I'll be speaking at WOS3

Wizards of OS is a conference on the future of the digital commons, to be held at Jun 10 to Jun 12 in Berlin, Germany.

I'll be participating on a panel on the future of copyright, where I'll present my recent success in enforcing the GNU General Public License.

WLAN Router project

I've started to work on a WLAN Router project based on the PC Engines WRAP.1C platform.

I decided to go for the wisp-dist LEAF branch, modified to work with uClibc and a 2.6.x kernel.

The major part, however, is adding the required WDS functionality to the madwifi driver.

But this definitely is a fun project to work on :)

The big move...

Well, it's been quiet on this weblog for quite some time. The reason is that about everything related to my move (within Berlin, Germany) became way more complicated.

As an example, it took two of the largest German Telcos (Telekom and Arcor) four days and five technicians to determine that they accidentally switched two wires in my basement - causing a total phone (ISDN) and DSL blackout.

Anyway, stuff is getting settled. I now have VLAN-tagged 1000base-TX Ethernet to the servers in my basement, most of the furniture is set up again, and I even have light in almost all rooms. There seems to be some further debugging on the electrical installations necessary in the living room, though.

If you sent me email during the last couple of weeks and didn't receive a reply so far: sorry. I'm totally overloaded :(

The never-ending story continues

I have just discovered three move violations. Legal proceedings are underway. It seems like this is a 'barrel without floor' (German proverb). The more publicity our legal proceedings get, the more new reports I receive.

Most of the newly-discovered violations are based on the TI Ar7 chipset, which seems to be quite new for WLAN devices like routers/ap's/bridges. The TI website even says that they ship Linux based development kits to their customers. Let's see if it's TI or their customers who withhold the respective source code.

On wednesday, there will be the court hearing on the Sitecom appeal against the preliminary injunction. I'll be at a conference at that time, so I won't be personally present. Of course we expect our injunction to persist.

We have a dog!

Since the cat of my fiance has disappeared, we decided to get ourselves a dog.

We went to the 'animal shelter' and got a 8-year German Shepard's dog mix. She's a bit smaller than a Shepard's dog, about 20kilos of weight. Photos of Lucy will follow later.

Phone Terror

I'm receiving such an incredible number of bogus calls at the moment (phone is ringing something like 10 times a day), that I'm very unlikely to answer the phone at all. In fact, I'm [again] inclined to stop having a phone at all, or to only run an answering machine with no recording capability and just an announcement to send emails.

I really, really hate phone calls. They're like interrupts, always put you out of the context you were working on. I much rather prefer asynchronous communication such as email, letters and fax. I can poll them when I think it is appropriate.

Court Hearing on Sitecom's appeal to the preliminary injunction

The court hearing is scheduled on Wednesday, 19 May 2004, at 11:25am, Room Number 501, Landgericht Muenchen I, Muenchen, Germany.

As of now I am not sure if I'll be able to attend. This is the last day of a three day conference I'm attending. I also don't expect the hearing to be very exciting, since no discussion about technical issues or about the GPL will take place.

Switches that claim to do VLAN but don't

Recently I discovered the Allnet ALL0478A 8 port gigabit ethernet switch, that apparently has support for configuration via serial console, trunking, mirroring and VLAN. At least that's what the specification claims.

Nice idea, I thought this would be ideal to save some more PCI slots in my server (why do computers always have such a little number of PCI slots?). I could just connect one [or two trunked] interfaces from the switch to the server, and then connect DSL modem, various internal LAN segments and the WLAN AP to other ports at the switch. The linux server would then provide different network devices for every VLAN tag I use

Nice thought, but it doesn't work. Apparently they advertise something like 'switch segmentation' as VLAN. However, this kind of fake VLAN has no relation with 802.1Q VLAN - and thus cannot send you packets including a VLAN header :(

Discussion on "How much Security can Freedom tolerate"

Yesterday evening I spend listening a discussion on that subject (organized by a member of parliament of the green party). Unfortunately the spokesperson for the conservative party didn't show up, and there was not too much discussion but consensus between the panel and the audience.

If you sent me snail mail during the last couple of days

Then it will most likely return. Some jerk removed the name sign from my mailbox, thus the postal service had to return all mail with "destination unreachable" :(

Please just re-transmit the respective letters... let's just hope that I didn't miss any important legal documents.

Sun recalls the V20z Opteron systems

Apparently the power supply is missing the German "VDE" certification and is thus not compliant with German standards for security of electrical devices. This means that I will have to send back the V20z systems I have *sigh*. Looks like this will keep me from having fun optimizing netfilter/iptables on AMD64 for some time.

Sitecom appeals to preliminary injunction

I just learned that Sitecom has filed a letter of appeal against the preliminary injunction. Apparently they argue that Sitecom Europe B.V. in the Netherlands is responsible, not their German subsidiary, Sitecom Deutschland GmbH.

This is so disappointing. What kind of business practise does this show? Oh yes, we use GPL licensed code in our products, and yes, we don't respect the license terms. And by the way, our German subsidiary is not responsible, it's the Dutch mother company.

I intend to use any legal means, including a lawsuit in the Netherlands, to get Sitecom to fully comply with the GPL.

Doing lots of benchmarks / tuning / profiling lately

During the last weeks I've been working on tuning/benchmarking/profiling the Sun V20z dual Opteron boxes for high-speed packet filtering purpose.

Some of my findings:

  • i386 kernels give you higher pps than x86_64 (because sk_buff is smaller)
  • e1000 are way faster than tg3 boards (could be hardware or driver issue)
  • Intel PRO/1000MT Quad e1000 boards suck (apparently problems with the onboard PCI-X bridge)
  • Connection Tracking performance is not that bad...
  • ip_tables performance sucks, even if the ruleset is empty ?!?
  • 2.4.x has slightly worse results than 2.6.x if you use IRQ affinity, but really sucks if you don't, since the kernel doesn't balance IRQ's by itself (and irqbalance daemon only balances every 10 seconds)
  • You can route up to 1Mpps at 64bytes packet size
  • ip_conntrack and iptable_filter at suck at least 300kpps, giving 700kpps as a result

Expect a more detailed report within the next weeks.

Incomplete Source Releases

Apparently some of the companies upon whom we've put legal pressure for GPL compliance still don't comply. That is sad, and we won't tolerate this behaviour. The sources need to contain the tool for creating the firmware image, and they need to compile ;)

Fujitsu-Siemens and Sitecom are still lacking the firmware build tool. We're threatening Fujitsu-Siemens with enforcing the contract penalty set forth in our out-of-court settlement. Sitecom is threatened with enforcing the penalty stated in the preliminary injunction.

I don't do this for fun, and I would feel much better if I hadn't to threaten anybody with anything. Apparently even under such threat, those companies find themselves unable to comply with the GPL. Why can't they just make everybody happy and release those missing pieces.... *sigh*

I've heard rumors that Belkin and Asus sources don't compile. As my time is very limited (esp. considered the large number of cases): Please report to me if you have problems with the respective source releases. I am very happy to act on your behalf. After all, I'm doing this mostly for you users. There aren't any valuable modifications in those firmware sources that I need to integrate... all I want to achieve is enabling the users/customers of those WLAN-AP's to be able to exert their GPL-granted right to modify the firmware and to run modified versions of the firmware.

Sun V20z is a Newisys 2100

I just discovered that the Sun V20z dual Opteron systems are actually developed and produced by Newisys.

Newisys apparently is a extremely pro-Linux company. Not just for marketing purpose, but they mean it. They release all drivers (IPMI, jnet, ...) under the GPL, even actively contribute them back to the free software community.

They're even looking into running LinuxBIOS on their boxes... While LinuxBIOS is actually an improvement, I'd rather like to see OpenFirmware. What is the point of putting Linux there? OpenFirmware provides you with whatever you need, even device-drivers written in forth / f-code. Well...

Public Press Release about the netfilter/iptables preliminary injunction

See the press release issued by the netfilter/iptables core team, the LWN.net article, the Slashdot article, the heise.de article, and the groklaw.net article.

Here's a transcribed version of the preliminary injunction, as issued by the munich court:

			Landgericht Muenchen I
			Lenbachplatz 7 80316 Muenchen

Az: 21 O 6123/04

			Einstweilige Verfuegung

In dem Rechtsstreit

Harald Welte, Xxxxxxxxxx. XX, XXXXX Berlin

- Antragsteller - 

Rechtsanwaelte Jaschinski Biere Brexl, Steinsdorfstr. 5,
80538 Muenchen
Gz.: 131/04


Sitecom Deutschland GmbH, vertreten durch den Geschaeftsfuehrer
Petter Hemmer, Haydstr. 2, 85354 Freising

- Antragsgegnerin -

wegen Unterlassung

erlaesst das Landgericht Muenchen I, 21. Zivilkammer am 2.4.2004

			Einstweilige Verfuegung

1. Der Antragsgegnerin wird bei Meidung
	- eines Ordnungsgeldes von EUR 5,- bis zu EUR 250.000,-,
	  an dessen Stelle im Falle der Uneinbringlichkeit eine
	  Ordnungshaft bis zu 6 Monaten tritt, oder 
	- einer Ordnungshaft bis zu 6 Monaten,
	zu vollziehen am Geschaeftsfuehrer
	fuer jeden einzelnen Fall der Zuwiderhandung gemaess
	$$ 935ff, 890 ZPO


	die Software "netfilter/iptables" zu verbreiten und/oder
	zu vervielfaeltigen und/oder oeffentlich zugaenglich zu
	machen, ohne entsprechend den Lizenzbedingungen der GNU
	General Public License, Version 2 (GPL) dabei zugleich
	auf die Lizenzierung unter der GPL hinzuweisen und den
	Lizenztext der GPL beizufuegen und den Sourcecode der Soft-
	ware "netfilter/iptables" lizenzgebuehrenfrei zugaenglich zu

2. Die Antragsgegnerin hat die Kosten des Verfahrens zu tra-

3. Der Streitwert wird auf 100.000,-- festgesetzt.

Kaess			Mueller			Rieger
Vors. Richter		Richter			Richter
am Landgericht		am Landgericht		am Landgericht

A new day starts... with new hardware issues

I woke up in the morning just to find out that my network is down. Why is it down? Because my all-in-one Linux Server has just died. Apparently it was the power supply, two exploded electrolytic capacitors strongly indicated such diagnosis.

Of course this has to happen on a public holiday. *sigh*. Oh yes, I used to have a spare power supply somewhere... somewhere in the boxes that I had already moved to my our new appartment.

Well, in the end it really only was that power supply, thank god.

CDK bug-fixing

One should think that console-based applications are common under Linux, as on any other *NIX-like OS. Furthermore, one would assume that there is at least one, if not a variety of curses-based widget toolkits available.

The largest such project seems to be CDK (Curses Development Kit), so I choose it for the GSPC software.

Apparently, CDK isn't used that frequently either - otherwise it would be impossible for me to find that many bugs, even without trying to do something wicked. Let's say you want to add an item to a scrolled list... and after adding about 8 items, the toolkit segfaults. It turns out the list items are dynamically allocated, but only reallocated if you replace all of them (as opposed to just adding a single one).

Or let's say you want the "END" key to work in such a scrolled list, independent if there are less, equal or more items than fitting in your viewport.

So Unix is supposed to be the text-oriented world, and still there are way more (and more stable) widget toolkits for X11 than there are for text mode. *sigh*

Sun V20z Opteron Systems arrive

I just received two neat Sun V20z dual Opteron 1U systems on Saturday. I'm preparing them for submitting an netfilter/iptables based commercial firewall product to participate in a multi-vendor benchmark.

I really like the AMD64 aka x86_64 aka Opteron architecture. For one part, AMD seems to have done about everything right. 8 more registers [optionally even in 32bit mode], transparent execution of 32bit and 64bit instructions. Not to forget the neat Hyper-transport interfaces, the built-in memory-controller, ...

But I've been working with an AMD64 system for almost a year by now.. so there's nothing that new about it. However, Sun takes this already brilliantly designed CPU and system architecture another step ahead.

If they would have contracted me as consultant to design a high-end server with all the features a power Linux sysadmin needs, I would have ended up with a very similar proposal.

Most importantly, nobody ever wants to have a monitor or keyboard attached to a Server. I wonder why vendors of server mainboards even bother to put a VGA chip or AGP slot on there. So the least you can expect from a decent machine is a real serial console - one that allows you to access CMOS Setup (erroneously referred to as BIOS) via the serial port.

The V20z is even better: Apart from your dual Opteron system, there is a whole separate independent second computer on the mainboard: The 'Service Processor'. This is actually an embedded MPC860 system with 64MB of RAM, running at 64MHz speed. And yes, it is running Linux 2.4.18 :). It has a separate 100-base-T Ethernet port, using which you can SSH into the SP.

Once logged into the SP, you can power cycle the Opteron System, monitor System Health, and access the Opteron Host system's serial console over LAN. This saves you from buying an extra serial terminal server, expensive serial boards and lots of extra serial wires. It even supports console logging on a NFS mount, including logfile rotation.

Everything is built using stock free software components. Linux, OpenSSH, conserver. You immediately feel at home. Oh, by the way: The SP is running ip_conntrack and ip_table by default :)

And yes, the box even includes a printed copy of the GPL (!) - however, no source code or any written offer included in the box :(