Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > More E-Book Readers > iRex

Notices

Reply
 
Thread Tools Search this Thread
Old 10-25-2006, 06:06 AM   #1
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 17,455
Karma: 10995944
Join Date: Oct 2002
Location: Switzerland
Device: Sony PRS-650 / Nexus 7 / Kindle PW
iRex iLiad patch V2.7.1 closes security holes

iRex has just issued an upgrade patch for the iLiad device, closing two security holes that were recently discovered by our forum members. Unfortunately, if you decide to upgrade you may lose the opportunity to install and run your homebrew software. Feel free to join our on-going discussion about the release.

The patch also fixes a couple of software bugs mainly related to the content browser and the PDF viewer. Our Wiki has a full list of changes.
Alexander Turcic is offline   Reply With Quote
Old 10-25-2006, 12:00 PM   #2
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Alex, much of the stuff I've been working with comes straight from the main stream Debian distribution. It's the same stuff people are using on Intel x86 machines, just built for the ARM CPU in an iLiad e.g. it isn't "home brew". I've even got my favorite industrial strength editor emacs (all 50mb of it) installed and running on my iLiad.

The onscreen clock I got working is from the same Matchbox tool kit iRex themselves are using. I just installed and configured a piece of it they didn't give us, even though users have been requesting an on screen clock since forever.

In fact as I've explored my iLiad I've pretty much confirmed my suspicions that 95% of the iLiad is all open source software albeit with some iRex hacks applied to a small amount of it.

The scariest part in all the exploring and experimenting is that iRex has provided no means to re-flash the unit if something goes wrong.

What I would have expected was something like this:
Place a user filessytem image on an MMC/CF card and insert into powered down unit.
Hold the connect button down and turn the unit on and hold the connect button until the unit says it is re-flashing from MMC/CF card.
Wait patiently for this to complete.
Unit automatically restarts.

I've seen their tool kit, they have all the tools to do the re-flash.

Why iRex has been unable to deliver something this simple is something I just can't understand and leaves everyone at risk, not just the experimenters.
scotty1024 is offline   Reply With Quote
 
Advertisement
Old 10-25-2006, 01:52 PM   #3
vranghel
Addict
vranghel began at the beginning.
 
vranghel's Avatar
 
Posts: 285
Karma: 10
Join Date: Apr 2006
Location: Vancouver, Canada
Device: Proud Iliad owner
Quote:
Originally Posted by scotty1024

In fact as I've explored my iLiad I've pretty much confirmed my suspicions that 95% of the iLiad is all open source software albeit with some iRex hacks applied to a small amount of it.

The scariest part in all the exploring and experimenting is that iRex has provided no means to re-flash the unit if something goes wrong.
Its pretty interesting that although the iLiad is built with open source software it is so hard to find a way to reflash it. I'm beginning to think that this move migh be intentional on iRex's part, a way to make sure that users do not intstall an OS that did not come from them.

They might fear the havoc users might wreak if they're allowed to have their way with iRex's precious hardware. <end of sarcastic remark>
vranghel is offline   Reply With Quote
Old 10-25-2006, 02:04 PM   #4
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
@vranghel

Somthing along those lines might be possible...^^
CommanderROR is offline   Reply With Quote
Old 10-25-2006, 02:09 PM   #5
k2r
Zealot
k2r doesn't litterk2r doesn't litter
 
Posts: 124
Karma: 177
Join Date: Jul 2006
Location: Bochum, Germany
Device: MP2K, iLiad
Quote:
Originally Posted by vranghel
I'm beginning to think that this move migh be intentional on iRex's part, a way to make sure that users do not intstall an OS that did not come from them.
Question 1 is: If I they really lock down the iLiad so nobody but them got root, fixed all local exploits and maybe install some kind of additional security layer to prevent their cusomers from using the device they bought in the ways they want to, and THEN release the GPL-sources, so we would have access to the sources, could build the system but had no way to install anything - would they be in compliance with the GPL?

Question 2 is: How big is the niche-market for ebook companies that say "We don't care about our customers wishes" ?
k2r is offline   Reply With Quote
Old 10-25-2006, 02:14 PM   #6
b_k
Übernerd
b_k is on a distinguished road
 
Posts: 238
Karma: 74
Join Date: Jun 2006
Location: Germany
Device: iRex iLiad
i wouldn't wonder if they used one of the common bootloaders. But I think it's hard to know which bootloader is on it, or did someone finally find the serial console?

@k2r, I think that would depend on the lawyer you ask. From my point of view, no.
b_k is offline   Reply With Quote
Old 10-25-2006, 02:20 PM   #7
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by k2r
, so we would have access to the sources, could build the system but had no way to install anything - would they be in compliance with the GPL?
Answer is no, but you should go surely for UK law system because it needs of a non-literal, spirit-wise, interpretation of the GPL part about build & install scripts. Sony does a trick there in their release of sources, not including the build & install procedures, perhaps under the claim that it is obvious. Of course it was obvius... for Igorsk.
arivero is offline   Reply With Quote
Old 10-26-2006, 07:00 AM   #8
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
From what I've seen Igorsk isn't using the posted sources.

The Sony has a flasher which he sussed out of their DLL.

After that he grabbed the raw filesystem off the device, extracted it, modified it, and repackaged it back into a filessytem, then re-flashed that image into the Reader.

It's a modification of the method used on the Librie to make English Librie's.
scotty1024 is offline   Reply With Quote
Old 10-26-2006, 07:10 AM   #9
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Quote:
Originally Posted by b_k
i wouldn't wonder if they used one of the common bootloaders. But I think it's hard to know which bootloader is on it, or did someone finally find the serial console?
We now know where the serial console is inside the CPU: UART # 2 running at 115200 baud.

What we don't know is how one hooks a cable to it. I can provide PXA255 pin numbers if someone wants to open an iLiad and go looking. Or someone could try those extra pins on the dock connector again, it's 115200 baud...

Since they've left getty running on it, if you can hook it up there will be a login prompt waiting.
scotty1024 is offline   Reply With Quote
Old 10-26-2006, 11:38 AM   #10
drogo
Connoisseur
drogo has a complete set of Star Wars action figures.drogo has a complete set of Star Wars action figures.drogo has a complete set of Star Wars action figures.drogo has a complete set of Star Wars action figures.
 
Posts: 54
Karma: 321
Join Date: May 2006
Location: Virginia, USA
Device: PRS-500
Quote:
Originally Posted by k2r
Question 1 is: If I they really lock down the iLiad so nobody but them got root, fixed all local exploits and maybe install some kind of additional security layer to prevent their cusomers from using the device they bought in the ways they want to, and THEN release the GPL-sources, so we would have access to the sources, could build the system but had no way to install anything - would they be in compliance with the GPL?

Question 2 is: How big is the niche-market for ebook companies that say "We don't care about our customers wishes" ?
It's already been addressed, but the answer to Question 1 is "No".

The device is available now, but there is no source code available. IANAL, but my understanding of the GPL is that the source code must be available along with the official product. You can't release the product and say "We're working on making the source available."

If they're stalling on it in order to lock out customers, then it's my opinion that they will be fighting a losing battle. You shouldn't treat your customers as someone you want to "lock out". The smart ones will circumvent your locks, and the ones who aren't smart enough will probably not be willing to mess with it. As for those who mess it up, all iLiad support dept has to do is say, "That's unsupported firmware, I can't help you with it."

Which brings me to my answer to Question 2, and that would be "About as long as the Gemstar e-reader lasted".

Edit: I just saw the thread they've released the source for the PDF reader. Still waiting for the rest...

Last edited by drogo; 10-26-2006 at 11:41 AM.
drogo is offline   Reply With Quote
Old 10-26-2006, 12:06 PM   #11
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
The nice thing about ipdf source being released is I can probably take that and add djvu support to ipdf.
scotty1024 is offline   Reply With Quote
Old 10-26-2006, 12:41 PM   #12
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by scotty1024
We now know where the serial console is inside the CPU: UART # 2 running at 115200 baud.

What we don't know is how one hooks a cable to it. I can provide PXA255 pin numbers if someone wants to open an iLiad and go looking. Or someone could try those extra pins on the dock connector again, it's 115200 baud...
There is an extra connector inside, in the upper left corner. I'd bet for it because RTS|CTS needs an extra pair of wires. But still the high impedance pins of the external connector could hide some surprise.
arivero is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sell iRex iLiad & iRex DR1000S bcabral Flea Market 10 05-04-2011 03:28 PM
do the softwares work on iRex Digital Reader as they do on iRex iLiad HiSoC8Y iRex 1 07-02-2009 11:03 AM
iLiad through airport security sputnik iRex 8 06-11-2008 10:06 PM
iRex iLiad V2.6.1 patch upgrade available each iRex 23 09-07-2006 08:39 AM
IE security patch disables passwords in URLs Alexander Turcic Lounge 0 02-09-2004 07:29 AM


All times are GMT -4. The time now is 08:42 AM.


MobileRead.com is a privately owned, operated and funded community.