RIP Andre Hedrick: The engineer who kept the PC open

Kernel expert stood up to mandatory hard disk DRM


Obituary Andre Hedrick, a principal engineer and operating system architect at Cisco Systems and a Linux kernel contributor, has died. He leaves behind a wife, four young children and many friends.

Andre made a significant contribution to personal computing history in a way few people fully realise.

In 2000, Andre was working for SuSE in Oakland and was looking after the Linux ATA subsystem, the operating system's interface with industry-standard hard disks. He was also a member of the ANSI sub-committee, T13, which defined the standard for ATA disks.

The committee was presented with proposals to incorporate a sophisticated piracy-thwarting system called CPRM, or Content Protection for Recordable Media, devised at IBM's Almaden Lab. The proposal was tabled by Intel and a group of three hard drive manufacturers: Toshiba, Matsushita (aka Panasonic) and IBM. The cryptographic system proposed was vastly more ambitious than the SDMI watermarking initiative for music, which by then had floundered.

The CPRM layer permitted the host ATA disk to fully control the copying, movement and deletion of files, making it ideal for set-top boxes and other consumer electronics appliances built using industry-standard parts. But when implemented on a PC, it gave an application complete control of data, bypassing user control via the operating system.

This troubled Andre, who could see the implications. Industry standard CPRM on ATA devices posed immediate problems for enterprise backup and RAID systems and disk integrity software, and more importantly, augured a future in which the PC may no longer be the "open" device it historically had been. He blew the whistle.

After the details emerged here, the initiative caused a furore - spilling onto the front pages (after the influential San Jose Mercury followed up our reports), and into mainstream publications such as Scientific American.

What happened next is not well known, but encapsulates the subtlety of his thinking, and a deep seam of fair mindedness.

The fight to keep personal computers open

Andre had little time for the American motion picture industry, which was pushing CPRM: he called it the "Hollywood sewer", and fulminated against "the greedy little !@#$%^&*() that are going to violate the ownership rights of products and the use of those products". Yet he set about creating a workable compromise - one his opponents couldn't reasonably destroy.

What Andre knew, and what outraged digital rights campaigners didn't understand, was that the rejection of CPRM as an official industry technical standard would result in the worst possible outcome for users and software authors. Most of the commands obeyed by the world's hard drives were not part of any standard, and were proprietary to the disk vendors - the very same disk vendors who had agreed to advance CPRM.

Rogue applications could bypass the operating system and turn CPRM back on. Andre's alternative proposal involved supplying a PIN so the PC owner could prevent the content protection from being activated in their machine.

This would allow new generations of closed playback devices to be built using off-the-shelf ATA disks while handing control of the open PC to the user.

"Control over a technology is more important than it existing," he told me. "If you know it's there, you're empowered."

The counter proposals and arguments Andre made ensured that CPRM was not implemented through the backdoor, and was used in closed devices and removable media without compromising the user's control of the PC.

And now look where we are today

CPRM is widely used today as the encryption scheme for SD cards. But by the summer of 2001, and thanks largely to Andre's unsung efforts that spring, it was never implemented as a standard, official or otherwise.

This would be the last time the entertainment industry would attempt to define standards for the technology industry. Today, millions of people use digital restriction management systems that lock down books, songs and music - the Amazon Kindle, the BBC iPlayer and Spotify are examples - but consumers enter into the private commercial agreement knowingly. It isn't set by default in the factory, as it might have been. The PC remains open rather than becoming an appliance.

Andre Hedrick

Andre Hedrick

Andre was never comfortable taking the credit he really deserved for this achievement.

Driving me back from our first meeting in Oakland in the summer of 2000, he described how he had deciphered the control protocol for APS power supplies - the dominant manufacturer at the time - to allow Linux to work with them.

He had to decipher the commands on the wire, which took all of an obsessive engineer's determination. He was also one of America's leading forensic experts, and was called upon to advise on retrieving data from damaged disks. In each of these cases, he preferred to take quiet satisfaction rather than public acclaim.

But it was his human ability to pursue a workable compromise that most impressed me, and really ensured that the personal computer remains an open system - a marked contrast to today's dogmatic and self-aggrandising copyfighters, who shun consensus and rational settlements, preferring both the limelight and the dubious glory of defeat. If Andre had adopted such a strategy, personal computing history would probably be very different.

He joined Cisco in January 2007 where he worked on several embedded projects, and helped define the current Cisco architecture IOS-XE.

On the Linux kernel mailing list, his friend Nate Lawson recalls Andre saying: "To work on disk drivers, you have to be a special kind of bastard." File systems are the world's most reliable databases for a reason, and built by engineers with the fierce integrity of Andre Hedrick.

Andre took his own life on Friday, 13 July. He will be greatly missed and our thoughts are with his family. His wife has set up a condolence weblog with details of a memorial service to be held in Berkeley, California, this Friday. ®

Similar topics


Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022