RIP Andre Hedrick: The engineer who kept the PC open

Kernel expert stood up to mandatory hard disk DRM

7 Elements of Radically Simple OS Migration

Obituary Andre Hedrick, a principal engineer and operating system architect at Cisco Systems and a Linux kernel contributor, has died. He leaves behind a wife, four young children and many friends.

Andre made a significant contribution to personal computing history in a way few people fully realise.

In 2000, Andre was working for SuSE in Oakland and was looking after the Linux ATA subsystem, the operating system's interface with industry-standard hard disks. He was also a member of the ANSI sub-committee, T13, which defined the standard for ATA disks.

The committee was presented with proposals to incorporate a sophisticated piracy-thwarting system called CPRM, or Content Protection for Recordable Media, devised at IBM's Almaden Lab. The proposal was tabled by Intel and a group of three hard drive manufacturers: Toshiba, Matsushita (aka Panasonic) and IBM. The cryptographic system proposed was vastly more ambitious than the SDMI watermarking initiative for music, which by then had floundered.

The CPRM layer permitted the host ATA disk to fully control the copying, movement and deletion of files, making it ideal for set-top boxes and other consumer electronics appliances built using industry-standard parts. But when implemented on a PC, it gave an application complete control of data, bypassing user control via the operating system.

This troubled Andre, who could see the implications. Industry standard CPRM on ATA devices posed immediate problems for enterprise backup and RAID systems and disk integrity software, and more importantly, augured a future in which the PC may no longer be the "open" device it historically had been. He blew the whistle.

After the details emerged here, the initiative caused a furore - spilling onto the front pages (after the influential San Jose Mercury followed up our reports), and into mainstream publications such as Scientific American.

What happened next is not well known, but encapsulates the subtlety of his thinking, and a deep seam of fair mindedness.

The fight to keep personal computers open

Andre had little time for the American motion picture industry, which was pushing CPRM: he called it the "Hollywood sewer", and fulminated against "the greedy little !@#$%^&*() that are going to violate the ownership rights of products and the use of those products". Yet he set about creating a workable compromise - one his opponents couldn't reasonably destroy.

What Andre knew, and what outraged digital rights campaigners didn't understand, was that the rejection of CPRM as an official industry technical standard would result in the worst possible outcome for users and software authors. Most of the commands obeyed by the world's hard drives were not part of any standard, and were proprietary to the disk vendors - the very same disk vendors who had agreed to advance CPRM.

Rogue applications could bypass the operating system and turn CPRM back on. Andre's alternative proposal involved supplying a PIN so the PC owner could prevent the content protection from being activated in their machine.

This would allow new generations of closed playback devices to be built using off-the-shelf ATA disks while handing control of the open PC to the user.

"Control over a technology is more important than it existing," he told me. "If you know it's there, you're empowered."

The counter proposals and arguments Andre made ensured that CPRM was not implemented through the backdoor, and was used in closed devices and removable media without compromising the user's control of the PC.

And now look where we are today

CPRM is widely used today as the encryption scheme for SD cards. But by the summer of 2001, and thanks largely to Andre's unsung efforts that spring, it was never implemented as a standard, official or otherwise.

This would be the last time the entertainment industry would attempt to define standards for the technology industry. Today, millions of people use digital restriction management systems that lock down books, songs and music - the Amazon Kindle, the BBC iPlayer and Spotify are examples - but consumers enter into the private commercial agreement knowingly. It isn't set by default in the factory, as it might have been. The PC remains open rather than becoming an appliance.

Andre Hedrick

Andre Hedrick

Andre was never comfortable taking the credit he really deserved for this achievement.

Driving me back from our first meeting in Oakland in the summer of 2000, he described how he had deciphered the control protocol for APS power supplies - the dominant manufacturer at the time - to allow Linux to work with them.

He had to decipher the commands on the wire, which took all of an obsessive engineer's determination. He was also one of America's leading forensic experts, and was called upon to advise on retrieving data from damaged disks. In each of these cases, he preferred to take quiet satisfaction rather than public acclaim.

But it was his human ability to pursue a workable compromise that most impressed me, and really ensured that the personal computer remains an open system - a marked contrast to today's dogmatic and self-aggrandising copyfighters, who shun consensus and rational settlements, preferring both the limelight and the dubious glory of defeat. If Andre had adopted such a strategy, personal computing history would probably be very different.

He joined Cisco in January 2007 where he worked on several embedded projects, and helped define the current Cisco architecture IOS-XE.

On the Linux kernel mailing list, his friend Nate Lawson recalls Andre saying: "To work on disk drivers, you have to be a special kind of bastard." File systems are the world's most reliable databases for a reason, and built by engineers with the fierce integrity of Andre Hedrick.

Andre took his own life on Friday, 13 July. He will be greatly missed and our thoughts are with his family. His wife has set up a condolence weblog with details of a memorial service to be held in Berkeley, California, this Friday. ®

Best practices for enterprise data

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Microsoft says 'weird things' can happen during Windows Server 2003 migrations
Fix coming for bug that makes Kerberos croak when you run two domain controllers
Cisco says network virtualisation won't pay off everywhere
Another sign of strain in the Borg/VMware relationship?
prev story


7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?