Foss-sthlm number five!

In the series of Free Software and Open Source talks and seminars we’ve been doing in the Foss-sthlm community, we are about to set off the fifth meetup on February 24, 2011 in Kista, Stockholm, Sweden. This time we will offer six talks by six different persons, all skilled and well educated within their respective topics.

The event will be held completely in Swedish, and the talks that are planned to get presented are as following:

  1. Foss in developing nations – Pernilla Näsfors
  2. Open Source Framework Agreements in the Swedish Government – Daniel Melin
  3. From telecommunications to computer networks security for real-timecommunications over IP – Olle E Johansson
  4. Maintaining – how to manage your FOSS project – Daniel Stenberg (yes, that’s me)
  5. Peek in HTTP and HTTP traffic – Henrik Nordström
  6. Cease and desist, stories from threat mails received in the Rockbox project – Björn Stenberg

As usual, we do this admission free and our sponsor (CAG this time) will provide with something to eat and drink. After all the scheduled talks (around 20:00) we’ll continue the evening at a pub somewhere and discuss open source and free software over a beer or two.

See you there!

Rockbox on Maemo

Nokia-N900Thomas Jarosch has been quite busy and worked a lot on the Rockbox port for Maemo, it is the direct result of the previous work on making it possible to run Rockbox as an app on top of operating systems. It is still early and there are things missing, but it is approaching usable really fast it seems

The work on the app for Android has also been progressing over time and even though it is still not available to download from the Android Market, the apk is updated regularly and pretty functional.

Back in the printing game

HP Officejet 8500AAfter my printer died, I immediately ordered a new one online and not long afterwards I could pick it up from my local post office. As I use both the scanner and the printer features pretty much I went with another “all-in-one” model and I chose an HP model (again) basically because I’ve been happy with how my previous worked (before its death). “HP Officejet Pro 8500 A910” seems to be the whole name. And yeah, it really is as black as the picture here shows it.

This model is less “photo-focused” than my previous but I never print my own photos so that’s no loss. What did annoy me was however that this model uses 4 ink cartridges instead of the 6 in my previous, but of a completely different design so I can’t even re-use my half-full ink containers from the corpse!

My new printer has some fancy features. It is one of them that I can give an email address and then print on by sending email to it. The email address then gets a really long one with lots of seemingly random letters, it is in the hp.com domain and I can set up a white-list of people (From: addresses) that is allowed to print on it via email.

It also has full internet access itself so it could fetch a firmware upgrade file and install that entirely on its own without the use of a computer. (Which made me wonder if they use libcurl, but I realize there’s no way for me to tell and of course there are many alternatives they might use.)

Driver-wise, it seems like a completely different set for Windows (hopefully this won’t uninstall itself) and on Linux I could install it fine to print, but xsane just won’t find it to scan. I intend to instead try to use the printer’s web service for scanning, hopefully that will be roughly equivalent for my limited use – I mostly scan documents, bills and invoices for my work.

Going to FOSDEM 2011

Fosdem 2011We’re going to FOSDEM again. This year we’ll ship over the entire company (all three of us) and we’ll join up with a few fellow Rockbox hackers and spend a weekend in Brussels among thousands of fellow free software and open source hackers.

During this conference, 5-6 February, I’ve submitted a libcurl-related talk to the embedded-room that wasn’t accepted into the regular program, but I’ve agreed to still prepare it and I then might get a slot in case someone gets sick or something. A bit ungrateful as now I still have to prepare my slides for the talk but there’s a big risk that I’ve done it in vain! I’ve also submitted a suggestion for a second talk in the opensc/security room (also related to stuff in the curl project) but as of now (with but 16 days left) that schedule is yet to be announced so I don’t know if I’ll do a talk there or not.

So, I might do no talks. I might do two. I just don’t know. We’ll see.

If you’re a friend of mine and you’re going to FOSDEM this year, please let me know and we can meet and have a chat or whatever. I love getting faces to all the names, nicks and email addresses I otherwise only see of many people.

Update: My talk in the security room is titled “libcurl: Supporting seven SSL libraries and one SSH library” and will start at 14:15 on Saturday the 5th of February.

NASed and RAID1ed

Synology DS211jI finally got my act together and bought myself a Synology DS211j NAS  with two 2TB drives. I’ll use it as a shared network disk at home and I intend to backup to it – as I also have a home office it’ll feel better to be able to also backup company related data somewhat more safely. My previous backup was only copying data from one HDD to another within the same physical machine.

To make it slightly more resistant to disk and hardware errors I’ve configured the disks to do RAID1 (all data is stored on both disks simultaneously).

The GPLv2 license was provided printed on paper in the package.

HTTP security, websockets and more

owasp

Together with friends in OWASP I’m happy to mention that we will do an event on January 31st on the topic “HTTP security, websockets and more” where I’ll talk. Starting at 17:30, the exact location is not decided yet and it’ll depend a bit on popularity, but it will be in Stockholm, Sweden.

The two other speakers to appear at the event are, apart from myself, John Wilander and Martin Holst-Swende. My part of the session will be about the WebSockets protocol, about the upcoming cookie RFC and some bits about the ongoing HTTPbis work.

Sign up to attend, the opportunity is only open one week.

Omegapoint will sponsor with something to eat and drink, and we do plan to go out and grab a beer afterwards and continue the discussion.

See you!

And another printer died on me

My printer is dead.

HP Photosmart C6180

I got myself this HP C6180 all-in-one thing a little over three years ago and it was a good and fine printer, scanner and copier. I’ve had great use for it and it worked fine under Linux too.

Things started to decline

My problems with this printer basically started like a year ago or so when my wife’s laptop running Windows Vista suddenly decided to automatically uninstall the printer drivers. Every now and then it decides to remove the printer and I re-install it. Repeat. It gets a little boring after a while and I’ve failed to locate the reason or address the actual problem. We just re-install the driver often.

When that started happening, the HP software package for using the scanner functionality stopped working. Even if I uninstall everything and re-install etc, it just refuses to work. Possibly I could try using some other tools for scanning but since I mostly scan for my work purposes I can just as well do that from one of my computers (as opposed to my wife’s) and they run Linux and they don’t have this scanner problem.

The final blow

I scanned a paper for work (which turned to be the last useful thing I could ever do with it) and then I decided to print a short document to accompany a few receipts I had to send to the company handling Haxx‘s economy. I wrote it up in Open Office and pressed print. My home office is upstairs while the printer is downstairs so I didn’t check the printout immediately. After a while I walked down to put the paper into the envelope and notice there was no paper there. The printer had gone into a loop were it obviously powers on, starts a while (the little LCD on it starts up and shows some animation) and then it powers off and goes back on again.

First Aid

I yanked all the cables, cancelled the printer jobs from my computer, inserted the power cable again only to see the power cycle start again.

Sigh. I googled “HP c6180 reset” and landed on this great page which describes several ways that people have successfully used to hard reset their printers of exactly my model. I tried them all. Patiently one by one (including pressing 6 + #, 6 + * and OK + help when inserting the power cable). None of them made any impact, the device is still going in the power loops. As the printer is over three years old there’s no warranty or anything, and comments all over clearly indicate that HP charges for repairs of this kind of problem.

I can’t but to still have a feeling that this might be software related and then there should be some kind of master reset somewhere that would bring it back to some initial state. I just can’t find any…

Sorry dude, it’s gone

A few comments I’ve found indicate that this problem has been seen on devices with failed capacitors and there’s even a nice picture showing exactly which with a description of how to proceed to replace them. I’m just crappy with soldering and fiddling on that HW level and it’s not like I would be even close to have those spare parts.

There was nothing I could do. The poor thing is not possible to reach anymore we have to put it out of its misery!

Replacement system

Postit note

Ok, I still had to mail my physical mail with receipts away so I had to pull out my backup system for emergencies like this. It is a very sophisticated concept divided into many separate yellow pieces and I’ll you show you a picture of one of them here on the left.

So the process of finding and getting a new printer/scanner has begun… I use it rather often so I’ll probably go quickly and pick something similar to what just died here.

Rockbox seen on iPod Classic

Rockbox tiny

After a very long time of work, a very very long time since these devices were introduced on the mp3 player market, the hard working guys from freemyipod.org have produced something on yet another device. This is the same group that previously was called linux4nano and worked so long and fiercely to get code running on the 2nd generation iPod Nano and the 4th generation iPod Nano.

At the end of December 2010, Michael “TheSeven” Sparmann announced that he was running custom code including music playback on the iPod Classic. The (sometimes) so called 6th generation.

Robert Menes spiced up the story today by showing us a live picture of a Classic device that now actually is running Rockbox:

Rockbox on the iPod Classic

Awesome work Michael, truly impressive. I hope a lot of Classic owners soon will be able to try out Rockbox for real. Rockbox is said to not yet be very stable or functional, so there’s a lot of room for more hackers and developers to join in and help us improve!

WebSockets now: handshake and masking

In August 2010 I blogged about the WebSockets state at the time. In some aspects nothing has changed, and in some other aspects a lot has changed. There’s still no WebSockets specification that approaches consensus (remember the 4 weeks plan from July?).

Handshaking this or that way

We’ve been reading an endless debate through the last couple of months on how the handshake should be made and how to avoid that stupid intermediaries might get tricked by HTTP-looking websocket traffic. In the midst of that storm, a team of people posted the paper Transparent Proxies: Threat or Menace? which argued that HTTP+Upgrade would be insecure and that CONNECT should be used (Abarth’s early draft of the CONNECT handshake).

CONNECT to the server is not kosher HTTP and is not being appreciated by several people – CONNECT is meant to get sent to proxies and proxies are explicitly setup to a client.

The idea to use a separate and dedicated port is of course brought up every now and then but is mostly not considered. Most people seem to want this protocol to go over the “web” ports 80 and 443 and thus to be able to share the proxy environment used for HTTP.

Currently it seems as if we’re back to a HTTP+Upgrade handshake.

Masking the traffic

A lot of people also questioned the very binary outcome of the Transparet Proxies report mentioned above, and later on it seems the consensus that by “masking” WebSocket traffic it should be possible to avoid the risk that stupid intermediaries misinterpret the traffic as HTTP. The masking is currently being discussed to be XOR with a frame-specific key, so that a typical stream will change key multiple times but is still easy for a WebSocket-aware tool (say Wireshark and similar) to “demask” on purpose.

The last few weeks have been spent on discussing how the masking is done, if it is to become optional and if the masking should include the framing or not.

This is an open process

I’m not sure I’ve stressed this properly before: IETF is an open organization. Anyone can join in and share their views and opinions, but of course you need to argue technical merits.