Category Archives: Open Source

Open Source, Free Software, and similar

Crashing Firefox Goes libcurl

I guess I haven’t been paying attention lately, but I stumbled over the Breakpad project, which incidentally is gonna be used as crash reporting tool for Firefox 3, and it uses libcurl: “On Linux, libcurl is used for this function, as it is the closest thing to a standard HTTP library available on that platform.libcurl

The wording implies that it uses something else on Mac OS X, but I’m not aware of any standard HTTP library on it. Am I missing something or are they going libcurl there too?

Also, I wonder if using different HTTP libraries on different platforms instead of a single one isn’t just begging for more problems than what it solves? As far as I know, libcurl has a few upsides compared to wininet for example. Of course, I’m not the man to tell how they should do their stuff.

Data Sheet Leakage

Irony is part of life.

Data Sheet for a technical thingOne of the “secret” kind of manufacturers out there which refuses to provide docs to their chips unless you sign an NDA and God-knows-what, requires a user name and a password on their web site before they hand out docs. It turned out they only protect themselves using javascript so you can just read the HTML pages and the embedded javascript in them to figure out the exact URLs to use and wham, the data sheets are downloadable…

No, I won’t tell you the exact company nor site (or even exactly when this was discovered or tested) since then they might discover this and fix. I’ve tried this myself and it works fine, but I was not the one who figured it out.

Yeah, this is a moral dilemma: should we tell the manufacturer about their problem and thus close the doors for users to get this docs? Or would that risk backfiring on the guy(s) that tell them? What would you do?

More Phone Hacking Fun

With Google’s just announced Open Handset Alliance, I figure the chances of getting a phone that’s possible to hack and improve just suddenly increased a lot!Open Handset Alliance

Android is a project by the alliance, claimed to be an open source, Linux-based, platform for core and applications for mobile phones – “a complete mobile phone software stack”. They promise an “early look” of the SDK on November 12, so I figure that can be interesting. The SDK is supposed to be a free download and will contain all the docs. It could potentially mean some fun coming up soon!

It is cool to see both Samsung and Motorola from the handset world joining the band wagon, and also interesting and not the least surprising to see that Sony Ericsson and Nokia aren’t there…

Rockbox Downloads Oct 2007

Rockbox!

I did a count back in August, and it seems the downloads counter is growing. During October 2007, Rockbox was downloaded 102127 times from build.rockbox.org, split up on 26 different zip files. This is a 43% increase since my last count! (New since last count is the SanDisk Sansa C200 package)

Here’s the list, with the August results on the right side of the slash (position, count, share of total).

  1. ipodvideo 20721 (20.3%) / #1 17829 (25.1%)
  2. sansae200 18788 (18.4%) / #2 9909 (13.9%)
  3. ipodnano 13228 (13.0%) / #3 9110 (12.8%)
  4. ipodvideo64mb 12780 (12.5%) / #4 7649 (10.7%)
  5. h300 3614 (3.5%) / #5 3153 (4.4%)
  6. gigabeatf 3522 (3.4%) / #6 3113 (4.4%)
  7. iaudiox5 3340 (3.3%) / #8 2712 (3.8%)
  8. ipodcolor 3287 (3.2%) / #9 2400 (3.4%)
  9. ipodmini2g 3083 (3.0%) / #10 2286 (3.2%)
  10. h120 2924 (2.9%) / #7 2720 (3.8%)
  11. ipod4gray 2896 (2.8%) / #11 2098 (2.9%)
  12. sansac200 2841 (2.8%) / NEW!
  13. ipodmini1g 1647 (1.6%) / #14 1191 (1.7%)
  14. ipod3g 1624 (1.6%) / #15 984 (1.4%)
  15. h10 1624 (1.6%) / #13 1322 (1.9%)
  16. h10_5gb 1524 (1.5%) / #12 1380 (1.9%)
  17. ipod1g2g 1384 (1.4%) / #17 606 (0.9%)
  18. player 834 (0.8%) / #18 551 (0.8%)
  19. recorder 692 (0.7%) / #16 615 (0.9%)
  20. iaudiom5 422 (0.4%) / #19 341 (0.5%)
  21. recorder8mb 354 (0.3%) / #21 256 (0.4%)
  22. h100 345 (0.3%) / #20 299 (0.4%)
  23. recorderv2 222 (0.2%) / #22 227 (0.3%)
  24. fmrecorder 222 (0.2%) / #23 207 (0.3%)
  25. ondiofm 113 (0.1%) / #24 105 (0.1%)
  26. ondiosp 96 (0.1%) / #25 101 (0.1%)

As you can see, the recorderv2 and ondiosp packages are the only ones downloaded less than before. Sansa e200 has taken a big bite of the share since last, and the newcomer c200 gets almost 3% at once. The h120 build dropped 3 steps.

The top-4 targets are portalplayer based. The top-8 targets have color displays.

The downloads split on main architecture is interesting (the previous count to the right of the slashes):

  1. portalplayer 85427 downloads (83.6%) / 56764 (79.7%)
  2. coldfire 10645 downloads (10.4%) / 9225 (12.9%)
  3. samsung 3522 downloads (3.4%) / 3113 (4.3%)
  4. sh1 2533 downloads (2.5%) / 2062 (2.8%)

So while all gained downloads by number, the portalplayer targets increased their share…

Another split on properties is to separate the targets on solid state (flash) memory and hard drives:

  1. HDD 67061 downloads 65.7%
  2. flash 35066 downloads 34.5%

Like last time, this doesn’t include custom builds, builds from download.rockbox.org nor release builds from www.rockbox.org. Take all this as indications, not absolute facts.

Sansa View is PP+mi4 based

Sansa View I was just told about it by zivan56, and my mi4 page was just updated: the SanDisk Sansa View uses the mi4 file format and it is clearly PortalPlayer based. mi4code can find the crypto key, so decrypting it for disassembly is easy.

In fact, the zip contains two mi4 files and the second one is called “mediaproc.mi4” seems to be for a separate processor or similar, and it makes sense since the PP can’t do the movie playback etc with the specs that they boast for this player.

That media processor might very well be a “nv6110“, referred to many times in the firmware image.

Go crazy in the Rockbox forum thread about it!

libcurl DNS resolve problems on Leopard

libcurlI found this article by Jungle Dave titled Leopard DNS Issues (and work-around), which explains how libcurl built with IPv6 support may cause trouble on MacOS X 10.5 (Leopard).

According to him, that’s because getaddrinfo() causes a SRV lookup to be made and that may be either slow or get discarded completely and thus cause trouble.

This just adds another problem to getaddrinfo() resolves then, since we already have the problem with it when resolving round-robin DNSes since more or less every machine has a bad /etc/gai.conf setup that makes getaddrinfo() return a sorted list instead of the “random” one DNS admins in the wild would prefer the users to use…

aget compared to curl

As you should know, we maintain this curl comparison table on the curl web site, and it lists a set of free tools and how they compare against curl and each other in various aspects. If you want more features compared or other tools included, please tell. Also if you disagree with any of the facts stated there, just shout!cURL

The other day I got an email asking me to add aget to the table, and since it is a free tool (original BSD licensed) with a similar purpose it would indeed fit.

So I downloaded aget 0.4 and had a go at it.

  1. The “stable” 0.4 version doesn’t build out of the tarball. It does wrong assumptions on “errno” and thus I had to manually poke on 3 source files to make it generate a fine binary! While this error is claimed to be fixed in the “devel” version, the devel version fails to build on compiler errors instead!
  2. My first test was to download aget’s own home page with aget… and it failed. It says the page is 0 bytes and it doesn’t download anything and outputs something about a bad seek 0 bytes!
  3. This really turned me off, but then I thought I should report this back to the guys rather than just blog it… but there’s no email address in the package that seems suitable, and when checking on the site I find a reference to a mailing list but when trying to read the list’s archive it just redirects back to the main page! So blogging it is.
  4. aget 0.4 from 2002, the aget devel version is from June 2004. Development seems to have stopped.
  5. I decided aget isn’t going to be added to the table by me at this time. It’ll have to mature some more first (and given the age of the tarballs I doubt that’ll happen…). I also read through the source code a bit and it really gives the impression of being a young project that hasn’t yet have time to settle since there are numerous of suspicious conclusions and source code doing “funny” things.

Intercepting Bug Reports is Bad

open sourceParticipating in and maintaining open source projects is great fun, much rewarding and very educating. One thing you always want is bug reports from users who suffer from problems, as you cannot fix problems unless you know they exist!

Yet there are several obstacles along the way that can prevent users’ reports from reaching your project. These obstacles include:

Security sites

Eager to announce a new problem, a new revealed leak or exploit, people (often) submit security- related problems directly to sites and forums dealing with security. These sites (of course) don’t forward the reports onwards, they simply assume the projects are informed as well…

Distros

People who use Linux Distributions very often feel like a user of that distro (no surprise there really!) and they therefore primarily report bugs and problems to the distro’s bug tracker. Unless the people in the distro are keen and interested enough, those reports sit there rotting away and people in the upstream project who would like to know about it are never told and thus the bug isn’t fixed…

Sometimes the bug is even fixed by the distro people and they make a newly built version available, featuring that patch, but the patch isn’t forwarded upstream either!

Related forums/mailing lists

People discussing the project in another list or forum where they are users of it. They talk about workarounds etc and sometimes even talk about “known bugs” and “existing flaws” but without ever reporting them to the originating project so they aren’t fixed. They may thus be known to the subgroup there but not upstream.

Please report upstream!

This is my cry for how this situation can be fixed: make sure that problems you know of are reported upstream to the actual project working on the project. Don’t assume that reporting it to your distro or to your neighbor is enough!

(I could easily point out examples for all these cases for projects I am involved in, but I don’t think pointing fingers will gain us anything.)