LWN.net Weekly Edition for November 17, 2005

LiPS service

One might think that there are already enough industry bodies working on Linux in telephone applications. But, on November 14, a new group, called the "Linux Phone Standards Forum" (or "LiPS") announced its existence. According to the release:

In essence, LiPS wants to push toward the creation of a standard low-level phone platform which allows vendors to focus their efforts on the higher-level features which set their offerings apart. The appeal of this idea is not that hard to understand. As an operating system for telephones, Linux is hard to beat: it can be customized to taste, it is efficient, and it lacks per-unit royalty costs. In addition, mobile platforms have become powerful enough to run Linux, and many mobile applications are sufficiently demanding to require a complete operating system like Linux. On the other hand, Linux lacks the features specific to telephony which can be found in a proprietary platform like Symbian. By filling in that layer of telephony-specific features, LiPS hopes to create a competitive platform for future products.

LiPS will probably be successful in scheduling meetings, generating white papers, and cranking out press releases. But if LiPS truly wants to turn Linux into a platform it can rely upon in the future, its management may want to consider engaging openly with the development community; "cooperating with OSDL" is not sufficient in this regard. If LiPS sees itself as another proprietary, members-only consortium, it will cut itself off from much that the community can provide.

A good start would be to admit some community projects to the group. For example, since they claim to be trying to build platforms for telephony in general - not limited to mobile devices - the LiPS member companies might well benefit from having somebody from the Asterisk and Bayonne projects at the table.

Even better would be to work with the community directly. A look at the list of companies which have joined LiPS (ARM, Cellon, Esmertec, France Telecom/Orange, FSM Labs, Huawei, Jaluna, MIZI Research, MontaVista Software, Open-Plug and PalmSource) and the other companies which have been active in Linux-based telephones (Motorola, Haier, Nokia, NEC, Panasonic, Samsung, ...) has few intersections with the list of companies participating in Linux kernel development. If the LiPS members truly want to get the most out of Linux, they will be better off working with the development community and contributing back their improvements. The recent announcement by the Consumer Electronics Linux Forum that it had hired a Linux kernel developer is a step in the right direction, but it is only a beginning.

Finally, if LiPS truly wants to achieve world domination with Linux-based phones, it should give some thought to the creation of a user-hackable platform. A phone which can be extended to perform functions never envisioned by its creators will be a far more valuable device, and it should find a wider market. Unfortunately, the mobile phone market tends to be dominated by companies which behave like, well, telephone companies, with the result that even routine features (such as Bluetooth) can be locked down, and user-hackable devices are a rarity. When a device is fully locked down, it matters little to the user whether it is running Linux or something else altogether. If LiPS were sufficiently enlightened that it could go against the closed nature of the industry and specify the creation of Linux-based phones which have not had the natural freedom of Linux stripped out of them, it could be the start of something truly interesting.

Comments (10 posted)

Sony's rootkit: an update

For most companies, simply being caught installing rootkit-like software onto the systems of customers who simply thought they were playing a music CD would be bad enough. Certainly, since the Halloween disclosure that some SonyBMG discs install a rootkit (called "XCP") has been a source of grief for that company, and rightly so. It takes a truly expansive interpretation of the notion of "intellectual property rights" to believe that such rights allow the installation of malware on other peoples' computers. As this event - and those which have come after - have shown, however, SonyBMG appears to have learned little from the whole episode.

Just how little the company has learned can be heard on this NPR interview with SonyBMG manager Thomas Hesse. When asked about the rootkit, Mr. Hesse responded:

As the class-action suits begin to pile up, and as even Microsoft feels the need to create a Sonyware removal tool, maybe Mr. Hesse will eventually realize that people (who are rapidly learning what a rootkit is) do care.

SonyBMG has claimed that there is no "phone home" capability in this software. Unfortunately for the company, connections back home are relatively easy to detect. Some investigation quickly showed that SonyBMG's software does indeed make a connection back home when the CD is played. Nowhere has SonyBMG alerted its users to this behavior and the associated privacy problems.

For additional amusement, see the EULA which comes with the rootkit software.

SonyBMG has made an uninstaller available for those few users which are capable of understanding what a rootkit does and being upset by it. It turns out, however, that this uninstaller is worse than the original rootkit. Running the uninstaller opens a number of holes - which can be exploited via web pages - in the target system. So victims of SonyBMG's rootkit who care about the security of their systems are in a bind; there is currently no straightforward way to get that software off the system without compromising the system even further.

Yet another ironic twist is the possibility that Sony's rootkit includes some LGPL-licensed code, but does not comply with the license. If this were true (and there are some doubts on this point, though they seem to be getting smaller), the hypocrisy would be complete.

In response to all this, SonyBMG announced that it would "temporarily" stop making CDs with XCP on them. There was no apology, much less an offer to compensate people whose systems have been compromised. Neither was there a recall of the (apparently millions) of malware-infected discs which were still in the retail pipeline. Only on November 15 did SonyBMG finally give in, recall the outstanding XCP-infected CDs, and offer to replace discs in the hands of its customers. Said users are still waiting for the compensation offer, however.

It is also worth noting that Sony is still shipping CDs with Sunncomm's MediaMax DRM code on them. MediaMax may not be quite as bad as XCP, but it is still hostile software which, among other things, phones home.

In the end, SonyBMG appears to have been slapped down fairly hard for its actions. It would be a mistake to assume that this sort of incident will not happen again, however. The entertainment industry has managed to create such a strawman enemy out of "pirates" that any sort of response appears to be justified. In a world where these folks can dictate the design of radios and televisions, attempt to legalize online attacks against "pirates," and file lawsuits against children, the addition of malware to a music disc seems like a small thing. Until such a time as this industry stops seeing its own customers as enemies, it will fail to show those customers any respect.

Linux users should not expect much respect either. Efforts like the broadcast flag already threaten to make the creation of free television and radio receivers impossible. Beyond any doubt, the music industry looks forward to the day when even playing a song on a free system will be disallowed. As Linux users, we are not much impressed by the idea that, in order to play a music track, we must accept the installation of hostile software onto our systems. Unfortunately, we may yet see a day when that is the only choice we have.

(See also: the EFF's open letter to SonyBMG and the Sony timeline on BoingBoing).

Comments (56 posted)

FOSS.IN 2005

One would think that free software would be a natural for a country like India. With free software, a developing nation can take greater control of its infrastructure, avoid paying hard-currency licensing fees, and worry less about "pirates" creating difficulties with foreign companies and governments. When the country also has vast numbers of smart and highly-educated people, as India does, free software seems like an even better fit. There is no doubt that use of free software in India is growing, but the country has not always been strongly represented in the development community.

Things are clearly changing however, and one of the clearest signs of that change is the upcoming FOSS.IN conference, starting November 29 in Bangalore. This conference, now in its fifth year, expects some 3000 attendees, offers over 140 talks, 20 tutorials, and a growing list of BOF sessions. The list of speakers includes many Indian names, quite a few of which are known well beyond India. Other speakers, whose names might be more familiar to most LWN readers, include Andrew Cowie, Harald Welte, Alan Cox, Jeremy Zawodny, Brian Behlendorf, Dave Phillips, James Morris, Rasmus Lerdorf, and Danese Cooper. The talks cover a vast range of topics, including legal and advocacy issues, a strong education track, embedded systems, kernel hacking, security, and much more. FOSS.IN, in other words, is working toward being a world-class free software conference.

This conference is certainly taken seriously within India. The Visvesvaraya Technological University (the leading technical university in the state of Karnataka) has sent out a letter to over 100 engineering colleges asking them to urge their students to attend FOSS.IN. As it grows to become one of the largest technical free software events anywhere, FOSS.IN is increasingly going for world-wide respect.

That notwithstanding, the conference organizers have also consented to let LWN editor Jonathan Corbet speak at the event. This was an opportunity not to be turned down, and your editor is looking forward to attending and reporting from FOSS.IN (even if he's a little less enthusiastic about the 24-hour travel time each way). Look for the first reports in the December 1 Weekly Edition.

(The image shown above was taken from this very nice set of posters put together by Hari Krishnan).

Comments (none posted)

LWN Weekly comes out early next week

A reminder: the (U.S.) Thanksgiving holiday is next week. LWN's editors traditionally publish the Weekly Edition one day early on Thanksgiving week in order to be able to go join their families and eat enough food to last through the end of the year. We'll return to the regular schedule the following week.

Comments (2 posted)