Heading back to Germany
So, after roughly two weeks of OpenMoko Taipei headquarters, I'm now heading
back to my Home+Office in Berlin. And I'm really looking forward to it. During
the last couple of months I've tried my best to help the transition from
OpenMoko a a project inside a FIC business unit to OpenMoko, Inc. the
independent company inside the FIC Group. I've helped with tons of things that
are definitely by no means related to kernel/bootloader development, or even
the hardware architectural planning that I've been heavily getting involved
starting with GTA02.
So now it is a good time to finally focus again on what my actual and original
task is: Software development. This can be done much better remotely, so I'll
expect to be able to work way more from Berlin. Which makes me happy, since it
always was and still is my favorite city. And I definitely missed it a lot
during the last year of intensive OpenMoko work. Now I'm on my way back, and
I'm looking forward to spending more time with my friends, the CCC Berlin. Being able to go to concerts and
clubs that play music I actually like. Being able to work on finally improving
(or rather: finishing) home improvement in my apartment, and many other things.
So don't get this wrong. I'm very much continuing my technical work for
OpenMoko, and as the first developer on this entire project and a OpenMoko core
team member, I'm always going to maintain an influential role in the project.
But finally, I can go home, feel better, work more focused and efficiently, and
improve the technical quality of our products even more :)
Since OpenMoko now actually has three full-time paid project members in Berlin,
It's also going to be nice to closer cooperate with them. (or co-work, like the Chinese English speaking would say)
Seeing netfilter/iptables boot-up messages in an airplane
I've read a couple of blog posts about the suspicion (or even confirmation)
that some of the in-flight entertainment systems are using Linux. It's
completely understandable that if you have to put 400+ such systems into a
plane, you'd rather use free software for the economics of licensing costs..
imagine 400+ windows licenses :)
Now in any case, during my Taipei-Singapore flight enroute my trip back from
OpenMoko headquarters to Berlin, I was amazed by the new big-screen
entertainment systems that Singapore airlines is apparently using in some of
their planes. This particular plane was a Boeing 777-300R. The screens are
not the usual 4" or similar, but actually something like 10" - and that in
economy class. Also, they're really high-res, and seem to be entirely
controlled digital, i.e. no blurry PAL/NTSC or VGA resolution, but actually
something on the order of (guessing) XGA.
The second unusual bit was the three connectors on the right hand side of the
screen. Ethernet (!), USB host and composite video-in. I've never seen
something similar in an airplane before.
Now unfortunately the system on my seat was stuck. I called the flight
attendant, who then issued a remote system reset. To much of my surprise, I
could soon see the BIOS boot screens of a VIA based embedded system.
Afterwards, it executed RedBoot, followed by a Linux kernel, to be followed
later by an X server (you could see the grey background pattern with the X
cursor for quite some time), and then some custom X11 applications.
As the RedBoot message suggests, the system was implemented by Panasonic Avionics.
The first thing worth mentioning was the incredibly slow boot progress. They
must be running those systems at low clock speed, and boot them over the
network, even though the rootfs was ext2. I didn't see the details
since I was too busy grabbing my camera to take this photograph.
The amazing thing about this system is that it has 512MB RAM per seat,
dissipates a dangerous amount of heat (you can feel it getting very
uncomfortably warm under that screen, where probably the entire system is
located, similar to a "tablet PC" form-factor). Still, it is very slow.
And then look at the details. Why on earth do you need a wifi stack and
netfilter/iptables, including ip_conntrack on such a system inside the
airplane? I severely doubt that they use packet filtering to prevent a hacker
to get from one seat to another - and thus connection tracking adds anything
aside a performance hit.
So what's it with those connectors? I couldn't get the Ethernet part. And for
whatever reason, I didn't have a patch cable in my carry-on luggage either.
Maybe the entertainment system might have been even more entertaining that
way, who knows :(
The USB connector is meant for a user-provided USB memory stick, where you can
then watch your own pictures, or use a word processor or spreadsheet to view /
create / edit documents. The software used for this is - unsurprisingly - a
customized version of StarWriter/StarCalc, based on OpenOffice.org. I've
played a bit around with it. Using the controller, you can actually resize the
window from full-screen to something smaller, but there's nothing interesting in
the background. I've tried to see if one can somehow change the print command
to "/bin/sh" and then print a document - but the printing functionality had
been removed altogether, so no luck here.
I decided to sleep for the rest of the flight, rather than trying different
attack vectors. If I run into such a system again, I'm probably quite tempted
to do so again. Would be fund to get an entire plane full of Linux hackers
(let's say: OLS attendees) and have them play around with it to see how well is
is done from a security point of view. I guess the worst-case scenario is
something like people connecting their USB hard drives (or laptops via
Ethernet) and then ripping the entire entertainment library during the duration
of a 12 hour intercontinental flight. I'd suppose they actually should have
looked a fair bit at the security of such a system. But then, the same is true
for many systems, and developers still neglect that aspect way too often.