Offline / Holidays

As announced before, I'm offline till March 21st.

Invited as keynote speaker to OSCON Vienna

Recently I've been invited to give the keynote at OSCON Vienna (please note that this conference, to the best of my knowledge, has absolutely no relation with the O'Reilley OSCON events).

I'm honored and I'll gladly accept this invitation. AFAIR this is the first time I'll be giving the keynote at any FOSS related conference. The subject was up to me to determine, and I decided about something that is both one of the most important subjects for FOSS today, and well within the subject of the conference: "Kommerz und Community: Schnittstelle zwischen den Welten". It's about the interface between FOSS community and the commercial IT industry.

There are many suboptimalities at this interface. I personally believe that optimization of this interface would greatly benefit FOSS as a whole. Which issues am I talking about? Well, first of all, there are lots of GPL/licensing related issues. But even more importantly, there is the lack of support from the hardware community. As long as hardware vendors will actively hamper FOSS development by not releasing documentation, locking down their products, claiming they "support" Linux with their proprietary binary-only drivers.

For many of these issues, there's a big communication and furthermore cultural problem. That's what I want to address in that keynote.

There's another good point to the OSCON invitation: The trip to Vienna will also help me to improve my bad luck and stupidity while doing photography in Vienna / June 2005.

How to boot your own kernel on the Thecus N2100 - and prove it violates the GPL

My latest candidate for gpl-violations.org (and hopefully the last before finally leaving for holidays): The Thecus N2100 and N4100 NAS devices.

The Thecus boxes seem nice, at first sight. Apparently somebody recognized the need for a bit more performance, so there's an Intel IOP 80219 with 64bit PCI-X support, DDR400 memory (actually in a socket), an empty miniPCI slot (great!), USB2.0 ports, and SATA (yay). This should definitely be more promising than the usual 33MHz 32bit PCI / IDE / MIPS / SDRAM based smaller NAS boxes. The only thing really lacking with those Intel I/O processors is a hardware crypto unit. Who wants to have unencrypted storage these days?

Looking at the software, the problems start. First, there is no NFS support. iTunes, SMB/CIFS, HTTP, FTP - but no NFS :( Secondly, the web configuration frontend requires flash. Duh! How can you use something as ugly and proprietary as flash for something as simple as a web configuration frontend for an embedded box. God knows.

Anyway, let's get back to the GPL issue. As usual, I cannot make such a claim without verifying it. First of all, the devices (and their firmware updates) ship without a copy of the GPL, any indication that GPL licensed software was used, no written offer and no source code.

But well, where the heck do I know from (and can prove) that they actually run Linux? I won't disclose the reason for my initial hints, since I don't want future vendors of future products to know how they can avoid me ;) But anyway, let's assume I was surprised to see a nmap fingerprint that indicates Linux on the box and now want to go further.

Looking at the firmware update images, they appear to be scrambled / encrypted somehow. At least there is no gzip/bzip2/LZMA/ext3/cramfs/romfs/... signature to be found in them. And even if the firmware updates contain Linux, this doesn't actually prove anything about the software pre-installed on the device.

The running device also doesn't offer any ports apart from the SMB-related ones and http(s). So we're stuck.

This is where I usually take the device apart, carefully analyze it's hardware and go looking for a serial port with my Oscilloscope probe. Unfortunately the PCB of the N2100 didn't seem to have one. It took me some time to figure out that the serial port connector (there's actually a standard 9pin header) is on the SATA backplane rather than on the CPU board ;)

Hooking up a serial console, you can see RedBoot wait for one second and then execute a boot script that loads initrd and kernel, finally executes it. Yay!. Too bad that the actual kernel seems to lack support for a serial console. So all you get is the 'Uncompressing Linux......................................................................................... done, booting the kernel.' line. Together with the firmware scrambling/crypto, this is definitely an attempt to hide the use of GPL licensed software and/or otherwise lock the user out of the device.

Unfortunately hex-dumping the whole memory contents from RedBoot via the serial port, and parsing it on the host side seemed like a rather clumsy - and otherwise unproductive approach to finding proof of GPL licensed software in the device.

Luckily, you can interrupt RedBoot and configure the network device, set up TFTP, cross-compile a kernel for the IOP 80219, and boot that. After some twisting of the .config, I got it to boot without any crashes, and even the RedBoot partition table is correctly recognized and parsed.

So now I'm running Linux on the device, great. But still I can't prove that the device actually ships GPL licensed software in an incompliant way. So all that is missing is a NFS-root capable installation of Debian-arm that we can boot into, and which we can use to read out the mtd partitions.

Oh, and yes. While I appreciate their love for the netfilter project and it's software: There's absolutely no place in a NAS box for having ip_conntrack linked statically into the kernel - unless you voluntarily want to loose performance. At least to my knowledge, performance of NAS devices counts. So, Thecus, in your own interest: disable ip_conntrack in the kernels you ship.

Samsung releases OneNAND drivers under GPL

Finally, there is a hardware vendor who actually releases GPL licensed drivers for embedded technology: Samsung. The subject matter is Samsungs OneNAND flash technology.

It's good to see such a move, and it is greatly appreciated. I hope we see more of those. Thanks, Samsung.

Buried alive in GPL violations

It's not funny anymore. The current rate at which new GPL violations get reported and/or discovered, especially from the appliance/embedded market is really alarming.

For example, I haven't yet seen a single Linux-based NAS product that was even remotely license compliant when first analyzing it. And I'm not only talking about the SoHo NAS boxes with one or two hard disk drives, but even about enterprise storage systems.

On the Enterprise end We're now also Seine carrier grade network equipment such as SONET/SDH switches, metropolitan area Ethernet, DSLAMS and the like.

Also, in some areas of business, competing companies seem to make the same mistake again, rather than learning from their competitor. Some time ago I had to resolve GPL issues with Maxtor Shared Storage drives, when they were first released. Now I found out that Western Digital has similar systems called NetCenter. Ordered one, and it came without GPL license text, written offer or source code.

Finally, there is one good example though. For a very long time, a product that I analyzed was actually GPL compliant. It's good to see that there are a few who get it right, from the beginning: The APC NetBotz family of products. The manual contains a reference to the source code, which can be obtained from ftp://ftp.netbotz.com/gpl/.

Anyway, I need a break (see my holiday related post). Hopefully I'll get back from that trip rested, with lots of energy and an extra portion of patience. This has become more of a burden than I ever thought.

The second and third quarter of this year definitely are the right time to think of a way to incorporate gpl-violations.org as an NGO/non-for-profit. One that can actually pay somebody hunting down those cases, doing the day-by-day work. I have a dream that in some point in the future I can once again concentrate on cool and interesting development, like most other hackers do.

Another unproductive day of GPL enforcement.

I'm feeling terrible. The second day in a row where I didn't find time to write a single line of code, merge any contributed patches, squash any bugzilla entry. Not even to speak of paid-for work.

While I used to spend about 30% of my time with GPL enforcement related work, it now peaks at about 70% for the last two weeks. This is not a good sign.

So apart from talking to lawyers, proof reading legal paperwork, negotiating with allegedly infringing companies and the like, I now also start having trouble doing test purchases. Not only refuse some retailers to take orders from me, but also if I actually place an order it raises new problems.

The last web store I ordered a test purchase from now asked me for a complete, readable copy of both sides of my ID card. WTF ?!? This is totally against any data protection laws. There is absolutely no requirement for them to know my passport photograph, id card number, size or eye colour. So as a follow-up I had to write an official complaint with the Berlin data protection agency - as if I didn't have any other work to do.

Also, for the last months, I find myself giving about EUR 10k in 0% interest loans to GPL infringing companies. That's the amount of money spent for test purchases that I had to do to confirm GPL violations but which hasn't yet been reimbursed.

About the only positive thing in the course of my work day was producing the Chaosradio Express issue on gpl-violations, which Tim and I did earlier this evening.

Oh, and the best thing that happened today in general, is that the German Federal Constitutional Court has invalidated a recent law that allowed the government to order the military to shoot a passenger plane which was abducted by terrorists. At least some people still have a sane view on human rights.

More TI AR7 related GPL violations

Out of all the embedded network devices that had GPL issues, the Texas Instruments AR7 based devices probably have the worst GPL compliance history I've ever seen. The time has come to properly rant about this.

It's yet unclear whether this is TI's own fault, or just the fault of their OEM/ODM manufacturers. But I'm more than determined to find out.

Anyway, the list of problems with TI AR7 based devices is so incredibly long, that I don't even know where to start.

First of all, re-engineering their devices (for GPL compliance audits and legal action following up to such an audit) is incredibly difficult because they've added LZMA compression to both the kernel image (vmlinux) and squashfs.

Now what's so difficult about this? You might argue that the LZMA algorithm is (L)GPL licensed and publicly available. As is the original kernel source code, and the squashfs code. Also, you might know that numerous individuals have already released patches to add LZMA to kernel boot, initrd and squashfs.

However, there are various methods (with/without LZMA header, with/without p7zip header, etc.), and there simply is no standard on how to build a system from the algorithm.

Getting to the actual infringements. So far I've seen devices that

• remove the "(C) Netfilter Core Team" message that is usually printed during boot-up
• modify existing netfilter/iptables code, like add HTTP reply support to ipt_REJECT
• add binary-only new netfilter/iptables targets, like ipt_PNAT
• add new binary kernel modules that have "MODULE_LICENSE(GPL)" without providing source code

There are many other potential issues, on whose GPL compatibility (or lack thereof) I do not want to comment at this time, such as their binary only drivers for the DSL chipset, the WLAN driver.

Interestingly, all of the Vendors of TI AR7 based devices with whom I had contact on the GPL issues showed equally little interest into bringing their products into compliance. Now this could all just be a coincidence. But my personal guess is that they just forward whatever questionable policy they get from their upstream chipset and reference software development kit provider: TI.

You might wander about the device manufacturers in question? I'm still a bit hesitant in disclosing names. One of the first companies running into GPL trouble with TI AR7 was D-Link. Another company with anything but the cleanest GPL history on TI AR7 based devices is AVM, who produce the overly popular and widely branded FritzBox devices.

There is another brand that is sold in significant quantities, at least in the German market. We're on the brink of applying for the next gpl-violations.org preliminary injunction, so I won't be able to say any names.

[and now, after some five hours of gpl-violations related device re-engineering before getting up, I'll finally try to find some time go get some breakfast.]

FSFE seems to like CardMan 4004 driver

As you can see from this post by Georg Greve and this one by Werner Koch, a number of high-profile FSFE guys really seem to like the cm4040 driver that I merged recently into Linux 2.6.x

Who would have expected that there apparently was a high demand for using smartcards with GnuPG on notebooks :)

Austrian Health Card System now GPL compliant

It's already been at some point at the End of 2005, but now I finally got around writing a press release on this subject:

gpl-violations.org has enforced yet another high-profile (at least in the German speaking continental European world) case of a GPL violation. Instead of repeating myself, you might want to read this release or the German version.

My real problem is a lack of time, and it's more than a pity that gpl-violations.org didn't have a press release for nine months - even though those were full of successful enforcement work. I hereby promise to improve my public relations work.

Working on Bug 404

Isn't it a strange coincidence, that a reasonably non-trivial netfilter bug gets the bugzilla ID 404 ?

Well, before I try to build some conspiracy theories about somebody manipulating the bug id number sequence generation of our bugzilla installation, I'd rather concentrate on the real work.

Dave Remien is an excellent bug reporter, so as a maintainer you can actually not expect anything more than his detailed documentation (yes, I know, certificate has expired, too lazy and busy to update it right now, stay tuned). From an outside perspective, it appears like packets get 'stuck' in nfnetlink_queue. In reality, it seems like the kernel is doing everything fine, just the library eats some packets from time to time, meaning that they remain inside the kernel queue and increase it's length (and thus leak memory) one at a time.

The real cause has yet to be discovered, I'm confident that there will be some news tomorrow.

Who offered me travel sponsorship for FISL7 on IRC?

Some time ago, probably in November 2005, somebody on IRC offered me travel sponsorship for FISL 7. Unfortunately I don't keep IRC logs, and neither do I remember who it was.

If you are the person I'm talking about, and you're reading this: Please contact me immediately. I'm about to take care of my travel preparations and need to know whether that sponsorship will actually happen or not.

Thanks a lot!

Papers accepted at FISL

Out of my four proposed papers at FISL 7.0, three have been accepted. To my big surprise, the paper on gpl-violations.org was turned down. I would rather have dropped one of the other papers than this one :(

Anyway, as indicated before on this blog, I'm more than happy to be able to visit Brazil again.

Quad Core G5 has arrived

Today my new Apple Quad-Core 2.5GHz G5 has arrived. Benjamin Herrenschmid's patches for multi-core Apple G5 boxes work like a charm. The only big issue is the thermal management. I looked into fan control / thermal management a bit, but unfortunately I don't have any time to work on this now, since I'm leaving for a one week tonight :(

You might ask yourself why a Linux kernel hacker buys a Quad Core G5 box at this time, now that Apple has started to sell Intel based boxes. However, this is exactly the reason. At this time, this might be almost the last possibility to get a four-way PPC64 SMP box that is available off-the-shelf.

If I want an x86 box, I wouldn't buy an Apple. The sole reason for having bought and used a number of Apple machines during the last six years was because they're mainstream PPC based hardware.

iptables-1.3.5 is out

I've released iptables-1.3.5 earlier today. This will probably mark the last 'new feature' release of the iptables-1.3.x branch.

I'm still working on the initial beta release of iptables-1.4.x, the userspace counter part to what is now known in kernel space as 'x_tables'. Stay tuned.