the road", but expect delay in email replies.

Allnet Allsound / U-Media AudioMate

I couldn't resist any longer to buy a Allnet Allsound aka U-Media AudioMate, basically a small 802.11 WLAN capable Internet streaming radio stand alone receiver. Something that you can just put into your kitchen / bedroom. It hooks up to your WLAN and plays MP3 radio streams stand alone. No running computer / hard disk / server / ... required. IT also seems to support UPnP A/V, but I yet have to look into some Free server software for this.

Oh and yes, you can actually use it as alarm clock, waking you with tunes of your favorite Internet streaming radio. How cool is that?

Bollywood / Hindi-pop Web-radio: Radio Teentaal

I've recently discovered Radio Teentaal, a web-radio dedicated to "100% Indian music" - being streamed live from Paris.

It's certainly no surprise to see the radio being shoutcasted from some western country, since [that kind of] bandwidth is still not really affordable in India. But it's surprising to me that it's not from UK, US, Canada or another English-speaking country with large NRI community.

Anyway, they seem to play the latest popular Bollywood beats, no commercials, no interruptions, not even one the otherwise omnipresent self-advertisement jingles. Just pure music, at 128kBps stereo mp3.

OpenPCD - A free 13.56MHz RFID reader design

Over the last weeks I've been working together with Milosch and Brita from bitmanufaktur.de on OpenPCD, a Free Software and Free Hardware design of an RFID reader for popular 13.56MHz based protocols such as ISO 14443 and ISO 15693.

The hardware design will be released under a CC attribution share-alike license, the reader firmware and drivers (librfid glue code, plus some extras) will be released under GNU GPL.

We now have our first fully functional prototype, happily reading ePassport samples and the like.

In addition to being free (and being able to controlling the bare hardware because of the firmware source code) this reader gives an unique opportunity to study RFID signalling, since various analogue and digital test signals are available on headers or (currently BNC, later U.FL) receptacles.

Also, this device can be used to generate arbitrary modulation patterns, with full user control on frequency, modulation width, depth, etc.

We're currently too busy to release the code and docs in an appropriate way, but my hope is that you'll be able to check out a first release within the next two weeks.

The next goal is a similarly 100% free RFID PICC (transponder side) simulator. We're already working on this for some time, but I don't want to blow too much of the good news weeks before you will be able to actually check out the code and hw design. Stay tuned..

Oh, and not to cause misunderstandings: Some time ago I was mentioning that I'd be working on an incredibly cool Linux project in China. This RFID stuff is _not_ what I was talking about, even though I still think it is extremely cool ;)

more u-boot S3C2410 work

I've spent some more time on u-boot S3C2410 support. We now have working NAND flash and MMC+SD support. I'll publish patches soon, probably next week.

Apart from that, I'm extremely busy.. mostly doing real work, but also with boring gpl-violations.org stuff. Too little time to keep this blog up to date as much as before, my apologies.

CCC Berlin now proud owner of USRP

Finally the Berlin Section of the CCC has managed to obtain some donations (courtesy of ) for the purchase of a USRP with all major front-ends (BasicRX, BasicTX, RFX2400, RFX1800, RFX900, DBSRX, ..).

I sincerely hope that this device will be able to fuel even more interest in RF communications and research of security aspects of popular RF systems such as DECT. At least a bunch of interested hackers now have all the tools they need :)

Travelling to a gpl-violations.org related court hearing tomorrow

Tomorrow morning I'll have the pleasure of travelling to Frankfurt, where the first court hearing in a particular gpl-violations.org case will happen.

Those of you who follow my actions closely (closer than the practically non-existing PR work of gpl-violations.org allows) will notice that this is actually the first 'regular court case'. So far we settled everything either out-of-court, or sooner or later after a preliminary injunction, or an appeals case thereof.

In this particular case the defendant claims that the GPL is not applicable to them for a number of reasons, but at the same time argues that he still has the right to use the software, despite not having obtained any kind of license.

I don't yet wan to disclose the identity of the defendant yet, but I'll certainly post some more information on this pretty soon. You will all know the company, though. A very popular vendor of embedded networking gear.

Retrospective on Shah Rukh Khan

The much-to-be-thanked Rapid Eye Movies cinema movie distributor for Asian cinema brings a retrospective on SRK into German cinemas. It includes the movies Baazigar, Dilwale Dulhania Le Jayenge, Kuch Kuch Hota Hai, Dil Se, Kabhi Khushi Kabhie Gham, Swades and Pardes.

They start with showing those movies from July 20 (today!) to August 8th in the Babylon Theatre Berlin.

I've seen most of those movies before, but on DVD. And I'm definitely going to watch many of them in the cinema, since Bollywood movies are just too colorful and rich in detail to watch them on something as "low-res" and compression artefact encumbered as DVD...

So I'd expect some drop in productivity over the next two weeks, but I can't help myself...

Getting hooked once again by Techno

Just last weekend we've had (once again after two years break) the Love Parade, basically a huge open-air rave. Now fully commercialized (but that's a totally different story). I didn't attend it, but somehow the publicity surrounding that event prompted me to look into my 15GB archive (and corresponding CD collection) of early nineties Techno music.

Little of my blog readers will know me for that long time. Most of you will think, yeah it's that Goth guy, he listens to strange dark wave, industrial, ebm, music. Some of you also know that I enjoy a fair share of popular Hindi music.

But actually when I first started to actively listen to music, maybe at the age of 12 and up, I was a _huge_ fan of the then-popular electronic music in Germany: Techno. In a very short time this genre made it mainstream, creating a new youth culture in mainly Europe, but particularly Germany.

It was an euphoric time. German had just reunited. People were enthusiastically looking forward at the supposedly-bright future, now that the cold war was over. Everything was looking bright. People still mostly had job security, unemployment was low (compared to now), the negative effects of the neoliberal globalization did not yet affect the public at large.

At the same time, technology was en vogue. Home computers had started to become public in the second half of the eighties, the BBS scene existed, a small minority of people had access to Usenet, later the Internet. Music that used (mainly) synthesizers, samplers, sequencers and the like was very modern/futuristic.

So this was the kind of setting in which I spend my teens. Obviously I was too young (and shy) to attend any of the big raves at that time, but I was listening to music from Westbam, Marusha, DJ Dick, Hardfloor, PCP, Sven Vaeth, Sunbeam, RMB, Star Wash, Underworld, Cosmic Baby, Members of Mayday etc. I spent literally hundreds of Sunday nights recording the (in)famous "Techno Club" at the local radio station N1. God, how often did I watch the recordings / live shows of the cult "Mayday" raves.

So this was about 1991 to 1996. After that time, this kind of electronic music became less and less mainstream. I listened to Dutch "Rotterdam" hardcore for some time, but gave up on that very soon, too. Disappointed by the perceived in-availability of any good electronic music as I knew it, I resorted to classical music for a couple of years, until I got more and more into the "all etc. kinds of dark music" in which I still feel at home today. Music that is much more depressive/negative/destructive than the "happy partying" kind of Techno music. This sort-of resembles my change of mind-set during the same period of time. Reading up on world poverty, globalization issues, north/south conflict, environmental issues, the neoliberal model, increasing unemployment, increasing divide between rich and poor, the constant destruction of civil liberties, etc.

Anyway, so given that recent love parade revival, and me listening to "L.A. Style - James Brown is Dead" at some Industrial/Gabber/Minimal Electronics party last month, I decided to tune into that collection of old music once again.

I'm almost overwhelmed by the amount of feelings and memories this has triggered inside me. Basically it teleported me right back into how I felt 10-15 years ago. A life still in school, not knowing the [evil] world as I know it now, a life full of dreams, hope, happiness and the corresponding music.

This "trip back in history" is now basically going on for the better part of one week. It's going to end soon, and it will leave me longing for the corresponding sorrowlessness. Depressive reality will reclaim its terrain...

Avision AV-220 sheetfed scanner and Linux

Especially for gpl-violations.org, I've been dealing with more and more paperwork in my office. Such paperwork for example includes scanning signed contracts consisting of many pages, before being able to fax/email/.. them in advance of the original document.

So far I've been using a good old Canon flatbed scanner for this job, but with 20-page documents this gets increasingly annoying (and time-consuming) over time.

So I've been pondering to buy one of these HP Paper-to-PDF devices (forgot their name), where you can just put in a bunch of paper and it would email you the result as PDF. Unfortunately they're quite expensive, and even used ones (with probably half-way damaged mechanics) are very rarely found on eBay.

Now I discovered (and bought) an Avision AV-220, which is a sheetfed scanner that can scan up to 50 sheets (at 25sheets/minute). To my biggest surprise, that device actually contains two image sensors, so it can scan duplex in one go (unlike a laser printer where for duplex you have mechanics that rotate a page and process it a second time for the backside).

Thanks to the Avision SANE back-end (by Exactcode), there is excellent Free Software support for the device, too.

And what made the biggest impression on me: They actually ship the scanner with a small rubber/plastic spare part. "Please replace this after 15,000 pages". Isn't that great? I've never bought a laser printer or similar mechanical device that included a replacement of any wearing part.

Adding better S3C2410 support to u-boot

Starting today, I'm working on adding NAND controller (and Steppingstone), as well as frame buffer and USB host + device controller support to the u-boot boot loader.

For some strange reason I'm having quite a bit of trouble wit all of these tasks, maybe I'm misreading the documentation, I'm missing some errata or it's plain old stupidity. Especially stuff like the NAND controller driver are supposed to be extremely easy and fast tasks to implement, and I'm already spending way too many hours on a seemingly way too trivial task :(

Let's hope there is some progress soon...

Shanghai Food

While on my business trip to Shanghai, my business partners have been extremely well taken care of me. This includes assisting me obtaining some rather unusual souvenirs that I wanted to bring back, taking care of the sight seeing programme, but found it's most explicit expression in food.

While I'm extremely fond of Indian and Thai food, I never really enjoyed Chinese food too much, at least not what is sold in the western world as Chinese food. To me it's ok, but nothing spectacular. Before getting to China, food was my biggest worry. Remembering all these documentaries about seafood (which is basically the only kind of food I refuse to eat), and all the snakes, frogs and various insects that the Chinese cuisine tends to have.

Anyway, so my hosts knew about this and took me out to eat twice every day (yes, I'm probably now back to my weight of the Brazil trip in March). The food was always very interesting (as in, interesting ingredients, interesting taste, interesting structure, mode of preparation, ...) and also enjoyable. I kept asking them about spicy food, keeping in mind my preference for Indian and Thai. They promised me to have some spicy food at some point, they themselves not being into it at all.

Two days ago it finally became true. We've been to one of these "hot spot" places, where you have a boiling pot in the middle of the table. The boiling pot contains all kinds of spices, and you put raw ingredients such as tofu, meat, mushrooms into it. Pretty much like a Chinese version of the "Fondue".

However, that pot was split (2 thirds/one third), and one side would be exclusively for me. My side was ordered to be "medium spiced", and it had something like at least 12 red chili peppers in it :) I took a photograph of it in its initial state. The chilies basically disintegrated into tiny little pieces while they were boiling with the remaining food.

God, was that good. The best food I had since my last trip to India. It really was "medium spiced" in a way that there was no pain whatsoever, and it was just extremely strong-tasting, but not just spicy for the purpose of being spicy (if you know what I mean).

Since my business plans will include some more travel to Shanghai during the next couple of months, I _have_ to go back to that place, multiple times :)

Motorola ROKR E2

I've found the ROKR E2, which is yet another Motorola Linux GSM/GPRS phone exclusively sold in china so far. Apparently since June 22nd, so it's a quite new thing. It's very different from the A7xx/E680x series in that it doesn't have a touch screen, but many more buttons. Also, it features a full-size SD card slot, which makes it theoretically SDIO compatible (I'm pretty sure they use some SDIO compatible SD host controller in there).

Let's see whether I can work with the Chinese language firmware. I already found out how to get it into boot-loader flash mode (by pressing the camera button on the upper right side while powering the device up). It looks completely different than the blob on the A780/E680, but that doesn't really mean anything.

As of now, I don't have any technical proof that the device runs Linux. I'll probably not find time to play with this toy before I get back to Germany. But if anyone has hints or further information on how to dig deeper into the ROKR E2, don't hesitate to send me an email about your findings.

Motorola A728 and A732

Just next to my hotel, there is a book store that also sells mobile phones. Among the Motorola models are the A728 and A732, both Linux based. They're about 160EUR each. I don't yet know whether that is a good price, but now after checking with some online shops I think it is.

So I guess I'll get one of each in order to investigate whether we can hack them from an OpenEZX point of view. Also, this finally allows me to obtain proof whether they're still shipping GPL incompliant or not.

I'll continue to look for an A768 and E895. Let's see whether I'll find some time to do some more serious 'shop browsing'.

Experiencing China's Internet censorship

I've always wondered how China actually implements their Internet censorship, and how effective it is. I could have probably found out by doing some online research, but as with many things it just never happened.

Since I'm now using it every day here in Shanghai, I think I have a pretty clear picture on what is going on. Apparently all they do is some URL based HTTP filtering, and black-holing those requests. I'm not sure whether they actually filter all traffic to the black-holed IP address (which could shadow thousands of other virtual hosts on the same address), or actually only filter individual requests.

So apparently they're just blocking the technically unsophisticated regular user. Anyone with some basic network knowledge could easily work around those restriction - though it probably would be highly illegal.

So basically all the websites I want to access - including those that definitely contain content that the Chinese government would dislike. The only thing that is lacking from the web for me is wikipedia. But well, if you google for the term that you're searching in wikipedia, then Google will happily give you the Google cache of that page ;)

But there's definitely no filtering on ports such as SSH or IMAPS. I can transparently access my IMAPS-secured mail server, I can ssh to my machines in Germany, everything working quite fine. Obviously any kind of tunnelling would give me access to the free world.

So all in all, (luckily!) not very effective, from my point of view.

Now I hope that the Chinese authorities don't see that posting before I leave the country, interpreting it as a 'censorship protection circumvention technology', or actually put my blog into their filters ;) This page is uploaded via HTTPS, so at least they won't see this message _leave_ the country.

Visiting armzone.com in Shanghai

Today I had the pleasure of visiting armzone.com in Shanghai. Now if that was like visiting any other hardware or electronics store, I wouldn't be blogging about it. It might actually be that visiting any shop like this in China is a similar experience. But I'll write it anyway, you don't have to read it.

So we were there to buy some S3C2410 based development boards (full-featured, basically PDA development boards, including 65MB SDRAM, 64MB NAND Flash, Ethernet, USB host and device, a CPLD, IDE, 2xSerial, JTAG, SD-Card, ..). The first thing to notice was the price. Including a touch screen LCD panel they were something like USD 180 each. Actually less than any PDA based on them would cost in the western world. Aren't devel boards usually at least one order of magnitude more expensive than the actual systems you're going to design with them?

Then we were looking for some JTAG adaptor compatible with that devel board. The boards ship with a wiggler, which is supported by OpenOCD and also some s3c2410 version of JFlash, but which is slow as hell. Sort of the least interesting option. They had a number of USB and parallel port models available, some of them clones of well-known modules such as MultiICE, some others being developed by themselves.

The main problem was that they all seem to require some RDI server to run on a windows box. Hey, If I'm doing Linux target development on a Linux host system, they ask me to run a windows box just for that daemon? They must be kidding me. So my Chinese contacts engaged in some almost two hour debate on whether he couldn't release the source code to their own RDI server so I can port/re-implement that code on Linux, and why it might be a benefit to them to get that Linux version back to ship with further products. The debate also seems to have included all kinds of other options. Going as far as to the shop wanting to sell us a Raven compatible device, to which we almost agreed, only to learn that he needs a week to produce some more apart from the engineering sample.

One other thing we'd need for the parallel port versions is a PCMCIA parport card. Yes, such things actually exist, and you can buy them even on some Chinese eBay like site whose name I forgot. Rather than buying that, armzone offered us to wait two weeks, until then they will have built (!) their own parport adaptor for only a part of the price. Yes, they would have gone all the way down to molding a case for the parport connector sticking out of PCMCIA, etc. And that for us buying a max of 5 of those cards. Hey, we're talking about electronics / PCB / case design here, not about whether I want ketchup with my french fries!

This seriously made me wonder whether when you buy a car in China they also ask you if they should be personally just for you build a different car radio from scratch. These guys are crazy...