Openmoko

About the DeforaOS smartphone environment, I have just uploaded a first image for tests, as presented here: https://www.defora.org/os/news/3380/Snapshot-of-the-DeforaOS-smartphone-available-for-tests It directly benefits from the recent switch to ... [More] Debian Squeeze/testing, as the default version of Debian on which hackable:1's development is now based. Like before, images are generated daily and found here: http://build.hackable1.org/ Last but not least, you may have heard of OsmocomBB, a Free Software GSM Baseband software implementation: http://www.osmocom.org/ Good news is, I have started to package it for use within hackable:1. A few things are left to be fixed before they can be pushed automatically online, but I have been able to cross-compile libosmocore and the layer23 set of tools already. [Less]

At Blackhat USA 2010, Karsten Nohl has been presenting on a practical real-world A5/1 cracking attack. For recent years, Karsten, myself and others have been speaking at various opportunities, indicating that a practical attack using ... [More] readily-available information and tools from the Internet is very possible, and that it is only a matter of time for somebody actually does it. While Karsten has focused on the actual cryptographic attack, I've been putting in some time in projects like airprobe (a GSM receiver/decoder). Now finally, a team of friends at the new Security Research Labs (founded by Karsten) in Berlin has put the pieces of the puzzle together. Airprobe has been extended to fully support decoding of TCH/F (FACCH, SACCH and traffic), as well as SDCCH/SACCH control channels, and to specify the timeslot and physical channel configuration from the command line. Using this, you can decode the AGCH, wait for an IMMEDIATE ASSIGNMENT of a SDCCH decode that very SDCCH and wait until encryption is turned on dump an encrypted burst where you have sufficient known plaintext use a different program to actually recover the A5/1 ciphering key feed that key into airprobe and decrypt+decode the ASSIGNMENT COMMAND of the TCH use airprobe to decrypt+decode that assigned TCH/F The external program to recover the A5/1 ciphering key is called Kraken and is also available from the SRLabs website. So what are the limitations? Well, so far this only works on non-hopping cells with a single ARFCN. The limitations are those of the receiver hardware (and SDR software), and not really limitations of the airprobe GSM decoder or the actual software tools. In the past I would have assumed that non-hopping and/or single-ARFCN cells are rare, but in fact we can find them even inside a big city like Berlin, from at least two of the four German GSM operators. So that's why this attack is very practical, no matter what the GSMA might say. [Less]

Damien, Neil and I gave our joint talk about doing interesting and unusual things in Clutter yesterday. I think it went down alright, hopefully we can give more of this kind of talk in the future, showing people how you can use Clutter in cool ways. ... [More] For my part of the talk, I spoke about developing small, fun games. I intended the advice I gave to apply to developing any small game with anything, though it definitely applies to making games in Clutter. You can find the text and slides for my talk here. Like Neil and Damien (and the rest of the Intel OTC crew), I wrote my talk in pinpoint, pippin's excellent, new, Clutter-based presentation tool. I wrote two games before the talk: Both of these games are available from my git repository. Pill-popper works with any recent version of Mx and Clutter, Happy Wombats currently requires master clutter-box2d and the 'kinetic-scrolling' branch of Mx (which should shortly be merged - I'll update this post when it is). When these games are more complete, I hope to submit them to the MeeGo garage, and perhaps suggest their inclusion for gnome-games. Happy Wombats includes an editor, so I'd love to receive some levels at some point. I'll be improving things soon, but it's already quite easy to use. Guadec has been great so far, I hope we can keep up the momentum of awesome developments until the next one :) [Less]

Už je tomu tři čtvrtě roku, co Openmoko Inc. uvedlo WikiReader. Se svolením Sean Moss-Pultze, ředitele společnosti Openmoko Inc. publikuji náš krátký rozhovor ohledně úspěšnosti WikiReaderu na trhu a budoucnosti Openmoko. > May I have a ... [More] question? How is it going with WikiReader? Are WikiReader > sales satisfactory? Much better than expected. We're getting into major US retailers this summer. And launching in Japan tomorrow. We've... [Less]

EDIT: USB network je s těmito verzemi mapováno na usb0, pozor na to! Gennady Kupava (aka gena2x na irc) zveřejnil výsledky svého testování a ladění nastavení sběrny Glama. Zkuste sami, flešujte buďto u-boot nebo qi: http://www.bsdmn.com/openmoko/glamo/242/u-boot_glamo242.udfu http://www.openmobile.nl/modules/download_gallery/dlc.php?file=53

After traveling a bit too much in the past weeks, I’m back in Taiwan, well rested and super inspired to resume this weekly book club. In the air, I read an interview with one of my heros, Sir James Dyson: PHOTO: DEREK HUDSON / GETTY Dyson is best ... [More] known for his colorful bagless vacuum cleaners, which work on the principles of cyclonic separation. When asked about his most important lesson in life, he replied: It can take a very long time to develop interesting products and get them right. But our society has an instant-gratification thing. We admire instant brilliance, effortless brilliance. I think quite the reverse. You should admire the person who perseveres and slogs through and gets there in the end. I love this quote! Yes, it’s wisdom that – 50 years ago – would have been taken as common sense. But things are different now. Instant gratification is getting the better us. It’s seeping into our industries, destroying our economies, and wrecking havoc on our core values. So many of us succumb to the unfortunate idea that we live in a time where the rules of the past don’t apply. I, too, have been convinced that changes like the Internet mean real value can be created overnight. But I cannot accept this anymore. I do not believe in instant or effortless brilliance. Behind every lasting success is an immense amount of hard work, failures, and above all, a relentless desire to go forward, no matter what happens. It takes an enormous amount of time and courage to reach a “breakthrough”. Dyson built 5,127 prototypes before he got his vacuum cleaner right. And then he was rejected by all the major manufacturers when he tried to license them his invention. Discouraged but not distraught, he decided to start his own company. That took him 15 years and nearly his entire savings. But he persevered. Today, he has the best selling vacuum cleaner (by revenue). One of the most popular brands in the market. And is one of the richest individuals in the UK. Read the daily news and seldom will you hear the true story of success. You’ll find the overnight wonder. The company that came out of nowhere. The business person who made a billion dollars – entirely with their own hands. Worse than untrue, I believe propagating these myths does real damage to the values of our society. Convinced that this is reality, we become disillusioned by anything slower than real-time. We take failure as a sign to change jobs instead of an opportunity to learn and grow. We loose our tenacity and ability to concentrate for extended periods of time on difficult problems. We choose to enter professions where trading is rewarded far more than building long-term value for society. Thinking about all of this reminded me of a book I read a while back, entitled, “Outliers: The Story of Success“, by Malcolm Gladwell: Outliers is Gladwell’s study of success. It’s a story told, in my opinion, the right way. From the Beatles to Bill Gates, New York Lawyers to Silicon Valley Billionaires, Gladwell argues that hard work and the right environment, is far more important that just plain intelligence and ambition in explaining success. Central to the book’s theme is the following question: “Why do some people succeed, living remarkably productive and impactful lives, while so many more never reach their potential?”. Gladwell lays out a convincing case for how successful people rise in our society. His book is fun and insightful. Definitely worth reading. Today, I just want to share one quote with you, since I believe it best captures Gladwell’s point, without spoiling the plot: The lesson here is very simple. But it is striking how often it is overlooked. We are so caught in the myths of the best and the brightest and the self-made that we think outliers spring naturally from the earth. We look at the young Bill Gates and marvel that our world allowed that thirteen-year-old to become a fabulously successful entrepreneur. But that’s the wrong lesson. Our world only allowed one thirteen-yar-old unlimited access to a time sharing terminal in 1968. If a million teenagers had been given the same opportunity, how many more Microsofts would we have today? To build a better world we need to replace the patchwork of lucky breaks and arbitrary advantages that today determine success – the fortunate birth dates and the happy accidents of history – with a society that provides opportunities for all. We study the sciences to better understand our universe. We’re required to read the classics to experience humanity’s prowess. Why aren’t we taught the journeys of success to learn how to repeat them? Why don’t we elevate those, as Dyson so bluntly states, that “persevered and slogged” and got there? Why don’t we work to provide the environments that mold and shape outliers? Like Gladwell and Dyson, I believe our future depends on it. If any of this interests you, and you would like to read this book, tell three people about my company’s latest project, WikiReader, and then send me an email. Before next week, I’ll chose a name from random, and send the winner my book. Shipping, anywhere in the world, is on me. [Less]

On my Debian box the following were used: /etc/ssl/certs/dovecot.pem and /etc/ssl/certs/dovecot.pem were the default locations check your /etc/dovecot/dovecot.conf before running. openssl req -new -x509 -nodes -out /etc/ssl/certs/dovecot.pem -keyout ... [More] /etc/ssl/private/dovecot.pem -days 3650 /etc/init.d/dovecot restart I got tired of renewing the certificate so I issued one that lasts 10 years. (apparently it does not take that much to make me tired) [Less]

向大家介绍一个 Ben NanoNote 平台下的开源项目： 1. IRIS Iris 是以 Ben NanoNote 为平台的 微内核 系统，主要目的是发挥硬件的最大性能。 IRIS 是用 python 格式的C++语言写的（我喜欢）。用户可以在不刷机的情况下测试使用这个系统。它是由 Bas 从 0 开始写的一个专门在 Ben NanoNote 上运行的系统。对想学习操作系统的人来说是一个很好的例子。这里是所有的源代码。 （我们总是公开源代码，因为我们相信共享总是激发创造力） 2. GPS ... [More] 这里是英文的介绍，教大家如果将 GPS 模块连接到 Ben NanoNote 上。 并使用 TangoGPS 和 Jlime 系统如果使GPS工作。 （Jlime 在我的上一个文章里已经介绍过了），对GPS感兴趣可以参考一下。 另外一个关于GPS 的软件项目叫 NanoMap. 是以QT + Openstreetmap.org 写成的。 3. setfont2 Neil 给写了一个补丁。可以让FBCONSOLE 支持 32bit color 字体，setfont2 一个有意思的小程序。字休文件格式是 pnm。 一种图片格式。 4. 新的软件包 最近在 nanonote 很多人一起努力，移植了很多的软件包，包括 jfbterm， 这样我们就可以在 Ben NanoNote 的终端下使用中文了。这里凡是以 [new package] 开头的都是新的软件包。 happy hacking [Less]

In recent days, the story about Motorola locking out its users (and developers) from their more recent Droid phones has made big news. As it seems, the exact functionality implemented by eFuses remains unclear, and the behavior of Motorola might ... [More] thus not be too different from what has more or less become the industry standard. For those of you who are not following the mobile world as close on a technical level as people like me do: In the last five years, more and more cellphone manufacturers have used cryptographic code signing to lock-down the software that you can run on the phone. Major parts of the system including the software update mechanism and the bootloader on the device contain a verification process of those cryptographic signatures to ensure that you can only software signed by the phone manufacturer. I have seen this with the MotoMAGX phones like the ROKR2 v8, various Windows Mobile handhelds from HTC, The non-developer (non-ADP) version of the Google/Android G1 and many other phones. This puts the user into a strange situation where he buys some hardware from the manufacturer, but yet doesn't have control over what this device does. Just imagine buying a computer, but being limited to run Windows 98 and Office 97 on it. You could not update to a later version of the operating system, and you could not install an alternative operating system such as a version of GNU/Linux. If the computer vendor decides that he will drop support for it, you will not even be able to install security updates to the operating system. From my point of view, this is an abusive, anti-competitive behavior by the manufacturer. For no reason but his ever-growing hunger for power he makes you completely dependent on his decision. It is not in the control of the user, what operating system or even applications you can install. It is under the control of the manufacturer. I would accept this if the phone was rented. In this case, I would only pay a small rental fee, but the phone is the property of the manufacturer and I am only using it. But the manufacturer actually sells the device. He wants to be paid the full price, but still not actually hand control over to the buyer. Compare this with buying a CD-player that has arbitrary restrictions so it would only play CDs from one of the major music labels/distributors like EMI, but not CDs from any of the other publishers, for no technical reason whatsoever. Or buying a TV set that is locked down so you can only watch one TV channel, while you need to buy another TV for a different channel. I actually think the antitrust authorities should investigate this behavior of the mobile phone industry. Simply compare it with the PC situation and look at the fact how often Microsoft has been judged in some kind of anti-competitive behavior in the PC world. In the mobile phone industry, the situation is worse than it ever was in the PC world, yet we do not see big antitrust cases being brought forward. And please don't buy those pseudo-arguments that this has any relation to regulatory/FCC approval or the safety of mobile networks themselves. The entire software stack interacting with the mobile network runs on a separate processor (the baseband processor) anyway. It doesn't matter what you install on the application processor. Once again, compare it to laptops: You can insert a 3G miniPCI, expressCard or USB dongle. Inside this dongle you run the communications stack on a processor that is completely different from your main processor that runs your regular OS (be it GNU/Linux, OS X, Windows, Solaris or whatever makes you happy). [Less]

There are plenty of reports in recent days about the level of locking-down that Motorola is apparently doing on their most recent Android products, the Droid 2 and the Droid X. This goes as far as to an (I believe unconfirmed) slashdot.org report ... [More] claiming that not only there is the more or less typical DRM on software (i.e. cryptographic signature validation chain), but there also is an eFuse that that is blown if something happens wrong during the booting process. To the best of my knowledge (and I'm doing mobile phone reverse engineering for about 6 years now), this is the first time I hear of something like this. If true, it sounds pretty dangerous to me. What if something goes wrong during an update (such as a power failure during software update)? What if you really have a non-correctable multi-bit error in your NAND Flash? In that case, cryptographic verification of the firmware fails and the eFuse would be blown, resulting in your device being a brick. This could eventually backfire massively to Motorola. The best comment from the slashdot.org thread: You can legally buy a gun that only shoots in the direction of the person pulling the trigger, but it doesn't mean it's a good idea. Reading something like this almost makes me very depressed. Motorola is benefitting from the billions-of-dollar-worth development of existing Free Software projects like the Linux kernel, but they now want to take away the fundamental right to run modified versions of that very software. Somebody needs to slap them with a very large trout. I'm not really surprised that they are doing it, though. Motorola has shown that direction even years ago when they first used SELinux as part of their later pre-Android Linux phones (EZX and MAGX). They didn't use it to enhance the security of the user, but to enhance the security _from_ the user. Please also note this great post by Bradley M. Kuhn on the subject matter. If you don't know Bradley, he's been doing GPL enforcement for the last 12 years - for the Free Software Foundation and the Software Freedom Law Center. In his post, he actually thanks Motorola to publicly state that they actually want to lock their phones down (as opposed to Apple). What's even more interesting though is his elaboration on the scripts to control compilation and installation clause of GPLv2. This is indeed something that most people tend to overlook when it comes to GPL[v2] compliance and we see this a lot during our gpl-violations.org work. And in fact, for a very long time, I have been teaching and educating this fact during my GPL related talks and trainings: In software specific for embedded devices, the scripts to control installation are incomplete, if you do not provide a means to install the software onto the actual device. Where else would you be reasonably install the Linux kernel image that is made specifically to work on such a particular mobile phone model? Due to the custom nature of Linux kernels for embedded targets, it wouldn't even run anywhere else. I've never taken any such issue to court so far - but it was a frequent dispute in out-of-court GPL enforcement we've been doing at gpl-violations.org. I'm definitely curious to see what will be the first court case addressing that issue. The ever power-hungry manufacturers of mobile phones seem like they deserve it. [Less]