Harald Welte's blog

gpl-violations.org report in Financial Times Deutschland

The German business newspaper Financial Times Deutschland has published an article about my GPL enforcement work. To the best of my knowledge, it is the first such article in a general newspaper. All previous coverage was in publications or magazines tailored to the IT industry.

However, the content is of very low quality, and the actual facts are wrong in a number of cases. First of all, why go to a personal level and describe myself as having a 'Harry Potter hairstyle', and then calling me "a mixture between bill gates and a heavy-metal fan". I hereby deny any similarity with Bill Gates. I had my hair style like this even in the nineties (before growing it long around 1997-2000 and then cutting it again in 2001). And I listen to a lot of weird music, though heavy metal is generally not on my playlist. Anyway, what is the point of all of that? How does this help people to evaluate the risk of GPL violations?

Further down, the article has claims like "the driver software of the router also contained some lines of code that were originally written by Welte". First of all, it is the firmware, not the driver. Secondly, it is more than a couple of lines (since a couple of lines would probably not constitute a copyrightable work).

The article also explicitly states that I am not fighting for money, but "out of principle". Despite that, it also claims "The first couple of companies are shivering expecting the destruction of their book value". That's illogical.

Furthermore, there are claims that I have focused on companies that only used small amount of open source. To the contrary: The majority of the products that I've enforced so far contain 75% or more open source software. Only small portions were added by the respective vendors.

To the contrary, there was a recent article in the Berliner Morgenpost paper one of the CCC Leaders which was really well-researched and of high quality. Even that one gets some minor facts wrong, but still portrays a realistic picture.

1654 THE CAVE

Today I found out about this years schedule for 1654 THE CAVE.
Today it will happen.
And I'm even going to be in the right part of Germany.

The best coincidence of this year.

Small update on my VIA related work

I know there are many curious readers about what is happening at VIA with regard to Free Software. There are many things that I cannot talk about, but I can still state how excited I am by my new role, and how many (some big, some mall) steps I have managed to make during the short time that I'm working with VIA now.

The last week was mainly talking to various FOSS developers that have written or are maintaining existing Linux drivers for VIA hardware, like Ethernet, I2C, SATA/RAID, AGP, DRM/DRI and others. I have been able to provide hardware reference manuals that some of them have been trying to get their hands on for a long time (even willing to sing and NDA). VIA has also starting to offer reference hardware to selected Linux developers.

I'll be back to Taipei in roughly three weeks (August 21st) and am looking forward to the many interactions with Product Managers and Developers. Meanwhile, I'll continue to have conf calls at weird times and sending tons of emails back and forth, trying to establish the right contacts, getting the right people to talk to each other, etc.

So far I have resisted the temptation to touch a lot of the code. But I think I will not be able to resist very long ;) Right now I just don't want to step onto anyones toes (and/or duplicate work), no matter whether in the community or inside VIA.

OLS 2008 is over

Yesterday was the last day of OLS 2008. In fact, the last day of OLS in general, since from next year on, it will no longer be in Ottawa, but Montreal.

2008 marked the 10-year anniversary for OLS. Impressive. I have missed at least the first one (1999). I'm not sure if I started with the 2000 or the 2001 incarnation. Most likely 2000, since that was about the time I got heavily involved with netfilter.

I had the honor to be mentioned in the 10-year-anniversary talk in a reference to my fashion style (wearing skirts/kilts at earlier OLS's). If I only had known, I might have brought and worn it again ;)

As for the conference itself: I don't want to follow all the various people who have been voicing their discontempt with recent incarnations of OLS. Sure, due to the advent of the kernel summit, the UKUUG linux developer conference, linux.conf.au, the Linux plumbers conference and other events there now is more 'competition' to attract the Linux celebrities. However, most people should not be attending a conference like it was some kind of fan club. There are still quite many people at OLS who actually _do_ a lot of die-hard Linux development work. And those poeple have interesting things to say, and it's interesting to share ideas with them. OLS is pretty much a conference where mainline developers can talk to other mainline developers. It's not an event directed at users, and not an event directed at non-participatory 'consumers' of Linux like many commercial embedded vendors.

So after all, I have to say that the conference was a success and I'd be happy to attend it's future incarnations. Hopefully with my own paper and presentation.

There is one thing, though, that upset me a lot: At the closing ceremony, there was something like a lottery for a handful of Linux-based devices. Among those devices was the Motorola ROKR2 V8. For those of you who don't know: This is a device where the vendor chose to remove your freedom to 'run modified versions of the program'. It will not boot any non-signed bootloader, kernel or executables. And the user is locked out of his own device by means of SELinux. I think it is a grave insult to the Linxu developer community that something like that was chosen by both organizers and sponsors.

Receiving the 2008 Open Source Award

According to reports here and here I had the honor of being the recipient of one of the the 2008 Google+O'Reilly Open Source Awards entitled Defender of Rights", presented by Google and O'Reilly.

I'm obviously very happy to see that my work has been recognized this way. Following the FSF Award in March, this is definitely a big honor. Did anyone else receive both awards in the same year so far? ;)

Thanks to the committee for the trust they put in my work. I'd also like to use this opportunity to thank again my lawyer Dr. Till Jaeger and his law firm JBB, as well as Armijn Hemel, who has been running the day-to-day gpl-violations.org operations for quite some time now.

Becoming VIA Open Source Liaison

Today, VIA made public what I've already been doing behind the scenes for some time: I've been contracted and appointed to be VIA's Open Source Liaison. As first part of the process, they've released the Padlock programming guide and the CX700/VX700 integrated north+southbridge manuals on linux.via.com.tw.

This basically means that I'll be helping VIA with improving their strategy for Open Source support, such as Open Source driver support, merging those drivers into the respective mainline projects as well as working on publicly available reference documentation for their hardware.

This is an incredible chance to contribute my part to help a major manufacturer of CPU, Chipset, Ethernet, WiFi, Card Reader and PC Graphics components understand what it takes to interact properly with the Free Software community. This is a big learning experience for VIA, and a teaching experience on my part, of course. I feel very happy to be able to work in such a key position, and to be able to put all my knowledge about Linux driver development, the development process, the FOSS community values/ethics/practises as well as licensing related knowledge at work.

VIA is truly interested to learn, and they're already doing a lot internally which you might not have been aware about. I am well aware of many of the historic problems between VIA and the community, related to binary only drivers, not cooperating with mainline development, suboptimal press announcements with little action, etc.

I'm very confident that together we can move beyond this and take a fresh start for much better FOSS support of VIA products. Of course the change will not come overnight. It's a process, and it involves many groups in a large company, each group with their own management, R&D and so on. So please bear with us, and don't expect all drivers to be finished in mainline quality tomorrow.

If you are a Free Software developer and you have some comment/feedback/demand to via, please feel free to contact me (preferably at HaraldWelte@viatech.com. I will try my best to follow-up with all those comments. If you are missing some piece of documentation for hardware or have some other issue, please let me know. I do care, and I will take up the issue with VIA's management.

Arrived in Canada for OLS again

I've just arrived in Canada for Ottawa Linux Symposium 2008. After my last visit to OLS in 2005, there were two years of intensive work that prevented me from attending the event. Last year I actually had to cancel an already accepted paper submission :(

In Year 01 post OpenMoko, I have time to visit OLS again. Unfortunately no company to pay for my travel expenses this time, but well, what can you do. Due to scheduling issues with a family celebration, I didn't know until very recently that I would be able to make it this year. Thus I happily forwarded the invitation to talk about OpenMoko to Werner. I was surprised that it's now actually one of the keynotes. Looking forward to it :)

There have been many rumors that OLS is not like what it used to be. Maybe I'm now in a good position to make up my mind about it, since I've missed two years and will be able to directly compare my memories from before with the current event.

Judge determines NXP has no right to prevent researchers from publicizing about MIFARE insecurity

As reported here and here, NXP has apparently not been able to convince a Judge that the researchers at the University of Nijmegen should be restrained from publicizing about weaknesses in their MIFARE RFID products.

This is really good news. And it came so quick! Sometimes, I can still believe that there is some good left in this world. Almost too good to be true.

NXP sues security researchers studying Mifare classic

In the last couple of days multiple reports stated that NXP has filed a lawsuit against security researchers from a Dutch university who were looking at security flaws of their proprietary MIFARE Classic products.

This is so ridiculous. I'm surprised that this still happens! We live in the 21st century, and IT security has become a well-established field within computer science. Furthermore, systems based on security by obscurity should be long gone.

So we have a company that in 1994 first ships a allegedly secure RFID technology. They developed a proprietary algorithm that did not receive public peer review in the cryptographic community, and used weak random number generation as well as made some mistakes in the protocol/system design. They ship this even back then questionable product without any fix/update for 14 years, irrespective the advances in technology and cryptographic research. During all that time, NXP marketing material claimed the product was fit for 'high security applications'.

Any reasonably skilled person in IT security could determine that the public statements "proprietary cipher" and "48 bit key length" did certainly not sound like high security at all. Thus, it's not surprising that in the last two years, some people, mostly friends of mine, started to look closer at what MIFARE classic is and what it does.

They should be honored and rewarded for their public service in demonstrating the irresponsible behavior of mostly NXP's customers (system integrators) and NXP itself. And exactly those companies are the ones that should be sued for continuing to milk a known-insecure cash cow for more than a decade.

I'd be more than happy to see somebody actually standing on their feet and demanding damages from those vendors. Imagine a small system integrator for a vertical market who wants to look for a secure/safe electronic wallet system and believes in the vendor promises. Now he gets defrauded because some criminal energy - not the ethical researchers at universities - exploit some weakness.

The only reason why large technology companies rarely get sued over the massive security problems they cause in their proprietary products is the fact that almost nobody (even the system integrators and developers) really understand that very technology enough. I sincerely hope that this changes at some point, and we see all those lame promises about alleged (but completely unverified) security go away.

If people would just use publicly disclosed, well-known, well-studied and well-analyzed cryptographic algorithms and implementations thereof, this world would be a much more secure place.

A trip to Fulong beach in the northeast of Taiwan

On Saturday I went to Fulong beach. Believe it or not, my first bathing-at-a-beach trip in Taiwan, despite the long time that I spent on this tropical island.

The venue of the beach is really nice (photos will follow later). The water temperature of the pacific ocean felt surprisingly cold to me - but keep in mind that I'm still spoiled by the 28 centigrade warm Atlantic ocean in Pernambuco/Brazil ;)

However, it wouldn't have been a Taiwanese experience if there weren't some strange observations. First of all, I obviously appreciate that there are a number of life guards. But then I found out that they had a rope in the water, which you were not supposed to pass. The problem with that rope, though: It was at a water depth of about 1 meter to 1.10 meter!

So imagine a huge beach, of which there is a small portion separated by this rope floating on the water, and all the people are crammed into the small confinements between the actual waterline and that rope. The sea was incredibly calm, I could not even detect the remotest hint of any underwater currents, the slope of the ground is _very_ flat, but you can't actually get into the water to swim.

The other peculiarity was that the beach closes at 5.30pm. WTF? Especially during those incredibly hot days, why not just stay in the water into the evening or even at night?

So as a summary, I have to say, Brazilian beaches rule in comparison! Nobody to tell you that you cannot go into water deeper 1.10 meters, beaches are always open (there are no private beaches, they're all public), and most part of the day you will get served beverages, alcoholic drinks and fresh food.

So this trip to Fulong beach was certainly an experience I wouldn't want to miss. But not one that I'm likely wanting to repeat again. I now know what it's like :)

Submitting pcc_acpi for mainline inclusion

The last couple of days I've once again updated my kernel to current linux-2.6.git and I had to do the manual merge of the apparently abandoned original out-of-tree pcc_acpi.ko driver in order to get brightness control of the LCM on my Panasonic CF-R5 laptop.

I've tried to contact the original author multiple times during the recent years asking about his mainline inclusion plans, with no response so far. So this time finally I decided to submit the driver even without explicit wish by the original author. It was already GPL licensed, so no problems here.

However, the driver didn't yet support the backlight class device API, neither did it support user-configurable keymaps on the input device for the hotkeys. It furthermore added tons of new files to /proc with all the ugliness of writable proc files, and it didn't conform to the coding style at all.

Matthew Garrett was extremely helpful with his fast review, and I have just sent the 0.94 version to linux-acpi, hopefully the last one before kernel inclusion. I should have done this a long time ago, but it just didn't feel right to go ahead without the original author's opinion. However, the driver now doesn't really look like the old driver anymore, very little code left. So I feel like I have more moral right to go ahead with it now...

Of course I've only tested it on the CF-R5. Anyone with different Let's note models and versions: Please feel welcome to test it and send bug and success reports.

Electrical installations in Taiwan

I haven't noted this here yet, but I'm in Taiwan again since two weeks ago. I also have two more weeks of Taiwan ahead, since I decided to stay a full month and go to a Chinese language school. Now don't expect too much, this is basically just to find out whether I really want to seriously learn about the language or not. Four weeks will not get me anywhere, at least not beyond pronunciation drills and very basic sentences + vocabulary.

Anyway let's get to the subject of my posting: During the last couple of days I actually spent a significant amount of time trying to find something that to me is the most normal thing: A 60W 220V light bulb with an E14 socket. But that would apparently only be normal in Europe. Here in Taiwan, the voltage typically is 110V at 60Hz, with US-style power sockets. Basically just like the US or Japan.

However, for some really strange and unknown reason, the particular apartment has both 3 phase 110V and 3 phase 220V. The power sockets are all 110V, whereas the fixed ceiling lights are all 220V.

So apparently sometimes people have 220V lights here, and you can get a limited selection of usual bulbs in 220V type, even though 90% of the light bulbs in the store would be 110V.

I've been to Carrefour, B&Q and Tsan-Kuen (all large super-stores in NeiHu). 220V was really rare, and neither of them had any E14 bulbs (independent of shape) for 220V. So after a lot of wasted time, I then decided that I'm just going to replace the entire lamp socket with an E27 type in order to accommodate a different lamp. My other option would have been to add another E14 socket in series and then use two 110V bulbs attached to 220V mains.

Now the really big question is: Why would anyone have the lighting at 220V whereas the power outlets are running1 at 110? This means you need separate infrastructure, separate lines, transformers, metering devices, circuit breakers, etc. And three simply is no point. I could understand 3-phase 220 is better than 3-phase 110 in case you want to use extremely high-power consumers.

DVB-T transmit in pure PC software

I recently discovered this paper about Soft-DVB, a full PC-software DVB-T transmitter, it apparently is now possible on a 1.8GHz Celeron M based system to do a full software encode/modulation of a MPEG2 transport stream onto a DVB-T compliant carrier that can be received by off-the-shelf consumer DVB-T receivers. And all this on Linux, using gnuradio and the USRP.

This is really great news, and an incredible achievement by the authors of the software, particularly Vincenzo Pellegrini.

There is one (at this time still) moot point, though: The code has not been released yet. It has been demoed at SDR related conferences, so it really exists. Vincenzo has announced on the gnuradio-discuss mailinglist that eventually it will be public - without stating some kind of date, though.

I suppose he probably has to wait until his master thesis has been finalized and approved. That should be in the order of months, not years...

Nokia, FOSS, SIM Locks, DRM and the universe + Motorola's failure

As Bruce Perens points out at this blog entry, it is very much possible to design a product, particularly an embedded Linux device such as a mobile handset with all the usual bits and pieces (DRM for mobile media content, SIM locks, etc.) while preserving the freedom of Free Software.

I'm really pissed off by the kind of FUD that big vendors try to spread about it. There are so many claims that the user has to be locked down, that he cannot be allowed to modify/replace the Linux kernel or other bits of the software stack, etc.

I can only agree full-heartedly with Bruce's article. Such claims are all bullshit. I've worked for a long enough time with Free Software, the Licenses involved, the legal framework of those licenses (Copyright Law), the Hardware Industry, lately even a mobile handset manufacturer. I've seen the software and hardware architecture of a number of phones myself by reverse engineering. Never have I found any reason why the bright-line philosophy (see Bruce's article) should not result in a perfectly working, all-interests-satisfied solution.

Let me use this opportunity to point out my disappointment at the failure of Motorola to solve this problem properly. Instead of designing their MotoMAGX family of handsets in a way that preserves the freedom of the Free Software [community, users] and protects their valid business interests, they chose to go the easy shortcut of walking borderline on what they think the GPL permits them: They use cryptographically signed kernel images, a bootloader that only accepts binaries signed by them, plus a kernel that only accepts signed modules, plus a SELinux locked-down userspace that is very restrictive on what userspace programs can still do.

This would all be nice and good _if_ they were to provide the user with a way to either sign his own kernel images with their key, or (better) to store his own signature in the bootloader. So the hardware would accept Motorola-signed kernels and kernels signed by the user (actual owner!) of the device.

The further proprietary bits of the software stack required for DRM protection can simply refuse to operate if not run under a Motorola-signed kernel. Especially with TPM's and similar technologies becoming more widespread in the mobile world, there is a very straight-forward solution to this problem. The bootloader can store the hash of the kernel image in some TPM protected register, and the proprietary DRM system can refuse to operate if the hash is not the original one.

With regard to SIM-Lock, Operator-Lock and all the other locks: As Bruce points out, those are restrictions of the GSM/3G modem. All implemented in the firmware of this device. It doesn't matter if you run Windows Mobile, Symbian, Motorola's own locked-down Linux kernel or a custom user-built Linux kernel on the application processor. The various GSM/3G related locks are never implemented on that processor, but on the baseband side.

I hereby challenge the mobile industry to come up with hard, technical fact about what particular problem they have in designing open, FOSS-compatible devices, where every user can modify and/or replace the FOSS programs, while ensuring the integrity of their DRM, IPR, SIM lock and other business model related technologies. I will sit down and look at any such issue brought forward and I'm extremely confident that for all of such problems there's a straight-forward technical solution (bright-line in Bruce's terminology) which will not require the proprietary or FOSS side to make any sort of moot compromise.

If not only for the reason of legal safety and security, such solutions should always preferred to going borderline with FOSS licenses or against the FOSS developers and users community!

Persistent Google recruiters suck

I think I've read this before by one or the other Linux/FOSS developers blog: Googles persistent recruitment sucks. At least I've spoken with a number of well-known developers in the community, and they all have been contacted before.

What makes the situation even more difficult is that there are apparently different recruitment teams, so sometimes they want to hire you in Australia, sometimes somewhere else. I've heard rumors that they now have a company-wide blacklist, and I've asked a number of times to not receive further recruitment mail, so I should be on that list by now.

The worst message arrived today. The particular recruiter actually _knew_ that the same department had last contacted me six months ago, and that I was completely not interested. But she was hoping that by now my mind or my job situation had changed, and that she would want to talk to me about employment options at Google.

I'm now really running out of options. I've tried to state it politely a number of times over many years that I am not interested and do not want to receive further emails. As if this wouldn't occur to me automatically, given their omnipresence in the Internet world, and their numerous previous recruitment mails, even in the case I actually was seeking employment now.

I guess I will have to try to be rude now, maybe then they think my personality wouldn't fit the company spirit. I don't know.

Just let me say that this kind of aggressive recruiting is in itself alone reason enough for me to not want to work for this company :(

Last minute: Presenting at LinuxTag

As apparently there was a last-minute drop-out in the Security track of LinuxTag 2008, I have been invited to present. It is great that I could convince them to do a talk about my current favorite subject: Enabling more security research in communications protocols outside the TCP/IP/Ethernet based Internet.

I don't want to spoil it by providing too much information upfront. I'm sure there will be recordings available afterwards. For now, you can get the main points from the abstract

Bought another motorbike: Yamaha FZ6 Fazer

During the last week or so, I spent a lot of time test riding a number of various motorbikes. Both real sports / supersports bikes, as well as 'sportive touring bikes'. I wasn't really sure if I should go for a true/real sports bike like the Suzuki GSX-R (750/1000) or start with something less 'extreme' first. One thing I learned, though, is if I went for a sports/supersports bike, I'd definitely have to keep my BMW F650ST around. Those racing bikes are just not useful for casual riding in city traffic. But I want both, fun at the motorway, as well as a useful bike for local travel inside Berlin.

Then I got a really irresistible offer for a two-year-old FZ6 Fazer (with ABS), and I had to buy it. So for now, it is this. It's probably reasonable to first go from the familiar 48bhp to 98bhp before reaching to the 160bhp range of the Suzuki GSX-R. So in the end, I can even claim that I'm being rational and reasonable here, going "only" to an (already-ridiculous) amount of power, than a beyond-ridiculous amount ;)

And please don't worry too much. I'm not suicidal, and I've been riding quite safely for more than 11 years now ;) This is not going to change!

Chaosradio on Software Defined Radio

I've had the pleasure of being invited to Chaosradio Express maker Tim Pritlove to talk about Software Defined Radio in general, and gnuradio plus USRP specifically. You can listen to the resulting 2+ hours of podcast (in German).

It's been a great experience, and I have a good feeling that it was possible for us to explain this fairly detailed subject to our already at least moderately technical audience.

SDR is really hard since it combines aspects of traditional radio, i.e. physics of electric waves, electrical engineering both analog and digital, digital signal processing and software. The biggest part is really advanced mathematics, and at least from all the subjects that I've seen, it's probably the most direct and close-to-theory incarnation of applied math.

Luckily, a fairly high-level understanding of the algorithms and principles involved are already sufficient to do a lot, since most of the deep-down mathematical details of many algorithms have already been implemented as building blocks for gnuradio. Still, I assume the number of developers who are actually able to use gnuradio is far too low. If you're looking for an interesting field of software right now, I suggest going for digital signal processing. It's in every area of communications, ranging from analog modems over ISDN, DSL, WiFi, USB2, Bluetooth, GSM, UMTS, DECT, ZigBee, Ethernet, VoIP and probably any other communication technology that we use today.

Motorbike troubles again

It seems like I lost all my luck. Only a three weeks ago, the Yamaha TW-225 in Taipei had problems after my arrival. Now that I'm back to Berlin, my BMW F-650 had some serious trouble, too.

Starting the engine turned out to be really hard (started only on something like the 10th attempt, even though usually the first one is sufficient). Furthermore, pulling the gas handle only the tiniest little bit kills off the engine completely, independent of how far the choke is asserted.

So today I spent some five hours in disassembling almost the entire bike, removing the twin-carburetor, disassembling and cleaning it and putting the entire bike back together again. The engine is running fine again. I just wonder why I have this kind of carburetor problem already the second time in the last couple of years.

There's almost no visible dirt inside the carburetor, and all the fittings are fine, no signs of any leakage, no signs of any significant wear of any of the involved parts. Still, cleaning and re-assembling it clearly removes the problem.

Back from WGT

There are two fixed dates every year that I never miss: The annual Chaos Communication Congress in Berlin between Christmas and new years eve, and the Wave Gotik Treffen music festival in Leipzig.

This year I was camping at the event campsite again, following two lazy years in a hotel. I enjoyed it a lot, especially since the weather was perfect. Only sunshine, not a single drop of rain for the entire four days.

The festival itself was like always. Great. :) I think my personal favorites this year was the industrial (probably better: rhythmic noise) act NULLVEKTOR as well as INADE.

Victory: Skype withdraws appeals case, judgement from lower court accepted

The court hearing in the "Welte vs. Skype Technologies SA" case went pretty well. Initially the court again suggested that the two parties might reach some form of amicable agreement. We indicated that this has been discussed before and we're not interested in settling for anything less than full GPL compliance.

The various arguments by Skype supporting their claim that the GPL is violating German anti-trust legislation as well as further claims aiming at the GPL being invalid or incompatible with German legislation were not further analyzed by the court. The court stated that there was not enough arguments and material brought forward by Skype to support such a claim. And even if there was some truth to that, then Skype would not be able to still claim usage rights under that very same license.

The lawyer representing Skype still continued to argue for a bit into that direction, which resulted one of the judges making up an interesting analogy of something like: "If a publisher wants to publish a book of an author that wants his book only to be published in a green envelope, then that might seem odd to you, but still you will have to do it as long as you want to publish the book and have no other agreement in place".

In the end, the court hinted twice that if it was to judge about the case, Skype would not have very high chances. After a short break, Skype decided to revoke their appeals case and accept the previous judgement of the lower court (Landgericht Muenchen I, the decision was in my favor) as the final judgement. This means that the previous court decision is legally binding to Skype, and we have successfully won what has probably been the most lengthy and time consuming case so far.

Back from the trip to Taiwan

It's been some time since my last blog post, mainly because I've been quite busy in Taiwan. First there was the conference, then there were a number of meetings with various companies to educate them about GPL licensing and how to interoperate with the FOSS community for better hardware/driver support.

The other part was actual spare time. I spent many months in Taipei during my work for OpenMoko, but I never really had much time to explore the city, or even other parts of the country.

This time I explored quite a bit of the Taipei nightlife, visiting places like Luxy, Lava, Room18, Barcode, ageha, and even the so-called "meat market" of Carnegies and Tavern.

I've also had time to try one of the many hot spa's of Taipei in Beitou, as well as a really great motorbike trip to the national forest in the Wulai mountain region.

Unfortunately the weather wasn't that great, so I had to postpone my plans to visit the northeastern and the eastern coast to some future trip.

And the most interesting part is: I actually made contact to Taiwanese people who are not at all in any way related to work :)

Further Taipei exploration brought me to the Wufenpu fashion wholesale area, as well as Ximending. Most impressive is also the "Taipei underworld", i.e. the various underground shopping malls near Taipei Main Station, such as the Taipei City Mall, Station Front Mall and ZhongShen Mall I and II. You can literally walk for many kilometers underground...

Now I am one day in Frankfurt, and tomorrow one day in Munich, Friday one half day at home, and then there will be four days of music festival at WGT 2008.

Tomorrow: Court hearing in Welte vs. Skype GPL case

Tomorrow at 10:30am at the Oberlandesgericht Muenchen (higher regional court of Munich) there will be an oral hearing in the "Welte vs. Skype Technologies SA" case. The hearing is to be held in room E.06.

This case is about a GPL violation of Skype, related to their sales of Wifi Skype phones based on the Linux operating system kernel.

I'm fighting as part of the gpl-violations.org project in enforcing the GPL against Skype since February 2007. Initially Skype didn't respond, we then applied for a preliminary injunction. That injunction was granted by the court in June 2007, but Skype chose to file an appeals case against it.

The court hearing tomorrow is exactly to debate about this appeal.

Interestingly, Skype is arguing against the validity of the GPL as a whole, asserting that it is violating anti-trust regulation and similarly strange claims.

First ASUS day of OpenTechSummit Taipei

As I might have indicated before, I have the pleasure of being invited to the OpenTechSummit 2008 in Taiwan. Two days ago, I was at the opening dinner. The problem of that dinner was the lack of attendees. There were loads of delicious (free, sponsored) food, but not even remotely enough people to eat it.

Today I had a bit of a problem finding the ASUS venue, since it was said to be at "exit 2" of the MRT station. Unfortunately it had two exits of that name, one on each side of the station :)

One presentation there I found particularly embarrassing was the one about the eePC SDK. First of all, I will ignore my thoughts about why you actually need such an SDK if it really is nothing more than a customized Debian Linux with Eclipse. But even then, why fly in a foreing speaker to do a click-by-click walk-thhrough on how to create a 'hell world' Qt program using eclipse?

My favourite of the day was definitely the presentation on the OpenPattern router board.

Back to Taipei

After a break of almost six months, I'm back to Taipei. Obviously I now see everything from a quite different angle: I no longer work for OpenMoko, Inc., thus I actually have spare time here and can explore both the capital city as well as the country much better than before with that ever-growing OpenMoko workload.

However, the first day wasn't quite as relaxing as it should have been. First, the apartment key that was supposed to be with the guard of the apartment building accidentally was mixed up with some other key and got sent to the landlord.

A couple of hours later I discover that my Yamaha TW225 motorbike doesn't work anymore. First diagnosis: Battery is empty (not surprisingly). I try for like 15minutes to kickstart it, to no avail. Not even a single explosion in the engine. Then I tried to push it, and got it to a couple of explosions after which it died again. Further push-starting was prevented by the way-too-smooth floor of the parking garage, where the wheel just slides as soon as you release the clutch :(

Some disassembly revealed where the battery is (I don't know this bike at all, much opposed to my F650ST in Germany). The battery was severely short of acid/fluid, maybe somebody pushed the bike over and it leaked. Obtaining battery additive and refilling results in only 800mA charge current. I think it's dead. Now I'm in the process of ordering a new battery.

Let's hope the next couple of days are better than the start of this trip...

Review of DORS/CLUC 2008 in Zagreb, Croatia

I've spent the last five days in beautiful Croatia - most of the time in its capital Zagreb. The local conference DORS/CLUC has been around for a couple of years, and in fact I've been at a previous incarnation three years ago.

It's a nice, small but great event. And in fact, for the invited speakers as myself it feels more like an all-inclusive holiday than a conference. The organizers went out of their way to make us feel at home, including a trip to the waterfalls of Plitvice national park (photos will be available shortly at my public photo album.

It was also great to spend some time with Alan Cox again, who to my surprise was also attending the event with two lectures. Hope his luggage didn't get lost again on his way home...

Further studying of Abis protocols, moving towards implementation

The first quarter of 2008 is already gone, and I still haven't found all the time that I wanted to find to play with my BS11 base station[s].

However, I've spent quite a bit of time over the last couple of days further studying the GSM/3GPP 08.5x documents, as well as a thorough read through the mISDN source code.

GSM/3GPP 08.5x describe the layer1, 2 and 3 protocols of the Abis link between BSC (Base Station Controller) and BTS (Base Transceiver Station) in a GSM network. It's modelled on top of a E1 link in PCM30C configuration, i.e. TS0 is for CRC4 and synchronization, TS16 is used for the layer2+layer3 protocols, whereas the other time slots are used for transfer of the actual voice call data.

After looking at the various different driver options on Linux, I have determined that mISDN is the most promising and flexible architecture available. mISDN also has a layer0 + layer1 driver for the NT mode of the HFC-E1 card that I'm using. mISDN is great in a way that every layer is strictly separated from the other layer, and that at any layer parts of the stack can be implemented in userspace using library API.

Thus, I've started to write some mISDNuser based code to attach to the kernel-side hardware and lower-layer drivers. I'm not yet sure if the Q.921 (ISDN Layer2, also called LAPD) of the mISDN kernel side can be reused for Abis or not. The differences between standard Q.921 used on European ISDN and the Abis Layer2 are fairly small, so I hope to get it working with the existing LAPD code.

Unfortunately, I have paid work to take care of, so I will once again be distracted from this most interesting of my toy projects.

Report from FSFE FTF Licensing and Legal workshop

I'm on seven-hour train ride back from Amsterdam, where I've been attending the first Licensing and Legal workshop of the Freedom Task Force (FTF) of the Free Software Foundation Europe (FSFE).

While having a somewhat lengthy name, the FTF has been doing great work on bringing together a large group of legal and technical experts in the field of Free Software licensing. So far this was all 'virtual', happening on mailing lists.` The meeting in Amsterdam was the first of its kind, and was a huge success.

By the nature of the FSFE, most of the people were from Europe, though there were attendees from the US and even Australia, too.

There were many interesting and surprisingly interactive workshops. It was also a good opportunity to meet Armijn (the second half of gpl-violations.org) and Shane (full-time manager of the FSFE FTF), as well as many lawyers, both corporate legal counsel and from law firms.

The interest in Armijns presentation about gpl-violations.org and Till Jaeger's overview about the legal cases we've handled over the years in Germany were very well received and there was more interest and questions than the short time permitted.

What was really good for me to see is that large consumer electronics companies in Europe and the US are now implementing internal business processes to ensure GPL and other FOSS license compliance. They're also increasingly using very clear contractual language throughout their supply chain to minimize the potential risk of any "hidden" GPL surprises in products they source from OEM/ODM companies.

We don't do Advertisement on the netfilter.org homepage

For some reason, the amount of inquiries about companies who want to put ads on netfilter.org has significantly increased. Since the content of that site has not really changed much in the last (at least) four years, this sudden interest is somewhat surprising to me.

However, we are absolutely not interested in advertisements. I personally hate any form of advertisement, whether in print media, radio, TV, WWW or on billboards. In fact, advertisements are the reason for me to not watch any privately owned TV or radio stations for at least eight years.

So to all the advertising companies out there: Only over my dead body will there be any kind of banner ads on any of the websites of the projects in which I have anything to say.

Schiphol airport uses active millimeter wave screening

I was quite surprised that Amsterdam airport is beginning to introduce active millimeter wave screening instead of the good old metal detectors. The specific device seen in operation at one of the queues between the international and the Schengen area of the airport was L3 Communications ProVision(TM).

While doing some research about this subject on the net, I discovered cargo X-ray solutions such as those described in this article. You can mount a mobile unit onto a track and then go as deep as 200mm of steel to x-ray through the metal plating of a cargo container. This is really scary stuff...

I don't work for Google - no matter what the rumors say

A number of people have recently independently approached me about rumours that I'm now working for Google/Android, after having left OpenMoko, Inc. in November 2007.

According to one source, some friend who visited Android was told by Android that I would be now working for them. There is no truth to this.

Please put an end to those rumours. I'm not working with or for either Google or Android. There also are no plans to do so, and there have never been any negotiations, aside from the usual Google headhunters that approach anyone visible in the FOSS world every so often - which I always decline, indicating that I am not interested in a dependent employment position, no matter for which company.

I will continue to be doing freelance contract work on projects that are interesting to me and within my fields of expertise. Should anyone chose to approach me with an interesting technical Android system-level and/or hardware related project, that would certainly potentially be interesting. But I'd look at it like any other inquiry.

KLM also using Linux in their Entertainment System

The intercontinental KLM flight from Sao Paulo to Amsterdam was using a fairly new (05/2007) Boeing 777-300, and it was equipped with something like an 8" wide screen entertainment system, not unlike the one that I saw some months back in a Shanghai Airlines flight.

This time I had the luck to see the Linux based system boot twice. The boot time is horrible (on the order of 4 minutes) and you can see many hardware details. It's using a Geode type CPU and a realmagic GPU, has a natsemi Ethernet chip and the credit card reader is actually a USB HID device.

All over the place they have fairly low-level debug code spit out to the console, this really looks like "it worked on one developer board, ship it to the airline" product. You can see mistakes in shell scripts ("ls: no such file or directory" and similar stuff from init scripts, as well as debug code from their UI applications.

It would really be interesting to get my hands onto an Ethernet link in that in-plane network. Guess one could have quite a bit of fun with that :)

I've taken a series of snapshots throughout the boot process. Will post them once I'm back home and find time to wade through the holiday pics.

Back from holidays

I'm currently sitting at Amsterdam Schiphol Airport, waiting for the last connection in my Recife - Sao Paulo - Amsterdam - Berlin return trip.

I'll be wading through the several thousand emails over much of the next couple of days, so please give me some time to get back to you.

Receiving the 2007 FSF Award for Advancement of Free Software

The news has already made it to the net during my (offline) holidays, so this entry in my journal will come hardly as a surprise to you: The Free Software Foundation Award for the Advancement of Free Software 2007 has been granted to me :)

I am deeply honored to be the recipient of the award, joining the list of (much more distinguished) recipients of the award. At the same time I'm sorry to not having been able to personally attend the awards ceremony. I've outlined the three key reasons for this in the statement that I prepared to be read at the ceremony.

Update from first week of holidays

For those of you who're curious: The first week of holidays went just fine, spending something three days in Sao Paulo and three days in Curitiba In Curitiba, I had a rental car and went to Vila Velha, as well as driving the serpentines of the Rua Graciosa through Morretes to the Beach. Oh, and obviously in Curitiba I had to go to Homem Pizza and Happy Burger, the two restaurants that I frequented the most while working at Conectiva 7 years ago.

The biggest problem so far was the malfunction of the in-room Save of the Hotel in Curitiba, resulting in not being able to access any of my cash reserves, credit/debit cards, passport or laptop for two days. They actually had to physically break the safe open since the lock mechanism was stalled/clogged in a way that it did no longer move.

Now I've just arrived in Recife, where after two days, the journey will continue towards Porto de Galinhas.

Almost offline for holidays

I'm hereby announcing that I'll be offline most of the time between March 3rd and March 26. This is the longest time that I've been offline for quite some time - and it's a much deserved holiday after the intense work of the last year.

I'll be doing quite a bit of travel in Brazil through those more than 3 weeks, meeting some old friends and ex-colleagues from my time in 2001 at Conectiva. I'll also be spending some time at the beach, plus exploring a bit of Parana and Pernambuco by [rental] car.

This also means that I'll likely end up being forced to use my horrible Brazilian Portuguese again. But well, at least for me, unless forced to speak a certain language, I won't speak it at all. So this must be a good thing, then.

Please don't expect any reaction to e-mails, snail mail, phone calls, faxes or any of the like during that period of time. I won't even have my German GSM phone online to avoid roaming charges killing me.

Thoughts on FOSDEM 2008

I really have been disappointed quite a bit with my visit to FOSDEM this year. In fact, many of my observations might actually apply to Brussels as a whole, I really don't know.

It all started with arriving at Bruxelles Central station on friday, where the entire station was so crowded it took me ages to fight my way through the crowds. Then something like only the fourth idle cab driver was willing to actually take us to the hotel. The others for whatever reason didn't want to earn those 15 EUR. Aren't there some regulations forcing them to transport paying passengers?

Then, let's talk about the social event on friday. How can you hold such an event in a place that's about one third of the required size, and which has a music volume level that effectively prevents any form of communication. I left after about 10 minutes there, since there just was no point at all. One wonders what happens if there is a fire. Aren't there some kind of regulations of the max number of people you are allowed to cram into tiny places like that pub?

At the conference venue the problem seemed to re-occur. All the rooms are significantly too small. Combined with the lack of ventilation and the lack of a PA system it was not possible to stand more than a single talk in the X.org devroom, before I had to get out to get fresh air.

Getting in and out of the DevRooms is also a challenge by itself, since the hallways are over-crowded and full of noisy and loud conversations. Opening the door for even a small amount of time is barely impossible, since that would expose the talk on the inside to the enormous noise levels on the hallway. Especially since the DevRooms don't have any PA system, it's already quite a challenge to understand the speaker inside the room. Somebody opening the door just completely kills the communication flow

The entire idea of putting up all the projects with tables in the hallways seems questionable to me. They do nothing but block the path for other people (also blocking emergency escape paths). Furthermore, cold air gets in all the time since many people have to use the doors in order to walk between the different buildings. It would make much more sense to keep the hallways for what they are: Ways where people walk between rooms. The project tables should be inside rooms. Those rooms would self-contain the noise generated by the tables, be more comfortable (warm, no wind) and keep the hallways free for people to walk on.

The same problem exists for the "BAR" where you get food and drinks. It's too small, too crowded, and absolutely not comfortable at all (cold wind coming in through the permanently open doors, ...)

And then consider the public transport "performance" on weekends. It took me regularly more than an hour for something that was a 2.6km distance between hotel and venue. That's quite ridiculous. Given how crammed those few trams are that actually run, it doesn't seem to be a shortage of passengers that makes them operate so few trains per hour.

All in all, I could not do anything else but to attribute FOSDEM 2008 as something like "the most inefficient event", i.e. where I wasted a lot of time for reasons stated above, rather than actually attending lectures.

Flying from Berlin to Brussels without showing any ID

It was really surprising to see that there was absolutely zero control of any ID on the flight between Berlin and Brussels. I'm well aware of the marvels (and data protection nightmares) associated with the Schengen agreement. However, zero form of identification on air travel was really a big surprise to me. Not even my flights inside Germany had this 'feature'

How did this work? First of all, I booked the tickets through a travel agent quite some time in advance. No form of ID required (though he has my banking details). Next, I did a Lufthansa online check-in from my home, printed the boarding pass. On the airport, used the self-service luggage drop-off counter. Then directly went to the security check, and then to the gate. During the entire time, nobody asked for any form of ID.

So if I did buy the tickets on cash rather than with bank transfer, it would actually still be possible to travel under false name and thus anynomously. Amazing. Am I missing something?

flu provides opportunity to watch linux.conf.au video recordings

A quite serious flu hit me four days ago. While this prevented me from getting any serious work done (my doctor actually explicitly asked me to refrain even from mental work), it provided me with ample opportunity to watch through all the exciting video recordings of linux.conf.au 2008.

The various technical X.org driver side related talks were really good to hear, and I'm happy that there is so much innovation and development happening there now.

The most hilarious talk according to my scale of humor was Matthew Garrett's presentation on suspend to disk. I had to watch it twice, just because it's so entertaining. Rusty: Even you'll have a hard time competing against that level of entertainment :)