Category Archives: Open Source

Open Source, Free Software, and similar

Rockbox talk at Fosdem

I’m scheduled to do a talk about Rockbox at FOSDEM 2010 in the embedded devroom. I’ve got it confirmed, even though the schedule for that room is still not up on the fosdem site.

I must admit the planning for the schedule and the talks of Fosdem confuses me greatly so I’m not entirely sure how everything will work at there – this is going to become my first visit to Fosdem.

My talk will be based on and be similar to the talk I did on this topic at FSCONS 2009.

Update: fosdem info about the talk.

Rockbox

FOSDEM, the Free and Open Source Software Developers' European Meeting

2010 conferences

What are the good conferences 2010 that I really shouldn’t miss? I’m talking open source, tech and internet protocols. Where are you going? I’m currently planning like this:

Fosdem 6-7 Feb in Brussels Belgium: I’m going and I’m doing a Rockbox talk.

foss-sthlm 24 Feb in Stockholm Sweden: I’m arranging and I’m doing a curl talk. This isn’t really a “conference” but I wanted to mention it anyway!

IETF 77 in Anaheim USA, March 21-26: While it would’ve been a blast to go there, it really doesn’t sync very well with my work schedule and other lifely matters so I’ll pass this one! Sorry all friends whom I otherwise would’ve met there!

OWASP AppSec Research in Stockholm Sweden, June 21-24: since it is in Stockholm and these guys tend to have interesting stuff I just may go. It depends a little on how the program will end up and if I manage to cough up a talk for it.

IETF 78 in Maastricht Netherlands July 25-30: I want to go there and I think the timing is much better for this IETF meeting than the previous few ones. With a little luck we’ll get both the HTTPBIS and the HTTPSTATE groups to have meetings here, and who knows what other fun there will be?!

Slackathon 2010 in August in Stockholm Sweden? It’s not decided yet but I hope they will go for it and I will try to attend. Slackathon reminders.

FSCONS in Gothenburg Sweden Oct/Nov: Since this is our current major open source conference in Sweden I really want to go and I hope to be able to do a talk too. I don’t think the date is set yet, which is a bit unfortunate since November this year is a bit special to me so there will be some other events going on at that time that risk conflicting with FSCONS.

httpstate cookie domain pains

Back in 2008, I wrote about when Mozilla started to publish their effort the “public suffixes list” and I was a bit skeptic.

Well, the problem with domains in cookies of course didn’t suddenly go away and today when we’re working in the httpstate working group in the IETF with documenting how cookies work, we need to somehow describe how user agents tend to work with these and how they should work with them. It’s really painful.

The problem in short, is that a site that is called ‘www.example.com’ is allowed to set a cookie for ‘example.com’ but not for ‘com’ alone. That’s somewhat easy to understand. It gets more complicated at once when we consider the UK where ‘www.example.co.uk’ is fine but it cannot be allowed to set a cookie for ‘co.uk’.

So how does a user agent know that co.uk is magic?

Firefox (and Chrome I believe) uses the suffixes list mentioned above and IE is claimed to have its own (not published) version and Opera is using a trick where it tries to check if the domain name resolves to an IP address or not. (Although Yngve says Opera will soon do online lookups against the suffix list as well.) But if you want to avoid those tricks, Adam Barth’s description on the http-state mailing list really is creepy.

For me, being a libcurl hacker, I can’t of course but to think about Adam’s words in his last sentence: “If a user agent doesn’t care about security, then it can skip the public suffix check”.

Well. Ehm. We do care about security in the curl project but we still (currently) skip the public suffix check. I know, it is a bit of a contradiction but I guess I’m just too stuck in my opinion that the public suffixes list is a terrible solution but then I can’t figure anything that will work better and offer the same level of “safety”.

I’m thinking perhaps we should give in. Or what should we do? And how should we in the httpstate group document that existing and new user agents should behave to be optimally compliant and secure?

(in case you do take notice of details: yes the mailing list is named http-state while the working group is called httpstate without a dash!)

an application protocol monster

During the autumn 2009 I was sponsored by a company to work on some new protocols for libcurl to support – IMAP, POP3, SMTP and their TLS-powered versions. It took me a little while to get things working the way I’d like them to due work load elsewhere and other irrelevant distractions.

In the next curl and libcurl release, to be called version 7.20.0, which if everything runs fine and according to plan might happen at the end of January 2010 or possibly a little later, libcurl will truly have converted from a file transfer library into a full fledged application protocol layer monster.

The current incarnation of my development libcurl supports the following 18(!) protocols:

tftp ftp telnet dict ldap ldaps http file https ftps scp sftp imap imaps pop3 pop3s smtp smtps

While SSL versions of protocols are arguably not separate protocols, the 12 protocols in the list without SSL are still many in my view.

The fundamentals of libcurl remain the same though: specify a URL to operate against. Send or receive data. Sometimes both send and receive in the same request.

Internally in libcurl, I converted a big portion of the FTP-specific code into a more generic “pingpong”-generic code which is now designed to work similarly with all these new protocols that share many similarities with FTP. They are all sending commands to the server and get responses back, in similar ways.

As before, the ability to disable specific protocols when building libcurl remains so for those who don’t particularly care about these new ones and want to maintain building a library that is as small and lean as possible, there should be little extra weight due to this recent development. I’ve been pondering but I’ve not yet figured out the most perfect way to deal with such build options in the code so they are still a bit too #if and #ifdef intensive for my taste…

Meanwhile, Chris Conroy has been busy in his end implementing support for RTSP that also soon might be ripe for inclusion in the main code.

Not too surprisingly perhaps, the curl tool also then gets these protocol abilities so it becomes even more than before the Swiss army knife tool for internet protocols and then of course explicitly application layer ones.

cURL

curl talk at foss-sthlm

I’m now scheduled to do a short talk on curl and the project on the foss-sthlm meeting in Stockholm on February 24th! As you can see on the site, there’s also a set of other fun subjects around Free and Open Source Software.

The material on the site is all in Swedish and all talks are expected to be mostly in Swedish.

Our merry foss-sthlm effort has really taken off in a great way and more than 50 persons have already signed up to show up at the meeting and we have 5 other speakers apart from myself lined up. The program isn’t really fixed yet, but it certainly looks like it’ll end up at least mostly the way it currently looks.

If you are in the area and have an interest in FOSS, consider showing up!

Oh, and my brother Björn is scheduled to talk about Rockbox at the same event.

My open source TV

For Christmas this year I decided to surprise my wife with a new TV. To sum it up: hiding a 42″ TV in the closet was hard.LCD TV

Oh well, the model I got for her is a Philips 42PFL7404H. It’s really nothing magical about it, it’s a rather standard LCD TV.

What did make me smile however, was the little paper I found next to the manual (which is done in 30 languages!) and the quick-start guide, a two-sided legal-sized paper that lists all the open source products they’ve used in the TV as well as the GPL and LGPL licenses spelled out in their entirety. Anyway, the products this TV claims to use are:

Linux kernel, Flash Eraseall, Nandwrite, Helper Application, Libc, Librt, Libm, Libpthread, libgcc, libstd++, Diet libc, libgphoto2, vsnprintf, GIF reading routines, base64.

I find it noticeable that there’s no shell or busybox in that list, which in my book is a rather unusual embedded Linux setup.

Going Fosdem 2010

Oh what the heck, we plan to bring every single employee of Haxx over to Fosdem 2010. Yes, that means all two of us!

I hope we’ll manage to join up with fellow Rockbox hackers then and it would be great fun to meet other friends from other projects and open source activities too.

I’ve not been to Fosdem before, and I’ve offered to do a talk there but so far I’ve not gotten a response from the responsible guy in the “embedded dev room”. We’ll see how that ends.

FOSS-sthlm

Me and Claes Jakobsson had a talk in #curl the other day about how we rarely meet Open Source people in the Stockholm Sweden area outside of our own little circles and friends.

In that moment we decided we’d try to arrange a meeting. Free Sofware and Open Source people in the area. In one place. Possibly involving beer. And why not some talks by some clueful people? We’re aiming for it to happen already during early spring 2010, but no date has been set yet.

We’ve already sent out a few mails to people, and we’ve posted about this idea at a few places and now I’ve setup a dedicated mailing list for this purpose. The foss-sthlm mailing list.

Do you want to participate at a meeting like this?

Do you want to help arranging the meeting and get the word spread in all the communities that we would like to get the word spread to?

Do you have any experience in arranging a meeting of this sort? We currently have no idea if people are interested enough, or if we get people interested how many we might be able to attract!

Do you by any chance have connections or friends at companies that would be interested in helping out with sponsorships or similar? My company (Haxx) will certainly make a contribution.

Don’t be shy. Join in and help us get some fun going.

Update: we now have web site monitoring our progress.

How to get involved in Open Source

I had a fun chat with Anthony Bryan a while ago on the topic of how to get involved with Open Source. What projects generally need, what you can do, how you can help and things like that.

The recording/podcast was originally posted over at knowledgecaps.com, but the 22MB file is also available from my site. I’m not sure why, but when I play this in my audacious I get the chipmunk version (ie far too fast playback). So I haven’t yet listened to it myself!

A related article I wrote ages ago: What Can I do for Rockbox when not Programming?

c-ares 1.7.0

The first c-ares release so far in 2009 took place today when we shipped c-ares 1.7.0 and uploaded it to the web site.

News this time include:

  • Added ares_library_init() and ares_library_cleanup()
  • Added ares_parse_srv_reply(), ares_parse_txt_reply() and ares_free_data()
  • in6_addr is not used in ares.h anymore, but a private ares_in6_addr is
    instead declared and used
  • ares_gethostbyname() now supports ‘AF_UNSPEC’ as a family for resolving
    either AF_INET6 or AF_INET
  • a build-time configured ares_socklen_t is now used instead of socklen_t
  • new –enable-curldebug configure option
  • ARES_ECANCELLED is now sent as reason for ares_cancel()
  • new –enable-symbol-hiding configure option
  • new Makefile.msvc for any MSVC compiler or MS Visual Studio version
  • addrttl and addr6ttl structs renamed to ares_addrttl and ares_addr6ttl
  • naming convention for libraries built with MSVC, see README.msvc

The set of bugfixes done include these:

  • ares_parse_*_reply() functions now return ARES_EBADRESP instead of
    ARES_EBADNAME if the name in the response failed to decode
  • only expose/export symbols starting with ‘ares_’
  • fix \Device\TCP handle leaks triggered by buggy iphlpapi.dll
  • init without internet gone no longer fails
  • out of bounds memory overwrite triggered with malformed /etc/hosts file
  • function prototypes in man pages out of sync with ares.h

As usual, c-ares would be nothing without the fierce and skillful help provided by a team of volunteer hackers. We always need more help and assitance, join the c-ares mailing list and join in the fun!

c-ares