Conclusive proof that there is no way to (accidentally) brick s5l8900

In the process of testing NOR, I did a pretty lulzy thing. Remember what I said earlier about the memory controller possibly ignoring the first 4 bits? Well, the NOR device ignores the top 12 bits, since it's only 1 MB in total size. This makes a lot of sense. All the designers have to do is basically not wire up some parts of the address bus. So whether you try to address 0x0 or 0x100000 on the NOR, it looks the same to it.

The problem came about because I attemped to add too many images to NOR; a few 140 KB iBoot images can add up pretty quickly. The last one I added ended up shooting into the range reserved for NVRAM (at the end of NOR) and then "wrapping around" to clobber SysCfg, IMG2, and part of the LLB. =P

Hahaha, that's the equivalent of shooting yourself simultaneously in every vital organ. SysCfg stores your SERIAL NUMBER and other unique, irreplaceable pieces of information. The NVRAM contains information iBoot needs to boot up the kernel. The LLB is the thing that securebl tries to load in order to access everything else on NOR and bootstrap iBoot. As the coup de grace, IMG2 contains information that allows the LLB and iBoot to find where the Img2 data starts, so that they can be loaded. This mistake basically was the equivalent of erasing the entire NOR: Every single piece of information on it was rendered unusable. :P

Luckily, as the first test of my NOR driver, I had made a dump of my original NOR, so I was able to restore the SysCfg information. The interesting bit about all this is that you don't even have to do a restore and lose all your data on the NAND even, if you're clever. What I did was let iTunes talk to DFU mode to get into an iBoot. The iPhone actually has a pretty standard DFU mode, as defined by the USB standard. It reports itself as having the correct class, and OpenMoko's dfu-util manages to get, well, something with it. It successfully uploads the iBSS 8900 file (looking at a USB dump, it looks like just the entire file with the 8900 header, signatures, certificates, etc.) but reports that the firmware is corrupted. So at least it seems to use standard status indicators, etc. However, since I couldn't get dfu-util to work, I just used iTunes and pulled the cable out right after it finishes uploading the iBSS. DFU mode doesn't actually change the NOR, it just loads iBSS into memory and executes it. So after this process is done, iBSS will be loaded and you can connect to it via iBooter.

If you had pulled out the cable just a little too late, you can even see the commands iTunes executed on iBSS in the scrollback, Like setpicture and bgcolor. =P

Using the loaded 1.1.4 iBSS, you can bootstrap the necessary actions to restore your NVRAM from backup. I will talk about that in more detail in a future post. But the upshot is, even if you complete kill your "bootloader", and indeed, everything you can possible write to on the iPhone, you can still get things back to normal. :)

Unfortunately, I probably won't have a chance to work on iPhoneLinux stuff much this weekend. I have already been activated by the Dev Team because you-know-what is happening. Time to hax.

Another developer returns to iPhone post-iPad

Frasier Speirs, one of several well-publicized developers to leave the iPhone over objections to Apple’s App Store policies and controversy surrounding app rejections, has decided to return, post iPad, and his reasons are intriguing:

I suspect that the days of everyone buying a MacBook to get online are soon to be over. I’ve already written about how I see our three-Mac family turning into a one-Mac, three-iPad family over the next hardware cycle and I imagine that scenario repeated industry-wide over time. Already the ratio of iPhone OS devices to Macs is 5:2.

He believes Apple can and will reject apps, and that the frontier days of computing are giving way to the mainstream, appliance future.

iPhone OS is the first mass-market operating system where consumers are no longer afraid to install software on their computers (I’m not counting read-only media software platforms like games consoles here). In a conversation recently, a friend recounted a scene that he passed by in an airport. Four fifty-something women were sitting at a cafe table discussing the latest apps they had downloaded on their iPod touches. New software can’t break your iPhone OS device and, if you don’t like it, total removal is only a couple of taps away.

Speirs also thinks iPads are cheap enough you can buy each year’s new model and still save money compared to traditional computers. And he wants into that ecosystem.

When the bootloader is not the bootloader

I'm going to address the two comments I received in this post. This basically has nothing to do with Linux, and more to do with iPhone hacking. There's a lot of confusion around with the jailbreak/unlock. The two comments basically hit upon the main points. The main confusion centers around the fact that when you buy an iPhone, you're not just getting a computer, you're getting TWO computers.

What I'm interested in is the S5L8900, the thing that runs the iPhone software. There is another device called the commboard, which has its own processor, nonvolatile memory, boot sequence and everything. It's barely an oversimplification to state that the system board (the S5L8900) and the commboard can only communicate with each other over a serial UART. That is, the only way the system board can control the commboard is with human-readable AT commands! Not very low level at all; they're not very integrated. Being able to hack kernel mode code like iBoot does not give us any more access than we had through minicom on a jailbroken iPhone.

kavkan asked me if iPhone Linux would obviate the unlocks. He then started talking about putting on third-party applications, etc. Putting third party applications on your iPhone is usually referred to as jailbreaking: stuff we do on the S5L8900. When we say unlock, we're usually mean a SIM-unlock. That necessarily means breaking a whole other, entirely distinct, set of security that's on the commboard. A jailbreak makes it easier to do that (because you can now talk to the commboard with that serial UART I discussed earlier), but it's entirely separate.

marc asked me about "bootloader corruption" as it pertains to basebands. As I said earlier, the bootloader I am talking about is on the S5L8900. The baseband/commboard has its own bootloader and its own non-volatile memory (also NOR flash, probably the same bit of flash its bootloader and firmware sits on too). The recovery mechanism on the baseband is far less robust than the one on the S5L8900. The only sure way seems to be using that hardware testpoint to force it to accept a new bootloader, and even that can be defeated by carefully crafting the NOR contents. In other words, it sucks.

In addition, a lot of the problem is due to bad software overwriting the seczone with bad data, stuff that's unique to your phone. Therefore, information is irretrievably lost and there may not be a way to recover.

The disclaimer is, of course, I'm not a baseband expert. This stuff is only what I've surmised by hanging out with some of them. It's kind of funny. On the dev team, w___ and Zf (they're baseband guys) and I were talking about how little we each know about the others' work. We do pretty much the same work, but on different platforms. After I explained what we do on the S5L8900, I think w___ said that he did the same thing "only on the baseband, you have a man sitting on top that does stuff to you for unknown reasons". And for the S5L8900 people, we have a little black box connected to us that either magically works and lets us call people... or not.

How to fix a bricked iPhone

So how did I manage to FIX the problem I mentioned earlier? The reason I was so vague on the details is that I used a confidential iBoot vulnerability that we didn't want Apple to know even existed! This allowed me to bootstrap openiboot directly from a stock iBSS that was loaded through DFU mode. I still can't tell you exactly what it is, but since geohot already leaked the existence of it, I figure I can tell you it exists and is what I used. :)

Then, it was a simple matter of using openiboot's NOR engine to restore everything. I even can use the new image list parser and AES engine to have a very nice high level interface to the image list, allowing me to "pwn" just with openiboot; no ramdisk futzing around!

The AES code has been in SVN for awhile, but to anyone following jailbreaking news, it's probably obvious why I suddenly, out of the blue, decided to reverse it and write it. Haha. So the night that I committed the AES code, is the night the Dev Team first decrypted the new img3.

Accessory Manufacturers Ramp Up 4th Generation iPhone Cases

Third party case manufacturers have already started creating case designs for the unreleased 4th generation iPhone. The so-called iPhone HD was originally leaked by Gizmodo in April with another major leak this month.

HardMac published this image from one of their contacts in China. The cases share the same rounded corner design of the leaked iPhone as well as additional spacing for a camera flash. A quick search shows some other early cases for the iPhone HD.

While these cases don't provide any additional confirmation beyond the original leaks, it does show that some companies are confident enough about the 4th generation iPhone design to begin producing cases for the product.

In stock: Ten 1 Pogo Sketch for iPhone, iPod touch, and iPad

 

The Ten 1 Pogo Sketch [$14.99 - TiPb store link] is superbly designed using a light-weight aluminum alloy and detailed graphics, and features a look that’s hard to ignore. The soft tip glides easily over the surface of your device, making it fun and easy to sketch, draw characters, or just slide to unlock. Sized for comfort, it does away with inaccuracies common to fingertip-only use.
Features:

• High-gloss curved pocket clip keeps the stylus handy
• Works with any combination of gloves and nails
• Allows you to use your touchscreen device or multi-touch device at a natural drawing angle
• sleek aluminum design with detailed graphics

USB fixes

Just a post to indicate things are inching forward slightly. I've been working on debugging USB communications and it seems a lot more stable now. I was basically forced to because my old code only works on computers without usb 2.0, so that ruled out being able to easily work on this project with anything approaching a modern computer. The problem was that I avoided reading the official USB specs (those things are usually overly locutious) and tried to learn instead from sites such as USB in a Nutshell. Unfortunately the driver then failed to properly respond to the device qualifier descriptor which led to epic fail in USB 2.0. The embarrassing thing is iBoot does send this descriptor, but I figured it must be a vendor specific one at the time.

Cmw made me a cable that let's me do serial and USB comm at the same time, which helped a lot in working out the bugs. I'd say it's fairly reliable now; enough for other developers without a serial cable to come in. So how about it, guys?

I've also started to scratch the surface of the NAND driver. Unfortunately, even the lowest level functions are enormously complex. The higher level wear leveling code and data structures even aside. A great deal of it seems to belong to Samsung, since I've found some creepily similar C code lurking around online. Unfortunately, I can't find a complete enough copy of it.

And yes, I'm aware of Android and their source release and yes, I know what you're thinking.

LCD driver done?

I had a lot of trouble getting the LCD driver to work. Everything seems to be fine except that when I try to write to the memory address range reserved for the LCD's gamma tables, it doesn't register. It's as if some clock or some device hadn't gotten turned on or something. Therefore, after loading openiboot from iBoot, the screen gets all screwed up.

However, if you load iBEC from iBoot, the screen doesn't get screwed up: you can still use bgcolor and everything works. I thought that meant at first there was something wrong with my LCD init code. I spent a frustrating day carefully auditing it for errors, and I did find two bugs that I fixed, but unfortunately it did not have any effect on the main problem. I got as far as I could with static methods so I decided to perform a series of experiments.

First, I had some trouble chainloading iBoot and iBEC from openiboot. There was a series of fails that I fixed along the way: trouble with USB send (just a silly typo in the client), trouble getting the resulting thing to execute in memory (you've gotta turn off the CPU caches, disable MMU and interrupts for it to work properly. It also can't be run as part of an ISR because, well, iBoot expects to be able to receive interrupts, so I had to move the command processor onto the main thread and just have the ISR queue up commands for the main thread to process). Anyway, those were eventually fixed.

My experiments showed that after openiboot did its inits, chainloaded iBoot and iBEC was unable to reinit the LCD properly (they had the same problem). I narrowed the problem down to the place in power.c where I "turn off" the LCD controller. This happened in the 114 iBoot, so I thought it was necessary. Analyzing the newer 2.x iBoots, that routine was actually removed. Since I am reasonably confident that my syrah_init is functionally identical to their merlot_init and this that power init that when present, causes LCD init to fail in all cases and when absent, allows LCD init to succeed in all cases, I'm pretty sure that's the problem.

So I went ahead and removed it. This may or may not mean I am actually depending on the iBoot that I chainloaded openiboot from for the LCD init. We'll see after I try to replace iBoot entirely in the bootchain.

Anyway, USB is solid as a rock now seemingly and chainloading seems to be working quite well. I'm actually able to load iBoot from NOR, patch it in memory, and then execute it from openiboot. This probably means I'm ready to try flashing the thing again.

AT&T international data plans for iPad come at a hefty price

Yesterday AT&T released roaming data plans for the iPad 3G and they do not come cheap. Pricing starts at $25 per month for 20 megabytes and goes as high as $200 for 200 megabytes. Unlike the normal data plans, these international plans do not auto-renew on a month to month basis. Here’s the full breakdown:

• $24.99/month: 20 MB data
• $59.99/month: 50 MB data
• $119.99/month: 100 MB data
• $199.99/month: 200 MB data

These plans work in over 90 countries and can be accessed directly from your iPad 3G’s cellular data settings. You do have the option to select a start date and AT&T encourages travelers to set this up prior to leaving the country.
What are your thoughts on the above prices? Too much to be paying for data in this day and age? And with the iPad 3G being unlocked and GSM, could pay-as-you-go MicroSIM plans picked up when you visit be a far cheaper alternative (if they become available). Sound off in the comments!

Now Open iboot booting for iPhones and iPods!

Well, it's booting. Sort of.

I had some trouble getting the flashed version of it to work because for some reason, 0x0 was not mapped to 0x18000000 when openiboot was loaded. Since all the exception vectors are at 0x18000000, bad ones were being called whenever there was any sort of interrupt. Basically, I just said screw it and rebased the whole program into 0x0. It will basically overwrite whatever exception vector is currently running without worrying about the MMU and such. However, this basically does imply that I don't really understand how the MMU works, so that will have to be fixed.

The end result is what you see above.

The other major roadblock is that the gamma tables remain broken. Even after I chainload iBEC or iBoot over openiboot (as I have done there). The OS boots and everything... just with some really psychadelic colors. =P

So LCD remains a big problem and so does the MMU. But hey, it boots and works (sort of).

Update: LCD now partially fixed. I still need to figure out how to turn the backlight on, but at least chainloaded iPhone OS has normal colors now. =P

Boot menu project is a go - iPhone!

After a huge amount of effort and in-situ experimentation with iBoot (basically a binary massive binary search through the code, disabling some functions to see if I could figure out why my LCD driver wasn't working properly), I managed to get it fully working. The problem was two-fold: first, I forgot to write the first and last bytes of my gamma tables: oops, but easily fixed. The second problem was that apparently iBoot changes the SDIV of the clock in the middle of the initialization process. I'm not even sure yet how many devices the change in clock frequency affects. It certainly affected the LCD, because before there was all sorts of flickering scanline weirdness as one would expect from a misconfigured clock.

Anyway, I reversed the routine that changed the SDIV and implemented it. Seems to work fine now. It's been ages since I looked into the clock speed stuff (pretty much right when I first started this) so I can't say for certain, but I'm pretty sure doing this increases the clock speed (which would make sense).

The LCD driver worked after those fixes and I went onto write a simple framebuffer in a couple of hours, so we can finally get text-mode output on the iPhone screen. It was pretty important to me to get the screen working because even if we can boot a kernel, I wanted the layman to feel like a full-fledged OS was running on the device, and that means display and I/O of some sort.

For a final hurrah, I also wrote some code that lets us detect when the physical buttons (Home, Hold, etc.) were being pressed down. From these pieces, it will be possible to construct a graphical boot menu controlled by those buttons. You could have one option to boot into the iPhone OS, and one option to go into openiboot command-line mode with that text-mode display.

The photo I posted is the current development snapshot running on a first generation iPhone, with oibc (openiboot client) connected and running on my desktop computer. If you have a 2G iPhone or a first-gen iPod touch, you can try it out yourself by checking out the code from Github and compiling it (It's only designed to be built on a Linux machine. You'll be missing some Linux headers otherwise). I wrote some basic notes on how to get it running inside the source tree, but this is not something you're expected to work with unless you're a fairly experience programmer yourself.

HTC max 4G or a Cloned device?

With cell phones popping up left and right these days, it seems more and more manufactures in the Clone World are trying to outsmart the original proteges. But, to me honest when it comes to anything of luxury, you simply can't fake it. It's almost like trying to compare a $500 bottle of aged wine versus a cheap $5 substitute. While some people that don't drink wine all the time might not know the difference, most anyone with a palate will.

Cell phones that are cloned are the same way. You might be saving a few hundred dollars, but in the end you are skipping out on all the reasons people buy the phone in the first place! Take the HTC max 4G. While this phone is a whopping $800-ish dollars, it also comes with cutting-edge technology one simply cannot fake. If technology isn't really that important to you, you could consider taking a look at the Yota MAX4G Pro HD2. It has a price tag of about $600 less, and it does have a few nice little functions such as the Samsung CPU, 512 RAM and 256M Rom, Windows 6.5 Mobile OS, Wifi, 5.MP camera, GPS built into the phone and a 3.5mm sound jack. In the end, if you want a cheap replica without the horsepower of a Lamborghini - go with the clone. Personally for me? You can take the phone and clone the heck out of it, but the original is always going to be the better route!

Boot menu done for All Latest iPhones!

Well, that was quick. See, I can actually get things done pretty quickly when it doesn't consisting of banging my head against machine code until it starts making sense. When I actually have the drivers, things like this are easy.

You can use the Hold button to toggle between the menu items (and the option will be highlighted). You can choose the home button to select it. The "openiboot console" option takes you to the command-line interface similar to the one I demonstrated in the last post (you do have to be plugged in via USB and using the openiboot client to talk to it). The "iPhone OS" option chainloads a copy of iBoot stored in NOR under another identifier ('ibot' becomes openiboot and 'ibox' becomes the actual iBoot). I got that set up with a slightly modified version of the QuickPwn ramdisk, but in the future an installer made from a modified version of LogoMe can be run from userland to install openiboot. It's also possible to get openiboot to install openiboot (much like the way GRUB can do it); I'll probably work on that next.

So if anyone likes living on the bleeding edge, they could do that. =P

Most of the hard part was me failing at GIMP putting together the boot menu graphics. I appealed to you blog readers for graphics before, but basically no one responded. Now that there is a working model of what I sort of want, I hope there will be more of a response.

So, please please please redesign the boot menu for me. And possibly come up with a logo for the project we can stick on there. If you're good at this sort of thing, or know someone who is, please put them in touch. This stuff will obviously get a lot of attention in the future and we need nice eye-candy. Thanks!

The Porting an OS for New Android iPhone and iPod

I've been getting a lot of questions from people that seem to reflect a basic misunderstanding of what it takes to port an operating system onto a new platform. People seem to think that just by writing, say, a boot menu, means that we can stick Android or Windows or whatever onto a device because we can have a menu option for it.

Here's what it takes for an operating system to run on a device:

• The code must be designed for the right CPU. (x86, ARM, PPC)
• The code must be able to interact with the hardware in the way it expects.

Now, there are versions of Linux compiled in ARM (which the iPhone uses), there are even versions of Windows Mobile that are compiled in ARM. Why can't I, then, just stick Windows Mobile or Android (or another flavor of Linux) onto the iPhone and give it a whirl?

Because the code cannot interact with the hardware! That is, there are no Linux drivers or Windows Mobile drivers for the hardware that's on the iPhone. We're not even talking about things like the wi-fi won't work or anything silly like that. We're talking about big things, like not being able to start because it doesn't uncompress itself into RAM properly. We're talking about freezing the first time it has to wait for something to happen because it doesn't know how to run the hardware clocks and timers (which is CRITICAL for computers) and doesn't know when to start again.

Thus , if I tried to take some distribution of Linux or Windows or whatever, stick it in memory and start it, absolutely nothing will happen. That's right: nothing. There will be no output because it doesn't know how to run the display, or the USB, or serial. It probably won't even get to the first line of code that tells it to output something because so many things are broken.

So how can we get Linux to boot on the iPhone?

By teaching it how to run the hardware. We take the knowledge gained from getting that boot menu to display and graft it into the Linux kernel. It took an unbelievable amount of devices just to get the boot menu display: clock, timer, vic, mmu, spi, i2c, gpio, system controller, pmu, nor, uart, usb, lcd, buttons. Some of those may seem obvious to you, some work in the background to support the other devices. But all of those had to be reverse engineered and all of them will have to transplanted into the Linux kernel to even get something half-assed booting.

If all of those devices were required to get something as simple as boot menu up, can you imagine what would happen if you tried to boot an operating system that did not know how to run ANY of those devices?

We cannot modify the Windows Mobile kernel because it's closed source, and so there's no way to get it to run on the iPhone.

The critical misunderstanding, I think, is that people think somehow that the OS "sits on top" of the boot menu, and talks to the hardware through the boot menu. Therefore, you can have an "emulation layer" that lets Windows or Linux or whatever talk to the hardware, without having to alter Windows or Linux itself. This is completely false. An operating system, by definition, has direct access to the hardware. Nothing sits between it and the hardware. Once iBoot has loaded the iPhone OS, you can go ahead and wipe it clean from the NOR and the OS will keep running as usual. It's not "running", it's not used or loaded in any way except during the boot process.

The iPhone will never run Windows Mobile directly (virtualization would be possible albeit it would crawl on the iPhone). It will run Linux once we write the drivers for it based on our knowledge of the hardware. Android uses the Linux kernel, though they do modify it to a certain extent. Since the only really hardware dependent parts of an OS is in the kernel, presumably once we install the necessary drivers, Android will run just as well as Linux runs. However, not having even looked at Android's source yet, I really don't have a truly educated opinion at the moment, but let's just say that it's one of this project's primary goals.

Sorry this is so long, but intelligent explanations tend to be long.

P.S. Another question people ask a lot is how long will it take. I can't truly give a good answer to that, because it's sort of dependent on the schedules of the people who work on it, and it also depends on how fast it'll take to write the Linux drivers, and how many unexpected problems crop up. It could go really unexpectedly fast, or we could hit a roadblock. I think outside observers, just reading the commit logs and reading the blog has as much information as I do on how fast things are progressing, so you're free to come up with your own conclusions on how long it will take.

Installation, the PMU for iPhone

While I was waiting for CPICH to finish the first bits of the NAND FTL reverse engineering work, I've been trying to fill in some of the gaps we had in other places, such as the PMU. As promised, there is also now an easy way to install openiboot onto the iPhone. This is great because it will eventually lead to an even leaner and easier QuickPwn in the future.

One of the annoying parts about iBoot in recovery mode is that the thing refuses to charge the iPhone while sitting in recovery mode. The battery just eventually entirely drains. With the new PMU code, openiboot now recharges the battery, so programmers using it (read: me) can just have it sit on the console screen indefinitely. You can also do neat things like check the current battery voltage and check the power supply type the phone is charging from.

The "installation code" consists of porting over my knowledge of reading and modifying img3 files from working on the jailbreaks. I was too lazy to port over the entire xpwn framework, but I wrote up a "diet" version that is sufficient to read and modify img3 files in a limited fashion. img3 files are sort of the new native format of the main part of the NOR (just a bunch of img3 files concatenated together). The upshot is that you can load openiboot as an img3 through iBoot (just like sending an iBEC image) and then type "install" at the console and openiboot will be a permanent stage in your bootloader chain. =P

You can, of course, keep booting up to the iPhone OS as you always do by selecting the option in the boot menu. Installing openiboot isn't very useful except for hackers wanting to hack openiboot.

I also figured out how to parse and modify the NVRAM banks (storing environment variables like "auto-boot", etc.), which was actually pointless complicated (in my opinion). They have two banks consisting of a bunch of partitions with these headers that Apple uses a pointless one-byte custom checksum on. The entire bank is also checksumed with adler32. When NVRAM is modified, the oldest bank is overwritten with the data and becomes the newest bank (which is tracked by an epoch number on each bank). This is so if one bank becomes corrupted, the other can be used as a backup. However, NVRAM hardly contains anything high value so the value of all this trouble is doubtful. Being able to write to NVRAM, though, makes it possible to set auto-boot on and off within openiboot so that we can easily control whether or not to enter iBoot's recovery mode.

Someone asked me how "safe" it was to do the installation, etc. Well, I've been doing it every time I make an update these days, so it's fairly safe. The worst that can happen in the usual case is that you may be forced into a DFU mode restore. Everything will be undone with a restore. Early on, I did have bugs that really screwed things up so that a DFU mode restore was no longer possible, but even that was recoverable. I'll just go over how briefly:

The important thing is to have a backup of the NOR. As I described in a previous posting, it's possible to really screw things up if you erase the SysCfg section of the NOR. If you do that, the iPhone OS will refuse to boot at all since iBoot cannot properly populate the device tree for the kernel. Since restore ramdisks rely on XNU booting, this is Bad News Bears. In addition, the SysCfg section is device specific, so if you do not have a backup, it will be difficult to ever completely recover from erasing it.

Therefore, before you proceed, MAKE A BACKUP OF YOUR NOR. openiboot can do this for you (and subsequently restore your backup if things go wrong).

Load openiboot via loadibec and select the console. Connect with the oibc client. Type in: nor_read 0x09000000 0x0 0x100000

This will read all of NOR into memory. Then type: ~nordump.bin:0x100000

This will transfer the dump over USB onto your computer and save it as nordump.bin.

Supposing you filled the entire NOR with garbage somehow and are unable to boot. You have to get into openiboot to restore the NOR. The problem is that openiboot is only designed to operate in a post-LLB or post-Recovery Mode context, so it cannot be directly booted from DFU mode. Basically, you've got to load a pwned WTF, then a pwned iBSS, and then a pwned iBEC (all of which is available from a custom IPSW). After that, you can use loadibec to load openiboot. Then, you can restore the NOR thus:

!nordump.bin
nor_write 0x09000000 0x0 0x100000

After that, you can reboot and everything should be normal.

Also, I received a few responses for people volunteering to do the art. I'm not sure what the best thing would be, since I don't want anyone putting in effort for nothing, but we do want the best possible results. So, I'll be getting back to you guys about that.

UPDATED: Beta back! iPhone OS 4 beta 3 now available for developers

Continuing their two-week cycle, Apple has just released iPhone OS 4 beta 3 for developers. You can download it now via developer.apple.com.
What bug fixes and new features lurk within? We’ll have to wait and see (and keep an eye on the comments below…)
UPDATE 1: Apple has (temporarily?) removed the beta download from their developer site. It’s not clear if there’s an issue or not yet, but we’re keeping our eyes open and will update again when (we’re assuming not if) it returns.
UPDATE 2: The beta is back up. Go get it. Again.

Why iPhone Linux?

This is a post I wrote a long time ago, when this blog was first conceived. I decided to hold off on posting it, because I thought it'd be better to do some technical posts before waxing philosophically. I think it is still appropriate, so as we work on reverse engineering the NAND FTL, here's some food for thought.

Porting Linux to the iPhone is an arduous project. We will be trying to develop an entire suite of device drivers for undocumented hardware and then attempt to run a full-fledged operating system on it. This thread speculates "10 days" or "3 hours" as the amount of time it'd take to get Linux up and running on the iPhone. Perhaps this figure would be accurate on a x86 platform, or other platforms with hardware for which device drivers are already written or for which at least documentation is available, but we have no such luck on the iPhone.

This comment on a O'Reilly Radar article about NerveGas's iPhone Open Application Development book says, with perhaps a little too much vitriol for my taste, that developers should not waste time on the iPhone, a closed platform, and spend time more productively on OpenMoko or Android: truly open platforms. Apple should thus be punished for not making the iPhone open. His point is well-taken though. Reverse engineering Apple's code is inefficient and ought to be unnecessary. Why do I bother when I can just develop on an open platform instead with no such wasted effort?

Finally, I have faced skepticism even from my fellow Dev Team members when I first talked about this project. The iPhone already has a perfectly serviceable operating system that we can develop on. Why does it need another one? Sure, Linux might be cool, but what practical use would it have? How does it justify the tremendous amount of effort that would need to be put in?

So. Why do I bother? Why should we bother?

Part of the answer is that I don't choose which platform I hack on based on how hackable it is. I choose it based on how much I like it. I don't own an OpenMoko device; it simply doesn't look as polished as the iPhone, and support is lacking for it. It wouldn't make sense to buy it to use it, only to buy it to hack on it. While this may work for other people, it's simply not the way a (relatively) starving college student does things. As for the Android, I'm not too convinced about how amazing it will be from the videos I've seen and besides: It doesn't even exist yet! In general, the more people use a device, the more hackers use it, and thus the more it is hacked on. Usability frankly trumps hackability.

The other part of the answer is that iPhone Linux will actually be of tremendous value. There will be no more need to port applications over: The applications already run on the iPhone! Also, with a familiar kernel, we can do all kinds of things I've wanted to do: doing security related work with the wi-fi for example. Plus, knowledge that we are gaining/will have gained about the iPhone hardware will be of incredible practical value to the homebrew iPhone community. We've always wanted to be able to plug in the iPhone as a simple USB mass storage device. With USB and NAND FTL drivers, we can actually implement this ourselves.

Perhaps my most important point is how iPhone Linux will affect the various open platforms in development. The iPhone has revolutionized the way the market thinks about mobile computing and now several mobile platforms are in development: OpenMoko, Google's Android, and Mobile Ubuntu (thought the last is not targeted for phones). All of these projects are based on Linux, and "based on Linux" means that, by definition, they "use the Linux kernel" and the Linux kernel is exactly what we're porting. As long as the kernel works, the rest of the operating system will barely need to be touched at all! (fine print: provided that the working configuration of the kernel can support all the features the userland requires).

Imagine OpenMoko on the iPhone. Android on the iPhone. Ubuntu Mobile on the iPhone. Consumers will have choice, and not some Linux-hippie idealistic choice-for-the-sake-of-choice choice: All of these platforms have major momentum behind them and it is very possible they will end up being better than the iPhone's platform (have better UI, more application support, etc.). Also, imagine what it will mean for the developers of these platforms: A ready userbase of millions of users. If many people can already install and try out one of these platforms, it'll be far easier to attract users to buy the hardware, and developers to develop for the platform. Thus, I do not believe we are harming the open platforms by developing on the iPhone. In fact, if all goes well, we will be allowing them to conquer the Apple iPhone.

Of course, I know the reply to all of this. "That sounds good, now show me the code." It's important not to overpromise and underdeliver, so I will be very cautious. What I have just said is the hope, the best possible outcome. But just having that as a possibility is tantalizing enough to justify working on this project. However, to be honest, my original justification (as stated to the dev team) for working on iPhone Linux was "for Skillz.app", our facetious term for working on something merely to hone one's skill or to satisfy one's curiosity. But honestly, what did you expect from a "hacker"? :)

We have already made more progress with openiboot than many people have anticipated would ever happen. Reverse engineering drivers is a laborious process, but one that doesn't require the luck of finding a security vulnerability: It just happens slowly and steadily, rather than unpredictably. Presumably after the drivers are in place, the Linux kernel will "just work" without too many other changes, since it is designed to be relatively portable, so we ought not to have many problems. After the kernel works, I hope enough developers will become interested and a nice userland can be developed without too much trouble. The userland work is much less risky from a time-investment point of view.

iPhone NAND filesystem now readable!

Amazingly enough, the FTL_Read stuff from last night was pretty much correct! After that, it was relatively trivial to port over the HFS+ code I've already written (which was in pure C... finally that [fail] design decision has been vindicated =P).

As you can see in the screenshot below, with the latest Git revision, you can browse the filesystem from openiboot!


Next on the list is to port openiboot over to the iPod touch and iPhone 3G. It's probably just a matter of putting in different numbers for the GPIO ports, but we'll see.

After that, I will implement poorlad's bootmenu (which everyone seems to like).

After that, well... We have pretty much all the devices now, so we'll start looking at the Linux kernel. If you're a Linux kernel guy who would be willing to help (preferrably you have experience porting Linux to new ARM platforms), please leave a comment here. I can do most of the muscle work, but it'd be nice if someone can show me how to set up the source tree properly for the new port.

Apple scaling Final Cut Studio apps to fit prosumers

Apple's Final Cut Studio suite of video post production apps is getting a significant makeover to better target the software to the mainstream of Apple's customer base rather than high end professionals.

According to a person with knowledge of Apple's internal Pro Apps plans, the company has shuffled around management within the Final Cut team in order to retarget its efforts to more closely match the needs of the majority of its customers. Apple's Mac customer base has steadily shifted from desktop models to notebooks, while also broadening out from a high end creative niche to a wider installed base that includes more prosumer and advanced home users.

Apple originally purchased the origins of Final Cut from Macromedia, as part of a Pro Apps strategy intended to make the Mac platform attractive to high end creative professionals. After rapidly evolving to become one of the top desktop video editing suites, the pace of Final Cut Studio development has slowed, leaving some users questing Apple's commitment to its Pro Apps now that desktop Macs make up an ever smaller segment of the Mac OS X business that is itself now being eclipsed by the company's wildly successful iPhone OS mobile devices.

Where to next, Final Cut Pro?

Apple released the current, third major revision of Final Cut Studio last summer. It includes Final Cut Pro 7, Motion 4, Soundtrack Pro 3, Color 1.5, Compressor 3.5, and DVD Studio Pro 4. None of the apps in the suite currently support 64-bit operation on the company's Intel Macs, however.

That curious omission, together with recent rumors of layoffs surrounding the Final Cut team, has left Apple's Pro App customers wondering what the company has on its road map for the future of Final Cut Studio.

In 2007, Final Cut Pro's original lead developer, Randy Ubillos, completely redesigned iMovie '08 to streamline and simplify the iLife title. The changes prompted criticism from existing iMovie users, as the new app didn't do everything the previous versions did. Last January, Apple released an enhanced iMovie '09 version that addressed many of those missing elements in the new app.

The Final Cut Pro team has since been put back under the direction of Ubillos, according to information AppleInsider has obtained, with the aim of similarly improving Final Cut Studio and making it more appealing and useful to the needs of prosumers. Currently, Final Cut Pro is targeted at advanced professionals with a scaled down, less expensive Final Cut Express version sold to users who don't need all of its high end features. Because Apple now primarily sells the Express version, the company wants to rethink Final Cut Studio and scale its overall development to better fit the majority of its customers.

Apple hiring interface designers for new Pro Apps

The layoffs related to Apple's Pro Apps team do not spell the end of the company's interest in building Pro Apps, according to new job postings Apple recently posted. The positions, which include a Senior Visual Interface Designer for Pro Apps and a Senior Human Interface Designer for Pro Apps, support the idea that the company is looking to overhaul its Final Cut Pro offerings rather than sell them off or leave them to rust.

The listing for a human interface designer states "Apple’s Professional Applications Design Group is seeking a passionate senior human Interface designer who also understands the intricacies of non-linear video editing."

It also notes that "the candidate will work closely with all designers, producers and engineers to design the future of Pro Apps; high-visibility applications that are used daily by creative professionals working in post-production (examples include Final Cut Pro, Motion and Soundtrack Pro)."

The visual interface designer posting says the position "is a key player in determining the future design language of Apple’s Pro Apps (including Final Cut Pro, Color, Soundtrack and others). We are looking for a visionary designer who is ready to and capable of setting the bar for UI design."

Daily Mail leads the charge against the coalition over human rights act

The final paragraph of today's Daily Mail leading article (devoted to attacking the Lib Dems' defence of the human rights act) is sure to be repeated in similar form in the coming weeks and months:

Shouldn't Mr Cameron be quicker to remind Mr Clegg the Tories polled four million more votes than the Lib Dems?

It is just one of the indicators of the paper's hostility to the Tory-Lib coalition.
There is also the two-page spread headlined THE HUMAN RIGHTS CAVE-IN: Cameron pledged to scrap Act... now Clegg champions it under ANOTHER coalition compromise.
And Stephen Glover weighs in with It's early days, I know, but if Mr Cameron keeps dumping cherished Tory beliefs, there'll be trouble...
Further on, on a "news" page, we reach a page lead Clegg's tax revolution: He wants to roll back the state - and then give councils more of our money! Below it is a sniffy piece by Quentin Letts about Clegg's first big speech as deputy prime minister headlined Cleggy, Dave's very own Private Pike...
There hasn't been a honeymoon period for the coalition in the Mail. It will have no truck with the Lib-Dem side of the partnership and will surely do all it can to unravel the parties.
Other infuriated Tory-supporting papers are likely to do the same, of course.
For example, today's leader in The Times calls on the Conservatives to honour their election manifesto by repealing the ban on foxhunting. The paper knows well enough that this is a no-no for the Lib-Dems, but reminds Cameron that his party "is the leading partner in this coalition" and that "the Tories should not run scared of their instincts."
Coming at Clegg from the opposite side is The Times's commentator David Aaronovitch, There's too much Old in this New Politics. He deconstructs Clegg's speech and finds it, and him, sorely wanting.
Similarly, in the Daily Telegraph, its sketch writer, Andrew Gimson, argues that the new politics is both confusing and a deception.
By contrast, the paper's leading article is altogether warmer towards Clegg. In A bold vision for better government, the paper welcomes much of the Lib-Dem leader's proposals, though it has reservations about the 55% hurdle to dissolve parliament before its five-year fixed term of office.
And The Sun? Its news report on the coalition pact refers to "fresh uproar in the Tory ranks" because of Clegg's opposition to lowering taxes, but it was neutral enough.
Columnist Kelvin MacKenzie is not at all neutral (well, he doesn't do neutral, of course). He lays into "Dave and his little mates" for daring to increase capital gains tax on rental income. He concludes: "Could I urge you, Mr Cameron, to tell the Cleggies to get stuffed."
His major point is that the Tory toffs don't understand the needs of working class Tory voters.
Again, this is a theme likely to be explored often in future in order to expose the fragility of the coalition. It means there are at least two splits for papers to pursue - the obvious one between the Tories and the Lib-Dems and then the one within the Tory party that centres on differences of social class.

Democratic Downturn in Pennsylvania?

SEAN HANNITY, HOST: The one and only governor of the great state of Pennsylvania — my favorite cheesesteak — my friend is Governor Rendell.
Welcome back, sir.
GOVERNOR ED RENDELL, D-PA.: Good evening, Sean. Those returns in Pennsylvania are probably weighted a little heavy in Philadelphia so by no means is Senator Specter out of woods yet.
HANNITY: Yes, well, then you were a big part — look, from the very beginning, you've been his biggest supporter. Let me go back and I want to drag the White House into this in this way.
When Arlen Specter switched parties the White House said that he had the president's full support. And you know, here it is, everybody knew that this was going to be a close primary. And President Obama flew over to Ohio, had a chance to go in this weekend, and didn't go in to help Arlen Specter, why not?
RENDELL: I can't explain their travel schedule. But I will say in defense, Sean, they did a terrific television ad for Arlen Specter that's been playing about 20 times a day everywhere in which the president says at the end, "I love Arlen Specter. Now I've run 14 times and I've been endorsed by a lot of people but nobody said they loved me," Sean. Nobody.
HANNITY: But wait a minute. I know but it's funny because I saw you on with Neil Cavuto earlier today and he said well, maybe nobody loves you, Governor, which I thought was a pretty —
RENDELL: It's possible. It's possible.
HANNITY: I love you, you bring me cheesesteak every time you come to New York.
All right, well, but it is — look, if they were going to offer their full support, don't you think the president should have come in to show that support?
RENDELL: Well, look, again, you know, in some places that support would have been helpful, in other places it might have been a disincentive, I mean, who knows. They poll, the White House polls, the Specter campaign polls.
I'm not close enough to say what that would be. Certainly if the president had come in he would have raised the enthusiasm level and turnout was key here. But again the president did a great ad, he did robo-calls, he did direct mail for Senator Specter.
HANNITY: Yes.
RENDELL: There wasn't one Democrat that went to the polls, Sean, that didn't know that the president wanted them to vote for Senator Specter.
HANNITY: But there's a big difference. You know, maybe — look, his track record isn't that great. If I'm Arlen Specter I'm not sure —
RENDELL: Right.
HANNITY: I want him to come — Martha Coackley, Creigh Deeds —
RENDELL: Well, sure, he came in —
HANNITY: — and Jon Corzine had his support.
RENDELL: Right. And I think those late-in-the-campaign appearances are frankly overrated because by then most people have made up their mind.
HANNITY: All right.
RENDELL: It can help turn out a little bit.
HANNITY: Let's move to the Pennsylvania 12. We were discussing this with Governor Palin. Look, this is —
RENDELL: I heard you.
HANNITY: All right. Thirty-six years is a long time, this Murtha seat, 2-1 Democrats outnumber Republicans in that district. Latest polls had it a one-point race. The Democrat is running as a conservative. He's pro-life, he's pro Second Amendment.
Would have voted against the health care. Would have voted against cap-and-tax. And it's still a close race. Why?
RENDELL: Well, first of all, one thing you didn't say, Sean, I'm not sure you know but in 2004, that district went for John Kerry. But in 2008 it went for Senator McCain.
HANNITY: That's true.
RENDELL: It's one of the few districts in the country that flipped. So it's a Republican performing district even though the Democratic registration, number one. Number two, of course, Mr. Critz who ran a very good race, by the way, he was with Congressman Murtha, and again, more in the role of the incumbent than Mr. Burns.
So I think, look, there's no doubt there's an anti-incumbency. When Senator Bennett lost in Utah, someone who's been a good rock solid conservative and a good senator, it proves that the anti-incumbency is out there against everybody. Democrats and Republicans alike. And you saw what happened in Kentucky. That certainly was a slap in the face to the incumbent Republican establishment.
HANNITY: Well — well, maybe the establishment — maybe you have a point there, but I also think that Americans are responding completely, and it's a complete rejection of the direction that I think this administration and Congress is taking the country in.
I think a lot of people are concerned about record deficits, weakening of our national defense, all the issues we talk about on a regular basis but, you know, to run completely against the National Democratic Party agenda, I can't think of a single Democrat that is out there doing that, can you?
RENDELL: That's running from the agenda?
HANNITY: Yes.
RENDELL: Well, look, when you say, for example, that Mark Critz is pro-gun and pro-life, any Democrat in that area is always pro-gun and pro- life. There's no question about that.
I had a tough time when I ran the first time in that area. I did better the second time when I ran for re-election. But those are stances you've got to take. Health care, you know, wasn't popular. I think you and I have discussed this, we disagree. I think it was misunderstood.
And cap-and-trade, everyone is worried about the economy. So I agree, cap-and-trade is not very popular.
HANNITY: All right. But the bottom line, as you even acknowledge, it's going to be a tough year for Democrats this year?
RENDELL: Not as bad as you expect, Sean. Not as bad — mark me down and we'll make another bet.
HANNITY: All right. We're going to bet. And this time it's — I want two cheesesteaks and I'll — and I'll give Ruth's Chris gift certificates for your military friends. Fair deal?
RENDELL: OK.
HANNITY: And I'm —
RENDELL: Fair deal as always.
HANNITY: All right.
RENDELL: You're the best conservative in the country.
HANNITY: Oh, I don't know if you said that with utter contempt or it's a compliment.
RENDELL: No, no. It's a very low bar, but you're the best conservative.
HANNITY: You're the best of the worst, Hannity. I don't know how to interpret. I'm going to take it in a good way.
All right, Governor, good to see you.
RENDELL: Take care, Sean.
HANNITY: Thanks — thanks for being with us.

Three Cool Tools for Restoring Your Facebook Privacy

None of them come from Facebook, naturally. Still, they'll help protect you until Facebook gets its privacy act together.

Well, it seems all this complaining about Facebook’s laissez faire attitude toward its users’ privacy has finally gotten their attention. According to published reports, the company called an “all hands meeting” to discuss the controversy last week. And what has come of that meeting? Apparently a lot of soul searching, renting of garments, and gnashing of teeth, per a report in the Wall Street Journal. But otherwise, a whole lot of nothing.
So leave it to some clever entrepreneurs to do what Facebook has so far refused to do: Put back the privacy protections Facebook just took away. And they do it in an ingeniously simple way.

First up, there’s ReclaimPrivacy, which can scan your Facebook settings and let you know where you’re at risk. Simply visit the site and drag the free “Scan for Privacy” button up to your browser’s bookmarks toolbar. Log into Facebook, click the bookmark, and it instantly analyzes your privacy settings in a popup window, letting you know what’s “secure” and where you may be at risk.
Of course, Scan for Privacy leaves it up to you to decide how to change your settings. If you want to lock down your Facebook profile completely, there’s Untangle’s SaveFace. It installs in an identical fashion to ReclaimPrivacy – visit the SaveFace site and drag the icon to your toolbar. This time when you log in and click the bookmark, it changes all your settings to “friends only.”

Personally, I don’t want everything on my Facebook page to be “friends only,” so I went back and changed some settings (like for my blog posts) to be more public. But that’s far easier than having to manually tweak each setting, which is Facebook’s only solution.

 

Finally there’s Openbook. This isn’t a tool at all, it’s merely a site that lets you search through Facebook users’ public updates to show you just what kinds of embarrassing/incriminating things people post on a regular basis, mostly without even realizing it. Try searching on “rectal exam” or “lost my virginity” and you’ll see what I mean.
Will Facebook cripple these tools, as it has done to similar efforts in the past? I don’t think they’d dare, given the bad press they’re already getting. Then again, we’re talking about Mark Zuckerberg here, so anything is possible.
One small sliver of hope: On a radio talk show the other day, Facebook’s director of public policy (how many people do they have with this job title?) Tim Sparapani said the service it would be “simplifying” its privacy controls over the next few weeks.

 

Pakistan blocks access to YouTube

Many Pakistanis are angry at the 'Draw Muhammad' competition

Pakistan has blocked the popular video sharing website YouTube because of its "growing sacrilegious content". 

Access to the social network Facebook has also been barred as part of a crackdown on websites seen to be hosting un-Islamic content.
On Wednesday a Pakistani court ordered Facebook to be blocked temporarily in a row over a competition involving caricatures of the Prophet Muhammad.

Some Wikipedia pages are also now being restricted, latest reports say.
There has been no response yet from YouTube. The site was blocked in Pakistan in 2008 - ostensibly for carrying material deemed offensive to Muslims.
Correspondents say it remains to be seen how successful the new bans will be in Pakistan and whether citizens find a way round them.
Facebook said on Wednesday it was investigating the competition on its pages but that the content did not violate its terms.
There have been protests in several Pakistani cities against the Facebook competition.
'Derogatory material' The Pakistan Telecommunications Authority authorities said it had ordered internet service providers to "completely shut down" YouTube and Facebook from being viewed within Pakistan.
It said the move came only after "all possible avenues" within its jurisdiction had been used.
These, it said, included "using regular channels available on Facebook and YouTube to launch [a] protest, to avoid appearances of derogatory material available on their websites".
Such material, the PTA said, had "increased in numbers as time passed by".
"PTA has so far blocked more than 450 links on the internet containing derogatory material," the statement said, adding that its move was an extension of Wednesday's high court order.
Correspondents say it is not clear how far the authorities ban might extend - the order passed in Lahore only concerned Facebook.
Facebook said in a statement on Wednesday: "While the content does not violate our terms, we do understand it may not be legal in some countries.
"In cases like this, the approach is sometimes to restrict certain content from being shown in specific countries."

Cyclone batters India's southeast coast

HYDERABAD, India — A severe cyclone packing winds of 110 kilometres an hour closed in on India's southeast coast Thursday as tens of thousands of people evacuated their homes fearing major storm damage.
Cyclone Laila was expected to hit the state of Andhra Pradesh later in the day, with forecasters warning of a sea surge and disrupted power and communication lines.
As heavy rain and strong gales battered the coast, state authorities said at least 30,000 people had been evacuated from low-lying areas.
The armed forces were drafted in to help the evacuation efforts after Andhra Pradesh's chief minister, K. Rosaiah, called Prime Minister Manmohan Singh to request extra assistance.
"We have had no power supply since yesterday," Ramulu, a middle-aged resident of Balajinagar town, told the TV5 local news channel.
"The municipal authorities are just not bothered about people's plight," he said. "We have formed our own teams to clear the roads of fallen trees and electric poles."
The Indian Meteorological Department graded the cyclone as "severe", and said it was due to hit land near the city of Machilipatnam after moving from its current position 100 kilometres (62 miles) off the coast in the Bay of Bengal.
The department's latest warning said a "storm surge" of up to two metres above the regular tide was likely to inundate parts of Andhra Pradesh.
It said large trees were likely to be uprooted, houses damaged and escape routes from the coast flooded.
All fishermen were ordered to stay on shore due to "very rough" sea conditions, and the Press Trust of India news agency said Reliance Industries had suspended crude oil and gas production in the Bay as a precaution.
The agency said 40,000 people had been evacuated from hundreds of coastal villages, while some air flights and train services were also affected.
State disaster officials said that besides existing cyclone shelters, schools and community halls were serving as relief camps to evacuees.
Three people were killed when a shed collapsed during heavy winds in Andhra Pradesh, while a fisherman drowned in rough sea in neighbouring Tamil Nadu state. Local reports put the total death toll at between 14 and 17.
The cyclone, which weakened slightly overnight, is forecast to move up the coast through Orissa and West Bengal states after making land.
India and Bangladesh are hit regularly by cyclones that develop in the Bay of Bengal between April and November, causing widespread damage to homes and fields.
Last May, Cyclone Aila tore through southern Bangladesh killing 300 people and destroyed 4,000 kilometres of roads and river embankments, leading to major flooding.
About 200,000 people were made homeless and many remain in temporary shelters.

New hero of Tea Party Rand Paul is so conservative he scares Dick Cheney

Meet the Tea Party's new hero, Rand Paul - a never-elected ophthalmologist from the land of bluegrass who is more red state than Sarah Palin's lipstick.
How conservative is he? The 47-year-old Paul - who trounced establishment candidate Trey Grayson in Kentucky's GOP Senate primary Tuesday - wants to abolish the federal departments of education, commerce and energy, as well as the income tax.
Like Palin, with whom Paul now stands atop the Tea Party cake, he is opposed to all government bailouts and earmarks, and President Obama's "socialist" health care law. He favors a constitutional amendment banning abortion, even in cases of rape and incest.
But in a libertarian twist, he also favors legalizing medical marijuana.
He began the next phase of his renegade Senate bid Wednesday with a decidedly odd tee shot: pointing to Tiger Woods as a role model. Sort of.
The self-styled man of the people was defending his decision to hold his victory party Tuesday night at an exclusive country club. Enter Tiger.
"I think at one time, people used to think of golf and golf clubs and golf courses as being exclusive," Paul explained on "Good Morning America." "[But] I think Tiger Woods has helped to broaden that, in the sense that he's brought golf to a lot of the cities and to city youth."
Maybe, but given that Tiger is better known nowadays for adulterous sex romps with more than a dozen mistresses, it was a politically peculiar defense.
That's not all many Americans might find slightly odd about Paul. Some of his positions frighten even staunch conservatives like former Vice President Dick Cheney, who backed Paul's GOP opponent.
For example, the father of three wants to pull U.S. military forces out of all overseas missions. Like his daddy - former presidential candidate and libertarian Rep. Ron Paul of Texas - he views the Federal Reserve as a source of much trouble that needs to be clamped down.
"We are encountering a day of reckoning," Paul said Tuesday night in one of his many ominous, end-is-near warnings. "And this Tea Party movement is a message to Washington that we are unhappy, and we want things done differently."
It's a pitch that Paul, 47, serves up in an unpolished monotone that all but screams "nonpolitician" - which is precisely what so many conservatives find attractive about him.
"A candidate who isn't that smooth may come across as more authentic, especially in this environment," said GOP consultant Dan Schnur.
Whether it's a winning formula in November's general election - when far more voters will be weighing in - remains to be seen. Democratic Party leaders don't think so, and yesterday they were all but giddy at the prospect of taking on Paul.
"This is a fight we welcome," said one party honcho.
But Kentucky remains a deeply conservative state, and many experts said yesterday that Paul stands a good chance of winning in November and becoming a Tea Party star of the Senate for years to come.

Bangkok aftermath: 'Not the Thailand we know anymore'

• Polish native: 'Face of Thailand is changing
  
• Other Bangkok residents upset, shocked
  
• At least 44 people have been killed in clashes in the last several weeks
  
• One resident: Not surprised if there is more violence
  

Bangkok, Thailand (CNN) -- Some Bangkok residents ventured out on Thursday to shop and take stock of the damage done to their city one day after the government evicted thousands of anti-government protesters from a downtown district, triggering fires, riots and intense street battles.
Some shoppers at the Emporium mall -- which was not set on fire like the popular Central World mall -- drank lattes, got their hair styled or perused books. But one sign reminded them that the venue would close at 6 p.m. to leave enough time for patrons to get home ahead of a second night of a citywide curfew.
"I feel very upset. I can't believe this happened in Thailand. Killing is not acceptable in Buddhism," said Siripattra Sitisak, a 30-year-old hotelier. "I'm nervous about attacks from underground organizations that might bomb other buildings or set fire to them."
iReport: Are you there? Send your images, video
Another mall patron, Bogna Szukalska, a 25-year-old from Poland, who has lived in Bangkok for four years, said Wednesday's events showed the "face of Thailand is changing."

"When I first came here as a tourist it was to have a relaxed and good time in a safe country. It was rare to see any aggression between Thais or against foreigners," she said. "Now, I'm just very shocked. I and two of my other friends are thinking of leaving the country. It's not the Thailand we know anymore."

Torpedo accusation raises Korean security stakes

Reporting from Seoul

Following weeks of investigation, leaked evidence and diplomatic huddles, South Korea on Thursday publicly accused North Korea of firing a torpedo that sank a naval patrol ship and killed 46 crewmen in March, significantly raising the security stakes on an already tense Korean Peninsula.

» Don't miss a thing. Get breaking news alerts delivered to your inbox.

Following weeks of investigation, leaked evidence and diplomatic huddles, South Korea on Thursday publicly accused North Korea of firing a torpedo that sank a naval patrol ship and killed 46 crewmen in March, significantly raising the security stakes on an already tense Korean Peninsula.
The international community responded with concern and condemnation for Kim Jong Il's isolationist regime. United Nations Secretary-General Ban Ki-moon called the case "deeply troubling," and Australian Prime Minister Kevin Rudd insisted that the North's "hostile and unprovoked act" should be met with swift and immediate retaliation.
Yet troublesome questions remain: What response can the South and its allies, including the U.S., give to warn North Korea against further provocations without inciting continued violence? Denying culpability, Pyongyang has already rattled its sabers, warning that any retaliation would lead to "all-out war."
The U.S Thursday stood behind South Korea, with the White House issuing a statement that said the "act of aggression is one more instance of North Korea's unacceptable behavior and defiance of international law."
Citing what it called overwhelming evidence, a joint civilian-military multinational team determined that fragments and markings from a torpedo found amid the wreckage of the downed naval vessel matched that of a North Korean-made weapon already in the South's possession.
The report concluded that "there is no other plausible explanation" than the North's involvement.
North Korea on Thursday called the probe's findings a "fabrication" and said it would send its own inspection team to the South to consider the evidence, according to a statement released through the North's state-run Korean Central News Agency. It wasn't clear whether the South would allow such a trip.
Analysts predict that the cold war between North and South is about to get a lot colder.
"While a military war is less likely, I think an all-out economic war is certain," said Ahn Yin-hay, an international studies professor at Korea University in Seoul. "Relations between North and South will reach a stalemate. The U.S. may even put North Korea on its terrorist list again. But all this means that relations between the U.S. and South Korea with be strengthened."

Poorlad's menu implemented; Porting issues resolved

Yesterday night, I merged in a branch I was working on for poorlad's menu. A version of that beautiful menu is now in Git. His menu included a version string at the bottom. We didn't have any way to keep track of versions and builds before, so this was actually a good idea that I had to implement. Because I didn't want to implement support for non-fixed width fonts, or add another space-consuming font, I just used the console font I was already using for that part. I also had to brighten the gradient on the bottom of the screen, since it was basically invisible due to gamma issues otherwise.

The border between the gradient and the "black" is clearly visible on my device. This is probably because of a gamma issue. When poorlad comes back, we can ask him to calibrate it more.

Otherwise, it looks pretty good! In order to make this possible, I added in stb_images.c, a great tiny little image library that can read PNG, JPEGs and even PSD files and does zlib decompression as an added bonus. This will be a great help if we decide to change things or need to add more stuff that consumes a lot of space. I also added in a basic function to perform alpha blending (albeit comparatively slowly).

Sadly, while I was busy making these changes, ius from IRC actually begun to implement poorlad's menu without me knowing about it, so we ened up duplicating each other's efforts. He was able to compile in zlib and libpng, but the cost was to inflate the final binary to 347 KB. Whereas taking out the old menu images, and adding small, compressed PNGs and the stb_images library instead actually made openiboot smaller than it was before! His decision to preblend the images, rather than attempt alpha blending on the device, was probably more optimal from a performance perspective.

Steven Troughton-Smith told me on Twitter that he has actually implemented his own boot menu as well. I'm not sure if he used the new PNG code or not, but the new code makes it pretty easy for a competent programmer to add in whatever menu they would like. I'd tell everyone to skin away, but we should keep as few wild branches of this project as possible, since everyone randomly installing openiboot just for kicks (especially a modified version) and then coming to us (read: me, ultimately) for support is something we don't have the resources to handle at this moment.

On the porting side, the issues with installation, optimizing NOR access on iPhone 3G, NAND access on a few devices all seem to have been fixed, so we can basically scratch the first two items off of the list I put up in the last post. I'm pleasantly surprised at how relatively easy it was.

Anyway, now for the kernel. Well, if I don't get distracted by writing to NAND.

International bank switches from BlackBerry to Apple iPhone

Standard Chartered, a British bank with nearly 75,000 employees in more than 70 countries, has switched its standard corporate communications device from RIM's BlackBerry to Apple's iPhone.

According to Reuters, the London-based bank is replacing the BlackBerry with the iPhone as its phone of choice. Workers who already use a BlackBerry have been given the option of switching to the iPhone. The company will pay monthly billing for business-related telephone and data services on Apple's handset.

The Asia-focused bank has nearly 75,000 employees, though it is not known how many of them currently have a BlackBerry issued by the company. The switch is unique for the financial industry, where other institutions like HSBC Holdings and Morgan Stanley remain BlackBerry-only.

"If more companies switch to the iPhone, this is of course bad news for RIM," Lu Chialin, an IT industry analyst at Macquarie Securities in Taipei, told Reuters. "However, it will take a long time for companies to do their own internal testing before deciding to change, so it will be a while before it has any effect on RIM."

Apple has made inroads in the enterprise market, but still faces a number of obstacles in a number of industries that are tied to devices like the BlackBerry. Apple hopes to make further progress in the enterprise market with the release of iPhone OS 4 this summer, which will bring data protection, wireless app distribution, SSL VPN support and more to the handset.

Last year, it was projected that Apple had a 7 percent share of the enterprise smartphone market. That was well up from the 2 percent share seen by the company in 2008.

Starting last June, Apple became more aggressive in courting potential enterprise customers. It was last summer that the Cupertino, Calif., company released a guide designed to help system administrators deploy iPhones throughout large businesses.

In the first quarter of 2010, Apple sold 8.75 million iPhones, good for a 16.1 percent worldwide market share, taken somewhat at the expense of the BlackBerry. RIM's smartphone lost market share when compared to the first quarter of 2009 -- the only company among the top five brands to do so.

Apple issues iPhone OS 4 beta 4, may support AT&T US tethering

The next beta of iPhone OS 4 has dropped, inching Apple toward its final release, which is expected to coincide with WWDC in June.

The new release appears to invoke tethering options for AT&T in the US. iPhone OS 3 introduced tethering support in software, but AT&T has been among the carriers failing to support the feature.

A new configuration panel appears to indicate that AT&T has worked out its issues related to refusing to support tethering on the iPhone (it supports tethering with other phones, but apparently fears that iPhone users would overwhelm its network) and will have a billing program in place by the time iPhone OS 4 ships.

The new Internet Tethering setup panel directs users to call AT&T or visit its website to setup tethering on their account.

Other new features spotted by beta testers as noted by Gizmodo include the ability to view photo Camera Rolls in landscape, more useful wallpaper images, an option to turn off group MMS messaging, and a generally faster interface throughout, ranging from call dialing to Maps.

iPod touch with 2MP camera spotted in yet another Vietnam leak

Pictures of a new iPod touch sporting a new 2 megapixel camera have surfaced in Vietnam, though it's unknown whether the device was a scrapped 2009 prototype or a forthcoming product release.

Vietnamese site Tinhte once again has the scoop, with photos and video of the hardware running software diagnostics rather than the iPhone OS. The hardware has a camera centered on its back, much like the iPod touch model Apple was expected to announce last September, until the camera addition was quietly scrapped.

A sticker on the back of the device reveals the camera, part OV2665-6s, manufactured by Omnivision. That's the same company that provides the 3.2 megapixel camera for Apple's iPhone 3GS.

The device also sports 64GB of capacity (it reads '64G' and the iPod touch relies on a pair of 32GB Samsung NAND flash modules), and has a serial number identical to the September 2009 model, making it unclear whether the device is a 2009 prototype (some of which previously leaked into the wild), or a new, upcoming product from Apple.

Last year, AppleInsider first reported that technical issues caused Apple to remove the camera from the latest iPod touch revision, even though numerous third-party cases made it clear the product was in Apple's pipeline. A teardown of the third-generation iPod touch post-release revealed that the device contains space for a camera inside its hardware. People familiar with the matter have maintained that a camera-equipped iPod touch remained in Apple's pipeline.

Tinhte has been the source of a number of major Apple-related leaks in recent weeks. A week ago, the website obtained a fourth-generation iPhone prototype, and tore down the hardware to reveal an Apple A4 processor inside. Then, over the weekend, they showed off a refresh of Apple's 13-inch MacBook, complete with retail packaging. That product was formally released on Tuesday.

Fourth-generation iPhone cases match Apple's prototype design

Photos of new iPhone third-party protective cases show accessories that were designed to meet the physical form factor of Apple's prototype fourth-generation handset.

As first discovered by HardMac, the cases from China feature the same rounded corners found in two prototype iPhones that leaked to the public. The back of the case features a larger space for both the camera and accompanying flash, and the side features holes for two rounded volume buttons.

The report noted that the cases are ready to ship, even though the next-generation iPhone has not yet been formally announced. Apple is expected to introduce the device at its annual Worldwide Developers Conference, set to kick off on June 7.

The purported design of Apple's forthcoming iPhone has been photographed extensively, thanks to two high-profile leaks of the hardware. Most recently, a Vietnamese website obtained a prototype handset and dismantled it, revealing an A4 microprocessor and 256MB of system RAM powering the device. Prior to that, Gizmodo bought a prototype left at a bar for $5,000 and also disassembled the device to confirm it was made by Apple.

The new hardware features a forward-facing camera, an improved rear camera (believed to be 5 megapixels), a higher resolution display expected to be 960x640 pixels, and a second microphone expected to be used for noise canceling. Like the iPad, it relies on a Micro-SIM card for connectivity with a GSM wireless cellular network.

The new cases from China are designed to fit the shape of the prototype, which has a back that is completely flat, and reportedly made of a new material to improve cell reception. The new hardware also has split buttons for volume, which some have theorized could serve as a physical camera shutter button.

iPhone OS 4: orientation lock, iPod controls in fast app switcher

Today’s iPhone OS 4 beta 3 update has brought with it some interesting new features, including a soft-version of the iPad’s orientation lock and iPod controls added into the fast app switcher (multitasking) UI.

When you double click the home button to bring up the fast app switcher, you can now scroll all the way to the left to get the new orientation lock and iPod controls. The default on the orientation is off but a tap will turn on, or turn off, the lock. (Home screen doesn’t sound like it rotates, however).

iPod controls include back, play/pause, and forward, with the name of the current track written beneath.
The background for the app switcher (and for folders) has also changed from the rubbery, pock-mocked, dark gray of beta 1 and 2 to a new cross-hatched medium gray.

Debian on iPhone Linux

NAND writing is now semi-reliable (although one has to be VERY careful not to interrupt the device in the middle of a write operation), but it is enough to have something akin to a full-functional OS, backed by non-volatile storage.

People interested in the project should be familiar with the myriads of Linux "distributions" floating around. An operating system consists of two major domains: one is the kernel, which is what manages the hardware, and one is the userland which contains things like shells and other UIs, package managers, etc. Software that help users install and run useful programs. Ubuntu is a popular distribution that I run on my personal machine. Android could also be considered a distribution (though I believe it has some apparently messy kernel patches).

I decided that Debian would be an interesting thing to try, since we would then instantly have a userland and a pool of ready-compiled applications. Using a slightly dated root filesystem here: http://lists.debian.org/debian-arm/2007/01/msg00034.html, a initrd and further kernel configurations were sufficient to get it to run. Thus, we can now compile programs for iPhone Linux on iPhone Linux. The process is rather slow due to the processor and inefficient NAND device driver (pending a real FTL), but at least theoretically, iPhone Linux is now self-hosting.

This should be pretty much enough for those who are more into the userland development side of things to come in, possibly using Debian as a base to build anything else (as I believe it is standard enough).

I will be offering instructions on how to get this all to work soon. The (modified for gadget serial terminal) rootfs is fairly hefty (around 130 MB), so I'm not sure how we'll handle distribution of that.

Starting iPhonelinux Wishlist

Planetbeing's words from the iphonelinux github:
"This is just my personal WISHLIST. You might have different priorities. If you want to help, just submit patches that you think are helpful. If you need ideas, just refer to this list. Take it off the list in your patch when you finish something off the list. I'll try to give as much help and guidance as I have time to (which may not be much). 

This is not an exhaustive list, but just stuff I think people can actually deliver on reasonable timescales. For example, notice the conspicuous absence of "figure out how to make phone calls". It's roughly divided based on skillset.  
Jobs for C coders that may not have much RE or driver experience:  
1. Simplify driver code: An early goal of this project is to remain faithful to how the iPhone firmware operates the hardware. Some of it does not actually make sense or is otherwise not very efficient. We have a better understanding of the hardware now and can afford to write better drivers with that understanding. This is essentially refactoring.  
2. Refactor openiboot: I'm not sure I like the way openiboot is laid out right now. There's got to be a neater way to organize this. I'd like something that has less messy defines and a more consistent style so it's easier to read, perhaps individual folders for each module, and the ability to easily include or not include any individual module. An emphasis should be put on ease of porting. 
3. Add multitasking: A great project for students in or just out of OS classes. I've been too lazy to add true multithreading primitives: mutexes, semaphores, condition variables, and also multitasking in general. A lot of stuff is run in interrupt contexes or interrupt-disabled contexes. Writing drivers requiring blocking I/O is a pain. It's time for a true multitasking kernel. Should be done in coordination with #2.  
4. Write a gdb stub for openiboot: Those things are tiny and it shouldn't be that bad. Just have it communicate over the existing USB driver now. We wouldn't be able to debug interrupt contexts for now, but it's better than nothing.  
5. Someone needs to MAINTAIN the build script for the toolchain. Or else figure out if/how we can just build everything using Apple's or the community's iPhone OS toolchain. I'm pretty sure we can. It's not like we use the elf wrapper currently.  
6. It might be cool to be able to parse the iPhone's own device tree for some of base addresses. Might make porting less of a pain.  
7. With help from CPICH, we've determined the vibrator and speaker controls are in the baseband, both controlled through the at+xdrv command. Knowing this, the next step is to make sure we can talk to the baseband through the UARTs. This shouldn't be that bad since iBoot used to do it, and we already have UART code.  
8. I've implemented the firmware upload part of Libertas WLAN driver for Marvell 8686 to test out the SDIO functionality. It appears to work. Therefore, we have validated readb, writeb and writesb. More of it should be implemented to validate SDIO device interrupt handling and also readsb. After that, we will definitely have enough to support working wi-fi in the Linux kernel!  
Jobs for people who want to get their hands dirty with drivers:  
1. Look at TheSeven's NAND FTL code in Rockbox and CPICH's reverse engineering efforts to figure out the FTL write code and get it working.  
2. Write a new USB driver: I hate the current one. TheSeven might have some better code.  
3. Can we steal some code from that userland bluetooth stack and put it on top of our UART code? It might be even cleaner than USB, ironically, since we can probably do it all without interrupts.  
Jobs for reverse engineers:  
1. Port openiboot to unsupported platforms like ipt2g, ipt3g and iPhone 3GS.  
 2. For some reason, the NAND chips stop working after the iPhone is on for a long time. They're fine after a reboot. Figure out why that's happening.  
3. Get multitouch working for Zephyr2. It's a subclass of the Zephyr1 that I investigated, and at least some functions are shared, so it shouldn't be terrible.  
4. Figure out how to talk to the light sensor. It's a TSL2561 according to the ioreg. The slave address is 0x92/0x93 according to the ioreg "reg" setting and is one of the slave addresses allowed on the TSL2561. It's on i2c0 according to ioreg. It all looks good except for the fact I cannot get a response out of this part. I even bruteforced all the slave addresses on i2c0 and only got responses from the PMU, the accelerometer and the Wolfson, stuff we already know how to talk to. What's going on? Is it just my 2G is broken?  
5. Figure out the new FTL they're using on the newer devices. That's going to be a pain.  
Thanks for reading all this. I'm impressed."