Harald Welte's blog

Voting Machines: Complaint against last German Bundestag elections turned down

As several sources have reported, the German Bundestag just decided that the formal complaints of voters against the use of insecure voting machines in the last Bundestag elections are void.

The Bundestag decided to reject those complaints by using pre-worded statements from the Ministry of Interior, some of which can be technically proven to be wrong. It is a real pity - but what do you expect if you ask those people who got elected, whether they accept that election ;) It's also quite embarrassing to see such complaints to be dragged on for more than one year. We're talking about complaints about the Elections on September 18, 2005. I think this says a lot about the state of democracy in this country, and the carelessness of those in power towards a fair and equal election process.

This is why the original plaintiffs now are preparing a lawsuit in front of the federal constitutional court. In order to be filed, some 100 signatures of German voters in support of this lawsuit are required. This shouldn't be a problem, since a petition against the use of voting machines has drawn some 48,000 supporters without any trouble. You can find more information about how to support this complaint of unconstitutionality on the Homepage of Dr. Ulrich Wiesner.

RFIDiot - a python-based RFID tool

By accident, I've discovered RFIDiot, a RFID exploration library and tool written in python. There is quite a bit of overlap with what librfid tries to achieve, from a functional point of view (written in C, of course).

So on the one hand, there's a lot of functional overlap on the high-level like mifare reading/writing, ePassport reading, ... - but on the other hand, all the lower levels seem to be missing in RFIDiot. I guess that's the price you have to pay for vendor-lock-in with a proprietary serial protocol like the ACG readers.

Once I find some time again (next year, feb/march), I'd definitely like to see whether there can be some kind of integration/cooperation between RFIDiot and librfid/libmrtd.

Seen "Kabhi Alvida Naa Kehna" in the cinema

Just by coincidence I noticed that yesterday was the only show of "Kabhi Alvida Naa Kehna" anywhere near Berlin _at all_. So no matter that it was some 60km away, and I had to drive all the way to Potsdam, I had to go. And that decision was right. It definitely has become of my personal "all-time top ten" Hindi movies. It could have been a bit more serious, according to my taste. But apart from that: Great music, fabulous choreography, camera, costumes, acting, .... - everything!

So as soon as it becomes available here, I have to buy the DVD. Oh, and yes, I still have to buy that LCD projector for my home cinema, the one I intended to buy for several months now...

I need a break: Debugging a driver for non-existent hardware

For the development of the OpenMoko system on the Neo1973 phone, we have two different development platforms, one is the phone prototype - the other being a generic S3C2410 development board. Obviously that generic board doesn't have all the phone specific bits on it - but it can interconnect to a GSM modem via DB9 serial port, providing a very close match to the actual product hardware.

For the better part of yesterday, I apparently forgot that this is not true for all the hardware devices. For hours and hours I tried to debug a problem with the power management unit (PMU) driver. The I2C core just didn't want to talk to it.

It is only today morning that I realize: The development board doesn't have this PMU. Doh! Obviously only the phone prototype has that PMU! For god's sake, it looks like I need a break (but can't afford one, time-line wise).

Now why am I 'broadcasting' this embarrassing notice in a blog? To demonstrate: We're all human beings, we all make - apparently stupid - mistakes from time to time.

Secure Linux Administration Conference

Just one day after returning from India, I'll be one of the first speakers on the first day of Secure Linux Administration Conference (SLAC), where I'll be talking about hardware selection and low-level tuning for achieving best Linux networking performance.

My reason for being away from OpenEZX

This post should have been posted months ago, but only since very recently I'm allowed to talk about the real reason. You might have read about it, if you read my full blog, but I'm posting this again in the 'a780' category to make it appear on planet.openezx.org

I've been hired to be key element in the design and implementation of the OpenMoko platform and the first device it supports: The Neo1973 phone. While there is no provision in the contract preventing me from working on the OpenEZX project at all, this assignment has just sucked up all available time like a vacuum cleaner.

To OpenEZX developers, users and supporters: Please be assured that most of the work done on OpenMoko will eventually benefit OpenEZX quite a lot. So please stay tuned, and concentrate on the low-leve device-specific issues that need to be resolved with the Motorola EZX hardware :)

Petition against obnoxious WEEE implementation in Germany

There is now an official Petition to re-work the obnoxious WEEE implementation in Germany (see my detailed posting earlier in this blog. This is good, and definitely a step forward in getting regulations in place which are supportive of small and medium-sized companies, rather them getting them out of business. I've spoken to lawyers about the current regulations, and they e.g. have severe doubt that they are even constitutional.

If you are German, and/or operate a business in Germany, please consider signing the above-mentioned petition!

btw: I'm planning to start a petition against hosting petitions of the German Bundestag at a University in the UK, anybody interested in joining it?

Some details about the GSM infrastructure on the Neo1973 / OpenMoko

I've posted this publicly to some mailing lists in mid-November, but thought it was good to have this information in the blog, too:

First of all, there is a ts0710 multiplex layer, architecture-wise similar to what Motorola uses in their 2.4.x kernels. This ts0710 (de)multiplex takes care of handling GSM TS 07.10 "advanced mode" (the HDLC framing). It will be easy to add "basic mode" for chips that doesn't support advanced mode, and I'm also planning to add support for the Motorola proprietary 07.10 extensions (see OpenEZX wiki) once Neo1973 has been released.

This demultiplex is implemented as a line discipline. Therefore some userspace program (in our case the GSM daemon) attaches as a line discipline to the underlying physical UART.

devices that don't have a physical UART (such as the Motorola phones) will provide a small glue layer that provides a virtual UART on top of e.g. USB as underlying layer.

The GSM mux layer then provides itself one virtual serial port per DLC of the multiplex.

On top of those virtual serial ports, there is a GPRS line discipline, or a PPP line discipline for implementing full in-kernel data connection support, with no need for sending data packets for network traffic from/to userspace.

Both the GPRS line discipline and the ts0710 multiplex are written according to the style and requirements ("good taste") of kernel code, and will be submitted to the mainline kernel as soon as the Neo1973 goes public. I really hope to make this a standard component of the mainline kernel, supporting as many GSM modems as possible over time.

On top of the virtual serial ports, we have a GSM daemon. This daemon takes care of almost all communication with the GSM modem. The daemon initializes AT+CMUX and then attaches the kernel line discipline. It also attaches GPRS line discipline to a virtual serial port afterwards.

The daemon provides a Unix domain socket based protocol for other applications (at some later point this might become a network-enabled protocol by running it over TCP). The "other applications" (such as the contact manager, the dialer program, etc.) link against a library called "libgsmd" which wraps the protocol into a C language API.

This means that programs have a high-level API for initiating and receiving voice calls, for receiving and sending SMS, obtaining list of operators, reading/storing contacts from/to SIM card, etc.

The daemon will be GPL licensed, for the library we're not sure whether to GPL or LGPL it (probably LGPL). All applications shipped on the Neo1973 linking to the library are GPL licensed, so there will be enough example code for people to understand how that API works.

The gsmd/libgsmd code will be run (just like any other program on the Neo1973) as any other free software / open source program. Please understand that while FIC sponsors the OpenMoko project, they don't really exert control over it. So as soon as the device and code is released, I'm happy for any input and discussions the community has on improving such a system, including support for more devices, etc.

Oh, and yes, the daemon has a plug-in interface for vendor-specific extensions, since every GSM modem vendor has commands beyond the GSM07.07 specification. Also, the C API and the Unix domain protocol provide for transparent pass-through of AT commends from application to daemon. This is not meant to be a single-vendor-single-product code, but is at least designed to make it easy to add support for other devices.

Anyway, even without gsmd/libgsmd, I think the kernel-level serial multiplexer (which is not a very complicated thing) is a valuable feature to anyone doing GSM/GPRS on Linux - be it on a PC with GSM modem, or a smartphone.

The reason for doing this (de)multiplex in the kernel:

the individual virtual serial ports have all the features of real serial ports. hardware/software flow control, modem status lines, etc. - and the kernel has a standard API, well known in Unix over decades, to work with serial ports from a userspace program
especially when it comes to data sessions (packet data or circuit switched data), then you don't want to push all data to userspace and back in the kernel. you want to have a fast path for that, both from a CPU consumption (battery!) point of life, but also from a latency point of view. mobile data latencies are already high enough, we don't want to have additional unneccesary latencies in the handset

Please understand that at this time I have to focus on OpenMoko development, and cannot engage in lengthy discussions. This is about all the information I wanted to add about what's actually happening in our project, and this is the architecture the OpenMoko software on the Neo1973 phone has. Please bear with me until January. Once the code is out, I'm happy for any kind of discussion, modification, contribution, etc.

Hacking librfid mifare support in Indian sleeper train

I'm currently on a train ride from Bangalore to Sangli(Miraj Jn), which is a 15 hour ride. Since there's quite a bit of noise from other passengers, and the bed (berth?) is not all that comfortable, I didn't get more than some five hours of sleep.

For librfid users this is good news, since I managed to get quite a bit of work done. First of all, mifare classic authentication is now way more reliable than it was before. With regard to the CL RC632, apparently you have to first issue the LOAD_KEY command before filling the FIFO with the key, rather than the other way around.

Also, mifare classic data block (16 byte) writes are now fixed, so you can finally actually read and write data blocks. Next I've implemented parsing (and compiling) functions for the obnoxious mifare permission bit encoding.

Last, but not least, the auto-detection has been enhanced and it an now correctly distinguish between mifare classic and mifare ultralight.

Stupid extreme AC has made me sick again

Just like the 2003/2004, the insane amount of air condition at J N Tata Auditorium has made me catch a cold once again. This is not a surprise, considering that I had a hard time typing while sitting in there, having to regularly warm up my fingers by sitting on my hands.

This is just something that I will never understand. When there's a reasonable, comfortable temperature outside (let's say 25 degrees Celsius), why would you ever do more than just exchange the air inside the hall (e.g. just blow air from the outside into the room, and remove 'used air')? Of what use is it to chill the room down to sub-20 degrees?

Interestingly, a lot of Indian people seem to be used to it, since they were wearing short-sleeved shirts, while we were freezing even wearing t-shirt plus long-sleeved shirt...

This consumes _a lot_ of energy. The AC in the main hall is at least in the order of 30..50 kW, if not more. No wonder that India wants more nuclear power plants. I don't want to imagine the amount of power consumption by ACs nationwide.

Some ventilation is more than efficient in many cases. Even during two weeks of Kerala in March this year, I was using the AC only once at a single hotel.

Please, think twice before using an AC or even turning it to ridiculous amounts. Is the energy waste and increased health risks (think of not regularly cleaned filters, etc) really worth a slight increase in comfort? How weak have we become if we can't even tolerate temperatures up to, let's say, 30 centigrade?

Sorry

I want to say sorry to the many people whom I had almost no chance to talk to during my FOSS.in visit. I know it's no excuse, but believe me, I'm just too involved with way too many things at the same time. For any rational reason, I should not have attended the conference, because I cannot afford that amount of time. I have even skipped OLS in Ottawa earlier this year, Linuxtag and Linux Kongreess in Germany, as well as I have turned down an invitation from linux.conf.au in early 2007. I always was (and still am) a big fan of lb/FOSS.in, that's why I thought I got to be there, even this time.

My work schedule of the last couple of months has been optimized to work at least 12 hour per day, seven days a week, with no external interruptions and almost no interaction with the outside world apart from checking the most important emails about twice per day. No going out to clubs, no parties, no movies, no TV, and close to zero meeting with friends either. Not even time for filing tax declarations in time.

Now being at the conference, I'm suffering severely since my backlog of work is basically growing by one day every day I'm here. This is very stressful, and I apologize if I cannot respond adequately to those who actually are interested in my work, or even want to offer help. I know this is not helpful, but please accept that this time I just can't help it. My reactions have come down to self-defense. If you ask me anything, even the smallest thing that I'd have to add to my TODO list, you will trigger a defensive reaction, rather than a polite and helpful one.

I hereby ask you for your understanding. I am at the absolute limit. Give me a break. Thanks.

First impressions from day1 of foss.in

The first impressions of FOSS.in/2006 are very positive. Not only were the security guards clueful enough to not have everyone open their bags at the entrance, but also the WiFi network was fully operational even before the opening ceremony started.

So far, everything is running verry smooth and pleasant.

On my way to FOSS.in 2006

I'm now in the final stage of packing my suitcase for my third trip to India this year. The schedule mainly consists of attending the FOSS.in 2006 conference and meeting some potential business partners regarding OpenPCD and OpenBeacon (which is another open RFID related project that isn't really public yet).

This time there will be a five-person "Berlin delegation" at FOSS.in, which is quite impressive. First, there's Tim Pritlove of CCC fame. Next Brita + Milosch of bitmanufaktur, and finally Sarah and myself.

I'm looking forward to see how this years incarnation of FOSS.in turns out. It's again in the IISC J.N. Tata Auditorium, where the organizers (and the event) suffered quite a bit a couple of years back. But this time, everything shall be fine.

The new woman in my life: Sarah.

After more than half a year after my separation from Elisabeth, there is a new woman in my life, Sarah. The most amazing thing is, that I didn't actually have to look out / search for a new girlfriend, but she just happened to come into my life. There also wouldn't have been any other chance, since I actually have zero time to go out, and even less time to think about anything not related to paid or unpaid work.

She's intelligent, and probably the most geek-compatible type of woman you can imagine. Not that I would ever consider this an important factor (I'm not a typical geek either), but it definitely helps things a lot, if she just understands the way geeks talk, has lots of experience with geeks from previous relationships.

It's the kind of pleasant small surprises like learning that she's running Linux on her computer[s], and that she understands a lot about the net and the FOSS world, without having to start to explain your whole world from its very beginning. As indicated, those facts in themselves are not really important at all. But imagine: Everything else seems to match, and you get those details [right] in addition to the 'usual' partner compatibility :)

It's been a very intense three weeks, and I have to admit that I never happened to get to know somebody in that short period of time, at least not to that level. Actually, it makes you frightened a bit, if everything goes that fast... wondering whether this is real, whether it is sustainable.

Anyway, it has been extremely pleasant, and I'm very happy about that. I'll continue this "experiment", keeping up the pace of this relationship by taking her along to India for FOSS.in 2006 next week. Before meeting Sarah, I probably would never have considered such a step - taking somebody along a long distance trip, whom you barely know for a couple of weeks. But then, if you can hardly imagine being apart from her during that time, there's probably also a lot of egoistic reasons for taking her along, too ;)

My no longer secret project: OpenMoko Linux GSM phone

Yesterday, it was finally revealed on what kind of secret project I was working for the last four months: A quite unique, really free and open Linux GSM (smart-)phone produced by the Taiwan-based manufacturer FIC

In this project I'm responsible for the system-level software design and implementation. This means: Kernel, drivers, GSM communication infrastructure, etc.

So why is this project so exciting? Because it's [yet another] Linux phone? No. It's because this is the first time (to the best of my knowledge), that a vendor is

involving (hiring) prominent community members to do the actual architecture design and implementation
planning to completely open up their Linux distribution for any contributed development, e.g. use a package manager that can access arbitrary package feeds
trying very hard to make sure almost everything will be Free Software, from drivers up to the UI applications
actively providing documentation and interfaces for third party development on any level of the system, from debug interface, boot loader, kernel, middleware through the UI applications
using X11 to allow users to run any existing X11 Linux application (within resource constraints)

So basically, from a Free Software community level, this is exactly the kind of phone you want to get involved with, and play with. Yes, it's not the perfect phone. It runs a proprietary GSM stack on a separate processor. There are some minor, self-contained proprietary bits on the back end side in userspace. But well, it's probably the best you can do as a first shot of a new generation of devices, and without too much existing market power to put on upstream vendors.

OpenMoko / FIC Neo1973 GPL clarification

Since there have been some misinterpretations / rumors in the press about the amount of Free Software in the OpenMoko / Neo1973 product, I felt obliged to release a couple of further details on the GPL situation.

First of all, I'm surprised that somebody would think that I would engage in a project that would use something like binary-only drivers. I don't think that's ever going to happen ;)

Anyway, looking at the current development version, there is not a single in-kernel piece of software that is not GPL licensed. No proprietary drivers, no proprietary flash file systems, nothing.

In userspace, there only one single component that is not going to be under a Free Software License: It's our GPS daemon. The reason for this is, that the specific high-sensitivity assisted GPS that we wanted is only available in something like a "soft modem GPS", e.g. one that does most of the GPS signal processing in software.

Oh, and yes, the bootloader is u-boot (as the frequent reader of this blog might have guessed). So that is GPL licensed, too.

No news is good news

You might have noticed that the posting frequency in this blog has decreased quite a bit recently. In this particular case, no news is good news. There's been a lot of progress in a number of work related projects.

Some more thoughts on the results of GPL enforcement

Just a small personal note: Yes, this blog is currently seeing close to no updates. This is because I'm literally working every minute that I'm awake, with no time for anything else.

But to get to the main point of this entry: The results we see from GPL enforcement. I don't want to write about the legal results, since they have always been successful, in 100+ violations that I've been dealing with so far.

I'd rather want to talk about other results. They mainly fall into two categories:

Structural results, how I like to call them, show that the vendors / "the industry" now understand the GPL [better] and thus adopt policies and business practises that are more likely to be GPL compliant from now on. This is good, since it has the potential to prevent further GPL violations down the road, presuming license compliance is something that we value and strive for.

But how does Free Software actually benefit from GPL enforcement? I'm talking about the actual software, and not the movement, the community, the advocates, etc.

How many times have you seen some code coming out of a "GPL code release" from one of the many (mostly embedded) vendors that was actually useful to be contributed back to an existing Free Software project, or even that spawned a new Free Software project? I for my part am certain to say: Zero. The actual number might be close to zero, but very small anyways.

The next logical question is to ask ourselves, why it is like that. First of all, the code quality is usually extremely bad. Looking at kernel patches from the various vendors, I'd say the code quality is _by far_ off any scale that would ever even remotely be considered to be suitable for upstream inclusion. Not only do those vendors not care about any CodingStyle (which could be easily fixed), but they ignore any existing standard API's (why use them if we can reinvent our own?), don't ever spend a single second on portability issues such as SMP, DMA safe allocations, endian issues, 32/64bit, etc. This code is "throw-away software". Fire and forget. The complete opposite of the long-term maintainability goals of about any FOSS project I know.

I would be the most embarrassed man if I ever was involved with any such software. Having your name associated with such poor quality would be like a stigma. Any technical person would laugh. And yet, the managers of those respective companies proudly announce the availability of their so-called "GPL code releases". If they only understood how ridiculous they make themselves in the technical community. It's like if they were proudly presenting a drawing from a three-year-old kid as the new Picasso. They just don't notice because the number of people with a taste of art is apparently larger than the number of people with a taste of source code quality and aesthetics.

The next big problem is the perpetual preference of vendors, even in a market with only six month product life-cycles, to use ages old software to base their code on. Of what use is e.g. an obscure netfilter patch that was developed against kernel 2.4.18, something that is many years old and of no relevance to current stable kernels or even current development?

Now you might argue "What about projects like OpenWRT?". While they are no doubt very useful, it is quite simple. Those projects mainly benefit only the customers of the (probably formerly GPL infringing) embedded devices. Therefore, they benefit specific customers, and not Free Software Users in general. Even if OpenWRT or others invest huge amounts of work and manage to clean up / re-implement some of the awkward sources released by embedded manufacturer X, and push it into the upstream project (e.g. Linux kernel), it is something that most often only a very specific user base that benefits from it. All the really interesting bits, if there are any at all, are kept proprietary by the respective manufacturers, using legally extremely questionable practises such as binary-only kernel modules.

If one thinks a bit more, this whole sad process could have envisioned before. It's a myth to believe that Linux and other FOSS is so popular in the embedded market because vendors think it is more reliable, or secure, or even because of the maintainability, audit-ability, or even the benefits that users and developers get from being able to run modified versions of the software. If they were, we would see clean code and regular security updates. In reality almost every product is one gaping security nightmare. None of those potential benefits are of any interest to embedded vendors.

The response to the 'why' question is quite simple: They use GNU/Linux because this way they can avoid per-unit royalties that are very popular with alternative (proprietary) embedded OS's. It's a cheap commodity. Thus, it's not surprising how they treat GPL compliance. Disgruntled, not understanding the issues behind, releasing only the most incomplete non-building source code snippets that make any reasonable developer vomit at first sight. And since they themselves lack the skilled developers internally (they're not cheap!), their management goes ahead and releases something that is embarrassing. If I wanted to evaluate the technical skill-set of a company before making large-scale business with them, I'd [have somebody] look at their source code releases. It can tell a lot about technical expertise and corporate style :)

Please don't get me wrong. I'm not complaining that there is any legal shortcoming in those "GPL Code Releases" though there often is, but that is not the point of this article). But if somebody asks me, how much the actual Free Software source code benefits from the code that was released by the vendors, my honest reply would be simple and sad: None.

While this whole post might sound bitter and resignated, and like I wanted to give up GPL enforcement since it's not worth it: This is not the message that I want to put out. GPL enforcement remains important. I never assumed that there would be a lot of actual mainline-mergeable source code coming out of it, so I'm not disappointed with the enforcement. I just have the constant feeling that many people are driven by misconceptions, and nobody outside the hacker community really knows what's going on on a technical level.

QNTAL concert in Berlin

One of my favourite band for many years, QNTAL, have been playing tonight in Berlin. The concert was fantastic, and due to my recent high workload, I apparently actually missed their last album relase. They did very well with that latest release.

However, apparently day 15 of the tour (one concert every night) has already left quite some traces on Syrah's otherwise brilliant voice. It was still extremely good, but you could notice she's [again] having some problems :( What kind of torture must it be, to be an excellent singer with classical training, with a crystal clear voice - but then having chronical problems with your throat..

To my big surprise, the support band Unto Ashes was actually extremely good. I'm not saying this because I thought Unto Ashes was bad, but rather because support bands generally suck quite a lot. Maybe it's just me being unlucky, but this was actually the first concert with a great support band that I've been to.

All in all definitely a memorable evening. If it didn't eat that much productive time...

Linux World Expo in Utrecht, The Netherlands

Due to Armijn (of gpl-violations.org) involvement in the programme committee of the linuxworldexpo.nl 2006, I have been invited to do a session called "Free Software Master Class" together with Georg Greve from the Free Software Foundation Europe. Georg presented on "the business value of Free Software", whereas I was talking about "how to be GPL compliant".

The presentation went quite fine, and there were good questions coming from the audience. Hoewver, you could clearly tell that the organizers didn't really have any experience with holding conference/seminars, but just trade shows.

First of all, the seminar area was not reasonably shielded from the background noise of the trade show. Therefore the volume of the PA had to be quite high to combat that background noise.

Secondly, the light situation was way too bright for the audience to be able to read the image projected by the LCD projector. I mean, there were dozens of neon lights (that couldn't be switched off) directly above the screen, that just cannot work.

My third point of criticism was the organization of speaker travel and accomodation. If it wasn't for me meeting with Armijn at the night of arrival, I wouldn't have known to which hotel to go to. Furthermore, the hotel was located in a different town (so you couldn't just go back to the hotel during the day, to drop some stuff, or change clothes, or whateer). Then that hotel was undergoing a complete reconstruction. I could only take the question "do you need a wake up call" by the receptionist as an ironic joke. At 7.45am the power drilling started - way after all the other noise that started about half an hour earlier.

Luckily I had arranged for my own travel. Georg has received his ticket information only on Monday afternoon (and was leaving on tuesday!). This is not exactly how you professionally organize any kind of event.

I don't want to overly complain, but I just want to give motivation to improve that situation the next time.

Dual-Opteron liquid cooling leaking

I'm not really having that much luck with the liquid cooling system of my main workstation. Today, one of the CPU coolers (dual socket 940 board) started leaking. Unfortunately it was the cooler of the CPU sitting above the AGP and PCI-X slots, spilling coolant on th Radeon 9200 and E1000 cards.

Coincidentally all that happened while I was having a bath, but that just as a side-note.

Now the box still boots up and is accessible from the network. Just no graphics output. Pretty bad for what I use as a dual-head compile and development workstation. So far it looks like at least that AGP card has died. I already bought a used one on eBay (you can't get any Radeon 9200 these days, and that's the really last 'free' graphics chip out there [apart from Intel on-board stuff]...). It could also be the AGP socket or something completely different. I don't have any spare AGP cards, just PCI... 5V PCI that don't fit in the 3.3V-only PCI-X slots, so I couldn't test it with a different card right now.

Now since this is the second time I'm having quite big trouble with that liquid cooling system, this is a good time to re-think whether it was that good an idea. I still think it was. I mean, for the better part of two years, this system has been running day and night, without any problems. In fact it is so quiet that I now regard my Quad G5 (unloaded, all fans at minimum) as extremely loud. And it is that quiescence which I love so much, and it is even worth at least those two times I've now had problems.

Nedap voting machines in Europe

The regular reader of this weblog might have noticed that for more than a yearI've had an interest in the use of voting machines in elections, specifically Germany.

While my many other interests and projects have not allowed me to look into this subject as much as I wanted, some of my friends of the Berlin CCC have collected a lot of information on voting machines (German) and also actually had a chance to do some hands-on security research together with our Dutch hacker friends

Yesterday, their joint activities became public. First in a TV show that has been aired in the Netherlands. German media reports are catching up today. Expect some more coverage following-up the CCC press release, such as this one.

Now what was actually discovered? In short,

There are many possibilities for manipulations
That a proof-of-concept firmware for election manipulation on a Nedap machine has been developed
That the Nedap machine can be re-programmed just like any other computer, e.g. to turn it into a chess computer
That the Nedap machines actually have spurious emissions that can be used to detect which party / candidate is currently being voted from a range of at least a couple of meters distance by using a small radio receiver with earphones.
That any contemporary cell phone or Digital TV set-top-box has employed more security mechanisms than those voting machines. Cryptographically signed boot process? Signed applications? Trusted Computing? Such technologies are only employed for the protection of important data, such as commercial audio and video recordings. Unimportant matters such as democratic and free elections do not require any such secure technology, but use 1980's home computer technology.
That the legal requirements on the technology of voting machines in the Netherlands and in Germany do apparently not even come close to identifying (and preventing) the most basic IT security threats.

Therefore, the use of such voting machines must be halted immediately, at least until an independent board of renowned international IT security experts has been drawn to specify new technical requirements on their security, and until all old machines have been upgraded or replaced by such machines that follow those requirements.

Because any reasonable set of security requirements will inevitably lead to machines that are by far more expensive than those currently in use, it becomes even more questionable to build and use them in the first place. Why should a few hours quicker election results ever be worth even only the slightest increase in risk of election manipulations?

Bollywood Musical in Berlin

Tonight I've been to Bollywood - The Show, a Bollywood musical that is touring through (I guess among other countries) Germany for the next couple of months.

It was truly amazing. First, there is the irony of playing a story that is remotely based on a true story - probably an idealized form of the story of the musicians and choreographer family behind this musical: The Merchant family. Secondly, the number of dancers is actually quite limited, so they need to danca and dance and dance for hours. What is usually done in many takes (with breaks) when shooting the song sequences of a Bollywood movie - those musical dancers have to do it all in one row. One some days even two shows on one day. What an amazing talent and stamina.

It's too sad to learn that such musicals can only exist in the west, since their cost of production is just too expensive for India, plus apparently the lack of a musical culture there.. quite strange, isn't it? I bet a lot of Indian Bollywood fans are definitely sad to lack the opportunity to see this (or another upcoming one, such as the Bharati).

Bavaria's best gothic/dark wave/industrial/ebm club "Top Act" about to close

I'm sad to hear that the best club "close" (50km) from my old home city is about to close at the end of the year. This is extremely sad, and I suppose it will have quite an impact on the subculture there.

I can only hope that I'll find some spare time for a goodbye visit in November or December this year. A night at Goettertanz or La Nuit Obscure has always been a deeply touching, emotional and aesthetic event. No other club anywhere else has ever managed to make me feel anywhere close to how I felt at Top Act back then. Excellent DJ's, great choice of music, the right kind of people, 18+ limit for admittance, and a gothic dress code(!). Call that elite, if you want - I'll tell you: The result was spectaculous. People would travel 150+ km every weekend to get there.

Good bye Top Act. Thanks to Thomas Manegold and his crew, thanks for hosting that many memorable events. Thanks to Kodachi (didn't forget you!) for first recommending that location to me.

Obnoxious RoHS/WEEE rules and their German implementation

You might have heard about RoHS (Reduction of Hazardous Substances) before. I always thought it is a well-meant and important contribution of the European Union to reduce the amount of hazardous substances in electronic waste. As a supporter of many environmental groups, and an occasional voter for the Green party, I definitely support such a goal.

If I was to manufacture electronic equipment, then certainly I would consider it as my moral duty to pay for the cost of processing ('recycling', how they call it, if that was ever possible)the resulting waste. No debate on that at all.

Now I actually am involved with producing small quantities of electronic equipment, and suddenly those issues come up again. The product obviously only uses RoHS compliant components, no question on that. We do want to reduce the environmental impact, after all.

Now enter EU and German bureaucracy, combined with lobbying of large industrial electronics manufacturers, and you end up with the German implementation called "ElektroG" (Gesetz ueber das Inverkehrbringen, die Ruecknahme und die umweltfreundliche Entsorgung von Elektro- und Elektronikgeraeten [Law about distribution, withdrawal and eco-friendly disposal of electrical and electronic devices]). That law basically regulates and delegates the administration of the RoHS/WEEE guidelines to an authority called EAR (Stiftung Elektro-Altgeraete Register [Foundation for Registry of Electrical Devices]).

The way how this system works is:

All manufacturers and importers have to register themselves with EAR
They also have to register the quantity (weight) of produced/imported goods every month
They furthermore have to produce proof of having made a deposit on the amount of money required to "recycle" the resulting electronic waste, even in the case of bankruptcy of the producer/importer

This all sounds very reasonable and well-thought. Given the facts stated until here, I would still be an avid supporter of such a system.

Now enter the disaster: The minimum quantity that this system can deal with is the metric ton. This is very suitable for large manufacturers, but what about a small company that produces 100 units of 180grams of weight every year? It will take more than 55 years to fill up that metric ton. Now, if they actually allowed you to pay for one ton every 55 years, then that would be great. Obviously, they don't. Rather they employ an undisclosed lottery algorithm, which elects one registered producer/importer who has to take care of recycling one specific container that was filled last at the electronics waste collection station. Yes, every time one container is filled, they elect another lucky lottery winner. And in order to make sure that every possible "winner" could actually afford the disposal of that container, EAR has the "proof of bankruptcy-safe deposit".

You might think: Well, quite a fancy system, but assuming that algorithm was tuned right, there still is no problem, even for small producers, since the probability of them being chosen by the lottery is very low. And in fact it is. An EAR person has publicly stated in an interview that only producers having produced more than 3.5 metric tons of electronics are eligible to win that lottery. Great, since in our example that would be in 194 years. Son nothing to worry about, right?

Wrong. The administrative fees of EAR.

155 EUR one-time fee for registration is still quite acceptable.
85 EUR per product that is put on the market is fine, too.
100 EUR for each notice of change in production quantity is a bit steep, given the inevitable flux of that figure.
455 EUR for the validation of the proof of having made the deposit
215 EUR annually for the re-validation of the proof of having made the deposit

Now what kind of bull**it is this? This means that during those 55 years we would fill one metric ton, we'd have to pay 12066 EUR only in administrative fees for validation and re-validation of the bankruptcy-save deposit? All that for the disposal of one ton of electronic waste, which costs [now] between 200 and 400EUR ?

I would be very surprised if such fees would not violate anti competition rules of the EU somewhere at some point. This is the creation of a serious market entrance barrier for small manufacturers of electronic equipment and nothing else.

FOSS.in Call for Papers still open until Oct. 08

Many of you know that for the last three years I enjoy the conference for Linux, Free and Open Source Software formerly known as linux-bangalore, but now known as FOSS.in.

Compared with other big international events, FOSS.in call for papers is always tremendously late, which means that it actually is only some 10 weeks in advance of the event. The same goes for the event website. Please don't consider this as a sign of weak organization. It's just like this, it has been like this, and it worked well. This 'late start' has never compromised the vitality and success of the actual event.

If you have some interesting and technical topic in the Free and Open Source software which you want to talk about, I suggest submitting a proposal with the FOSS.in speaker registration website. Expect an excited audience of up to 3,000 attendees.

OpenPCD press release, online shop

Ok, after a painful day full of shippin rates, insurance, taxation issues, etc. Milosch finally worked out how to ship our product to about any country of the wokld. This means that the OpenPCD shop is now online, and we're accepting orders from those people who don't want to fabricate the four-layer PCB themselves ;)

We also sent out the Press Release, in the hope that some press actually might be interested in free hardware project.

On OpenPCD.org we now also published the first binary firmware images (source code has always been in svn), including full USB DFU (device firmware upgrade) support.

If I manage to resolve some of the problems I still have with the SAM7 SSC controller, then the PICC simulator should also get working some time soon.

gpl-violations.org prevails in court case against D-Link on the GPL

A couple of weeks ago, I mentioned in this blog that there was legal victory in a ground-breaking court case on the validity and enforcibility of the GPL.

Today, I have released this press release stating some more details on the case, including the name of the defendant: D-Link.

I'm quite happy to see that our arguments have convinced the court outright, and that we didn't have to go through a lengthy procedure of calling several prominent kernel developers as witnesses, and getting statements from technical experts or the like.

If you're interested in the (German) judgement of 16 pages, you can find it at my lawyers' website. An English translation is in the works, but will take another week or so.

We've already received some press coverage, mainly in Germany so far. Interestingly, in a statement of D-Link quoted by heise.de, D-Link seems determined to not take this to a higher court... which means that this judgement will soon be considered legally binding, and be one more tiny step in the clarification of legal questions on the GPL.

I'd like to thank my fellow developers Werner Almesberger and David Woodhouse, as well as my lawyer Dr. Till Jaeger and his colleagues for all their support and work. A lot of time and effort was spent in preparation of this case, and as it turned out, exactly that preparation brought the case to a quick ending.

Panasonic R5 battey life

On the trip back to Berlin (from netconf in Tokyo) I had the first real-world test case for my new Panasonic R5 laptop. This really is the best laptop I ever had, I'm very happy with it. The advertisements of 10..11h battery life time don't seem to be an overstatement. I'm not flying for more than 10 hours, but given the power readings that ACPI gives me, 11 hours should be very much possible, given the total power consumption of 4.3W while doing text file editing, such as writing program code or this blog entry.

Doing a kernel compile brings the total power consumption up to something like 8.9W, still pretty impressive (and should give about 6.5hours given the battery capacity of 57Wh).

On the driver/hardware support side: I got display backlight control to work with the out-of-tree pcc_acpi module, and ipw3945 also worked straight ahead. Now I basically only need to find some useful thing to do with the TPM that I unvoluntarily got with this device. Has anyone figured out a way to use it for dm_crypt key storage or something like it? That would be neat. And yes, I know, if the device breaks, my data is gone. But that's what backups, version management, IMAP servers and the like are for.

My latest toy: Panasonic R5

I was already assuming that I'd be spending some money in Akihabara (Tokyo, Japan) before I actually went there or knew for what it was going to be spent.

Browsing through the hundreds (literally!) of local electronics stores, I once again realized how nice and small laptops (sub-notebooks ?) are available in Japan. One really wonders why those devices never make it to the European market.

Anyway, I bought myself a Panasonic R5, which is a 512MB RAM, 60GB 1.8" hard disk, Intel U1300 CPU, 10.4" 1024x768 device that weighs 999grams and is actually really cute ;) Wi-Fi is provided by an Intel 3915 a/b/g chip, and graphics is an Intel 945 PCIe - so no problem with free software drivers at all (remind me to re-implement that binary-only daemon for the new Intel chipset if nobody else does it until the end of the year).

Debian unstable installed fine (from a USB stick, before Windows booted the first time, so it's still a virgin), Xorg is running, everything seems fine. One thing that I didn't realize until after the purchase, though, is that Intel's mobile CPU's apparently don't have the x86_64 extensions (or EM64T how they call their AMD copy), which is sad. This is actually the first 32bit system I'm using for a quite long time :(

Jamal also got one at netconf, and seems equally excited about his new toy...

netconf'06 over

Three days in fast-fowrard, this is how you could probably best describe how netconf was. In-depth technical talks, just like it is supposed to be. And I have to admit that even though I've basically paused my kernel network development in early 2006 (will be back next year!), I could still follow everything, so the risk of loosing track quickly is apparently not that high.

There are many exciting areas of work (and even more with interesting design ideas/discussions), so it's just too sad that I'll have to stick with other work for the rest of this year... embedded Linux, RFID and GPL enforcement :(

As usual at the end of the event, we had to think of where and when to hold the next one. After northern America (twice) and Asia/Pacific (once), it's definitely time for Europe next year. We haven't yet decided on whether to go to Sweden, Germany or Switzerland. I'll try to locate some scenic venue and sponsoring, maybe we can hold it in Germany after all.

At the dinner today both JamesM and myself did our best to promote FOSS.in 2006 among the networking crowd. It seems like Rusty, Jamal and Yoshifuji got hooked ;)

In other news, I couldn't resist but to buy one of those ultra-small notebooks that are only available in Japan but nowhere else. Specifically, it is a Panasonic R5, featuring 24.2 x 18cm size, exactly one kilogram of weight, 60GB hard disk, 10.4" screen, 512MB RAM (needs to be upgraded) and a ultra-low-power U1300 Intel CPU.

I've managed to install Debian unstable during the last sessions of netconf, up till now basically everything is running and I'm happily typing this blog into my usual vim-in-uxterm-in-ion3 setup. Let's hope this new notebook will end the suffering of my legs due to the exctremely hot (and power-consuming) Turion64 based MSI laptop.

A1200 LSM / SELinux update

James Morris got quite interested when I told him that the A1200 uses SELinux to lock out the users (owners!) from their own phone ;) So we both did some further analysis, and it turned out that Motorola had actually released the source code to their own policy engine (MotoAC) with the A1200 kernel sources on opensource.motorola.com, whcih is good.

Still we didn't understand why you would use an unmaintained, at least three years old version of SELinux to base a forked policy engine on it - but obviously this is the world of Free Software and everybody is allowed to make his own decisions.

I've also catched up with the A1200 in general and found out that people have already managed to flash their own kernel into it, whcih is great. I wish I had more time to put into OpenEZX at this point, turning it into something that is actually useful. HINT: Skilled volunteers needed.

Pavel Machek apparently got one and is annoyed by the restrictive SELinux policies. By now I'm quite sure that it's not all too difficult to get rid of them ;)

First time in Japan, visiting netconf 2006

I've just arrived in Japan for netconf 2006. It's quite a pity that I'll only stay one week, but my current business-related schedule doesn't allow for anything more (actually, it wouldn't even allow for netconf, but some events are just too important...).

So here's my report on the first couple of impressions:

Everywhere (airport, train stations, inside trains, ...) it is extremely quiet. Almost nobody talks - and if, then very silently. This is extremely convenient, and I would love to see this to a similar degree in other places...
At the airport, there was somebody "defragmenting" the luggage on the conveyor belt, i.e. assuring that the maximum number of suitcases fit onto it, rather than causing a queue of incoming luggage because of an apparent "full" belt.
At the immigration, an extremely long queue formed. At some point a baby started crying. Immediately one of the immigration officers left his booth, made his way through the queue to escort father + baby (mom was not in the queue) directly to his booth, giving them preference. I'm impressed.
At the airport train station, a ticket vending machine ate my 1000 Yen bill and responded with some buzzing and the very descriptive "Not Ready" error message. While I was still undecided whether that is a malfunction, or the machine is just checking that bill very thoroughly, some JR staff member was running towards me, apologised, and disappeared in some small service room. Two minutes later, he opened a small window next to the ticket vending machine, where he handed me back the bill. I'm even more impressed!
Japan seems to be the only place (at least as far as I can tell) where "The Coca-Cola Company" has managed to produce soft-drinks that do not contain ridiculous amounts of sugar or artificial sweetener. (and I don't even know how it's called because there is only a Japanese name on it)
At the airport I used WiFi. This is the first time that I used a public hotspot that did actually use stateless IPv6 auto-configuration to give you a valid IPv6 address. I praise those responsible for that... stunning!
The only negative aspect so far is the lack of a GSM network here. Too sad...

OpenPCD - A 100% Free 13.56MHz RFID reader design

Finally, after a lot of delays, I am happy to announce - not yet the public release of the schematics, PCB layouts, and firmware source code - but at least a homeapge and photograph of OpenPCD, the completely free 13.56MHz RFID reader design. You can use it to talk to ISO 14443 A+B, ISO 15693 and related 13.56MHz transponders. We're still busy cleaning up the code and fixing the bugs in the schematics, but expect them to be released within this week.

This reader design is particularly interesting in everyone interested in RFID protocols and security, because of its many interfaces. You can modulate arbitrary waveforms onto the 13.56MHz carrier by bypassing the RC632 modulator/encoder and using the PWM (Pulse Width Modulation) or SSC (Synchronous Serial Controller) of the AT91SAM7 micro-controller. On the RX side, you can also bypass the RC632 decoder and use the SSC to sample arbitrary data, provided it is on a ISO-ocnformant sub-carrier frequency.

Many of the internal signals can be routed to U.FL connectors on the PCB, e.g. if you want to look at certain intermediate signals on an oscilloscope, spectrum analyzer or even sample it with some high-speed ADC like the USRP SDR.

So far we have only produced some five readers of this latest design. But for those of you not interested in re-building it from scratch, we will obviously be offering the ready-built reader in a web store soon.

Meanwhile, the openpcd.org team is constantly working on producing the counterpart, a 100% Free and Open RFID transponder simulator for 13.56MHz. Progress is steady [but slow]. Expect some more exciting news soon ;)

Victory!

Today I have receive news that we've won the first regular civil court case on the GPL in Germany. This is really good news, since so far we've only had a hand full of preliminary injunctions been granted (and an appeal case against an injunction), but not a regular civil trial.

The judge has ruled, but the details of the court order have not been publicised yet. I'll publicised the full details as soon as thus details are available in the next couple of weeks.

[p.s.: If you're from the press: Don't bother asking me about further details on who the defendant was, or whatever else. Patience. All shall be revealed soon]

Meeting Michael Lauer (OpenEmbedded) for two days

The last two days, I've been meeting with Michael Lauer from OpenEmbedded. Among things that I cannot talk about, we've also been talking about OpenEmbedded on the EZX phones, as well as the Amida Simputer.

ROKR E2 Linux Phone review

There has been an extensive review of the Linux based Motorola ROKR E2 phone at osnews.com.

10 common misunderstandings about the GPL

I'd just like to point out the excellent article on 10 common misunderstandings about the GPL by Bruce Byfield.

Meanwhile I'm still working in India, just returned back from Mumbai to Bangalore. Two more days and I'll be back to Germany. For one week, at least.

Wanted: Author and/or sources for EZX "qonsole" application

The original author of the KDE "Konsole" program, Lars Doelle, is actively looking for the Author and/or the source code of the "qonsole" program, a terminal program for the Motorola EZX platform that is apparently derived from GPL licensed Konsole.

Since the legal status of qonsole never was clear, I always refused to host it on any of the OpenEZX project resources. I didn't really know of any GPL violation going on, but had a somewhat strange feeling.

If any of you has information on where the qonsole program originates, please make sure to inform either Lars or me about it. We know by now that it appears to originate from some chinese or singapore mobile phone forums.

It's good to see more software authors of GPL licensed programs actually caring about enforcement of their license :) I sincerely hope this can be resolved and qonsole either distributed in gpl-compliant way, or a re-implementation be found/made.

GPLv3 conference in bangalore

It's already four days ago, but I just couldn't find some time to write about it in this blog. The 4th international conference on GPLv3, held in Bangalore/India.

I've been to three of those four confrences now, and I guess that makes me the only one apart from the FSF to judge how it actually went, compared to other events.

And I'm sorry that I have to say that it was by far the worst of these events :(

They closed down registration at some fixed limit (270?) because the auditorium couldn't hold more people. However, since the registration was free, only 50% fo the people who registered were actually present. And this at the expense of people apparently have been turned away after the quota was filled. Now we had a half-empty auditorium, and people who wanted to come but were rejected.
The programme. Basically RMS and Eben did not only give there usual (every time updated) great presentations on the spirit and the wording of the current license draft. But then they were kept alone on the stage to reply to questions for about the same time. Nobody else but them was giving any presentations on something that is really GPLv3 related.
The panels. What is the point of a "business panel" if all(most) you have represented there is some small three-men-in-a-garage companies that are run by free software enthusiasts? Where have beeen the Infosys, Wipro, ... companies? Don't they have something to say about the GPLv3?
The audience. How can you come to a conference on the GPLv3 and then ask questions that
- everybody knows will upset rms because they use Linxu with no GNU/ in front
- are totally unrelated (how can I make Autocad work on Linux
- reveal that you haven't even bothered reading the GPLv3 draft
Where were the GPL-savyy lawyers, free software developers and industry representatives that had made their way to the Barcelona and Porto Alegre event?
The [non-existing] moderation. Why was there nobody stopping all that off-topic crap like endless discussions on why gnucash isn't conforming the Indian accounting standards. I'm sure those are important problems to be adressed (and somebody should just hack that code into gnucash if he has a need for it). But who the hell cares about this on a conference specialized to license questions?

Getting a Simputer

Today I've been paying a short visit to Geodesic Information System Ltd. Bangalore Group (formerly PicoPeta Software), one of the two companies behind the Indian Simputer project.

Now most of the readers of this blog will probably think "oh, that computer for poor Indians", which is just not true, but the result of both media (and some government officials) misrepresenting the idea of this project.

Anyway, they'll give me one of their high-end Amida models to hack a bit on them. I guess one of the first thing I'll want to do is to create an OpenEmbedded machine description and kernel package for it, in order to be able to use all the available OE packages on it.

This is _not at all_ to say that I dislike the software that is pre-installed in the device (which provides a top-of-world-class and extremely unique user interface). But it's extremely useful to be able to choose between the pre-installed software and existing software packaged in OpenEmbedded. Maybe some of the existing GPL (or otherwise free licensed) Simputer software can be packaged as OE ipk packages and then be seamlessly integrated.

Off for two weeks of India (GPLv3 Conference Bangalore, plus some Mumbai)

I'm off for two weeks of India. The first hop will be the 4th GPLv3 Conference held in Bangalore. After that, I'll be relaxing for a few days at my friend Atul's place, only to go for some business appointment in Mumbai, before finally returning on Sept 3rd.

As usual. I'll be working "on the road", but expect delay in email replies.

Allnet Allsound / U-Media AudioMate

I couldn't resist any longer to buy a Allnet Allsound aka U-Media AudioMate, basically a small 802.11 WLAN capable Internet streaming radio stand alone receiver. Something that you can just put into your kitchen / bedroom. It hooks up to your WLAN and plays MP3 radio streams stand alone. No running computer / hard disk / server / ... required. IT also seems to support UPnP A/V, but I yet have to look into some Free server software for this.

Oh and yes, you can actually use it as alarm clock, waking you with tunes of your favorite Internet streaming radio. How cool is that?

Bollywood / Hindi-pop Web-radio: Radio Teentaal

I've recently discovered Radio Teentaal, a web-radio dedicated to "100% Indian music" - being streamed live from Paris.

It's certainly no surprise to see the radio being shoutcasted from some western country, since [that kind of] bandwidth is still not really affordable in India. But it's surprising to me that it's not from UK, US, Canada or another English-speaking country with large NRI community.

Anyway, they seem to play the latest popular Bollywood beats, no commercials, no interruptions, not even one the otherwise omnipresent self-advertisement jingles. Just pure music, at 128kBps stereo mp3.

CCC Berlin now proud owner of USRP

Finally the Berlin Section of the CCC has managed to obtain some donations (courtesy of ) for the purchase of a USRP with all major front-ends (BasicRX, BasicTX, RFX2400, RFX1800, RFX900, DBSRX, ..).

I sincerely hope that this device will be able to fuel even more interest in RF communications and research of security aspects of popular RF systems such as DECT. At least a bunch of interested hackers now have all the tools they need :)

OpenPCD - A free 13.56MHz RFID reader design

Over the last weeks I've been working together with Milosch and Brita from bitmanufaktur.de on OpenPCD, a Free Software and Free Hardware design of an RFID reader for popular 13.56MHz based protocols such as ISO 14443 and ISO 15693.

The hardware design will be released under a CC attribution share-alike license, the reader firmware and drivers (librfid glue code, plus some extras) will be released under GNU GPL.

We now have our first fully functional prototype, happily reading ePassport samples and the like.

In addition to being free (and being able to controlling the bare hardware because of the firmware source code) this reader gives an unique opportunity to study RFID signalling, since various analogue and digital test signals are available on headers or (currently BNC, later U.FL) receptacles.

Also, this device can be used to generate arbitrary modulation patterns, with full user control on frequency, modulation width, depth, etc.

We're currently too busy to release the code and docs in an appropriate way, but my hope is that you'll be able to check out a first release within the next two weeks.

The next goal is a similarly 100% free RFID PICC (transponder side) simulator. We're already working on this for some time, but I don't want to blow too much of the good news weeks before you will be able to actually check out the code and hw design. Stay tuned..

Oh, and not to cause misunderstandings: Some time ago I was mentioning that I'd be working on an incredibly cool Linux project in China. This RFID stuff is _not_ what I was talking about, even though I still think it is extremely cool ;)

more u-boot S3C2410 work

I've spent some more time on u-boot S3C2410 support. We now have working NAND flash and MMC+SD support. I'll publish patches soon, probably next week.

Apart from that, I'm extremely busy.. mostly doing real work, but also with boring gpl-violations.org stuff. Too little time to keep this blog up to date as much as before, my apologies.

Travelling to a gpl-violations.org related court hearing tomorrow

Tomorrow morning I'll have the pleasure of travelling to Frankfurt, where the first court hearing in a particular gpl-violations.org case will happen.

Those of you who follow my actions closely (closer than the practically non-existing PR work of gpl-violations.org allows) will notice that this is actually the first 'regular court case'. So far we settled everything either out-of-court, or sooner or later after a preliminary injunction, or an appeals case thereof.

In this particular case the defendant claims that the GPL is not applicable to them for a number of reasons, but at the same time argues that he still has the right to use the software, despite not having obtained any kind of license.

I don't yet wan to disclose the identity of the defendant yet, but I'll certainly post some more information on this pretty soon. You will all know the company, though. A very popular vendor of embedded networking gear.

Retrospective on Shah Rukh Khan

The much-to-be-thanked Rapid Eye Movies cinema movie distributor for Asian cinema brings a retrospective on SRK into German cinemas. It includes the movies Baazigar, Dilwale Dulhania Le Jayenge, Kuch Kuch Hota Hai, Dil Se, Kabhi Khushi Kabhie Gham, Swades and Pardes.

They start with showing those movies from July 20 (today!) to August 8th in the Babylon Theatre Berlin.

I've seen most of those movies before, but on DVD. And I'm definitely going to watch many of them in the cinema, since Bollywood movies are just too colorful and rich in detail to watch them on something as "low-res" and compression artefact encumbered as DVD...

So I'd expect some drop in productivity over the next two weeks, but I can't help myself...

Getting hooked once again by Techno

Just last weekend we've had (once again after two years break) the Love Parade, basically a huge open-air rave. Now fully commercialized (but that's a totally different story). I didn't attend it, but somehow the publicity surrounding that event prompted me to look into my 15GB archive (and corresponding CD collection) of early nineties Techno music.

Little of my blog readers will know me for that long time. Most of you will think, yeah it's that Goth guy, he listens to strange dark wave, industrial, ebm, music. Some of you also know that I enjoy a fair share of popular Hindi music.

But actually when I first started to actively listen to music, maybe at the age of 12 and up, I was a _huge_ fan of the then-popular electronic music in Germany: Techno. In a very short time this genre made it mainstream, creating a new youth culture in mainly Europe, but particularly Germany.

It was an euphoric time. German had just reunited. People were enthusiastically looking forward at the supposedly-bright future, now that the cold war was over. Everything was looking bright. People still mostly had job security, unemployment was low (compared to now), the negative effects of the neoliberal globalization did not yet affect the public at large.

At the same time, technology was en vogue. Home computers had started to become public in the second half of the eighties, the BBS scene existed, a small minority of people had access to Usenet, later the Internet. Music that used (mainly) synthesizers, samplers, sequencers and the like was very modern/futuristic.

So this was the kind of setting in which I spend my teens. Obviously I was too young (and shy) to attend any of the big raves at that time, but I was listening to music from Westbam, Marusha, DJ Dick, Hardfloor, PCP, Sven Vaeth, Sunbeam, RMB, Star Wash, Underworld, Cosmic Baby, Members of Mayday etc. I spent literally hundreds of Sunday nights recording the (in)famous "Techno Club" at the local radio station N1. God, how often did I watch the recordings / live shows of the cult "Mayday" raves.

So this was about 1991 to 1996. After that time, this kind of electronic music became less and less mainstream. I listened to Dutch "Rotterdam" hardcore for some time, but gave up on that very soon, too. Disappointed by the perceived in-availability of any good electronic music as I knew it, I resorted to classical music for a couple of years, until I got more and more into the "all etc. kinds of dark music" in which I still feel at home today. Music that is much more depressive/negative/destructive than the "happy partying" kind of Techno music. This sort-of resembles my change of mind-set during the same period of time. Reading up on world poverty, globalization issues, north/south conflict, environmental issues, the neoliberal model, increasing unemployment, increasing divide between rich and poor, the constant destruction of civil liberties, etc.

Anyway, so given that recent love parade revival, and me listening to "L.A. Style - James Brown is Dead" at some Industrial/Gabber/Minimal Electronics party last month, I decided to tune into that collection of old music once again.

I'm almost overwhelmed by the amount of feelings and memories this has triggered inside me. Basically it teleported me right back into how I felt 10-15 years ago. A life still in school, not knowing the [evil] world as I know it now, a life full of dreams, hope, happiness and the corresponding music.

This "trip back in history" is now basically going on for the better part of one week. It's going to end soon, and it will leave me longing for the corresponding sorrowlessness. Depressive reality will reclaim its terrain...

Avision AV-220 sheetfed scanner and Linux

Especially for gpl-violations.org, I've been dealing with more and more paperwork in my office. Such paperwork for example includes scanning signed contracts consisting of many pages, before being able to fax/email/.. them in advance of the original document.

So far I've been using a good old Canon flatbed scanner for this job, but with 20-page documents this gets increasingly annoying (and time-consuming) over time.

So I've been pondering to buy one of these HP Paper-to-PDF devices (forgot their name), where you can just put in a bunch of paper and it would email you the result as PDF. Unfortunately they're quite expensive, and even used ones (with probably half-way damaged mechanics) are very rarely found on eBay.

Now I discovered (and bought) an Avision AV-220, which is a sheetfed scanner that can scan up to 50 sheets (at 25sheets/minute). To my biggest surprise, that device actually contains two image sensors, so it can scan duplex in one go (unlike a laser printer where for duplex you have mechanics that rotate a page and process it a second time for the backside).

Thanks to the Avision SANE back-end (by Exactcode), there is excellent Free Software support for the device, too.

And what made the biggest impression on me: They actually ship the scanner with a small rubber/plastic spare part. "Please replace this after 15,000 pages". Isn't that great? I've never bought a laser printer or similar mechanical device that included a replacement of any wearing part.

Adding better S3C2410 support to u-boot

Starting today, I'm working on adding NAND controller (and Steppingstone), as well as frame buffer and USB host + device controller support to the u-boot boot loader.

For some strange reason I'm having quite a bit of trouble wit all of these tasks, maybe I'm misreading the documentation, I'm missing some errata or it's plain old stupidity. Especially stuff like the NAND controller driver are supposed to be extremely easy and fast tasks to implement, and I'm already spending way too many hours on a seemingly way too trivial task :(

Let's hope there is some progress soon...

Shanghai Food

While on my business trip to Shanghai, my business partners have been extremely well taken care of me. This includes assisting me obtaining some rather unusual souvenirs that I wanted to bring back, taking care of the sight seeing programme, but found it's most explicit expression in food.

While I'm extremely fond of Indian and Thai food, I never really enjoyed Chinese food too much, at least not what is sold in the western world as Chinese food. To me it's ok, but nothing spectacular. Before getting to China, food was my biggest worry. Remembering all these documentaries about seafood (which is basically the only kind of food I refuse to eat), and all the snakes, frogs and various insects that the Chinese cuisine tends to have.

Anyway, so my hosts knew about this and took me out to eat twice every day (yes, I'm probably now back to my weight of the Brazil trip in March). The food was always very interesting (as in, interesting ingredients, interesting taste, interesting structure, mode of preparation, ...) and also enjoyable. I kept asking them about spicy food, keeping in mind my preference for Indian and Thai. They promised me to have some spicy food at some point, they themselves not being into it at all.

Two days ago it finally became true. We've been to one of these "hot spot" places, where you have a boiling pot in the middle of the table. The boiling pot contains all kinds of spices, and you put raw ingredients such as tofu, meat, mushrooms into it. Pretty much like a Chinese version of the "Fondue".

However, that pot was split (2 thirds/one third), and one side would be exclusively for me. My side was ordered to be "medium spiced", and it had something like at least 12 red chili peppers in it :) I took a photograph of it in its initial state. The chilies basically disintegrated into tiny little pieces while they were boiling with the remaining food.

God, was that good. The best food I had since my last trip to India. It really was "medium spiced" in a way that there was no pain whatsoever, and it was just extremely strong-tasting, but not just spicy for the purpose of being spicy (if you know what I mean).

Since my business plans will include some more travel to Shanghai during the next couple of months, I _have_ to go back to that place, multiple times :)

Motorola ROKR E2

I've found the ROKR E2, which is yet another Motorola Linux GSM/GPRS phone exclusively sold in china so far. Apparently since June 22nd, so it's a quite new thing. It's very different from the A7xx/E680x series in that it doesn't have a touch screen, but many more buttons. Also, it features a full-size SD card slot, which makes it theoretically SDIO compatible (I'm pretty sure they use some SDIO compatible SD host controller in there).

Let's see whether I can work with the Chinese language firmware. I already found out how to get it into boot-loader flash mode (by pressing the camera button on the upper right side while powering the device up). It looks completely different than the blob on the A780/E680, but that doesn't really mean anything.

As of now, I don't have any technical proof that the device runs Linux. I'll probably not find time to play with this toy before I get back to Germany. But if anyone has hints or further information on how to dig deeper into the ROKR E2, don't hesitate to send me an email about your findings.

Experiencing China's Internet censorship

I've always wondered how China actually implements their Internet censorship, and how effective it is. I could have probably found out by doing some online research, but as with many things it just never happened.

Since I'm now using it every day here in Shanghai, I think I have a pretty clear picture on what is going on. Apparently all they do is some URL based HTTP filtering, and black-holing those requests. I'm not sure whether they actually filter all traffic to the black-holed IP address (which could shadow thousands of other virtual hosts on the same address), or actually only filter individual requests.

So apparently they're just blocking the technically unsophisticated regular user. Anyone with some basic network knowledge could easily work around those restriction - though it probably would be highly illegal.

So basically all the websites I want to access - including those that definitely contain content that the Chinese government would dislike. The only thing that is lacking from the web for me is wikipedia. But well, if you google for the term that you're searching in wikipedia, then Google will happily give you the Google cache of that page ;)

But there's definitely no filtering on ports such as SSH or IMAPS. I can transparently access my IMAPS-secured mail server, I can ssh to my machines in Germany, everything working quite fine. Obviously any kind of tunnelling would give me access to the free world.

So all in all, (luckily!) not very effective, from my point of view.

Now I hope that the Chinese authorities don't see that posting before I leave the country, interpreting it as a 'censorship protection circumvention technology', or actually put my blog into their filters ;) This page is uploaded via HTTPS, so at least they won't see this message _leave_ the country.

Motorola A728 and A732

Just next to my hotel, there is a book store that also sells mobile phones. Among the Motorola models are the A728 and A732, both Linux based. They're about 160EUR each. I don't yet know whether that is a good price, but now after checking with some online shops I think it is.

So I guess I'll get one of each in order to investigate whether we can hack them from an OpenEZX point of view. Also, this finally allows me to obtain proof whether they're still shipping GPL incompliant or not.

I'll continue to look for an A768 and E895. Let's see whether I'll find some time to do some more serious 'shop browsing'.

Visiting armzone.com in Shanghai

Today I had the pleasure of visiting armzone.com in Shanghai. Now if that was like visiting any other hardware or electronics store, I wouldn't be blogging about it. It might actually be that visiting any shop like this in China is a similar experience. But I'll write it anyway, you don't have to read it.

So we were there to buy some S3C2410 based development boards (full-featured, basically PDA development boards, including 65MB SDRAM, 64MB NAND Flash, Ethernet, USB host and device, a CPLD, IDE, 2xSerial, JTAG, SD-Card, ..). The first thing to notice was the price. Including a touch screen LCD panel they were something like USD 180 each. Actually less than any PDA based on them would cost in the western world. Aren't devel boards usually at least one order of magnitude more expensive than the actual systems you're going to design with them?

Then we were looking for some JTAG adaptor compatible with that devel board. The boards ship with a wiggler, which is supported by OpenOCD and also some s3c2410 version of JFlash, but which is slow as hell. Sort of the least interesting option. They had a number of USB and parallel port models available, some of them clones of well-known modules such as MultiICE, some others being developed by themselves.

The main problem was that they all seem to require some RDI server to run on a windows box. Hey, If I'm doing Linux target development on a Linux host system, they ask me to run a windows box just for that daemon? They must be kidding me. So my Chinese contacts engaged in some almost two hour debate on whether he couldn't release the source code to their own RDI server so I can port/re-implement that code on Linux, and why it might be a benefit to them to get that Linux version back to ship with further products. The debate also seems to have included all kinds of other options. Going as far as to the shop wanting to sell us a Raven compatible device, to which we almost agreed, only to learn that he needs a week to produce some more apart from the engineering sample.

One other thing we'd need for the parallel port versions is a PCMCIA parport card. Yes, such things actually exist, and you can buy them even on some Chinese eBay like site whose name I forgot. Rather than buying that, armzone offered us to wait two weeks, until then they will have built (!) their own parport adaptor for only a part of the price. Yes, they would have gone all the way down to molding a case for the parport connector sticking out of PCMCIA, etc. And that for us buying a max of 5 of those cards. Hey, we're talking about electronics / PCB / case design here, not about whether I want ketchup with my french fries!

This seriously made me wonder whether when you buy a car in China they also ask you if they should be personally just for you build a different car radio from scratch. These guys are crazy...

The wonders of Vienna airport

For my trip to Shanghai, the both cheapest and most convenient flight schedule was offered by Austrian. I mainly use KLM / NW / Air France / Lufthansa for my flights, so Austrian was definitely a new experience.

So here I am, connecting to my int'l flight at Vienna airport. Free 802.11b wireless Internet access, unfiltered, with a DHCP server that provides you an official IP. Guess I'll never connect voluntarily at Frankfurt, Paris or Amsterdam again. Finally somebody understood how you can make an airport much more attractive to the [IT] business traveller, without any big investments.

Krrish

Yes, apparently it's Bollywood season in Berlin, thanks to rapideyemovies.de who has brought Krrish at least for one week into one of Berlin's smaller cinemas.

I definitely enjoyed the movie quite a lot. I believe it would be a good example for a "masala movie". Love, Romance, Action, Eastern, Sci-Fi, Thriller: all-in-one. And that with the most excellent dancer and "India's Schwarzenegger" Hrithik Roshan and former Miss India Priyanka Chopra as the two lead actors. And despite all the action scenes, the film actually is still cheesy enough to fulfill the Bollywood cliche :)

I also think it marks a new milestone in the area of special effects for Bollywood cinema. As a sequel to "Koi Mil Gaya", it definitely goes way beyond its prequel.

Rang De Basanti

It doesn't happen very often that one of the many Berlin cinemas shows Bollywood movies. Last Thursday, even two of them started simultaneously. So yesterday I had no chance but to watch Rang De Basanti. I had to go, even though I had seen that movie in Bangalore before. Obviously at that point without any subtitles, so there certainly was a lot of the plot that I didn't realize yet.

The movie was as good as the first time. There are very few movies that don't get overly pathetic when it comes to telling/interpreting a story about [past] heroes. But in this one, everything feels real. The strong emotions, the incredible pain, hate...

Definitely one of the top Indian movies that I have seen, even though it isn't not a very typical cliche Bollywood movie at all ;)

On Monday, I'll be watching Krrish. Let's see how Hrtik Roshan plays Krishna ;)

Bought a Sharp Zaurus SL-C3200

In order to learn more about OpenEmbedded, end especially GPE and OPIE, I've now bought myself a Sharp Zaurus SL-C3200. According to Michael Lauer this is the device that currently has the best support in both user-land and kernel.

Lets hope that by playing with OpenEmbedded/OpenZaurus on the SL-C3200 I can get a somewhat more clear idea on where I think OpenEZX should be heading.

Going to Shanghai next week, kicking-off an incredibly cool Linux project

Today I found myself being at the Chinese embassy, applying for a business Visa. I'll be travelling to Shanghai Wednesday next week, starting to work on an incredibly cool Linux project. I cannot tell you what it is, probably not for the next four months or so. But it's definitely one of the most exciting things I can imagine right now...

Interview on gpl-violations.org with groklaw.net

There seems to be "interview season", since just after the lwn.net interview, groklaw.net has now published this interview with me on gpl-violations.org.

The interview was taken by Sean Daly, who has also been taking care of the audio and video recordings at the 3rd international GPLv3 Conference in Barcelona last week.

Let's hope that those interviews will raise some more awareness and prevent more violations from ever ending up in our request tracker.

Chaosradio 114: Software project management

Tomorrow I'll again be participating in Chaosradio. This months Chaosradio 114 issue is about software project management, both in the proprietary and FOSS world.

Ridiculous fees for USB Vendor ID

Sometimes you happen to find yourself starting a DIY electronics project, much like a Free Software project. And if that hardware is actually to be plugged into one of the standard interfaces such as the various PCI variants, or USB, then you'll need to give it a USB Vendor and Device ID. Vendor ID's are 16bit, and allocated by the USB Implementers Forum (IF).

Unfortunately, applying for a Vendor ID costs you USD 2,000. Yes, two-thousand bucks US for creating an entry in a table. This might be peanuts for large hardware companies, but it's an awfully large amount of money for any of the many USB hardware projects that people tend to experiment with. Especially since micro-controllers with embedded USB device controller are quite commonplace these days.

In the software / Internet world, there also are unique ID's that need to be applied for. I'm talking about protocol numbers, port numbers and the like. I've already applied for a number of them at bodies such as IANA. Obviously they are for free. This way you can ensure not to use values that get later assigned to other organizations/projects, and everything is clean.

Ridiculous fees such as the USB IF fee for a Vendor ID are just leading to the situation when independent developers will chose random ID's, which will sooner or later clash with other vendors and his devices.

If the USB IF was really interested in stability and unique assignments, they would

reserve a couple of vendor ID's for experimental/ organization internal use
create a hand full of vendor ID's which are not assigned to any vendor, but where hobbyists and Free Hardware developers can have individual device ID's assigned to themselves, e.g. like the IANA protocol/port number process works

Barcelona Montjuic cemetery

This morning I've been visiting the Montjuic cemetery in Barcelona. I went there with mixed expectations, since the information I could find online indicated that Spanish cemeteries tend to have these massive walls full of small "urn storage graves", which are not of any real interest to me.

God, was I amazed how different it really turned out to be. Now, after having seen it, I think it has definitely made it into my personal top ten of world-wide cemeteries. Thousands of angels, and other extremely beautiful statues.

Family graves of the wealthy Barcelona families from the late 19th and early 20th century, as rich in architecture, sculptures and details that make many church look extremely plain next to them. And there you have hundreds in one spot!

The whole cemetery is very well maintained, and due to its situation on the side of the Montjuic hill, next to the sea and in direct sun there is very limited vegetation (and therefor no spread of plants onto graves, etc.).

So by now, knowing my affection for cemeteries, you must have thought that I was in heaven while visiting Montjuic. Almost, if there wasn't that stupid "no photography" sign at the entrance. It made me hesitate a bit, but then I thought "well, southern Europeans are generally a bit more open to bending the laws, so let's try it anyway". I took some five pictures, and no later than 10 minutes after entering the cemetery, I was stopped by no less than six cemetery guards, who were constantly patrolling the whole cemetery with their small scooters.

They took my personal details (I wonder whether they will send me a fine to Germany *g*), and asked me to delete those pictures on the camera. I did without hesitation. The technical reader of this blog will know how easy it is to undelete files from a FAT filesystem ;)

Anyway, I didn't engage in any further photography, and I was saddened to see all this beauty, and being deprived of capturing at least tiny bits of it in order to take it home with me, put some more prints to the walls of my apartment, etc.

This really has been the first cemetery I've been to which disallowed photography. And I've been to many hundred cemeteries, mainly in Europe but also in other parts of the world. And they don't even state _why_ they don't allow it. I would pay for a photo pass, I would sign off on no any "no commercial use" declaration or whatever. *sigh*.

I mean I can perfectly understand if people protest against inappropriate photo shootings at cemeteries (you know what I mean... barely naked women tied to graves, etc.), and there is _nothing_ in common between such inappropriate behavior and somebody like me, who basically wants to honour the original artist/sculpturer by taking some pictures for personal use only.

Some small A780 progress

I've continued my work on porting the ts07.10 from Motorola's mux_cli to 2.6.x. It now compiles, although I have no idea whether it actually works as expected.

Since Linux 2.5/2.6 has undergone quite some sophisticated changes in both scheduling/context area (no more struct task_queue) as well as the tty layer (dynamically allocated and managed flip buffers, etc), the task has been a bit more challenging than the usual copy+paste+minor_fixup task.

I'll also be releasing the -ezx6 kernel soon (2.6.17 based) in the next couple of days, where I plan to merge mickey's various driver bits (LED, backlight, keypad fixes) and the above-mentioned mux_cli.

Last librfid ISO 14443-4 chaining bug eliminated

Ok, I finally found the [hopefully] last bug of librfid's ISO 14443-4 PCD side tx side chaining bug. It only occurred in combination with WTX reception.

I also tested CID (card-id) support for multi-activation. If anyone has ever seen a 14443-4 PICC that actually offers NAD (node address) support, please do let me know (samples even more welcome).

To my surprise I discovered, that higher baudrates are actually already negotiated between PCD (reader) and PICC (transponder). Thought there was some practical problem, but it actually worked all the time.

GPLv3 and Steve Ballmer's blood pressure

I'm currently having the pleasure of being part of the GPLv3 Conference Europe. It's been a pleasure to meet folks like Georg Greve (FSF Europe), David Turner (FSF GPL compliance lab), Eben Moglen (FSF, SFLC) again.

There seems to be significant progress in the GPLv3 process since my latest status updates at the 2nd international conference in Porto Alegre (Brasil) some months ago.

To one part, the second draft of the license is supposed to be published in roughly one month from now. As Richard Stallman pointed out, the most significant changes that we're likely to see are:

Renaming of the "liberty or death" clause to "no surrendering others freedom"
More precise wordings on the frequently-misinterpreted DRM clause, removing the section on provision for "unencrypted output". The latter clause is basically superfluous, since if you have access to the full source, and a means to install a modified version of the source, you can easily remove any encryption routines for the output.
Probably an option that if you only distribute binaries, then it's sufficient to provide the source code on a network server, rather than having to provide it per mail order. This still requires some feedback. I personally disagree with this, sine there really are many [both real and potential] users of Free Software who live in low-bandwidth areas. Yes, there might be services which download software from the net and write CD-R's for you, but do we know that such services exist (and will continue to exist) in all those areas?
There was some necessity to rewrite the explicit patent license. There is no change in function.
Introduce some new wording such as the concept of "conveying a copy" rather than using the term propagation (or even the old US-centric "distribution"). This wording tries to depart from any US legal terms and rather defines some own terms. As a side-effect, it cleanly solves cases such like peer-to-peer sharing networks (where every downloading user also distributes [partial] copies to other users.

Also, as I figured from conversations with Eben and David, to my personal pleasure and acknowledgement, the wording of the "60 days clause" has been changed in a way to make its intent quite a bit more clear.

Another interesting point was the fact that I learned about a detail in GPLv2. Apparently the Section 3b (accompany object code with a written offer to provide the source code later on a physical storage medium) was never intended for online distribution. This paragraph was only meant for physical distribution. All online object code distribution should actually also have online source code distribution. Unfortunately this intent didn't actually become visible in the license, and now we have cases like Buffalo, where the vendor tries to actually make it as hard as possible to obtain source code (only one product source code per cd, have user send a CD-R with return envelope, plus some fee for copying, for each version of the firmware).

Oh, and how does Steve Ballmer's blood pressure fit into the picture? Eben Moglen gave one of his most eloquent and visionary presentations, in which he interpreted recent and current events in and around Microsoft as the signs of the eve of the downfall, and that Free Software will be keeping Mr. Ballmers blood pressure at high levels ;)

librfid tx chaining fixed

After a couple of hours restructuring the ISO 14443-4 (T=CL) transceive code of librfid, we now have working TX chaining support. Quite embarrassing that this fundamental mode of operation was broken for so long. Seems like people have been mostly running read-intensive applications, where no larger chunks of data are sent to the PICC.

LWN publishes gpl-violations.org related interview

Linux Weekly News has just published the second part of an interview with me. This part is on gpl-violations.org.

netfilter.org releases (almost), update on my netfilter involvement

It's been terrible to be away from netfilter development for about two months now. This really has to change, I have to cut down on other stuff if I don't want to loose track completely.

Anyway, I finally did what I wanted to do at least for many weeks: To push new releases of libnfnetlink, libnetfilter_log, libnetfilter_queue, libnetfilter_conntrack and conntrack. The files are available from their usual location. Haven't been in the mood to write changelogs yet, so if you're really interested in them, you'll have to wait for a bit more.

The main architectural change is that the internal api between libnfnetlink and libnetfilter_* has changed, e.g. caller-allocated structures are now callee-allocated. Apart from that, a very important bugfix was made in libnfnetlink, one that actually affects future-compatibility of the kernel/userspace interface.

For anything else, it's mainly a maintenance release.

libnetfilter_queue doesn't yet contain the bits required for the 'upcoming' libnetfilter_cthelper (userspace helpers), because I felt pushing that code without having the rest of the infrastructure plus some test cases running isn't really worth it.

So please include in your prayers that there are not too many gpl violations during the next couple of weeks, that I finally get hold of that stupid PPTP problem that is bugging me for many weeks. If that happens, I think I'll be back to netfilter stuff early next week after returning from the Barcelona GPLv3 event.

Not sure whether I mentioned it already: I'm actually skipping OLS (and kernel summit) this year in order to gain some time. Meeting folks and attending talks is a lot of fun, but it also (including the travel overhead, jetlag, drinking, etc.) eats a lot of time. So I'll actually take my long-announced pkttables holidays when the rest of the Linux kernel developers are in Ottawa. For those not familiar with the term: The idea is to 'go on holidays' (i.e. abandon anything else like reading emails, etc) and stay focused working on netfilter stuff for at least one week in order to finally see the ideas so far known as pkttables to finally materialize in one way or the other.

Meanwhile, I have to extend my deepest thanks to Patrick McHardy, and all the work he's been putting into netfilter maintenance over the last year or so.

Geek Pr0n

See for yourself at http://photos.jibble.org/GeekPr0n30. I really like them, not only because it is geeky, but also because the photographic ideas behind at least some of those pictures. How the aesthetics of the body mix with the geometry of certain object, and sometimes even play with some cultural connotation that we might have...

My personal favourite of that set is this one.

Looking for historical cemeteries in Barcelona

I'll be travelling to Barcelona for the 3rd international GPL conference. As usual, I'd like to take pictures of historical and/or otherwise interesting cemeteries.

For the first time, I'd actually like to use this blog/journal to ask for suggestions. So if you can recommend any particularly beautiful cemeteries in Barcelona, do let me know.

Interview on OpenEZX at LWN.net

For those interested, lwn.net is featuring the first part of an interview withe me on the status of the OpenEZX project. The way longer pert of the interview on gpl-violations.org will be posted within the next two weeks.

Now let's hope that I'll be able to fix that nasty netfilter bug that I'm hunting for weeks now and get back to OpenEZX kernel hacking...

KRISH in German cinemas

Thanks to rapideyemovies.de, the follow-up to the Bollywood sci-fi "koi mil gaya" called "krish" will be shown soon in cinemas all over Germany (well, at least in all major cities).

I'll certainly make use of it, especially since I'll be missing the Bollywood night at Filmmuseum Potsdam because of my trip to the GPLv3 conference in Barcelona.

Invited to participate in panel on GPLv3 at Barcelona event

Later this month, the FSF+FSFE will be hosting the 3rd international GPLv3 conference. I have the honour to be invited to participate in panels on enforcement and DRM related issues.

Motorbike fixed

Since people have already seen me using my motorbike again and almost complaining about my blog still stating that I have problems repairing it: It's all fixed now. Seems like indeed it only was the anker of the starter engine plus the battery. must have been one hell of a short-circuit to first fry the magnet wire and then the battery.

During my repairs I misplaced a washer which led to the blocking of one axis (which in turn prevented the starter engine to do its job). Luckily somebody else did the same mistake before and documented it in some F650 related web forum.

More problems with my Motorbike

As it seems, the anker of the starter motor was not the only thing that is broken with my F650ST. The battery is OK, the starter motor running fine if it's running freely, the engine can be started by towing the bike. At least while the generator cover is removed, I can also manually put the gearwheels and all other parts in motion without too much effort.

So what am I missing? No, the brushes and the case of the starter engine don't have a short-circuit, and yes I already bridged the starter relay to make sure it's not faulty.

Now the only idea left I have is that something is mechanically blocking the starter engine, once all parts are mounted together. Will give it a (risky!) try to run it with open generator case.

Not working on OpenEZX at the moment

Due to lots of other "real life" and "real work" constraints, I'm not able to work on OpenEZX for at least another week :(

Returned from WGT 2006

I've just returned from the 2006 incarnation of Wave-Gotik-Treffen, the worlds largest festival on all styles of dark music.

I was very happy with the music, and in fact discovered a number of very interesting projects, such as Dark Sanctuary, Protagonist, Maschinenkrieger KR52 vs. Disraptor, S.K.E.T., and last but not least Omnia.

The weather though was an embarrassment. We had something like six degrees centigrade during the night at the camp site, definitely much colder than anybody would expect from June in Germany. Seems like the climate changes really become visible :((

As many of you will be asking: Did you take pictures? No, I was forbidden to. It seems this year they were only allowing non-SLR cameras for people who are not accredited press. This usually only was the case at concert stages, but now they extended this to all of the festival area. Since I don't own any non-SLR (either chemical or digital), I didn't take pictures. Need to check whether I can get accredited next year (*sigh*).

First Motorbike defect in ten years

I've always had a BMW F650ST ever since turning 18. It never let me down so far, apart from one minor problem two years ago, when the carburetor was stuck and the bike was leaking fuel.

Yesterday, the starter motor apparently broke. Waiting for the replacement parts right now. Let's hope this is a one-time defect and not an indication that I should get rid of the bike before a long series of "bike is getting old" repairs.

Some more librfid hacking

Today I fixed a number of long-standing bugs in librfid, resulting mainly from the conversion to autoconf/automake. Now, finally, users can actually use the native CCID driver again, rather than using OpenCT.

Also updated the README, added a udev rules file and started to make the librfid-tool program (formerly OpenCT-escape) a bit more flexible and user-accessible. It's my sincere hope that some other users (i.e. from the CCC) will write the missing user interface stuff and fix some remaining bugs...

Porting Motorola's TS07.10 MUX driver to 2.6.x

Since Motorola has finally released the source code for the mux_cli.o and gprsv.o modules of their 2.4.17 kernel on opensource.motorola.com, I've started to clean them up and port them to 2.6.x.

Due to the questionable coding style of that original source code, and the many interface changes in the TTY layer between 2.4.x and 2.6.x, this turns out to be a bigger task than expected. With some luck, I'll find some time tomorrow at ph-neutral to finish the initial port.

Once that code works on 2.6.x, I already have a quite long list of TODO's. First of all, the lower-layer interface needs to be cleaned up. Ideally, the whole TS 07.10 implementation is a TTY line discipline that can be stacked on top of any UART, together with a virtual/fake UART that makes use of the Motorola specific TS07.10 USB transport.

Touch-screen driver for A780/E680, lots of other progress

As of today, the OpenEZX project has a working touch screen driver. I've been testing this with the Kdrive X11 server of OpenEmbedded, and it seems to work nicely on my A780 after calibrating with ts_calibrate.

This is such a major step forward, since the touch-screen driver requires a functional PCAP2 driver, which in turn comprises working SPI support, as well as some tricky SPI-during-hardirq for interrupt chaining.

If you're interested in giving it a try, there's the the -ezx6 quilt patchset including all this work.

Also, thanks to the work by Michael 'mickey' Lauer, I've managed to set up an OpenEmbedded environment to build a distribution for OpenEZX. You can find the first bunch of packages as well as a root filesystem that you can put on TransFlash on my OpenEZX developer pages.

The availability of a OE based root filesystem, a kernel with keypad, touch-screen, usbnet and framebuffer support actually means that all the [G]UI people can now start to work on making their favourite UI system work on OpenEZX. Given the amount of interest I've seen in this area, I'm confident that I still don't (yet) need to dive into UI development myself but can stay with the more technical low-level stuff.

Speaking of which, I've also hacked a nice tool called gpiotool, using which you can read/write GPIO configuration as well as individual GPIO pins from userspace. If I had written this earlier on, it would have saved a lot of time and hassle. But then, it's always hard pushing yourself to develop code that _just_ aids development and doesn't really add any functionality itself.

Using this tool I'm now investigating the AP/BP interaction (handshake). Let's hope that we can actually use the phone as a phone really soon.

Software for paleeograpy of Indic scripts

Those of you who know me a bit better will know that my now ex-{fiance,girlfriend} is studying indian philology and indian cultural history at Freie Universitaet Berlin. Now when you think about philology, you will probably think of old people wading through books and paper.

To the contrary. I've always been amazed how much software development they actually do (or have made) there. Some years back, I learned about Sanskritreader, an OCR (optical character recognition) software package for devanagari script.

Now their latest software is IndoSkript, a Palaeograpy software. It comes with a ~600MB database of scans of anciend Indic handwritings, where evey glyph in those scripts has been individually separated, and the scripts are annotated, etc.

Using that software (it's mainly a database software) you can for example check how a particular glyph was written in a certain timeframe in a specific dynasty in the Mysore area. Or you can draw [or import a scan?] a glyph and have it do pattern-matching, giving you a probabilistic analysis of which already-known glyphs match your new one the most.

As of now, it ships with a database of Brahmi, consisting more than 700 scriptures of more than 170,000 glyphs total.

It's great that they develop these tools, and it's even better that they are published as public domain software. What would be even better, is if they made their software Free Software and publicized the source code. This way other people could contribute and e.g. add a much-needed non-German localization, a precondition for any kind of international (e.g. Indian) use of it.

Maybe I can find a minute (and a minute of their time) to explain to them the marvels of Free Software.

Swades

I've had the chance to watch Swades at the home cinema of a friend. Swades is a quite impressive film, and definitely [for me] one of the best recent Bollywood films.

I think the most interesting aspect is the way how they display the transformation process of an initially extremely alienated NRI (officially "Non Resident Indian", in the movie jokingly referred-to as "Non Returning Indian") back ti a "true Indian".

Motorola launching opensource.motorola.com

Motorola seems to be making some progress internally. Today they've announced the availability of opensource.motorola.com, a web site dedicated to free and open source software used and developed in/by Motorola. This is apparently also the portal where they are starting to publicize the source code for their Linux based Smartphones.

While the source code there is not complete in any way [yet], it actually includes the kernel sources for the A1200 phone, too. After a quick read through it, it seems to be very similar to the A780 code (because of a very similar hardware architecture).

Some of the differences are:

FOTA (Flash on-the-air)
Power Management
Minor differences in boot loader / kernel handover
SE Linux

A full day of EZX driver development

Today wasn't exactly the most efficient day of development I ever had. Basically, the amount of progress made after 13 hours of hacking in the area of EZX device drivers is extremely slow. It didn't even help to not eat, not cook, and not get out of the bed for the whole day. Basically I started with "let's fix this quickly before breakfast", but it wasn't fixed even when I stopped working at 11pm.

My new SPI driver seems to be working fine, but I have massive problems with all the PCAP drivers. This is mainly touch-screen, but also ADC for reading battery voltage, etc. Somehow I cannot get it to produce any IRQ's.

Debian sarge root filesystem image for EZX phones

In order to get other developers going quickly, I have now provided a Debian sarge (arm) root filesystem and a corresponding kernel plus instructions.

Anyone who wants to see a stock Debian installation boot on his EZX phone, have a look at the files published here.

OpenEZX virtual host running

I've finally found the time to configure the OpenEZX virtual host. This means that I now have absolutely no problems to hand out developer accounts on openezx.org. I've also moved the EZX related subversion repository from gnumonks.org to this machine.

If you're working on free software for Motorola EZX smartphones, and are interested in getting some account where you can host your project(s) in svn / git, dump some code on http/ftp or just want a openezx.org email address, please let me know.

Working on Bluetooth and GPRS/GSM support

I've been working a bit on getting Bluetooth and GPRS/GSM support into my 2.6.x based kernel for the A780. Both are quite a bit challenging, even more than I initially thought so.

As for Bluetooth: In theory there is a bcm2035 chip, compatible to the Bluetooth HCI specification, attached to ttyS1 (BTUART) of the PXA270. However, there are some power management related additional signals hooked up to GPIO signals. I think I'm configuring them right, though. Also, there is some indication that the bcm2035 actually requires a bit of firmware loaded into it. Without a vendor data sheet and with only some stripped proprietary Motorola dload program this will require quite a bit more of investigation.

My initial 'demand' for Bluetooth would have been the possibility to use my Apple BT keyboard with the framebuffer console, providing a local console in case telnet dies for some reason.

On the GSM/GPRS front (yes, we actually want to use the phone as a phone sometimes), I've been wading through disassembled gprsv.o and mux_cli.o code. Both re-implementations are progressing slowly, but steadily.

The easier part seems to be mux_cli.o. I've now started to write some libusb based userspace code to test a ts07.10 implementation in userspace via the USB endpoints to the BP. Once the userspace code seems to be working, I can work on a kernel level implementation. The good thing about this is that there are actually quite a few GSM phones that support this multiplex on their serial port. So the resulting mux/demux driver will actually be useful for more people, not just Motorola Linux smartphone owners.

Developing a 2.4GHz active RFID system

Together with Milosch from bitmanufaktur.de, I've spent a couple of days and nights working on building our own 2.4GHz active RFID system. The parameters are: Battery powered, small transponders based on the Nordic Semiconductor nRF24L01 and a ultra-low-power PIC micro-controller. Base-stations have the same nRF chip, plus an Ethernet-enabled micro-controller. Operational range is ~10 meters, we even made it through two walls in our preliminary tests.

So what's the point of all this? The goal is to have that system in operation at the HOPE Nr.6, and to give a practical demonstration on how feasible it is to track people, make protocols on who has spent how much time in which lecture hall, etc.

I'm not involved with HOPE at all, but was only involved in writing firmware and higher-level code for the two embedded systems involved, as well as some testing.

I'm looking forward to learn how the system will perform with several hundreds/thousands of transponders at its first real-world test at HOPE. With some luck, we can have the same system at 23C3 in December this year in Berlin.

Until then I'm certainly going to try to implement my idea for peer-to-peer time slot synchronization of the transponders. I had that idea as a solution to avoid collisions between transponders while working on the project. Unfortunately, the current transponder hardware doesn't have a low-power timing source that is precise enough for such a protocol. Adding a 32.768kHz low-power quartz should do the trick - but will inevitably also make the transponder more costly.

Kudos to bitmanufaktur. I wouldn't even dare to try to design a PCB for 2.4GHz RF...

Back from Brazil

Yes, I survived. Now I need to address that backlog of real world issues and emails...

More of Curitiba and surroundings

The last two days I had a rental car. First I visited "Vila Velha"

Vila Velha really is both beatufil and impressive. Took lots of pictures of those unique rock formations dating back from the ice age.

On the next day (after some OpenEZX hacking) I first drove to Santa Felicidade to visit the cemetery there. Took a couple of pictures, since it is quite unique in that it is a very urban cemetery. Multiple storeys (!) and all concrete floors. Obviously, people can only put urns there, no dead bodies...

Next I drove to the Graciosa road, which I still remembered from my trip to Morretes five years ago. The Graciosa road is the old connection between Curitiba and the harbour. It leads through the few 3% of remaining "mata atlantica", south Brazils version of the rain forest. It's a small, extremely curvy road with lots of viewpoints to the surrounding mountains. Also did a short walk into the forest, tried to take a couple of pictures of an amazing ant trail which must have been multiple hundreds of meter long.

A780/E680: SPI driver using hardware SPI controllers working

So apparently there is no obvious reason for Motorola's driver using bit-banging rather than the controllers inside the PXA270. I now have a modified Motorola driver on 2.6.16.5 running that uses the SPI controller for the bus to PCAP2. Getting my own driver running should therefore be quite fast now.

I've also hacked a bit on the keyboard side, although it's not working yet.

Working on new SPI/SSP drivers for OpenEZX kernel

One of the fundamental interfaces on the Motorola EZX phones is SPI, which interconnects (among others) the PCAP2 peripheral with the PXA270. Motorola ships their 2.4.20 kernel with some ugly piece of spaghetti code driver for it. Apparently they've had difficulties driving the PXA27x SPI controller, and in the end decided to just 'bit-bang' the signals over GPIO. Obviously that's inefficient and CPU-intensive. I hope there is no real hardware problem preventing the use of the embedded SPI controllers.

First I started writing a driver against arch/arm/mach-pxa/ssp.c, only to discover later that this code actually predates (and therefore doesn't use) the generic drivers/spi/ interface. Since I'm a fan of generic interfaces, I chose to write a PXA generic driver for the drivers/spi interface, plus some EZX specific glue code for it.

One of the interesting bits is that the PCAP2 can interrupt the PXA, and it then acts as an external interrupt controller, whose registers you can access over SPI. So a PCAP2 interrupt can mean that some touch-screen event happened, that the headphone, USB or microphone jack state has changed, etc. All those various real interrupt sources need to be fed to individual distinct drivers (audio, touch-screen, USB). The Motorola kernel uses an ugly kludge of callback functions that those drivers can register with the SSP/SPI driver.

So in my new driver, I choose to actually model that bit of PCAP2 functionality as an external interrupt controller. This way the actual sound/touch-screen driver can just do request_interrupt() like they usually do. However, this means that I need to access SPI from within hardirq context, which again doesn't mix well with the architecture of the drivers/spi code (which is asynchronous and queues requests). So I need to implement a couple of synchronous SPI functions in addition to that.

This is now a lot of code, and I'm about to test and debug it, which is expected to be time-consuming and boring. I'll post a status update as soon as there's more information.

Travelling by bus to Curitiba

Tomorrow I'll be on a 11 hour bus ride from Porto Alegre to Curitiba. I'm voluntarily using the bus rather than the plane. Since everybody thinks I must be crazy for doing so: First, I don't really have any idea how the landscape/countryside in that area looks like. Second, I haven't really spent all too much time outside of the big Brazilian cities yet. Third, I have the time to do it (and two laptop batteries). Fourth, it's more friendly to the environment... my intercontinental flights consume way too much kerosine anyway.

O pizza doce numa pizzaria com sistema rodizio

One of the things that I've always missed the most, ever since leaving Brasil in 2001: "pizza doce" (sweet pizza). You can have it with chocolate, coconut, banana/cinnamon, caramel, ice cream, etc.

Yesterday I just had to make use of the opportunity and have lots of it in one of the nice all-you-can-eat pizza places that are common in Brazil. There also was the opportunity to introduce some of the other foreign speakers to this Brazilian interpretation of Italian food :)

OpenEZX: USB Ethernet support working

After lots of hacking at FISL 7.0 in Porto Alegre, I've managed to get the PXA27x USB device controller to work in USB Ethernet emulation to work. I can now actually ping and telnet to the 2.6.16.5-running E680, using a debootstrapped Debian/ARM on SD-Card.

I'll publish the patches in one or two days, when everything has stabilized a bit, and the debugging code has been removed.

Also, at the event here, I've managed to convince quite a number of Free Software people that those Linux smartphones are actually quite interesting toys. Most notably, Keith Packard of Xorg fame has indicated he would probably be getting one and working on a lightweight UI. This motivates me even more to have a stable and fully working kernel environment finished soon.

The most relaxing flight of my life

The day started early for me. Taking the local train to the airport at 4:09am. Then some annoying KLM ground staff who told me to only bring one piece of hand luggage next time. If you know me, then you certainly know that I find nothing more annoying than people with large carry-on luggage. All I had was a laptop bag and a very small camera bag. No backpack, no trolley. I started a discussion with that staff member, indicating to him that he should read his own regulations before trying to lecture me. Neither laptops nor cameras are allowed in the checked-in baggage, and usually they do not even count as 'piece of hand baggage' but are allowed in addition to that piece. I'll make sure to re-check with KLMs current regulations and file a complaint with KLM. Given my last trouble with the KLM flight to Bangalore last December, I have good contacts to their customer care department now.

Anyway, the situation drastically improved in the Amsterdam - Sao Paulo flight. A Boeing 777-200 with the latest in-flight entertainment system: 111 full-length cinema movies, lots of TV shows (not that I care about them) plus individual music playlists.

It comes even better: I had a whole three seat row for my own. After watching "Memoirs of a Geisha" (I already knew the two Bollywood movies they had), I had a very comfortable sleep. Next time I woke up was already in Brazilian airspace. The only time I had that much space was when going to Israel, but that flight was short enough to not care about that extra comfort.

So in the end it wasn't of much use that I just bought a second battery for my notebook computer ;) Anyway, I'm sure my next, less relaxing long-haul flight will not be too distant.

Back to Brazil after 4.5 years

So finally it's happening: I'm currently sitting in an airplane, already deep into .br airspace. Ever since I left Conectiva/Curitiba/Brazil in quite a hurry in late summer of 2001, I intended to come back. My original plan then was to take Elisabeth with me and show her what I've experienced in those six months of Brazil. Also, due to my way-earlier-than-planned departure from this fascinating country, I missed many of the things I had planned originally - such as travelling to the northeast and the amazon region.

But just like that never worked out the way it was planned, I now find myself in an accidental symmetry: I left Brazil to live with Elisabeth - and just after that has ended now, I get back to Brazil. No, not moving back - but at least two weeks of visiting ex-colleagues, (ex-?)friends and places I have known and loved.

At a time of such fundamental change in my life, I feel excited about any kind of new adventures, possibilities, etc.

Due to time restrictions, this is unfortunately not the time when I will be doing all the travel that I originally intended. I'm really too much involved with my many non-profit projects, and besides that I somehow have to earn a bit of money, too ;)

But I'm quite sure that at some point I'll come back. Talvez um pouco mais preparado, depois de ter aulas de portugues. Acho que e muito dificil no Brasil sem falar a lingua nativa.

State of OpenEZX 2.6.x kernel development

During my two days of EZX phone hacking, I've made significant progress. Probably the most important discovery was how to get a serial console on the USB plug, enabling other people to do further kernel development without physically modifying the phone - but it's still a long way to go.

A current list of TODO's:

find out why kernel doesn't boot with CONFIG_IWMMXT
find out why E680 SD/MMC works, but not A780 TransFlash
debug and fix pxa27x_udc in order to provide usbnet (nfsroot!)
debug and fix mtd support in order to be able to access system flash
port and cleanup video and sound drivers
port Motorola-specific SSP/SPI drivers into 2.6.x generic SPI stack
port all the driver specific dpm bits from Motorola's 2.4.20 to 2.6.x
clean up the already working keypad drivers
finish re-implementation of mux_cli and grpsv modules
look into re-implementing the proprietary flash fs drivers, though I don't think that is particularly important, we could run our code 100% on SD/TransFlash
create a modified bootloader that allows for multi-boot configurations. It could actually include SD/TF support for booting kernels from there.
check how the other (later) Motorola Linux smartphones differ and merge their device-specific code into our 2.6.x kernel tree
last, but not least, we need to do something about userspace. I'm not a GUI guy at all, and I haven't yet thoroughly investigated all the existing projects like OPIE, etc. I'm sure once the hardware support is there, some more GUI-savvy people will do something in that area, though.

So why am I stating this here? Because it's up to _you_ to help and take care of one of these tasks if we want to see the dream of having a fully-free software E680/A780 before they get phased out ;)

2.6.16.5 boots on EZX phones

I've finally managed to get a 2.6.x kernel running on the Motorola A780 and E680. Apparently the problems I encountered are part of 2.6.14 (which was current mainline when I started the port). After merging my patches into 2.6.16.5, everything suddenly worked fine ;)

So what I've got now:

kernel 2.6.16.5 booting on both A780 and E680
USB host controller towards Neptune BP working
USB device controller partially working
MTD support for all flash partitions
SD/MMC support on E680 (TransFlash on A780 not working yet)
Framebuffer working on both models, with nice 4x6 tiny font

The main obstacle now is that TransFlash on the A780 is not working yet. The A780 is actually more important than the E680. For some strange reason, all the response bytes from the TF card appear to be zero (at least that's what the response FIFO of the PXA27x embedded SD/MMC controller reports). I've already tried a lot, but am a bit clueless after many hours of trial and error :(

Running a serial console on the A780

After about half a day of trial and error (which was related to a totally different problem, as it turned out), I now have a 2.4.20-based kernel with working serial console for my A780. Unfortunately the console requires soldering four wires onto test pads of the PCB - something that I achieved with 0.1mm diameter magnet wire (Kupferlackdraht for you Germans). The magnet wires are thin enough to get them through the TransFlash slot to the outside, without having to modify the case.

If you're interested in a bootup log captured from the STUART, check this one.

The rest of the day was spent debugging why my (still 2.6.14 based) kernel doesn't want to boot on the machine. As it turns out, booting stops somewhere in the early initialization after head.S has called decompress_kernel(). Debugging this problem has also caused me to actually write some ARM assembly code. For years I'm reading and debugging ARM code, but I've never actually written ARM asm from scratch. So my assembly code now prints one character for every stage of the booting process (ABCDEFGHI) and then stops. At the time the C code should print its first character, the device is already gone. So maybe something with the setup of the registers according to C calling convention, or setup of stack/heap is erroneous.

Interestingly, that startup code has not really changed all that much from 2.4.20 (which runs) and my 2.6.14 based kernel.

It's not unlikely that I'm [again] hunting a totally different problem. I'll probably merge my patches into 2.6.17-rc1 and see whether that works...

Virtualization and IPv6

I am seriously disappointed by both vserver and OpenVZ to not support IPv6 networking. What kind of attitude is this? This is the year 2006. Projects like the netfilter.org/gnumonks.org servers have native IPv6 connectivity at their hosting provider for a number of years now.

Now I'm investigating consolidation of some of the machines, and none of the ever-so-hyped lightweight virtualization solutions even supports it.

My journey into virtualization therefore ends before it even has begun.

Now you might wonder: Why is he complaining so loudly, rather than implementing it on his own? Because I think it's an almost unforgivable design mistake if you develop any new networking solution that is limited to IPv4 only. Also, OpenVZ is backed by a number of companies, and considering the amount of media fuzz they create, there should be a ton of developers working on it.

Now you might ask: Why not use Xen? Because I don't want simulated virtual machines, but rather some separation of privileges and namespaces. Simulating a whole machine seems a bit odd to me for that purpose.

I'll look at virtualization again when they support virtual Ethernet devices. Capable of running IPv4, IPv6, 802.2LLC and all the other nice protocols that we have in the Linux network stack.

SD Card Association releases 'Simplified specification'

If you're reading this blog for a while, attended one of my recent presentations or are dealing with SD Card support in GPL licensed Free Software, then you probably know about the never-ending issues around that subject.

For considerable time, the SD Card Association appeared to have regulations in place that basically prevented any SD card driver to be GPL licensed, because of NDA's and other stuff. I can only imagine that this was because of their DRM scheme [which I've never seen anyone using, btw]. Instead of creating separate standards, one openly documented for the basics, and one for the crypto function, the NDA covered all of it.

Nonetheless, various projects have meanwhile developed their own GPL licensed SD card support, since it is reasonably close to MMC (which is publicly documented), and the many proprietary drivers that can be re-engineered.

Very recently (it seems April 03, 2006), the SD Card Association has published a set of "Simplified" standards. You can get the documents from their homepage. There's one for SD Card Physical Layer, one for the SD Card Host Controller, and two related to SDIO. Obviously this publication is a couple of years too late. But let's try to be positive and look forward and not to the past.

So it seems their policy seems to change at least a bit. A very welcome move, although for my taste there is still one document missing: One that describes the actual commands on top of the physical layer.

Returning from OSCON Vienna

I've just returned from my tree day trip to OSCON Vienna. LINBIT took great care of me during my stay, and I enjoyed it quite a lot.

The most obscure thing encountered during that trip was the word Liftkarmiesen. Austrians have all these (to us Germans) ancient and strange words in their variant of German. Anyway, it even took three native Austrians until somebody actually knew what it was ;) If you're now curious, try to research it on your own. It's related to curtains ;)

Photography at Vienna central cemetery

Apart from OSCON/LINBIT related stuff, I've also actually taken a couple of hundred pictures (both digital and analog b/w) at Vienna's central cemetery, Europe's largest cemetery with more than 3 million people being buried there.

I yet have to develop the films, and look into the 3+GB digital data. However, I'm very confident that given the good light conditions and the amount of time I spent at the cemetery, there should definitely be some really good pics...

Obtaining Asian Motorola EZX phones in Europe

A couple of days ago, I was looking for a way to obtain Motorola Linux Smartphones in Europe, i.e. those plenty of models that are not officially sold anywhere but China and other areas of Asia.

I've now found a suitable importer specialized in importing Asian phones into the European market. In case you're interested, feel free to contact me for more details. The phones range between EUR 180 and EUR 300, but there's a minimum order of five phones. I'll probably be ordering around early may.

planet.openezx.org launched

In the tradition of my main project netfilter (which has a planet.netfilter.org, I've now also opened a planet site for the OpenEZX project at planet.openezx.org.

This should give users the ability to stay up to date with current developments in the Motorola Linux smartphone hacking community.

If you know of any feeds that I should add to this planet, please let me know

Looking for Motorola Linux phones

Since right now I only have E680i and A780, I would be interested in a way to obtain E896, A1200, A910, A768, A760, A732, A728 as well as ROKR E2. Most of them seem to be mainly sold in China / Taiwan.

If anybody knows a good source (importer in Europe) or some other way how to get these phones in the western half of the world, let me know.

Direct import would also be possible, but I'd need to know a serious exporter in .cn/.tw in order to do so. Any suggestions welcome.

Half a day in the darkroom

I've spent the better part of this day first setting up my darkroom (in the bathroom), and then working in it. It's been quite some time (must be almost two years) since I last found time to produce my own b/w prints, but now the time has come. Used about 50 sheets of 24x30cm PE paper only today ;)

I'll probably continue with some more (postcard sized) prints tomorrow and later next week. There's certainly a backlog of a couple of hundred images that I have on film but not on paper yet.

Booting kernels on A780 / E680

It's a bit strange that I still have so much difficulty running my own kernel on the phone. As it appears, there are some subtle hardware (or bootloader?) version differences that made me struggle for so long.

Two out of my three A780, and my one E680 don't boot any self-compiled kernels but rather just crash. The third A780 however boots them just fine.

Obviously, as Murphy's law indicates, the phone it works on is my 'production' phone, i.e. the one I use for my day-by-day phone needs.

We really have to get to the bottom of what's going on here. Also, if there really are differences, then Motorola has to publish the kernel source for both versions under the obligations of the GPL. So far they have only released a single version.

netfilter.org downtime - moving and updating servers

I've spent the whole Monday in the hosting center where netfilter.org, gnumonks.org and most of my other projects are hosted. The main reasons for this visit were:

do kernel updates on two boxes that are known to be difficult with new kernels
move all five machines to a new rack, the old one is too crowded (no space for new machines, too hot)
add yet another new box (parvati.gnumonks.org), which makes the number of machines now six

As usual, Murphy's law applied, so about everything that could go wrong went wrong. And, confirming Murphy's law, the most important machine (vishnu.netfilter.org) had the longest downtime, something close to 9 hours.

This was mainly due to the last Gentoo update overriding my custom-modified yaboot boot script (for using the serial port, this is a headless XServe cluster node) with the default one, which wants to use the non-existent framebuffer.

That combined with the fact that KDUMP-capable kernels can't be booted from OpenFirmware (why isn't this indicated in the menuconfig help???) and thus the new default boot kernel couldn't be booted from yaboot.

That day I've tried about anything, from attaching a powerbook with bootable cd in firewire target mode to booting yaboot via tftp (which fails to load yaboot.conf via tftp *sigh*).

Now I've learned my lesson: chattr +i on yaboot.conf and the modified boot script for serial console.

Meeting up with Armijn Hemel

During my short trip to Amsterdam, I had a chance to meet with Armijn for a couple of hours. It's always good to meet people face-to-face when you're working with them a lot, especially on delicate issues such as GPL enforcement.

We've decided on how to optimize our work-flow and how to improve internal documentation of the individual cases. The usual thing when you're used to working on something alone (i.e. knowing everything off your head) as opposed to other people getting involved, etc.

Anyway, I'm extremely pleased that somebody is helping me out. There's also another friend of mine who's starting to get involved in the project, mainly on technical issues such as verification of the source code offered by the various (formerly?) infringing entities.

NLUUG Linux meet

During my short visit to Amsterdam, I was invited to speak at a small NLUUG event. I presented on recent, current and future netfilter/iptables development, and the presentation was very well received. Unfortunately I didn't have time to listen to the other two lectures, since I had a meeting scheduled with Armijn Hemel, the person who's currently helping me the most with gpl-violations.org.

Downloading and executing your own code in RAM of EZX phones

In the last two days I've written a small program that allows you to utilize part of the built-in firmware update mechanism of the Motorola EZX phones. In fact, what it does is to download an arbitrary (max 1MB) piece of code from the PC to the phone via USB, and then execute that code on the phone.

On the one hand, this might look like a security hole (but well, nobody really cares about security on mobile phones anyway). On the other hand, this should definitely speed up kernel and driver development within the OpenEZX project, since it basically removes the need to flash the phone for testing of some new code.

Also, once a working driver for the TransFlash slot has been cooked up, it would actually be possible to usb-boot the phone into an OS that mounts its files from TransFlash. This doesn't touch a single bit of flash memory and is therefore ideal for development and probably even something similar to what 'live CD' distributions are to PC systems.

OpenWRT terminates GPL License to SveaSoft

It might not be something new to you at all, but it was new to me, since it happened during my holidays: OpenWRT has sent SveaSoft a note of terminating of rights under the GPL.

I've had SveaSoft on my radar several times, but the whole situation seems to be so messy, and there seems to be a history of different violations with each and every release they made. Also, there seems to be quite some confusion on the whereabouts of the developer[s?], which makes it difficult to find an applicable jurisdiction.

Upcoming Chaosradio show on encryption

After quite some time of absence, I'm finally going to participate in Chaosradio again. The subject of the upcoming show is encryption for personal use, mostly focusing on hard disk and email encryption.

I'm single again

Those of you who know me one a more personal level will find it hard to believe that I'm actually a single again. Especially following up the engagement some two years ago.

After knowing Elisabeth for nine years, having lived together about half that time, it actually feels more like a divorce than 'just' a normal separation / split-up.

I will not make the mistake to state any reasons publicly in this weblog, sorry ;) Let just be said that we both feel very sad, and it was certainly not a lighthearted decision.

There's going to be some rough time ahead, and I'm certainly not in the mood for any kind of serious relationship anytime soon.

Always in motion, the future is.

netfilter do_replace() bug is not remotely exploitable

I don't know how people like securityfocus and heise.de and others claim that the recently-discovered and fixed 'do_replace()' bug is remotely exploitable.

In fact, the bug (which was found and fixed by Solar Designer while working for the OpenVZ project) can only happen in a codepath that can be executed by the local root user. Not even a non-root user, neither any remote parties can hit that bug and/or exploit anything.

Returned from vacation in India

Just got back from the airport. Everyone who emailed me: Please keep patient, as I've got some thousands of mails to wade through. Sorry for any inconvenience. I should be back and fully running no later than end of the week.

Offline / Holidays

As announced before, I'm offline till March 21st.

Invited as keynote speaker to OSCON Vienna

Recently I've been invited to give the keynote at OSCON Vienna (please note that this conference, to the best of my knowledge, has absolutely no relation with the O'Reilley OSCON events).

I'm honored and I'll gladly accept this invitation. AFAIR this is the first time I'll be giving the keynote at any FOSS related conference. The subject was up to me to determine, and I decided about something that is both one of the most important subjects for FOSS today, and well within the subject of the conference: "Kommerz und Community: Schnittstelle zwischen den Welten". It's about the interface between FOSS community and the commercial IT industry.

There are many suboptimalities at this interface. I personally believe that optimization of this interface would greatly benefit FOSS as a whole. Which issues am I talking about? Well, first of all, there are lots of GPL/licensing related issues. But even more importantly, there is the lack of support from the hardware community. As long as hardware vendors will actively hamper FOSS development by not releasing documentation, locking down their products, claiming they "support" Linux with their proprietary binary-only drivers.

For many of these issues, there's a big communication and furthermore cultural problem. That's what I want to address in that keynote.

There's another good point to the OSCON invitation: The trip to Vienna will also help me to improve my bad luck and stupidity while doing photography in Vienna / June 2005.

How to boot your own kernel on the Thecus N2100 - and prove it violates the GPL

My latest candidate for gpl-violations.org (and hopefully the last before finally leaving for holidays): The Thecus N2100 and N4100 NAS devices.

The Thecus boxes seem nice, at first sight. Apparently somebody recognized the need for a bit more performance, so there's an Intel IOP 80219 with 64bit PCI-X support, DDR400 memory (actually in a socket), an empty miniPCI slot (great!), USB2.0 ports, and SATA (yay). This should definitely be more promising than the usual 33MHz 32bit PCI / IDE / MIPS / SDRAM based smaller NAS boxes. The only thing really lacking with those Intel I/O processors is a hardware crypto unit. Who wants to have unencrypted storage these days?

Looking at the software, the problems start. First, there is no NFS support. iTunes, SMB/CIFS, HTTP, FTP - but no NFS :( Secondly, the web configuration frontend requires flash. Duh! How can you use something as ugly and proprietary as flash for something as simple as a web configuration frontend for an embedded box. God knows.

Anyway, let's get back to the GPL issue. As usual, I cannot make such a claim without verifying it. First of all, the devices (and their firmware updates) ship without a copy of the GPL, any indication that GPL licensed software was used, no written offer and no source code.

But well, where the heck do I know from (and can prove) that they actually run Linux? I won't disclose the reason for my initial hints, since I don't want future vendors of future products to know how they can avoid me ;) But anyway, let's assume I was surprised to see a nmap fingerprint that indicates Linux on the box and now want to go further.

Looking at the firmware update images, they appear to be scrambled / encrypted somehow. At least there is no gzip/bzip2/LZMA/ext3/cramfs/romfs/... signature to be found in them. And even if the firmware updates contain Linux, this doesn't actually prove anything about the software pre-installed on the device.

The running device also doesn't offer any ports apart from the SMB-related ones and http(s). So we're stuck.

This is where I usually take the device apart, carefully analyze it's hardware and go looking for a serial port with my Oscilloscope probe. Unfortunately the PCB of the N2100 didn't seem to have one. It took me some time to figure out that the serial port connector (there's actually a standard 9pin header) is on the SATA backplane rather than on the CPU board ;)

Hooking up a serial console, you can see RedBoot wait for one second and then execute a boot script that loads initrd and kernel, finally executes it. Yay!. Too bad that the actual kernel seems to lack support for a serial console. So all you get is the 'Uncompressing Linux......................................................................................... done, booting the kernel.' line. Together with the firmware scrambling/crypto, this is definitely an attempt to hide the use of GPL licensed software and/or otherwise lock the user out of the device.

Unfortunately hex-dumping the whole memory contents from RedBoot via the serial port, and parsing it on the host side seemed like a rather clumsy - and otherwise unproductive approach to finding proof of GPL licensed software in the device.

Luckily, you can interrupt RedBoot and configure the network device, set up TFTP, cross-compile a kernel for the IOP 80219, and boot that. After some twisting of the .config, I got it to boot without any crashes, and even the RedBoot partition table is correctly recognized and parsed.

So now I'm running Linux on the device, great. But still I can't prove that the device actually ships GPL licensed software in an incompliant way. So all that is missing is a NFS-root capable installation of Debian-arm that we can boot into, and which we can use to read out the mtd partitions.

Oh, and yes. While I appreciate their love for the netfilter project and it's software: There's absolutely no place in a NAS box for having ip_conntrack linked statically into the kernel - unless you voluntarily want to loose performance. At least to my knowledge, performance of NAS devices counts. So, Thecus, in your own interest: disable ip_conntrack in the kernels you ship.

Samsung releases OneNAND drivers under GPL

Finally, there is a hardware vendor who actually releases GPL licensed drivers for embedded technology: Samsung. The subject matter is Samsungs OneNAND flash technology.

It's good to see such a move, and it is greatly appreciated. I hope we see more of those. Thanks, Samsung.

Buried alive in GPL violations

It's not funny anymore. The current rate at which new GPL violations get reported and/or discovered, especially from the appliance/embedded market is really alarming.

For example, I haven't yet seen a single Linux-based NAS product that was even remotely license compliant when first analyzing it. And I'm not only talking about the SoHo NAS boxes with one or two hard disk drives, but even about enterprise storage systems.

On the Enterprise end We're now also Seine carrier grade network equipment such as SONET/SDH switches, metropolitan area Ethernet, DSLAMS and the like.

Also, in some areas of business, competing companies seem to make the same mistake again, rather than learning from their competitor. Some time ago I had to resolve GPL issues with Maxtor Shared Storage drives, when they were first released. Now I found out that Western Digital has similar systems called NetCenter. Ordered one, and it came without GPL license text, written offer or source code.

Finally, there is one good example though. For a very long time, a product that I analyzed was actually GPL compliant. It's good to see that there are a few who get it right, from the beginning: The APC NetBotz family of products. The manual contains a reference to the source code, which can be obtained from ftp://ftp.netbotz.com/gpl/.

Anyway, I need a break (see my holiday related post). Hopefully I'll get back from that trip rested, with lots of energy and an extra portion of patience. This has become more of a burden than I ever thought.

The second and third quarter of this year definitely are the right time to think of a way to incorporate gpl-violations.org as an NGO/non-for-profit. One that can actually pay somebody hunting down those cases, doing the day-by-day work. I have a dream that in some point in the future I can once again concentrate on cool and interesting development, like most other hackers do.

Another unproductive day of GPL enforcement.

I'm feeling terrible. The second day in a row where I didn't find time to write a single line of code, merge any contributed patches, squash any bugzilla entry. Not even to speak of paid-for work.

While I used to spend about 30% of my time with GPL enforcement related work, it now peaks at about 70% for the last two weeks. This is not a good sign.

So apart from talking to lawyers, proof reading legal paperwork, negotiating with allegedly infringing companies and the like, I now also start having trouble doing test purchases. Not only refuse some retailers to take orders from me, but also if I actually place an order it raises new problems.

The last web store I ordered a test purchase from now asked me for a complete, readable copy of both sides of my ID card. WTF ?!? This is totally against any data protection laws. There is absolutely no requirement for them to know my passport photograph, id card number, size or eye colour. So as a follow-up I had to write an official complaint with the Berlin data protection agency - as if I didn't have any other work to do.

Also, for the last months, I find myself giving about EUR 10k in 0% interest loans to GPL infringing companies. That's the amount of money spent for test purchases that I had to do to confirm GPL violations but which hasn't yet been reimbursed.

About the only positive thing in the course of my work day was producing the Chaosradio Express issue on gpl-violations, which Tim and I did earlier this evening.

Oh, and the best thing that happened today in general, is that the German Federal Constitutional Court has invalidated a recent law that allowed the government to order the military to shoot a passenger plane which was abducted by terrorists. At least some people still have a sane view on human rights.

FSFE seems to like CardMan 4004 driver

As you can see from this post by Georg Greve and this one by Werner Koch, a number of high-profile FSFE guys really seem to like the cm4040 driver that I merged recently into Linux 2.6.x

Who would have expected that there apparently was a high demand for using smartcards with GnuPG on notebooks :)

More TI AR7 related GPL violations

Out of all the embedded network devices that had GPL issues, the Texas Instruments AR7 based devices probably have the worst GPL compliance history I've ever seen. The time has come to properly rant about this.

It's yet unclear whether this is TI's own fault, or just the fault of their OEM/ODM manufacturers. But I'm more than determined to find out.

Anyway, the list of problems with TI AR7 based devices is so incredibly long, that I don't even know where to start.

First of all, re-engineering their devices (for GPL compliance audits and legal action following up to such an audit) is incredibly difficult because they've added LZMA compression to both the kernel image (vmlinux) and squashfs.

Now what's so difficult about this? You might argue that the LZMA algorithm is (L)GPL licensed and publicly available. As is the original kernel source code, and the squashfs code. Also, you might know that numerous individuals have already released patches to add LZMA to kernel boot, initrd and squashfs.

However, there are various methods (with/without LZMA header, with/without p7zip header, etc.), and there simply is no standard on how to build a system from the algorithm.

Getting to the actual infringements. So far I've seen devices that

remove the "(C) Netfilter Core Team" message that is usually printed during boot-up
modify existing netfilter/iptables code, like add HTTP reply support to ipt_REJECT
add binary-only new netfilter/iptables targets, like ipt_PNAT
add new binary kernel modules that have "MODULE_LICENSE(GPL)" without providing source code

There are many other potential issues, on whose GPL compatibility (or lack thereof) I do not want to comment at this time, such as their binary only drivers for the DSL chipset, the WLAN driver.

Interestingly, all of the Vendors of TI AR7 based devices with whom I had contact on the GPL issues showed equally little interest into bringing their products into compliance. Now this could all just be a coincidence. But my personal guess is that they just forward whatever questionable policy they get from their upstream chipset and reference software development kit provider: TI.

You might wander about the device manufacturers in question? I'm still a bit hesitant in disclosing names. One of the first companies running into GPL trouble with TI AR7 was D-Link. Another company with anything but the cleanest GPL history on TI AR7 based devices is AVM, who produce the overly popular and widely branded FritzBox devices.

There is another brand that is sold in significant quantities, at least in the German market. We're on the brink of applying for the next gpl-violations.org preliminary injunction, so I won't be able to say any names.

[and now, after some five hours of gpl-violations related device re-engineering before getting up, I'll finally try to find some time go get some breakfast.]

Working on Bug 404

Isn't it a strange coincidence, that a reasonably non-trivial netfilter bug gets the bugzilla ID 404 ?

Well, before I try to build some conspiracy theories about somebody manipulating the bug id number sequence generation of our bugzilla installation, I'd rather concentrate on the real work.

Dave Remien is an excellent bug reporter, so as a maintainer you can actually not expect anything more than his detailed documentation (yes, I know, certificate has expired, too lazy and busy to update it right now, stay tuned). From an outside perspective, it appears like packets get 'stuck' in nfnetlink_queue. In reality, it seems like the kernel is doing everything fine, just the library eats some packets from time to time, meaning that they remain inside the kernel queue and increase it's length (and thus leak memory) one at a time.

The real cause has yet to be discovered, I'm confident that there will be some news tomorrow.

Austrian Health Card System now GPL compliant

It's already been at some point at the End of 2005, but now I finally got around writing a press release on this subject:

gpl-violations.org has enforced yet another high-profile (at least in the German speaking continental European world) case of a GPL violation. Instead of repeating myself, you might want to read this release or the German version.

My real problem is a lack of time, and it's more than a pity that gpl-violations.org didn't have a press release for nine months - even though those were full of successful enforcement work. I hereby promise to improve my public relations work.

Who offered me travel sponsorship for FISL7 on IRC?

Some time ago, probably in November 2005, somebody on IRC offered me travel sponsorship for FISL 7. Unfortunately I don't keep IRC logs, and neither do I remember who it was.

If you are the person I'm talking about, and you're reading this: Please contact me immediately. I'm about to take care of my travel preparations and need to know whether that sponsorship will actually happen or not.

Thanks a lot!

Quad Core G5 has arrived

Today my new Apple Quad-Core 2.5GHz G5 has arrived. Benjamin Herrenschmid's patches for multi-core Apple G5 boxes work like a charm. The only big issue is the thermal management. I looked into fan control / thermal management a bit, but unfortunately I don't have any time to work on this now, since I'm leaving for a one week tonight :(

You might ask yourself why a Linux kernel hacker buys a Quad Core G5 box at this time, now that Apple has started to sell Intel based boxes. However, this is exactly the reason. At this time, this might be almost the last possibility to get a four-way PPC64 SMP box that is available off-the-shelf.

If I want an x86 box, I wouldn't buy an Apple. The sole reason for having bought and used a number of Apple machines during the last six years was because they're mainstream PPC based hardware.

iptables-1.3.5 is out

I've released iptables-1.3.5 earlier today. This will probably mark the last 'new feature' release of the iptables-1.3.x branch.

I'm still working on the initial beta release of iptables-1.4.x, the userspace counter part to what is now known in kernel space as 'x_tables'. Stay tuned.

Papers accepted at FISL

Out of my four proposed papers at FISL 7.0, three have been accepted. To my big surprise, the paper on gpl-violations.org was turned down. I would rather have dropped one of the other papers than this one :(

Anyway, as indicated before on this blog, I'm more than happy to be able to visit Brazil again.

Family - Ties of Blood

Tonight I enjoyed the rare opportunity to watch a Bollywood movie in Berlin, almost at the same time the movie is released in India. We usually only get a hand full of Indian movies every year, to very small cinemas, and about one to two years after they ran in India.

I personally enjoyed the film quite a lot, even though the critics in India seem to be disappointed by it. But well, what do I care about those critics ;)

One advantage of watching Bollywood movies in Germany is that you don't need a ticket reservation, since very few people are interested in those movies anyway. Second, you can actually enjoy a film without some 20 to 30something minutes of advertisements and anti-screener propaganda.

First GPLv3 draft

As almost every reader of this journal will know, the first GPLv3 draft has been published, and everyone is invited to comment on it.

I obviously already left some comments, though I still want to write up a somewhat larger article on my thoughts on it. This journal entry is not that article ;)

In general, I'm quite relieved. I had somewhat mixed expectations - but almost everything looks quite fine, and there are hardly any issues. I obviously like the DRM countermeasures.

From a gpl enforcement point of view, it is very good to see that the "complete corresponding source code" has been specified in more detail. This should save us from the hassle of ever again starting the discussion (nit-picking) on whether "scripts to control compilation and installation" (GPLv2) really only means scripts, or whether it also covers other methods controlling compilation and installation.

What is a real problem, and I hope this can still be resolved, is the new "60 days" grace period that was introduced. With GPLv2, the right to distribute the software was automatically revoked in the case non-conformant distribution has happened. In the v3 draft, there is a grace period where the rights _may_ be terminated, and only 60 days after being notified by one of the copyright holders.

The intention of it is to take care of "inadvertent violation". As harmless and reasonable as this sounds, this change has the potential to render most of the current enforcement success of gpl-violations.org impossible in the future.

From all the 60+ cases that we've enforced, I cannot tell you one case where the defendant would not claim that the violation was inadvertent. So in reality, inadvertent basically means "we didn't care". However, the whole point of the gpl enforcement exercise is to raise awareness and make them care before it is too late.

The 60 days grace period is not acceptable. On the one hand, we (in Germany) basically loose the ability to apply for preliminary injunctions. PI's are only granted in case of urgency, which translates (depending on the court) to something like 30 days. So if I know for more than 30 days that somebody is infringing on my copyright (and don't get the matter resolved with him in that period of time), then I can't consider this matter as urgent.

The 60 days grace period is also not acceptable, because it would basically reduce the motivation to comply with the license in the first place. So for EvilCorp Inc. it is perfectly possible to design a product using GPL licensed software, not comply with the license, ship the product, wait for a copyright holder to send a notice, make sure that I ship all the remaining in-stock products that do not contain a written offer, GPL text and/or source code in the 60 remaining days, and then start behaving GPL compliant. If such behaviour has no consequences at all, why would anyone behave different in the first place?

iptables-1.4 branch opened

Since we now have the x_tables kernel side code in the upcoming 2.6.16 series, I'm working on getting iptables-1.4.x done to actually take advantage of the new kernel's abilities.

The main reason why people are interested in this, is to get matches like 'state' and 'conntrack' working for IPv6. Even though 2.6.15 has nf_conntrack and thus state tracking for IPv6, you cannot really use it from ip6tables yet.

The same goes for all native x_tables matches and targets. However, I think we'll also release a new version of iptables-1.3.x just with 'state' and 'conntrack' support, since it gives a more stable foundation for production users than a completely new 1.4.x branch with hundreds of kilobytes of patches.

Hard disks dying, IBM/Hitachi's packaging guidelines

Now the third hard disk died in the first three weeks of 2006. I hope this doesn't continue throughout the rest of the year. Luckily all important data is mirrored and backed up. Still it is a pity to loose some 200GB of the nice documentaries I recorded from arte using the Linux DVB stack and vdr.

It's been some time since I last RMA'd a IBM/Hitachi hard drive. They still have the same annoying packaging policies, where they only allow rubber foam packaging material and nothing else. Interestingly, all hard drives that I purchase new from one of Europes largest hardware distributros are _never_ packaged like Hitachi Global Storage wants to have them pacakged for RMA.

This means that even if you keep your original packaging, it won't help. Also, for more than five years, the HGST (formerly IBM) web site tells you that ordering packaging material that complies with their packaging instructions will be ``Coming soon''. I wonder what definition of 'soon' they have, considering that their IDE/SATA drives only have three years of warranty ;)

Also, I recently went through my collection of old retired hard drives, most of them too small (<60GB) to do anything useful these days. I found out, that almost all the IBM drives wouldn't spin anymore, even though they were perfectly working when they were taken offline. Since they are dead, I opened them, only to find out that the heads hadn't been parked at all.

For those who don't know: Heads are usually parked when a drive powers down. The idea of this is that you have a special 'rough' surface area where the heads can't stick to the platter (due to cohesion). When I saw my unparked broken drives, I remember reading an article some time ago that IBM allegedly had firmware bugs causing heads not to park accordingly... I would have updated the firmware, if there was any publicly available firmware updates.

Anyways, I still keep the broken drives, just in case I once hit a time where I don't know what else to do and want to learn more about 'contemporary hard drive signal processing'. Unlikely to happen, but you gotta keep your options ;)

userspace conntrack helper code compiles (yet untested)

Finally, both the kernel side (nfnetlink_helper) and the userspace side (libnetfilter_cthelper) code for userspace conntrack helper support is basically finished and compiles. I didn't yet dare to test it, and I'm rather heading off to bed now. Testing will be done tomorrow.

So how is this supposed to work? Well, basically a new nfnetlink subsystem exists, which can (on behalf of an userspace process) create dummy "nf_conntrack_helper" structures inside the kernel. Such a dummy structure has the usual properties (tuple, mask, timeout, etc.) but a dummy expectfn() which only calls NF_QUEUE() to send the packet to userspace. Userspace can then look at the packet, possibly modify it and re-inject it back into the kernel. Since helpers are now processed at a different netfilter hookfn() than the rest of the conntrack code, this actually works.

Now during the reception of such a packet in userspace, the process is likely going to want to create a new expectations. Expectations can already be created by means of libnetfilter_conntrack/nf_conntrack_netlink. However, in order to create the expectation, a number of things are needed. Mainly the tuple(s) of the master conntrack, but also other ancillary data such as ctinfo are sometimes desired. As long as we don't do NAT, the process could derive the tuple from the packet's IP[v6] header, and query nf_conntrack_netlink for the remaining details. However, this is inefficient since we'd add another kernel/userspace round-trip and the associated latency. So instead, I chose to extend nfnetlink_queue a bit, and allow it to have a new queue_mode (NFQ_MODE_PACKET_CT) in which there is a new nested attribute (NFQA_CT) which in turn contains the tuple, id and ctinfo.

Userspace now has all informations to create a new expectation. But wait, what do we do about expectfn()? We use the same magic as with helpfn(): Userspace tells the kernel to which nfnetlink_queue queue_id packets hitting the expectfn() should be sent. The 'minor' difficulty here is that expectfn() is called from the middle of the conntrack code (init_conntrack() actually), and when we get back from the queue (set_verdict or re-inject), then the netfilter hook code would continue at the next hookfn, skipping most of the conntrack code. But we can also return NF_REPEAT in order to call conntrack again. Since our expectation is already confirmed, expectfn() will not be called and it _SHOULD_ somehow just magically work, maybe with some tiny ugly hack here or there.

The NFQA_CT way is still far from being optimal, since we copy the same conntrack tuple for every packet of the control connection to userspace, no matter that this information never changes, and no matter that we actually only need it in those few cases where we want to raise an expectation. So the mid-term plan is to make userspace keep a small copy of selected conntrack state entries. This can be done by sending NEW and DELETE events for all conntracks that have a helper assigned. We could create a new multicast group specifically for this purpose, in order to keep the overhead and memory usage low. Userspace keeps a hash table indexed by ct->id. Packets sent via nfnetlink_queue will therefore only need a single 32bit ID attribute and not the full tuple(s).

Apart from userspace helper code, I've been working on getting some x_tables / nf_conntrack refcounting / dependency issues sorted out. Again another issue where having a couple of dozens of inter-dependant netfilter modules seems to become a major PITA. Sometimes I want to have back the simplicity of a truly monolithic kernel.

x_tables merged mainline

Linus has merged x_tables, even though I introduced some "doesn't build without IPv6 support" breakage that only somebody not into networking would ever detect (hey, would you build a kernel without ipv6?) ;)

Anyway, will try to be more cautious about these issues, as nobody wants to end up with a "your patches break the kernel tree" reputation.

Today marks the first discovery of a ulogd GPL violation

It's actually not really all that important, but today I found the first product that distributes my ulogd program in a GPL incompliant way.

To my biggest surprise, it's not a Firewall/Router/WLAN device, but rather a NAS. Still have to figure out where, how and why they use ulogd on it, but it's there (and no source code [offer]).

ulogd-2.00beta1 release

Finally, there is a first public beta version of ulogd 2.x

If you use (and like) ulogd-1.x, you should definitely have a look at the 2.x release. Apart from packet-based logging, ulogd-2.x now also support flow-based logging. This means that you can just run this daemon (and a recent 2.6.14/2.6.15 kernel) to log per-connection meta data into text files, syslog, mysql, postgresql, or sqlite3 databases. If you enabled per-connection packet/byte counters in your kernel config, you even get flow-based accounting.

If you're interested, check it out at netfilter.org/projects/ulogd.

Bug-reports welcome. Don't ask for too much documentation at this time, rather contribute some :)

x_tables, take 5. nfsim tested.

Today I've posted the (hopefully) final version of x_tables, the in-kernel generalization of {arp,ip,ip6}_tables to netfilter-devel.

After some nfsim hacking, I've been able to add x_tables support to nfsim and have been successfully running the full nfsim testsuite. The testsuite found a single bug (which has been fixed) but otherwise all tests are passed.

Seems like we're going to push x_tables as well as the nf_conntrack port of ctnetlink (nf_conntrack_netlink) for 2.6.16. Also, as I just noticed on kaber's blog, his IPsec patches have made it in time, too. Userspace conntrack helper support is definitely 2.6.17, though.

More drivers moving to the Devicescape stack

I'm happy to see that both the Broadcom and the Realtek driver developers have now ported their drivers to the recently GPL licensed Devicescape 802.11 stack for the Linux kernel. This IMHO shows that a lot of developers still make decisions based on technical merits, rather than on political ("it's not in mainline") fuzz.

Let's hope that there will be a quick transition of the in-kernel stack towards the Devicescape code, and let's hope that we'll see a full-featured HAL-less Atheros driver for it - and all my 802.11 Linux dreams will come true ;)

Holidays in India

For the third year Elisabeth and me have been planning to take holidays in India, unfortunately with no success so far.

But now it's fixed: We've booked our flight tickets for March 2006 just two days ago. We'll be starting in Bangalore, and do some travelling in Karnataka and Kerala.

So please don't expect me to get any productive work done during March this year...

Have to turn down invitation on GPLv3 conference

As you might know, the GNU GPL is currently under review and version 3 is underway. With regard to the GPLv3 process, the FSF will be holding a conference later this January to which I had the honour to be invited.

Since many people have already been wondering why I will not participate: It is not because of the conference or because of the FSF. My previous contacts with the FSF have been very forthcoming and productive, and I would very much like to share my GPL enforcement experience at the GPLv3 conference.

Unfortunately though, the conference will be held in the USA, a country to which I'm not going to travel anymore because I don't want to hand over (and leave) my biometric information (aka fingerprints) in a country that basically has non-existing data protection rights, esp. when it comes to government agencies and foreigners.

In addition to the biometrics issue, there are numerous dangers from the software patent and the DMCA front for people like me who indulge in quite a bit of reverse engineering. In the end, the US just don't sound like a place where I would feel comfortable and/or safe and/or secure in any way.

My best wishes to the GPLv3 conference, I hope they'll have a productive meeting for the future of free software.

22C3 is over

Two days ago, 22C3 was closed. This years incarnation of Europe's largest hacker conference can be seen as a full success. Some 3000 attendees, about 180 lectures, a 10Gigabit Internet Uplink and our own /16.

The video recordings have turned out fine. We've had working WMV live streams, and somewhat intermittently working MPEG2 and MPEG4 live streams, as well as working OGG and MP3 audio streams of all four lecture tracks.

For archival, we have MPEG2Video (5Mbit) as well as the original DV tapes, and a FLAC audio recocrding.

Looking at the tremendous amount of work that went into the A/V recordings, and the fact that I'm involved with the A/V team since seven years, I'm actually thinking about looking for some other area where I can get involved next year.

My two lectures (on OpenEZX and librfid/libmrtd) went fine, even though they both had very little preparation ;)

In the next couple of days I'll be cutting the fourth day of the video recording, and then slowly getting back into netfilter and OpenEZX related development. Oh yes, and I'll also promise more blog updates.

For some strange reason, my git tree seems to have become corrupted over the last two weeks, so I first need to sort this out before getting any reasonable work done.