Sansalinux

sansa e200RWith an unfortunate Sourceforge registry date of April 1st 2008, it could very well be an April’s fools prank but then I can’t see any real reasons why someone couldn’t port ipodlinux over to the Sansa e200 v1 series.

So Sansalinux is working according to their site, and they also provide some crappy screenshots that aren’t really good enough to make it possible to tell if they are for real or fakes.

The uclinux patch on their download page seems genuine and contains a lot of code originating from Rockbox (including copyright lines from Rockbox hackers).

As in the case with the ipod version, it begs the question what they want with this apart from the fun of getting Linux on yet another target. Also, seeing how there’s really no developers around to hack on ipodlinux it’ll be interesting to see if there will be any on the Sansa version. Seeing that it doesn’t run on the v2 version (no surprise really since Rockbox doesn’t either) so there’s no new Sansa e200 to buy to run this linux on.

If someone actually tries this out, please let us know what you find out!

How to hack firmwares and get away with it

It is with interest we in the Rockbox camp checked out the recent battle in Creative land where they shot down a firmware (driver really) hack by the hacker Daniel_K as seen in this forum thread.

We’re of course interested since we do a lot of custom firmwares for all sorts of targets by all sorts of companies, and recently there are efforts in progress on the Creative series of players so could this take-down move possibly be a threat to us?

But no.

In the Rockbox community we have already since day one struggled to never ever release anything, not code nor images or anything else, that originates from a company or other property owner. We don’t distribute other’s firmwares, not even parts of them.

For several music players the install process involves patching the original firmware file and flashing that onto the target. But then we made tools that get the file from the source, or let the user himself get the file from the right place, and then our tool does the necessary magic.

I’m not the only one that think Daniel Kawakami should’ve done something similar. If he would just have released tools and documentation written entirely by himself, that would do the necessary patching and poking on the drivers that the users could’ve downloaded from Creative themselves, then big bad Creative wouldn’t have much of legal arguments to throw at Daniel. It would’ve saved Daniel from this attack and it would’ve taken away the ammunition from Creative.Lots of Rockbox Targets

I’m not really defending Creative’s actions, although I must admit it wasn’t really a surprising action seeing that Daniel did ask for money (donations) for patching and distributing derivates of Creative’s software.

So far in our 6+ years of history, the Rockbox project has been target of legal C&D letter threats multiple times, but never from one of the companies for which targets we develop firmwares for. It has been other software vendors: two game companies (Tetris Company and PopCap games) fighting to prevent us from using their trademarked names (and we could even possibly agree that our name selections were a bit too similar to the original ones) and AT&T banning us from distributing sound files generated with their speech engine software. Both PopCap and Tetris of course also waved with laywers saying that we infringed on their copyrights on “game play” and “look” and what not, but they really have nothing on us there so we just blanked-faced them on those silly demands.

The AT&T case is more of a proof of greedy software companies having very strict user licenses and we really thought we had a legitimate license that we could use to produce output and distribute for users – sound files that are to a large extent used by blind or visually impaired users to get the UI spelled out. We pleaded that we’re an open source, no-profit, no-money really organization and asked for permission, but were given offers to get good deals on “proper” licenses for multiple thousands of dollars per year.

Ok, so the originating people of the Rockbox project is based in Sweden which may also be a factor as we’re not as vulnerable to scary US company tactics where it seems they can sue companies/people who then will have to spend a fortune of their own money just to defend themselves and then you have to counter-sue to get any money back even if you were found not guilty in the first case. Neither is Rockbox an attempt to circumvent any copy protections, as if it were it would have violated laws in multiple countries and regions. Also, reverse engineering is perfectly legal in many regions of the world contrary to what many people seem to believe.

If this isn’t sticking your chin out, then what is? 😉

Update 4-apr-2008: Creative backpedals when their flame thrower backfired.

Is gsoc 2008 doomed?

On the gsoc mentors list one of the Google admins brought up the suggestion that the application period should be extended another week to allow students somewhat longer time to apply. This caused a flood of responses from many organizations and a lot of them (although not all) told stories that we share in the Rockbox project: at this time (with only some 13 hours left until the deadline) we have less applications than last year and they also seem to be of lesser quality. At the time of me writing this there have been no verdict if the period will be extended or not. Of course voices have been raised against the idea as well citing well-argued reasons such as the students who did manage to apply before the deadline might be less favored by an extension and that it will affect the time line in general etc.

Google Summer of Code 2007 front print

In the #rockbox IRC channel we figured out that the total sum a gsoc student gets (4500 USD) has gone down quite One dollar billconsiderably to a European student as last year’s students got about 3500 Euros but the same amount of USD is currently worth not more than about 2800 Euros. And remember that this is payment for a supposedly full-time work during twelve weeks. Ok they’re students and everything ,but still… and this 700 Euro drop (ok since currencies fluctuates it may be more or less at the end of the summer) may in fact be a contributing factor why less students apply.

A lot of poeple also suggested that having the application period over the easter period might’ve hampered this as well, as easter time is holiday time in many countries all over the glob.

curl and libcurl 7.18.1

Mainly thanks to the 22 friends named in the release notes, curl and libcurl 7.18.1 was released today with the news and fixes that should prove this the best curl and libcurl versions ever – I guess we always have to believe that our latest is the greatest, why else would we release it?

cURL

The release notes identifies 23 bug fixes we did during the two months since the last release, and the news we introduce include these goodies:

  • added support for “HttpOnly” cookies
  • ‘make ca-bundle’ downloads and generates an updated ca bundle file
  • we no longer distribute or install a ca cert bundle
  • SSLv2 is now disabled by default for SSL operations
  • the test509-style setting URL in callback is officially no longer supported
  • support a full chain of certificates in a given PKCS12 certificate
  • resumed transfers work with SFTP
  • added type checking macros for curl_easy_setopt() and curl_easy_getinfo(), watch out for new warnings in code using libcurl (needs gcc-4.3 and currently only works in C mode)
  • curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() and curl_multi_setopt() uses are now checked to use exactly three arguments
  • –with-ca-path=DIR configure option allows to set an openSSL CApath instead of a default ca bundle.

As usual, you can download it here.

Sansa Fuze AMS reuse

Anythingbutipod.com published a Sansa Fuze disassembly today and allow me to offer a visual comparison of the SanDisk-branded main chips in the Sansa Fuze (top) compared to the one in the Sansa e280 v2 (bottom):

Sansa Fuze chip branded SanDisk

SanDisk marked chip, an AMS AS3525

And since we know the e200v2 one is an AS3525, there is little doubt that the Fuze one is as well. Of course we can confirm this for real once we get our hands on a firmware update file for the Fuze – I’m not aware of the existence of any yet at least.

So where does this put the Fuze Rockbox-wise? About at the same position all the other “Sansa v2 architecture” targets: we basically know the firmware file format, we have data sheet for the AS3525 but there aren’t any particular efforts going on and we don’t know if they have any means to recover from being flashed with a broken firmware!

Update: because some less intelligent people decided that facts I wrote in this article back in 2008 would still be the truth several years later, I urge you all you check the date for things your read on the internets. And in this particular case, Rockbox runs very good these days on several SanDisk players that use the AMS chipsets. See the http://www.rockbox.org/wiki/SansaAMS page for details

lugradio s5e14

sansa e200RI listened to lugradio’s season 5 epsisode 14 podcast today and I thought I’d share that at roughly 1:20 into the show there’s a brief mentioning and discussion around Rockbox. The subject came up thanks to a listener’s email explaining how he got his Sansa e200 player to play ogg by installing it.

Unintentionally, it was also quite ironical how Adam (one of the podcast hosts) just minutes before this mentioned how he has an iAudio X5 that can play ogg vorbis (and flac) natively (as a response to a user asking what players the guys would recommend) – without mentioning a single word about Rockbox even though Rockbox worked on the X5 long before it worked on the Sansa and I would think that any Linux- liking Open Source geek should know about Rockbox and use it on their mp3 players at least as long as they have targets that Rockbox is already ported to and working fine on… and when asked, I can only recommend getting any player that can run Rockbox before one that can’t. Of course these days this is somewhat of a dilemma since none of the players Rockbox supports are manufactured anymore…

I also liked in a elbow-poking sort of way how they referred to the ipodlinux project as one of the most pointless projects in existence. Of course, that may very well also be one of the reasons why that project is now more or less dead. This also makes me think of this lwn.net post by debacle, who argues that having Linux on a portable music player is better than Rockbox simply because “there’s where the developers are”. As the ipodlinux example shows, the reality is not that simple.

Two for the price of one

As probably one of the last humans on earth, I got my paper version of Linux Journal’s April 2008 issue in my mailbox today. While I’ve felt that the magazine has slowly degraded over the last years, this issue certainly made me all warm and fuzzy inside since it contains not one but two articles on subjects very dear to me. A three-page article was dedicated to a Rockbox review (subscription-required-to-read link) named “iPod + Rockbox =Linux Journal April 2008 issue 168 Entertainment Extravaganza” and there was a two-page article on how to use curl (another paid-subscription-required link)to fiddle with a web interface named “Twittering from the Command Line”.

I have a hard time to put a finger on exactly why I feel that the magazine has lost some of its past qualities but I’ve noticed that I finish the magazine much faster these days and I generally skip over more uninteresting articles. I haven’t really investigated this, but it may very well be because a shift in focus in the magazine. I tend to be interested in low-level, kernel, OS, hardware-touching, libraries and related stuff. Not so much in high-level applications or web frameworks and more user and desktop oriented fluff.

I should also add that the Rockbox review was pretty good. Not perfect in any way since it contained errors, was for an old boring grayscale-ipod target and suggested that the original OS is better suited for playing music… The article that mentioned curl wasn’t really about curl but only showed how it can be used but it was mentioned in positive terms at least!

curl ten years today

Birthdaycake

On March 20th 1998 curl 4 was released. It was the first curl release ever even if already at version 4 since we kept the version number from the previous projects we did before curl – using other names. We started it all with having the tool named httpget (which was an existing small tool written by Rafael Sagula), soon changed name to urlget to end up with curl – all renames happening due to shifting features and focus.

Like many other projects, this started because of an itch. I wanted to get currency rates off the internet to allow an IRC bot to be able to provide an “exchange service” for users with accurate up-to-date rates. I thought the existing projects I found all did too much or did the wrong thing. That bot and service is now gone since long.

curl has been a truly portable project from day 1, and the first windows build was already urlget 2.1 (pre-curl). autoconf support for the build process was added in October 1998.

Unfortunately I don’t have the original release 4 tarball left anymore, the closest one I have is curl 4.8 (dated August 31 1998). curl 4.8 is about 3400 lines of code. Today we’re totaling in well over 100K source lines, so it has grown over 30 times!

I had no big plans for curl nor did I think very much about the future of the project. I just added the features I and my fellow contributors wanted to have for the moment. That’s actually pretty much how the project has continued to work. We don’t have many long-term plans for what to do with it, we mostly look just inches ahead of our noses and act accordingly.

During the version 6 period (Sep 1999 – Mar 2000) we learned that curl was getting popular, was useful and worked rather well, so the work on providing a libcurl started. We wanted to offer other applications the ability to use curl’s file transfer powers. Version 7.1 was released in August 2000 and thus libcurl was officially born.

curl and libcurl remained being a rather low-key project, I just work on it on my spare time and there are no full-time developers paid to work on this project – apart from some occasional sub-projects now and then that have been sponsored by companies and organizations. (See later on for an example.)

Slowly but surely more and more people started using libcurl and contributed with bug reports and patches. When the project turned 5 years in 2003 I collected all the names of all contributors so far and I reached the number 270. I found the number very high and I was mostly kidding when I said I hoped we would double that amount by the time we celebrate our tenth anniversary. Of course we’ve more than doubled that amount today when we have more than 620 named contributors so far – and continuously adding new ones with every release.

During this journey of a decade, I’ve remained the lead developer and project leader but we’re now some 10 developers with commit access (that also use it) and I try to be open and responsive in order to attract more developers to come aboard, to listen to their advice and ideas and to be sensitive on what our users want from us.

In 2005 I was lucky enough to get a grant from the Swedish IIS organization for the purpose of developing a new event-based API for libcurl to better deal with very large amount of connections, the problem so nicely called c10k.

In the days when our humble project turns 10, I spend about two hours spare time per day on the project and it is my primary hobby, we make 5-6 releases per year, we get about 7000 unique visitors on the web site a normal day, about one million curl packages are downloaded per year – from our servers.

Today, libcurl is feature-rich, portable, very widely used, very fast, well supported and there are no signs of stagnation in release nor development pace. In fact, looking at the source-code growth over the last couple of years we can see a pretty stable and continuous growth:

curl source code growth

Just as I never looked ahead and planned for the future much in the past, I don’t do that now either so I really don’t know and can’t tell what the future will hold for us. We’ll just continue to develop the world’s best client-side file transfer library, to make it even more solid for the foreseeable future, to make it do the things users and developers out there think it should do. Possibly that involves adding support for more protocols, removing some of the less popular ones or simply by enhancing how we support the existing ones.

Join the mailing lists and join us for the next ten years to come!

International money transfers hurt

I have contacts and business associates located literally all over the globe. Some of them occasionally pay me money. Receiving money from abroad is not easy. How can this still be the case in the year 2008 when soon every living soul have mobile phones and we have global mobile broadband just around the corner?

One dollar billThe citizens of US, often called Americans, are too fond of their silly checks and while they often can be squeezed to wire money they tend to not do it. I believe SWIFT/IBAN is a European invention so I suspect the US banks resist only because of that – and of course because the use of checks seems so deeply rooted in the American soil. Cashing in a 4000USD check cost me well over 200USD not very many moons ago. And then I had to go through many hoops at the bank, standing in lines, filling out forms, waiting for clerks not understanding at all what to do but explaining to me that they don’t have to cash it at all so I should better be grateful they do and yes please sign here that you’ll be forced to pay back in case we’ll find out in a hundred years that the check bounces. In Sweden, checks died out in the 80s and I’ve never owned a checkbook and have never used as payment.

From Russia I hear the SWIFT/IBAN thing is also expensive and one of my contacts then prefer to use Western Union instead. Now that’s another sorry and messy approach. I then have to show up at an “agent’s” place and stand in lines, fill in forms, stand waiting for the personal to try to understand how the heck they should proceed with this, answer lots of irrelevant questions and then in the end get the money in cash in my hand. (A fun side-note: Western Union’s SSL certificate has the wrong Common Name field in it. Certainly not the best way to give a good and trusty impression.)

To and from Africa we get to hear about “westernunion-like” businesses that tend to end up being blamed for sponsoring terror organizations. Perhaps we can somehow forgive parts of Africa where poverty is wide-spread and the internet/technological penetration is not so dense.

Within Sweden – I actually got an actual physical “100 kronor” bill mailed to me in an envelope the other day as a donation for curl. Of course I appreciate it, but I find it sad that sending an actual physical letter is the easiest and cheapest way!

Paypal is every so often just the most sensible and easiest solution out there. I’m just always so surprised that there are so few actual and serious competitors to Paypal – I mean that tries to function internationally. We have a handful Swedish or European-only style versions, but hey within Sweden and Europe SWIFT/IBAN rocks anyway so there’s little use for such a limited Paypal-clone.

I would guess that anyone who would seriously try to answer my questions would bring up legislations (and especially economy laws in various countries with money-laundry preventions and what not) and the conservatism of the banks that make big money by carving off a large amount or percentage on every transfer – not to mention the interest on the money during the insane periods when the money is in limbo somewhere between banks.

I would still rather like to see more companies and banks seriously trying to compete with Paypal about doing smooth payments from wherever to wherever. We’re in the 21st century darnit!

curl, open source and networking