Reverse engineering obsolete systems considered useful

In relation to the other post on firmware, and with my recent trip to FOSDEM, I have been musing a few things about reverse engineering old devices and particularly, old firmware.

While emulators have been a thing for a very long time, lots of them are not designed to document how things worked as much as they intended to run code (ROMs, games, whatever else) for the original platform. I can’t remember many projects in my past experience with emulators that cared to provide system documentation of their reverse engineered efforts — probably because lots of those emulators were not, to begin with, open source. Indeed I remember that quite a few ended up competing with each other, particularly when Sony PlayStation emulators came to be.

The reason why I find this important is that reverse engineering a modern firmware is difficult, and yet it’s the very cornerstone of validating the behaviour of software of which we don’t have sources. And unfortunately we don’t have the sources for lots of software right now.

Unfortunately, reverse engineering, say, the BIOS of a ten years old motherboard is neither glamorous nor directly useful: you can run the same software on a modern system, so why spending time on fixing things there? But on the other hand, knowing a lot more of those systems, and documenting processes and utilities would provide insight for future analysis.

Reverse engineering and reimplementation of formats, protocols, firmware that are not publicly described or available, and providing the missing documentation, is an useful skill to have, if not a directly marketable one. Can you take an old system, dump its BIOS, figure out how all components fit together and have it run Coreboot? That might not be by itself a very fulfilling result, but it shows clearly that you can deal with many layers of fiddly objects, in hardware and in software. To be honest, I doubt I would be able to do that myself.

I know more than a few people have asked before why would you have something like ReactOS spending time and development energy, I have had my doubts myself, but having the ability to study and reimplement APIs that are not published by Microsoft is definitely an advantage for the general world out there.

Take the ARM1 reverse engineering as an example. It’s a very interesting article, even though ARM1 is an absolutely obsolete technology by now. Its usefulness on the practical scale is close to zero, but its usefulness as a teaching device is huge.

We need more of that, and more published works of it.

Flashing a Kindle Fire with CyanogenMod

Those of you that follow me on Google Plus (or Facebook) already know this, but the other day I was wondering about whether I should have flashed my Kindle Fire (first generation) with CyanogenMod instead of keeping it with the original Amazon operating system. This is the tale of what I did, which includes a big screwup on my part.

But first, a small introduction. I’m the first person to complain about people “jailbreaking” iPhones and similar, as I think that if you have to buy something that you have to modify to make useful, then you shouldn’t have bought it in the first place. Especially if you try to justify with the name “jailbreak” an act that almost all of the public uses to pirate software — I’m a firm maintainer that if we want Free Software licenses to be respected, we have to consider EULAs just as worthy of respect; that is that you can show that they are evil, but you can’t call for disrespecting them.

But I have made exceptions before, and this mostly happen when the original manufacturer “forgets” to provide update, or fails to follow through with promised features. An example of this to me was when I bought an AppleTV hoping that Apple would have kept their promise of entering the European market for TV series and movies so that it would come to be useful. While now they do have something, they have not the ability to buy them to watch in the original English (which makes it useless to me), and that came only after I decided to just drop the device because it wasn’t keeping up with the rest of the world. At the time to avoid having to throw the device away, I ended up using the hacking procedure to turn it into an XBMC device.

So in this case the problem was that after coming back home from Los Angeles, I barely touched the Kindle Fire at all. Why? Well, even though I did buy season passes for some TV Series (Castle, Bones, NCIS), which would allow me to stream them on Linux (unlike Apple’s store that only works on their device or with their software, and unlike Netflix that does not work on Linux), and download to the Kindle Fire, neither option works when outside of the United States — so to actually download the content I paid for, I have to use a VPN.

While it’s not straight forward, it’s possible to set up a VPN connection from Linux to the iPad, and have it connect to Amazon through said VPN, there is no way to do so on the Kindle Fire (there’s no VPN support at all). So I ended up leaving it untouched, and after a month I was concerned about my purchase. So I started considering what were the compelling features of the Kindle Fire compared to any other Android-based tablet. Which mostly came down to the integration with Amazon: the books, the music and the videos (TV series and movies).

For what concerns the books, the Kindle app for Android is just as good as the native one — the only thing that is missing is the “Kindle Owners’ Lending Library”, but since I rarely read books on the Fire, that’s not a big deal (I have a Kindle Keyboard that I read books on). For the music, while I did use the Fire a few times to listen to that, it’s not a required feature, as I have an iPod Touch for that, that also comes with an Amazon MP3 application.

There are also the integration of the Amazon App Store, but that’s something that tries to cover for the lack of Google Play support — and in general there isn’t that much content in there. Lots of applications, even when available, are compatible with my HTC Desire HD but not with the Kindle Fire, so what’s the point? Audiobooks are not native — they are handled through the Audible application, which is available on Google Play, but is also available on my iPod Touch, which means I have no point about it.

So about the videos — that’s actually the sole reason why I ordered it. While it is possible to watch the streamed videos on Linux, Flash would use my monitor and not let me work when watching something, so I wanted a device I could stream the videos to and watch on… a couple of months after I bought the Fire, though, Amazon released an Instant Video application for the iPad, making it quite moot. Especially since the iPad has the VPN access I noted before, and I can connect the HDMI adapter to it and watch the streams on my 32” TV.

All this considered, the videos were the only thing that was really lost if I stopped using the Amazon firmware. So I looked it up and found three guides – “[1]”:http://forum.xda-developers.com/showthread.php?t=1632375 “[2]”:http://forum.xda-developers.com/showpost.php?p=30780737&postcount=180 “[3]”:http://forum.xda-developers.com/showthread.php?t=1778010 – that would have got me set up with an Android 4.1, CyanogenMod 10 based ROM. Since the device is very simple (no bluetooth, no GPS, no baseband, no NFC) supporting it should be relatively easy, the only problem, as usual, is to make sure you can root and flash it.

Unfortunately, when I went to flash it up, I made a fatal mistake: instead of flashing the bootloader’s image (a modified u-boot), I flashed the zip file of it. And the device wouldn’t boot up anymore. Thankfully, there are people like Christopher and Vladimir who pointed me at the fact that the CPU in that tablet (TI OMAP) has an USB boot option — but it requires to short one very tiny, nigh-microscopic pad on the main board to ground, so that it would try to boot from there. Lo and behold, thanks to a friend of mine with less shaky hands who happened to be around, I was able to follow the guide to unbrick the device, and got the CM10 ROM on top of it.

Now I finally got an Android 4 device (the HTC is still running the latest available CM7 — if somebody has a suggestion of a CM10 ROM that does not add tons of customization, and that doesn’t breach the Google license by bundling the Google Apps, I’d be happy to update), I’ve been able to test Chrome for Android, and VLC as well — and I have to say that it’s improving tons. Of course there are still quite a few things that are not really clean (for example there is no Flickr application that can run there!), but it’s improving.

If I were to buy a new tablet tomorrow, though, I would probably be buying a Samsung Galaxy Note 10 — why? Well, because I finally got a hold of a test version of it at the local ~~Mediamarkt~~ Mediaworld and the pen accessory is very nice to use, especially if you’re used to Wacom tablets, and that would give sense to a 10” laptop to me. I’m a bit upset with my iPad inability to do precise drawing to be honest. And since that’s not very commonly known, the Galaxy Notes don’t use capacitive pens, but magnetic ones just like the above-noted Wacoms, that’s why they are so precise.

Updating HP iLO 2.x

As I wrote yesterday I’ve been doing system and network administration work here in LA as well, and I’ve set up Munin and Icinga to warn me when something required maintenance.

Now some of the first probes that Munin forwarded to Icinga we knew already about (in another post I wrote of how the CMOS battery ran out on two of the servers), but one was something that bothered me before as well: one of the boxes only has one CPU on board and it reports a value of 0 instead of N/A.

So I decided to look into updating the firmware of the DL140 G3 and see if it would help us at all; the original firmware on IPMI device was 2.10 while the latest one available is 2.21. Neither support firmware update via HTML. The firmware download, even when selecting the RedHat Enterprise Linux option is a Windows EXE file (not an auto-extract archive, which you can extract from Linux, but their usual full-fledged setup software to extract in C:SWSetup). When you extract it, you’re presented with instructions on how to build an USB key which you can then use to update the firmware via FreeDOS…

You can guess I wasn’t amused.

After searching around a bit more I found out that there is a way to update this over the network. It’s described in HP’s advanced iLO usage guide, and seems to work fine, but it also requires another step to be taken in Windows (or FreeDOS): you have to use the ROMPAQ.EXE utility to decompress the compressed firmware image.

*I wonder, why does HP provide you with two copies of the compressed firmware image, for a grand total of 3MB, instead of only one of the uncompressed one (2MB)? I suppose the origin of the compressed image is to be found in the 1.44MB floppy disk size limitation, but nowadays you don’t use floppies… oh well.*

After you have the uncompressed image, you have to set up a TFTP server.. which luckily I already had laying around from when I updated the firmware of the APC powerstrips discussed in one of the posts linked above. So I just added the IPMI firmware image, and moved on to the next step.

The next step consists of connecting via telnet to the box and issue two commands: cd map1/firmware1 followed by load -source //$serverip/$filename -oemhpfiletype csr … the file is downloaded via TFTP and the BMC rebooted. Afterwards you have to clear out the SDR cache of FreeIPMI as ipmi-sensors wouldn’t work otherwise.

This did fix the critical notification I was receiving .. to a point. First of all, the fan speed has still bogus thresholds (and I’m not sure if it’s a bug in FreeIPMI or one in the firmware at this point) as it reports the upper limits instead of the lower ones). Second of all the way it fixed the misreported CPU thermal sensor is by … not reporting any temperature off either thermal sensor! Now both CPU temperatures are gone and only ambient temperature is available. D’oh!

Another funky issue is that I’m still fighting to get Munin to tell Icinga that “everything’s okay” — the way Munin contacts send_nsca is connected to the limits so if there are no limits that are present, it seems like it simply doesn’t report anything at all. This is something else I have to fix this week.

Now back to doing the firmware updates on the remaining boxes…

Update: turns out HP updates are worse than the original firmware in some ways. Not only the CPU Thermal Diodes are no longer represented, but the voltages lost their thresholds altogether! The end result of which is that now it says that it’s all a-ok! Even if the 3V battery is reported at 0.04V!. Which basically means that I have to set my own limits on things, but at least it should work as intended afterwards.

Oh and the DL160 G6? First of all, this time the firmware update has a web interface… to tell it which file to request from which TFTP server. Too bad that all the firmware updates that I can run on my systems require the bootcode to be updated as well, which means we’ll have to schedule some maintenance time when I come back from VDDs.

More on the SuperMicro iKVM

In my previous post I narrated my adventure trying to get a memtest running on Excelsior — at the end I was able to run it through a modified JNLP, and one more open port. I was suggested to look into one particular Java application from Supermicro that does not require using the JNLP at all, and instead installs as a client, giving access to more features such as the SOL and generic IPMI control…

Unfortunately it seems like the installer (InstallShield for Linux, written in Java — what the heck?) is extremely picky as to which JRE it find and which one it wants, so I haven’t been able to even test it. But at least I got some details going.

I basically listened with Wireshark to what’s going on with the JNLP; the interface uses four combined interfaces, between the browser and Java: port 80, 443, 5900 and 623. The first two are the HTTP/HTTPS interfaces (the JNLP downloads the JARs from HTTPS even thought hey are available on HTTP as well); the third is the VNC/RFB default port, while the fourth is the one that I haven’t understood yet. It’s some kind of USB over IP protocol, and seem to send raw USB data over the wire, standing to the USBC/USBS instances in the trace, but at the same time it doesn’t seem like it’s using it at runtime, as I see no traffic on that port after I connect the ISO file.

The RFB protocol used seems to be the standard one using TightVNC extensions for authentication — I guess they actually used TightVNC’s code for it. The problem with the authentication is that for whatever the reason, it’s not a clear user/password auth. Instead it uses some hash or unique identifier, which changes each time I connect to the web interface — I’m not sure if it’s a hash, it’s definitely not an OTP (as I can start multiple instances of the javaws applet without having to re-download the JNLP), or just a nonce-based authentication, but it’s used both as user and as password.

Edit: actually I had a hunch while looking into it and I confirmed that what it uses is the same SID saved as a cookie after my login on the web interface. Now if I could get the iKVM viewer to work on my system and I could see how that one connects…

The USB over IP protocol is interesting as well; it doesn’t seem to use a standardised port, and Wireshark has no clue as to what’s going on there. As I said I can see USBC and USBS as literals within the traffic as well as the data for the ISO and some other not-well-explained things — I’ll have to work more on that, possibly with smaller files, and without the RFB in the trace.

Does anybody else have clues about this kind of protocols? For what I can tell the firmware for my board’s IPMI contains a copy of Linux (this is what nmap said as well), but I see no released sources for it, nor an offer for them on the zip file I downloaded. I wonder if I should just mail SuperMicro to ask them about it.

How down can you strip a Gentoo system?

In my previous post I noted I’m working on a project here in Los Angeles, of which I don’t wan to get much into the details of. On the other hand, what I’m going to tell you about this, for now, is that it’s a device and it’s running Gentoo as part of its firmware.

You can also guess, if you know us, that since both me and Luca are involved, there is some kind of multimedia work going on.

I came here to strip down as much as possible the production firmware so that the image could be as small as possible, and still allow all the features we need on the device. This is not a new task for me, as I’ve done my best to strip down my own router so that it would require the least amount of space as possible, and I’ve also done some embedded firmwares based on Gentoo before.

The first obstacle you have if you want to reduce the size of Gentoo is almost certainly the set of init scripts that come with OpenRC; for a number of reasons, the init scripts for things like loadkeys and hwclock are not installed by the package that install the commands (respectively sys-apps/kbd and sys-apps/util-linux) but rather are installed by OpenRC itself. They are also both enabled by default, which is okay for a general desktop system but fails badly on embedded systems, especially when they don’t even have a clock.

Then you have to deal with the insane amount of packages that form our base system; without going into the details of having man, tar and so on as part of the base untouchable system (which luckily is much easier to override with the new Portage 2.2, even if it insists bothering you about an overridden system set), and focusing on what you’re going to use to boot the system, OpenRC is currently requiring you a mixture of packages including coreutils, which (a single command that lies in its own package … for ESR’s sake, why was it not implemented within coreutils yet?), grep, findutils, gawk and sed (seriously, four packages for these? I mean I know they are more widely used than coreutils, as they are often used on non-Linux operating systems, but do they really deserve their own package, each of them?).

The most irritating part nowadays for me I guess is the psmisc vs procps battle: with the latter now maintained by Debian, I wonder why they haven’t merged the former yet. Given that they are implementing utilities for the same areas of the system… of course one could wonder why they are not all part of util-linux anyway — yes I know that Debian is also supporting GNU/kFreeBSD on their package. At any rate there is another consideration to be made: only the newer procps allows you to drop support for the ncurses library, earlier depended on it forcefully, and the same is still true for psmisc.

For what it’s worth, what I decided to do was to replace as much as possible with just busybox, including the troublesome psmisc, so that I could drop ncurses from our firmware altogether — interestingly enough, OpenRC depends explicitly on psmisc even though it is not bringing in most of the rest of its dependencies.

Public Service Announcement: if you’re writing an init script and you’re tempted to use which, please ~~replace it with type -p~~ use command -v instead … depending on an extra program when sh already has its built-in is bad, ‘mkay?

*Edit: people made me notice that type -p is not in POSIX so it does not work in Dash. I’m afraid that my only trials to run OpenRC without bash before have used BusyBox, which supports it quite fine; the option to use command -v is valid though, thanks Tim.*

Oh right, of course to replace coreutils usage with BusyBox you have to be able to drop it out of the dependency tree. Sounds easy, doesn’t it? Well, the problem is that even if you’re not deal with PulseAudio (which we are), which brings in eselect-esd, as of yesterday at least every package that could use Python would bring eselect-python in! Even when you were setting USE=-python.

Fortunately, after I bitched a bit about it to Luca, he made a change which at least solves the issue at hand until the stupid eclass is gone out of the tree. And yes I’m no longer even trying to consider it sane, the code is just so hairy and so encrypted that you can’t make heads or tails of it.

There are more issues with a project like this that I can discuss, outside of those part that are “trade secret” (or rather business logic), so expect to hear a bit more about it before it’s announced full out. And many of these have to do with how easy (or not) is to use Gentoo as a basis for devices’ firmwares.

Microupdates for microcodes

Here comes a post that is half an announcement and half a request for help to improve a situation, so please read on.

Yesterday I was finally putting the almost-finishing touches onto the new frontend system for my office (after the Italian Post screwup I was able to get the system from Alternate in a single week); one of these touches was setting up the microcode update support, which for Intel processors involves installing the sys-apps/microcode-ctl and sys-apps/microcode-data packages and adding a service to the boot runlevel.

At that point my thought went to Yamato and the fact that it sounded impossible that AMD had no way to update the microcode of their CPus on Linux, especially since I know for a fact that Microsoft users get,via Windows Update, an AMD-provided CPU support update for their systems — I still do a lot of support on Windows and a number of friends and customers run AMD boxes.

Lo and behold, AMD publishes microcode updates for some of their CPUs (Family 10h and later, so starting from Barcelona, which is just what Yamato has), so I went to look into that; the results are now in sys-kernel/amd-ucode (I wanted to use sys-apps like the Intel microcode, but I found, late, that there was already an ebuild for it in Sunrise, and I didn’t want to have to deal with pkgmoves or blockers for out-of-tree packages). This package only installs the microcode though, so the question was to find how to load the microcode.

The documentation provided by AMD suggests to build the microcode driver as a module in the Linux kernel; when the module is loaded into the kernel, it fetches the microcode via the standard firmware loading interface of the kernel, like it’s done to wireless cards and Radeon video cards. This is pretty nifty for many reasons. Interestingly enough, it also works fine if you build the driver statically, and built the firmware blob into the kernel. Unfortunately I wasn’t able to trigger a firmware reload from the filesystem via the /sys interface that is supposed to allow that.

And again this comes back to Intel; if the Linux kernel nowadays has a way to request the ucode file itself, why do the Intel CPUs still require us to install a binary (and a script) to load it? A quick check shows that while we do install it in /lib/firmware the microcode.dat file is not used by the kernel at all; the reason is also easy to find if you call less on that file: it is a text file! The microcode-ctl parses it and converts it to binary form each time the machine boots up — why at all? wouldn’t it be easier if the tool compiled it into binary form and then the init script, shipped with the data, would just output it on the device?

More interesting, the kernel does have support for requesting the microcode via the usual firmware-loading interface; but instead of looking for the generic microcode, like the AMD variant does, it looks for the specific firmware of a given CPU signature (combined family, model and stepping); the driver also has the ability to parse the generic microcode compiled from microcode.dat, and then find the right version for the right processor.

But this means that you have to pass through a number of hoops right now at each boot, rather than doing it once at install time. Am I missing some obvious application to do the Intel microcode processing? Ideally, microcode-data would then just install the already-cut firmware, and the kernel would request the single file it needs. No need for userspace programs to process firmware further.

Free Software and Washing Machines

I think this metaphor, extracted from a discussion between Lefty, me and Carlo Piana, could really make it clear what my status is with respect to Free Software:

Have you got a washing machine? I guess you do; I’ll venture to say it’s a modern washing machine, let’s say.. from around 2005 or later. Good. Do you have the sources of the firmware of the dishwasher? I guess not, uh?

But I know there are people working on that, will give us a Free Software washing machine.

Sure, and once they’ll advertise washing machines with Free Software in them, hackable Free Software, by the way, I’ll gladly choose one as replacement when needed. Until then, I think I can still wash my clothes in the current, proprietary washing machine. It washes them just as fine, you know.

Now, Lefty goes a bit further questioning the usefulness of having free software on devices such as this one; on the other hand, I think it would still be a positive signal, as there are a few reason why free (hackable) firmware in those situations might be good for the user; on the other hand, it’s more than likely that it’ll hurt the profit margins of the vendors, so it’s not going to happen anytime soon.

For instance (this happened to me before, thus why I know about the situation is realistic), if you were to damage the logic board of your washing machine, it’s no longer just a matter of procuring yourself with the replacement component, like you did with older machinery. Even though there’ll be a number of shops to sell replacement components that are either compatible or even the original ones that left the manufacturer’s stock, they are shipped without firmware in them. So you need the firmware to make use of them.

Not only the firmware is proprietary, so getting a hold of it is illegal, but the firmware loaders themselves don’t store a copy of it any longer! They now switched to a set of flasher and 3G phone that downloads the firmware on-the-spot for a given model, and flash it right away on the board. You won’t have a copy of it, as it is.

With a Free Software (and hackable) firmware in the washing machine, instead, you’ll have the chance to simply take care of the flashing yourself if you ever had to replace the logic board, wouldn’t it be nice? And ecological as well since you wouldn’t replace the whole machine if the warranty ran out (replacement of logic board requires a technician call; it means that you can easily surpass the price of a new washing machine just by asking for the replacement). But it’s not just that; you could configure special washing routines, fine-tuned for the kind of clothes you wash, and the detergent you use.. or you could set it to only work during certain moments of the day.. all in all you’d have a terrific amount of choice in front of you!

But this utopia; manufacturers aren’t likely to give you access to your washing machine’s firmware; they have a business model going on with those replacement parts; they ask for more of your money to provide you with feature on your washing machines, even though these only usually come with sturdier, more capable (in form of its own hardware that is) machines that you might not have need for. Unless, of course, at some point a single manufacturer can find a way to produce low-cost decent-quality washing machines, that can give it more profit by selling the units than by struggling with replacement parts and technicians; at that point, a free, hackable firmware might make sense: take over the market by small, durable, tweakable yet affordable washing machines… and after that, the rest of the industry will have to follow suit as a “paradigm shift” started.

Who knows, it might happen. But until then, do you really think you should preach that Free Software users wash their clothes by hand? Or attack users and developers of proprietary washing machines “enemies of Free Software”? How’s this different from any other gadget? TV sets, dishwashers, phones (not just cellphones, your DECT has firmware as well, you know), you name it. And how are these different from specific software applications, or appliances if you prefer? My answer is “They aren’t”.

As long as I can accept the limitations I’m given, as long as it does not coerce me into something I don’t want to do, I’m happy to use the best tool, whatever that tool is, to complete a task. I have trust that such a tool is going to be, if not now in the future, Free Software. Not because I take that as the only important measurement, but because I know that the model works, and I have good reasons to prefer working with Free tools than not.

Proprietaryware all around us

In a guest post at Boycott Boycott Novell I’ve written about my frustration with so-called “Free Software Fundamentalists”. My main problem with them is that they keep insisting in not using proprietaryware, at all, rather than improving Free Software till it actually becomes the norm.

Now, one thing that might be difficult to understand is that, no matter how hard you try, it’s near impossible to not use any kind of proprietary software nowadays. And while I’m one who fights with all his force to make sure that we have Free Software alternatives in such a state that it can be used in as many things as possible, I don’t try to fight the presence of the other kind of software. I might argue which one between their and my methods is the one that can reach the goal better, but that’s not what I wanted to write about right now.

For now I just wanted to note how impossible it is to not rely at least in part in proprietary, closed-source software (this also ties with an older post of mine about updates):

do you have a cellphone? unless you’re running stuff like OpenMoko, I doubt you have it pure free software, since even Nokia’s N900 has quite a few proprietary components;
okay so cellphones are evil, but do you have a standard phone? remember: if it has an address book it has a firmware on it (and even if it doesn’t it might have a firmware to manage some functions);
do you have a VCR? a DVD player? a DivX player? Is any of that running on a free software firmware?
cable or satellite TV? Sky (UK and Italy) definitely have firmware in their decoders (there is also some documentation about GPL violations in satellite decoders);
not even that, a simple TV? You know, not only they have firmware now, but they also come with an upgradable firmware (at least, my Sony Bravia does); some TVs also have free software on them (Sharp I happen to remember), although I highly doubt they have no proprietary bits in them; heck, remote controls have firmware as well, at least the programmable ones;
any game console? none that I know run on pure free software;
computers usually have proprietary BIOS, but coreboot is working to replace that; and at the same time we know of many projects working on replacing firmware for wifi cards (although I still can’t understand; why replacing a wifi card’s firmware, but not the SATA controller firmware?); laptops, on the other hand have a lot of components with firmware on them; for instance I remember Lenovo laptops having firmware to control the fans and similar subsystems; and I’m pretty sure “smart batteries” have firmware as well; UPSes have firmware; external drive enclosures have firmware (and there, replacing the firmware with some free software would definitely be useful, given how many bugs the Genesys Logic firmware has!); even keyboards have firmware, at least Apple’s and probably Logitech’s as well; bluetooth dongles have firmware; harddrives and SSDs have firmware;
so okay, you use no external hard drive, a motherboard supported by coreboot and so on, your computer is fine; what about the monitor connected to it?
and finally, if you’re not using computers (so what are you doing advocating free software?); are you using a modern microwave oven, dishwasher or washing machine? While there are still lots of those appliances that use no computer-like parts, and thus no firmware, quite a lot of the new ones use firmware which is proprietary; I actually find those quite obnoxious because, for instance, you cannot self-repair your washing machine if the mainboard fries up; the firmware (proprietary) has to be flashed in; and to make it even more impossible, they have to flash it with a special dongle, and a special phone, with UMTS connection;

So really, are you using any proprietaryware at all? If so, stop harassing my freedom of choice for a supposedly higher freedom.

Hardware configuration registry

Like many other geeks out there, from time to time I get called to fix up laptops, computers and other generic hardware, with and without network connections and other stuff like that. With a series of reasons, causes and other happenings, it turns out that sometimes I wish to finish, clean up, and go away as soon as possible. Today was one of those times.

Usually, when I have updates to take care of I travel with an USB stick with the most common Windows updates, service packs, drivers, and other things like those. Unfortunately it does not always work quite that well because I have difficulties to remember which driver to download for nVidia motherboards and graphics cards, but I can usually manage quite quickly.

Unfortunately, today I learnt the hard way that I should also travel with firmware updates for other hardware, since everything is upgradable nowadays. In particular, I should remember to ask the router’s model before going, and remember whether there are PlayStation3 units involved or similar. Would have reduced the time spent taking care of all the updates.

Now I’m also considering, since I have quite a few people whom I manage the computers for, whether I should keep a hardware registry of all those computers, so I can remember not only the type of hardware in them (to know which drivers I need to carry around), but also the bios/firmware versions, the hardware addresses for network cards, and other similar details.

This is not really much of a problem if it isn’t that I need to find a way to keep this data easily searchable per person, with due comments, private but also accessible over the net (especially since adding entries to such a registry I could very well do when I’m away); maybe I should use a private wiki on my server to take care of this, password-protecting it (maybe I should also put it over SSL).

Another problem I’d have to cope with is an easy way to get the data I need. I guess I can easily use an USB key with SysRescueCD and a couple of custom scripts to generate a system report. What remains a problem is a way to connect the data I have on my box, on the storage filesystem, with the various configurations, so that for instance, just opening the configuration for Bob it could tell me which drivers I have available locally, and provide me an easy interface to just copy them over on a given flash drive. And links to the sites to download the new ones.

Does anybody know if anything vaguely similar? I’d rather not have to write my own software for this. I think the worst problem is finding a way to export the data in a more software-manageable way so that it could generate CDs and USB keys on the fly for the various configuration. But I’m sure I’m not the first person to have similar needs, am I?

3Com really needs better interface programmers

I’m almost tempted to send my resumé to them, I’m sure I can do better than whoever designed the interface of my 3Com router.

Don’t get me wrong, the router, at an hardware level, is very good. It works pretty well under heavy load, I was able to crash it just once when I tried multiple wireless transfers, but beside that it was pretty stable.

The problems are all on a software level, firmware level, which is what bothers me more, as if they actually opened their firmware I would probably stick with them. Unfortunately as far as I know this type of router is not yet supported by Linux in any way, which drives me crazy.

I blogged about this a little short of two years ago , the problem increased recently because I changed my network graph. The configuration interface of the router does not allow to enable port forwarding (or, as they call it, virtual servers) if the target IP is not in the same /24 network of the router’s IP. This ignoring whatever netmask setting the router has set.

In my case, I ended up creating a 172.16.0.0/16 network here. Why? Because the /28 I was using before dried up, because of another bug in the software of the router. Although leases haven’t been confirmed, the router’s DHCP server will “reserve” the IPs already assigned to a mac address, and I couldn’t find a single way to let it release those leases. If you are not quick by mind on network calculation, a /28 network mask mean there are

(2^(32-28))–2 = (2^4)–2 = 16-2 = 14

IPs available for hosts.

As you can see from this rough schema I have quite a few devices connected on the wireless network. And as it happens, I do support work on Windows systems from time to time, and all the times one of the tasks I need to perform is connecting laptops to the wireless network to make sure they are set up to connect to Internet on their own. Add to that a few PSP that friends of mine bring along, and you can guess that the DHCP address space disappeared pretty easily.

Beside from the /16 network there is a /24 network that is forwarded to Enterprise. I actually was thinking of forwarding a while /17 or /18 for safety, and to avoid mixing 192.168 and 172.16 addresses, but I haven’t gotten around fixing that yet. The reason why I have some address space reserved and redirected to Enterprise is that this way I can have a special network for just the laptop, for iSCSI, NFS and Samba, when I’m working on Windows or moving stuff around on OSX.

Okay so let’s return to the 3Com router now. As I said the router, that has IP 172.16.0.1 does not allow me to redirect ports to the addressed of the DHCP-allocated devices (which, just to make sure, I set to 172.168.1.0/24 — again I cannot let DHCP take more than a /24 range!). And I DHCP-allocate basically anything. Why? Because it’s easier, if I change the network setup, to re-run the DHCP clients on the various devices, rather than having to set them up from scratch again, there are quite a few of them. This meant, up to now, that I had no forwarding at all for no service at all.

Today, by chance, I found a way to get around this. I was booted in Windows XP (to play Empire Earth), and I noticed that the router’s UPnP interface was being identified by Windows, and I could manage it from there. I know a bit about UPnP because, when I had a D-Link router, I already tried writing a simple software for managing port forwarding. I checked and… magically, the router allows me to redirect ports to any IP address, if I do ask it to via UPnP.

Unfortunately, as far as I know, the only work going on regarding UPnP under Linux is for mediaserver devices (including MediaTomb for the PS3), and not port forwarding. I know Azureus supports redirecting port and, if I recall correctly, KTorrent had something too, lately, but I don’t think there is an easy to use library to manage that just yet. If there was, I’d probably be working on a configuration interface myself. I think it should be really useful, and it would allow to set up services so that ports are automatically forwarded on request on the right IP, so not only I wouldn’t have to reconfigure the clients to get the new IP (thanks to DHCP) but I wouldn’t have to tell the router where to find the services either.

Of course, I can see there are a few downsides to this approach, mostly security-related, but I don’t think it’s less or more of an issue whether there is a library that helps implementing this on Free Software or not.

And soon enough I’ll be hitting a new limit of the software in the router. The MAC address table for wireless connection control is limited to 32 entries, not commented. I will have more than 32 allowed elements soon. And I won’t know which entries refer to old laptops I fixed, and which ones refer to devices that I might take care of again soon.

I’m sincerely displeased to see that even a huge and trusted manufacturer like 3Com has very bad firmwares. I wish I could find a router that has hardware as capable as 3Com’s, but a firmware flexible enough to provide IPv6 through a broker, for instance, or that allows me to write my own connection filters.

3Com, please open your firmware! You’ll make all your consumers happy, and they’ll return to you! If you were to release a router that has the same hardware capabilities as mine, with a much more open firmware, and 802.11n wireless, I’d be buying it right away!