Category Archives: Technology

Really everything related to technology

Taking down P2P botnets

Five german/french researchers wrote up this very interesting doc (9 page PDF!) called “Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on StormWorm” about one of the biggest and most persistent botnets out in the wild: Storm. It is used for spam and DDOS attacks, has up to 40,000 daily peers and the country hosting the largest amount of bots is the USA.

Anyway, their story on how it works, how they work on infecting new clients, how the researchers worked to infect it and disrupt the botnet communication is a good read.

Open platform but not free tools

As I suspected and guessed in my blog post yesterday, Jason Kridner of Texas Instruments responded to the mailing list and confirmed that the “open platform” currently doesn’t even have a free-to-use assembler for the DSP in the DaVinci (which thus has less free tools available than the DM320 series!) and the gcc port seem to be mostly an idea so far:

I’m not aware of any solid plans on a gcc port yet, but I can confirm that TI plans to offer C64x+ C compiler and assembler tools similar to the way we provide the C54x tools for the current OSD. The restrictions and registration might not be exactly the same, but my view is that the important thing is to get something out there that any hobbyist can use for free. It doesn’t make a lot of sense for someone doing coding for use in their own living room to need to pay $3000+ for a full set of development tools when all they need is a C compiler they can run on their Linux box.

I acknowledge that Neuros really seem to make efforts to make things truly open and free, but TI’s ways are often far from straight-forward and obvious. Jason refers to his presentation from Lugradio live, but I don’t see how that clarifies anything on the openness front.

TI and Neuros but is it open?

Neuros put out a press release yesterday saying that
Neuros and Texas Instruments create new bounty program for next-gen Open Internet Television Platform“, and Joe Born of Neuros said on their mailing list that “it will be a complete open platform that will allow developers of all levels to contribute and port applications.”. You can also read some additional thoughts and ideas in the ARS Technica article called “TI and Neuros team up to build open source media platform“. It is basically a hardware platform based on TI’s TMS320DM644x DSP system-on-a-chip line, also called DaVinci. There’s no coincidence of course that the Neuros OSD 2.0 will feature that.

Personally, I’m not convinced when I see TI speak of Open Source since I’m fully aware of their history and I even believe that this brand new “open” platform still requires TI’s restricted-but-free compiler for the DSP. Of course it is more open than many other platforms, but I dislike when someone tries to sound all fine and dandy while at the same time they’re trying to hide some of their better cards behind their back.

A truly open platform would not give TI an advantage. It would offer anyone wanting to do anything with it the same chance. This platform does not. After all, having it built around one of SoC flagships should be enough for them and should be a motivator for them to make this as successful (and thus as open) as possible.

I think it is sad that Neuros repeatedly does this kind of statements. Their original “open source” player was never open source (to any degree). Their OSD player is largely open source but huge chunks of it is not. Now they try to announce even more openness for an entire platform and yet again they fail to actually deliver a truly open product. Neuros shall forever be known as the company who seems to want to do right, but always fails to in the end nonetheless.

Update: Joe replied on the list to my question about the DSP tool(s) and it certainly sounds as if TI may in fact release a more open tool and/or even a gcc port!? If that turns out true it will of course squash most of my complaints here!

D2 vs M6 given a few days use

A lot of people have asked me about my opinions on and comparisons between these babies, the Cowon D2 and the Meizu M6, and here’s my take. Of course a lot of this involves the original firmwares’ functionalities as that’s what I’ve been using on them so far. The Rockbox port for the D2 is progressing at great speed but isn’t yet capable of producing sound, and the Meizu port still has a long way to go (since it’s still in its infancy with research and reverse engineering being the primary doings atm).

Cowon D2

Touch screen isn’t really the best idea for a portable media player I’d say, but I must confess that the UI with “pop-up” buttons is rather nifty. See this little video for a grasp on how it works:

I haven’t used it a lot but the UI is working nicely and is fairly easy to use. I haven’t yet got myself an SD card to insert and try out, but I should soon! It does have visible tiny little screws that shows it could be disassembled quite possibly without too much efforts. Some of my other Rockbox friends are interested in the D2 quite a lot because it comes in a DAB model too, but my version is limited to FM radio only and even

Meizu M6

Next to the D2 this baby feels extremely small. It also has no visible screws or anything that reveals how it could be disassembled! The bootup procedure is first a bit silly since you need to hold down the PLAY key for a while but it doesn’t actually start until you release it, and you don’t know exactly how long you need to hold it. But then I think it proceeds nicely with the screen not even showing that it started, apart from a little “Loading…” text.

The M6 doesn’t use a touch screen but instead they have a “weirdo” slider pad with four button areas. Most of everything in the UI that goes up and down, like moving in menus, changing values, changing volume etc is done by letting a finger slide on the pad. This could’ve been a nice way of input if it wasn’t far too sensitive and thus I always seem to miss my goal menu item and have to go up and down several times before I manage to “hit” my target. Quite annoying!

Of course one downside with this player that isn’t a surprise at all but can be stressed, is the lack of any expansion slot so the original 8GB I got is all this unit is ever gonna see.

Conclusion

I think I end up liking the D2 somewhat more, mostly because of the slider on the M6 being annoying and that the D2 is expandable. The D2 also has a nicer OF (original firmware), but that’s not really what I care about since I plan to run Rockbox on both. Unfortunately I’ve not had a lot of spare time for actually getting into the hacking recently so right now I can’t comment on that much. I’ve seen interesting progress done by others in the mean time though!

I cannot say that the D2 is twice as good as the M6 so I’d actually say that M6 is a better value purchase.

Ok, that’s it for now. These are my first impressions, I’ll try to come up with some further ones later on after some more usage and hopefully some real rockboxing on them

Meizu M6 and Cowon D2

I hadn’t gotten myself a new DAP in ages, and the last time I got one I had it donated to me from SanDisk. So it was Meizu M6really due time to get back into low-level fighting with Rockbox ports again. I ordered myself an 8GB Meizu M6 (SL) and a 8GB Cowon D2 (DAB-less), since both are very interesting flash-based targets with two very promising early Rockbox-porting efforts and we have data sheets for the SoCs used in both of them ( Samsung SA58700 and Telechips TCC7801).

I decided I should dive right in and also be able to do some nice comparisons of both these targets as they are quite similar spec-wise. Both units arrived at my place at the same time, so I got the chance to get a feel for them at once without any discrimination against either one.

Some first impressions without even having switched any of them on:

Cowon D2

The M6 comes in a much smaller box indicating it’s “mini player” style already there. It was also much cheaper, almost half the price of the D2.

The D2 comes with a wall-charger but otherwise both boxes include earplugs, a driver-cd (windows stuff I presume) and a USB cable.

Comparing their physical appearances next to each other, there’s no doubt that the M6 is much smaller (even perhaps amazingly small – but yet with a screen that is considerably larger then for instance my Sansa e200) and I can’t help think that the D2 design is a bit weird has it looks as if it has something that can slide out but it doesn’t. I assume some of the D2’s extra size (thickness) is due to its SD slot (yes that’s full size SD not microSD) which is something the M6 doesn’t feature, not even a micro version. Both have USB mini-B slots and charges over that. The D2 has a small protective cover over the slot.

I’ll provide more fluff like photos comparing them against each other and against other targets soon as well, and perhaps something about how their firmware compares, the status of Rockbox on them etc. Stay tuned!

Update: M6 next to D2 pictures

Bad guys reveal other bad guys

In Sweden we currently have an interesting situation where a hacking group called “Hackare utan gränser” (should probably be “Hackers Without Borders” if translated) hacked one of those auction sites where you make the lowest unique bid to win. The site in question is called bideazy and according to the hacker group’s announcement (forum posting and following discussion entirely in Swedish) their database is full of evidence of the bidding not having been done correctly and it seems to show that the site and company owner has won a large amount of all “auctions”.

And they also made most of that data publicly available.

This brings many questions in my brain, including:

First of course the evident discussion if one crime (the hacking) can be justified to reveal another (the scam), but what I think is more important: isn’t auction sites and especially the lowest-bid kinds more or less designed to open up for the sites to easily scam the users? It is very very hard for someone on the outside of it all to see if things are done the right way and that all rules are followed. Heck, even a little tweak here and there would make a huge impact for the site but won’t be seen by the public.

I also find it a bit funny that in this case is they seem to have stored the scam data neat and properly in their data base which the hackers found, and I really can’t figure out why. If they wanted a database to show as a front end if someone would ask and blame them for cheating, then this wouldn’t be the one. And since they really seem to be cheaters, why would they need to store and keep track of all the cheats in a huge database?

How to hack firmwares and get away with it

It is with interest we in the Rockbox camp checked out the recent battle in Creative land where they shot down a firmware (driver really) hack by the hacker Daniel_K as seen in this forum thread.

We’re of course interested since we do a lot of custom firmwares for all sorts of targets by all sorts of companies, and recently there are efforts in progress on the Creative series of players so could this take-down move possibly be a threat to us?

But no.

In the Rockbox community we have already since day one struggled to never ever release anything, not code nor images or anything else, that originates from a company or other property owner. We don’t distribute other’s firmwares, not even parts of them.

For several music players the install process involves patching the original firmware file and flashing that onto the target. But then we made tools that get the file from the source, or let the user himself get the file from the right place, and then our tool does the necessary magic.

I’m not the only one that think Daniel Kawakami should’ve done something similar. If he would just have released tools and documentation written entirely by himself, that would do the necessary patching and poking on the drivers that the users could’ve downloaded from Creative themselves, then big bad Creative wouldn’t have much of legal arguments to throw at Daniel. It would’ve saved Daniel from this attack and it would’ve taken away the ammunition from Creative.Lots of Rockbox Targets

I’m not really defending Creative’s actions, although I must admit it wasn’t really a surprising action seeing that Daniel did ask for money (donations) for patching and distributing derivates of Creative’s software.

So far in our 6+ years of history, the Rockbox project has been target of legal C&D letter threats multiple times, but never from one of the companies for which targets we develop firmwares for. It has been other software vendors: two game companies (Tetris Company and PopCap games) fighting to prevent us from using their trademarked names (and we could even possibly agree that our name selections were a bit too similar to the original ones) and AT&T banning us from distributing sound files generated with their speech engine software. Both PopCap and Tetris of course also waved with laywers saying that we infringed on their copyrights on “game play” and “look” and what not, but they really have nothing on us there so we just blanked-faced them on those silly demands.

The AT&T case is more of a proof of greedy software companies having very strict user licenses and we really thought we had a legitimate license that we could use to produce output and distribute for users – sound files that are to a large extent used by blind or visually impaired users to get the UI spelled out. We pleaded that we’re an open source, no-profit, no-money really organization and asked for permission, but were given offers to get good deals on “proper” licenses for multiple thousands of dollars per year.

Ok, so the originating people of the Rockbox project is based in Sweden which may also be a factor as we’re not as vulnerable to scary US company tactics where it seems they can sue companies/people who then will have to spend a fortune of their own money just to defend themselves and then you have to counter-sue to get any money back even if you were found not guilty in the first case. Neither is Rockbox an attempt to circumvent any copy protections, as if it were it would have violated laws in multiple countries and regions. Also, reverse engineering is perfectly legal in many regions of the world contrary to what many people seem to believe.

If this isn’t sticking your chin out, then what is? đŸ˜‰

Update 4-apr-2008: Creative backpedals when their flame thrower backfired.

Sansa Fuze AMS reuse

Anythingbutipod.com published a Sansa Fuze disassembly today and allow me to offer a visual comparison of the SanDisk-branded main chips in the Sansa Fuze (top) compared to the one in the Sansa e280 v2 (bottom):

Sansa Fuze chip branded SanDisk

SanDisk marked chip, an AMS AS3525

And since we know the e200v2 one is an AS3525, there is little doubt that the Fuze one is as well. Of course we can confirm this for real once we get our hands on a firmware update file for the Fuze – I’m not aware of the existence of any yet at least.

So where does this put the Fuze Rockbox-wise? About at the same position all the other “Sansa v2 architecture” targets: we basically know the firmware file format, we have data sheet for the AS3525 but there aren’t any particular efforts going on and we don’t know if they have any means to recover from being flashed with a broken firmware!

Update: because some less intelligent people decided that facts I wrote in this article back in 2008 would still be the truth several years later, I urge you all you check the date for things your read on the internets. And in this particular case, Rockbox runs very good these days on several SanDisk players that use the AMS chipsets. See the http://www.rockbox.org/wiki/SansaAMS page for details

International money transfers hurt

I have contacts and business associates located literally all over the globe. Some of them occasionally pay me money. Receiving money from abroad is not easy. How can this still be the case in the year 2008 when soon every living soul have mobile phones and we have global mobile broadband just around the corner?

One dollar billThe citizens of US, often called Americans, are too fond of their silly checks and while they often can be squeezed to wire money they tend to not do it. I believe SWIFT/IBAN is a European invention so I suspect the US banks resist only because of that – and of course because the use of checks seems so deeply rooted in the American soil. Cashing in a 4000USD check cost me well over 200USD not very many moons ago. And then I had to go through many hoops at the bank, standing in lines, filling out forms, waiting for clerks not understanding at all what to do but explaining to me that they don’t have to cash it at all so I should better be grateful they do and yes please sign here that you’ll be forced to pay back in case we’ll find out in a hundred years that the check bounces. In Sweden, checks died out in the 80s and I’ve never owned a checkbook and have never used as payment.

From Russia I hear the SWIFT/IBAN thing is also expensive and one of my contacts then prefer to use Western Union instead. Now that’s another sorry and messy approach. I then have to show up at an “agent’s” place and stand in lines, fill in forms, stand waiting for the personal to try to understand how the heck they should proceed with this, answer lots of irrelevant questions and then in the end get the money in cash in my hand. (A fun side-note: Western Union’s SSL certificate has the wrong Common Name field in it. Certainly not the best way to give a good and trusty impression.)

To and from Africa we get to hear about “westernunion-like” businesses that tend to end up being blamed for sponsoring terror organizations. Perhaps we can somehow forgive parts of Africa where poverty is wide-spread and the internet/technological penetration is not so dense.

Within Sweden – I actually got an actual physical “100 kronor” bill mailed to me in an envelope the other day as a donation for curl. Of course I appreciate it, but I find it sad that sending an actual physical letter is the easiest and cheapest way!

Paypal is every so often just the most sensible and easiest solution out there. I’m just always so surprised that there are so few actual and serious competitors to Paypal – I mean that tries to function internationally. We have a handful Swedish or European-only style versions, but hey within Sweden and Europe SWIFT/IBAN rocks anyway so there’s little use for such a limited Paypal-clone.

I would guess that anyone who would seriously try to answer my questions would bring up legislations (and especially economy laws in various countries with money-laundry preventions and what not) and the conservatism of the banks that make big money by carving off a large amount or percentage on every transfer – not to mention the interest on the money during the insane periods when the money is in limbo somewhere between banks.

I would still rather like to see more companies and banks seriously trying to compete with Paypal about doing smooth payments from wherever to wherever. We’re in the 21st century darnit!

Neuros OSD 2.0

For you who are into things like open source hardware for your videos, it can be interesting to note Neuros‘ recent posting of their planned specs for their upcoming OSD 2.0 player that I guess then will replace the current Neuros OSD model.Neuros OSD 2.0

In hard techy interesting terms: they plan to upgrade to Texas Instruments Davinci 6446 chipset, which is a 300MHz ARM9 with a C64x DSP core embedded. Pretty much like the existing DM320 one, but it seems with a great deal of more horse power under the hood. Given their specs paper, it will support a lot of formats and at least partially up to HD resolutions. It’ll also support internal harddrive and offer 256MB RAM and 256MB internal NAND flash.

Personally I don’t care that much as I don’t even have analogue TV and don’t download/have many movies to watch and my existing DVB-T box has fine recording abilities and my DVD is good enough for my kids to repeatedly watch the same animated films over and over and over…

Oh btw, if this sounds like your kind of backyard and other things combine well, Neuros is hiring Linux developers for what I believe is this hardware.

(sorry for the crappy quality of the pic but I nicked it from the PDF)