RIP Andre Hedrick: The engineer who kept the PC open

Kernel expert stood up to mandatory hard disk DRM

Boost IT visibility and business value

Obituary Andre Hedrick, a principal engineer and operating system architect at Cisco Systems and a Linux kernel contributor, has died. He leaves behind a wife, four young children and many friends.

Andre made a significant contribution to personal computing history in a way few people fully realise.

In 2000, Andre was working for SuSE in Oakland and was looking after the Linux ATA subsystem, the operating system's interface with industry-standard hard disks. He was also a member of the ANSI sub-committee, T13, which defined the standard for ATA disks.

The committee was presented with proposals to incorporate a sophisticated piracy-thwarting system called CPRM, or Content Protection for Recordable Media, devised at IBM's Almaden Lab. The proposal was tabled by Intel and a group of three hard drive manufacturers: Toshiba, Matsushita (aka Panasonic) and IBM. The cryptographic system proposed was vastly more ambitious than the SDMI watermarking initiative for music, which by then had floundered.

The CPRM layer permitted the host ATA disk to fully control the copying, movement and deletion of files, making it ideal for set-top boxes and other consumer electronics appliances built using industry-standard parts. But when implemented on a PC, it gave an application complete control of data, bypassing user control via the operating system.

This troubled Andre, who could see the implications. Industry standard CPRM on ATA devices posed immediate problems for enterprise backup and RAID systems and disk integrity software, and more importantly, augured a future in which the PC may no longer be the "open" device it historically had been. He blew the whistle.

After the details emerged here, the initiative caused a furore - spilling onto the front pages (after the influential San Jose Mercury followed up our reports), and into mainstream publications such as Scientific American.

What happened next is not well known, but encapsulates the subtlety of his thinking, and a deep seam of fair mindedness.

The fight to keep personal computers open

Andre had little time for the American motion picture industry, which was pushing CPRM: he called it the "Hollywood sewer", and fulminated against "the greedy little !@#$%^&*() that are going to violate the ownership rights of products and the use of those products". Yet he set about creating a workable compromise - one his opponents couldn't reasonably destroy.

What Andre knew, and what outraged digital rights campaigners didn't understand, was that the rejection of CPRM as an official industry technical standard would result in the worst possible outcome for users and software authors. Most of the commands obeyed by the world's hard drives were not part of any standard, and were proprietary to the disk vendors - the very same disk vendors who had agreed to advance CPRM.

Rogue applications could bypass the operating system and turn CPRM back on. Andre's alternative proposal involved supplying a PIN so the PC owner could prevent the content protection from being activated in their machine.

This would allow new generations of closed playback devices to be built using off-the-shelf ATA disks while handing control of the open PC to the user.

"Control over a technology is more important than it existing," he told me. "If you know it's there, you're empowered."

The counter proposals and arguments Andre made ensured that CPRM was not implemented through the backdoor, and was used in closed devices and removable media without compromising the user's control of the PC.

And now look where we are today

CPRM is widely used today as the encryption scheme for SD cards. But by the summer of 2001, and thanks largely to Andre's unsung efforts that spring, it was never implemented as a standard, official or otherwise.

This would be the last time the entertainment industry would attempt to define standards for the technology industry. Today, millions of people use digital restriction management systems that lock down books, songs and music - the Amazon Kindle, the BBC iPlayer and Spotify are examples - but consumers enter into the private commercial agreement knowingly. It isn't set by default in the factory, as it might have been. The PC remains open rather than becoming an appliance.

Andre Hedrick

Andre Hedrick

Andre was never comfortable taking the credit he really deserved for this achievement.

Driving me back from our first meeting in Oakland in the summer of 2000, he described how he had deciphered the control protocol for APS power supplies - the dominant manufacturer at the time - to allow Linux to work with them.

He had to decipher the commands on the wire, which took all of an obsessive engineer's determination. He was also one of America's leading forensic experts, and was called upon to advise on retrieving data from damaged disks. In each of these cases, he preferred to take quiet satisfaction rather than public acclaim.

But it was his human ability to pursue a workable compromise that most impressed me, and really ensured that the personal computer remains an open system - a marked contrast to today's dogmatic and self-aggrandising copyfighters, who shun consensus and rational settlements, preferring both the limelight and the dubious glory of defeat. If Andre had adopted such a strategy, personal computing history would probably be very different.

He joined Cisco in January 2007 where he worked on several embedded projects, and helped define the current Cisco architecture IOS-XE.

On the Linux kernel mailing list, his friend Nate Lawson recalls Andre saying: "To work on disk drivers, you have to be a special kind of bastard." File systems are the world's most reliable databases for a reason, and built by engineers with the fierce integrity of Andre Hedrick.

Andre took his own life on Friday, 13 July. He will be greatly missed and our thoughts are with his family. His wife has set up a condolence weblog with details of a memorial service to be held in Berkeley, California, this Friday. ®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Flash could be CHEAPER than SAS DISK? Come off it, NetApp
Stats analysis reckons we'll hit that point in just three years
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
Object storage bods Exablox: RAID is dead, baby. RAID is dead
Bring your own disks to its object appliances
Nimble's latest mutants GORGE themselves on unlucky forerunners
Crossing Sandy Bridges without stopping for breath
prev story


5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.