Will I be able to visit Brazil again?

There are chances that I'll be able to make it to FISL 7.0, the 2006 incarnation of the Forum Internacional Software Livre.

This is not just any other conference visit. This is the possibility to visit Brazil for the first time after my departure from Conectiva in 2001. This means I'll be able to meet all those cool guys again (folive, lclaudio, matsuoka, epx, ... you know who you are). Only few of them are still at Conectiva, but to the best of my knowledge still somewhere in Curitiba or Porto Alegre ;) or Rio Grande do Sul

Anyway, I'd better organize my schedule in a way that permits me to spend some three weeks in Brasil next year :)

Basic Access Control working!

After some massive hacking session yesterday, BAC is now working. I can now establish an authenticated and encrypted session to my passport samples, and read data off them.

Still remaining on the TODO list is: Passive Authentication, Active Authentication and a nice GUI frontend.

I have lots of netfilter and OpenEZX work pending, so it's unlikely that I'll continue with libmrtd during the next couple of days.

My flight to Bangalore was scrapped.

Northwest Airlines has been heavily advertising their Seattle-Amsterdam-Bangalore flight, including special offers. And what do they do two days before starting that flight? They postpone it indefinitely.

This is certainly the right thing to do if you want to piss off new customers. There was only one reason for me to go for NWA: Because they have a direct flight to Bangalore, with no stopover in Mumbai or Delhi. Now that reason has vanished. And since there's now only four weeks before departure, there's even no chance I could get some other direct ticket for a decent price.

I'm yet waiting with my travel agent getting back to me. Apparently NWA first informs the press, and then slowly their customers at some later point.

Basic Access Control

It seems like even though the specification looks quite verbose upon first sight, there are many tiny pitfalls in implementing basic access control according to the TR-PKI 1.1 specification.

Padding is such an issue. You always pad for DES en/decryption, _but not_ if you are in the mutual authenticate command ;)

I now have the key derivation, authentication and setup of session keys working. Secure Messaging still has some problems with regard to the DES retail MAC. Let's hope I get this finished soon.

Bug reports after 2.6.14 is out.

I've already received three different serious bug reports about problems with netfilter/iptables in 2.6.14. This is frustrating, considering how long the 2.6.14 development cycle was. People should try new features of a new kernel _before_ there is a release. Afterwards it's too late.

Insurance against GPL violations

According to this zdnet.com article, there is now an insurance against legal risks from violating Free Software Licenses.

Strangely, that article claims the insurance is about "the risk of using open source software". This is misleading, since there is no risk involved in _using_ the software. There is, like with any other software, a risk when you violate the license.

One wonders when we'll get such an insurance for "the risks of using proprietary software [without obtaining a license]".

2.6.14 is out, 2.6.15 has opened.

This means that I've immediately pushed three netfilter related changesets, the biggest (307k unified diff, roughly 10k lines of code) was nf_conntrack.

Given the specific situation that David Miller is on holidays, and we have Arnaldo Carvalho de Melo maintaining the network stack meanwhile, Linus hasn't accepted that huge patch in the first round, since he lacked explanation why such a monster was required.

I hope my comments will convince him that nf_conntrack really is the way to go.... let's hope we'll have nf_conntrack mainline in one or two days.

I hope Yasuyuki (the main author behind nf_conntrack) will make a big party with his USAGI friends once that happens ;)

Adding S/M support to libmrtd

If you've now thought about something sexual, I have to disappoint you. At least this time I'm talking about ISO/IEC 7816-4 SM (secure messaging) ;) For those not familiar with cryptographic smart cards: SM is similar to what SSL/TLS do for TCP.

The code for re-formatting the 7816-4 APDU's into further levels of ASN.1, including padding rules, encrypting, authentication, ... has become quite complex. It's also not finished yet, and I already fear testing/debugging of that beast.

librfid gets native CCID support

To my surprise, Werner Koch (author of gnupg) has jumped into the 'librfid' project by contributing his USB CCID low-end driver to it. Using this driver, it should be possible to use librfid directly on the reader, instead of going via OpenCT. There's nothing wrong with OpenCT, as it is the only way to support contact-based and contactless operation at the same time. However, for development and testing, most people don't really need that feature.

Unfortunately it only works theoretically, must be some minor difference in device initialization that causes breakage.

linuxdevices reports on OpenEZX, quote from Motorola executive

linuxdevices.com reports about OpenEZX. In that report, it quotes Motorola's chief architect of mobile devices: Motorola had no immediate plans to support native Linux applications on its phones, in part due to carrier concerns about network health, security, and interoperability..

This is just not true. In fact, the A780 as it ships in Germany comes with a native GPS navigation and routing application called "CoPilot". Also, since the whole GSM stack runs on a different CPU than the Linux OS, there are no security/interoperability/network health concerns that I could think of.

Also, I have received reports that Motorola actually distributes a Linux SDK to selected third party vendors. Parts of those SDK's (the header files for the EZX libraries) have actually leaked, which support the position that there is a SDK.

In many ways, the EZX phones are a combination of a traditional Neptune-based Motorola GSM phone, plus a Linux-based PDA. Therefore, if any native Linux apps on the PDA half could influence the 'network health' in a negative way, then any other Neptune based phone could, too.

Big Brother Awards 2005

Today, the sixth "Oscar awards for data leeches" will be awarded. The BBA is a "negative award" or "anti award" for persons, organizations, companies, government agencies that disrespect civil liberties, data protection and privacy.

I've always been a big fan of those awards (which are now even awarded in a number of countries outside of Germany, too). They provide an excellent opportunity to publicly point at (and rant about) those who further restrict the [digital] freedom of individuals.

This year I'm going to be present at the ceremony for the first time.

ISO 19794-5 parser completed

The next milestone of the libmrtd project, a ISO/IEC 19794-5 parser. ISO/IEC 19794-5 is titled "Biometric Data Interchange Formats - Part 5: Face Image Data" and provides an international standard for facial images and related information (such as angle of the face, MPEG4 feature animation point, encoded information about medical glasses, eye patches, etc.).

Using this parser it is possible to extract all the image metadata plus the JPEG image itself from DataGroup2 of an ePassport. I've tested it with two passport samples from different vendors, and it works fine.

The next milestone are cryptographic routines for checking the document signature (Passive Authentication) and Active Authentication. Also, Basic Access Control needs a lot of testing.

The modularity of iptables - or "ipt_SYSRQ"

One of the best early design choices of iptables was its support for plugin matches and plugin targets. Over the last five years, we have seen some 100 of such user-developed special-purpose plugins.

One that I find particularly funny is ipt_SYSRQ, a target module that allows you to issue the "magic sysreq" command via a network packet. This way you can sync, unmount and reboot a otherwise stuck machine that still responds to interrupts.

Obviously quite dangerous, but the author includes a time stamp and a cryptographic signature, so replay attacks can only occur in a very small time frame.

It's definitely a cool hack, although I'm not sure whether I'd want to put this on a production system or not.

FOSS.in/2005: Linux Bangalore outgrowing itself!

Today, FOSS.in (the event formerly known as Linux Bangalore) has released their first list of confirmed international speakers.

I could hardly believe my eyes, it is truly amazing. Is this the event that I've been to in 2003, as one of the only two non-Indian (and non-Indian origin) speakers?

Now they have a line-up including Jonathan Corbet, Brian Behlendorf, Jeremy Zawodny - and last but not least Alan Cox!

Please don't misunderstand me, there is no 'quality ranking' of conferences based on their number of foreign speakers. But this at least proves that FOSS.in has become an equal event in the line of Linux Kongress, UKUUG or even OLS.

As of now, the number of Indian Free Software developers, maintainers or even project leaders is still very small. This especially holds true when you consider the size of the Indian IT industry today...

So getting together the FOSS enthusiasts in India, and the international "FOSS veterans" should create a very creative environment and provide an excellent opportunity for lots of people to get motivated, to get involved, to write code, to join the Free Software community.

Public launch of the OpenMRTD.org project

Readers of this blog will already know it since quite some time: I've been working on a RFID stack, a library for accessing electronic (biometric) passports, as well as a matching frontend application.

anyway, since librfid now has stable support for ISO14443A and B (both used for ePassports), and libmrtd now successfully parses EF.COM, EF.DG1 and EF.DG2, I think it was about time to do a public announcement and a homepage for OpenMRTD.org.

Brian about a possible GPL violation

In his blog, Brian points out that the Barracuda Spam Firewall 300 seems to be violating the GPL.

It's not yet clear what kind of software they actually include, but if a customer (who has received a binary copy of the GPL licensed Linux kernel) calls them up and explicitly asks for the source and then gets fishy answers like those pointed out in Brian's blog, then there's certainly something wrong.

OpenEZX wiki was launched

Thanks to my friends at maintech, The OpenEZX project now has a Wiki.

I've only added some very basic information, but I hope that developers and users especially from motorolafans will contribute soon.

One of the important things we need soon is a project logo, for both the website and the wiki. Volunteers welcome :)

librfid now deals with Mifare Classic

After having finished Mifare ultralight support (and being able to read out a champions league ticket from last year), I've now implemented Mifare Classic support (i.e. Mifare 1k/4k) for librfid. Authentication and reading seems to work, I haven't looked into write/inc/dec support yet.

It seems like librfid is doing quite fine at the moment, I'll continue working on the ePassport related libmrtd tomorrow. So I hope there will be another interesting announcement tomorrow ;)

Linux wireless drivers

I've been in contact with Imre from openwrt.org for quite some time, especially since he's now actively maintaining a lot of stuff on the ftp.gpl-devices.org ftp server.

Today I had a look at the current status of OpenWRT, and I was delighted to see that there is a lot of progress. Apart from the 2.4.x kernels with proprietary WLAN drivers for Broadcom platforms (like the wrt54g), they now work on supporting TI AR7 based systems and also on soekris hardware.

What is even more interesting are

  • The bcm43xx driver project, aiming at at free software Broadcom wireless driver
  • The bcm-specs project, trying to write specifications for the Broadcom wireless chipsets

I really hope that those projects will receive all the support they need, and at some point in the future we'll have excellent free software support for all those devices. If only the vendors were more cooperative from the beginning...

My GPG/PGP key did not expire!

I receive many emails indicating that my GPG/PGP key has expired.

This is not true, about a year ago I altered its validity to extend beyond the original expiry date at some point on October 2005. I chose this way since it was possible (rather than creaging a completely new key).

Please re-downlaod the key from your favourite keyserver. If the problem persists, please tell me which keysever still gives you a key with an expiry date, so I can fix it by re-sending my current key to that keyserver.

Thanks for your cooperation.

Installing a Request-Tracker for gpl-violations.org

Since a number of issues were already lost on the legal@lists.gpl-violations.org list, and there's now actually more people getting involved in the project (mainly Armijn), I've installed Request Tracker for the project.

Anyone who has new gpl violations to report, please contact license-violation@gpl-violations.org instead of the new mailing list.

Please do not report any old cases (that have been posted to the list) to the request tracker, I've already added all those old cases as tickets to the new system.

Massive Response to OpenEZX announcement

When I launched the OpenEZX page two days ago, I didn't expect such a massive (press) response to it.

All I did was to write a small announcement to my weblog, and it was picked up by a lot of press, such as lwn.net and golem.de.

Looks like this blog is read by a lot of people, and there's nothing I can't post here that doesn't get immediately distributed to a lot of places. Amazing ;)

Also, I've even received multiple requests for EZX-based consulting. Apparently there are companies who're interested in a 'fully programmable GSM phone'.

On a side-note, even Bruce Perens has now bought an A780 since he thinks it's "fun to hack". David Miller is pondering to buy one after his holidays in Korea... Let's only hope that they will actually find some time to get work on the EZX phone done. It's vital to have some basic running code ASAP in order to get more people to hack on stuff like the user interface.

After two days of full-time EZX kernel hacking, I now have a compiling 2.6.14-rc4 based kernel that has already half of the EZX-specific drivers merged.

I didn't really test to flash that kernel to a phone yet, mostly because I currently don't have an original E680 firmware that I could flash into the device if anything goes wrong. Also, before trying ti flash the kernel, I'd preferably like to have JTAG running. I'll publish my kernel tree as soon as I have confirmed it actually boots on the device.

Unfortunately I also have real work to do, and today is a full-time gpl-violations.org day, the weekend will probably be spent with some more librfid hacking. Stay tuned for some more OpenEZX news next week.

There are other (more advanced) Linux Phone projects

Since I'm getting that much coverage, I want to redirect some of that in the direction of the already-existing (and way more advanced, as of now) Linux phone projects.

There are multiple mobile phone projects at handhelds.org, esp. for the iPAQ H6315 and the HTC BlueAngel.

I didn't know about any of these projects so far, but I'll certainly look at their codebase and see whether any of the high-level (user interface) code could be re-used. But let me finish the low-level driver/operating system part first :)