[Replicant] OT: Open source GSM board

H. Nikolaus Schaller hns at goldelico.com
Sat Oct 29 06:18:06 UTC 2016 

> Am 28.10.2016 um 22:07 schrieb Paul van der Vlis <paul at vandervlis.nl>:
> 
> Op 28-10-16 om 14:27 schreef H. Nikolaus Schaller:
>> 
>>> Am 28.10.2016 um 13:33 schrieb Paul van der Vlis <paul at vandervlis.nl>:
>>> 
>>> Op 28-10-16 om 12:29 schreef Bob Ham:
>>>> On Fri, 2016-10-28 at 11:45 +0200, Paul van der Vlis wrote:
>>>> 
>>>>> Those people
>>>>> have working GSM firmware what compiles using GCC, without blobs
>>>> 
>>>> Unfortuantely, that firmware isn't legal to use in most jurisdictions.
>>>> The source code came from a leak and carries a proprietary license.  The
>>>> people distributing it are violating copyright law.
>>> 
>>> You are right. But phones with Replicant are using a modem with closed
>>> source firmware. Both is "bad".
>> 
>> Why? FSF treats encapsulated firmware in some UART or USB connected modem
>> to be "hardware".
>> 
>>> 
>>> It's really difficult to create FOSS GSM firmware without examples,
>> 
>> Why? There are GSM protocol testers, there are text books. There is Osmocomm.
>> So a unit test driven software development process seems possible without
>> any knowledge about leaked source codes.
> 
> Herald Welte from Osmocomm donated 450 USD to get such a board.

I would assume he needs hardware to run Osmocomm and not the firmware or protocols
because they exist for his purposes (Osmocomm).

> 
>>> Michaela is bringing us examples. What Snowden did is very illigal too,
>>> but his information is very interesting.
>> 
>> Of course it is "interesting" to look into the source codes. Like it is
>> "interesting" to listen to your private communication...
> 
> The second one has privacy issues, the first one not.

It has.

There is a group of people (called TI) who decided to keep the sources private
and not make them open. Why is your (or my) privacy more important than theirs?

IMHO we need solutions that keep everyone's privacy requirements in mind.

And IMHO we have to accept that not everybody wants to make his/her software
open and we can't overrule their decisions by our own needs.

This is IMHO the problem most people have with the free calypso software.

> 
>> So why should one be "good" (if you are looking into someone else's source
>> codes) and the other is "bad" (if someone else, like NSA, is looking
>> into your communication)?
>> 
>> Anyways, there are even two aspects of "legal" in this case.
>> 
>> One is about the source code license and openness.
>> 
>> The other is that the frequency bands are not assigned for general purpose,
>> but only available to devices which pass a big set of rules. This process
>> is called certification. You just have to go through the certification
>> process and then it is no longer illegal to use it. You do not need this
>> if you operate in a lab and with a dummy load.
>> 
>> In both cases it is just a matter of efforts and money to contact the
>> right people and offer to pay for properly licensed source codes or write
>> your own from scratch (there is enough public information available how
>> the GSM protocols work). And then go officially through the certification
>> process. If you pay you will not be rejected just because you are a small
>> project. 
> 
> Eventually because it's open source.

Is it? Please help to find the regulation/certification paragraph that explicitly
forbids open source modems, if they conform to all radio and protocol requirements
and pass the tests.

It might be a certification requirement that it can not be changed by the user,
but that is something different.

> 
>> You will be rejected if the device does not conform to the
>> certification requirements.
>> 
>> So this is completely different to Snowden's case. He has published information
>> that we should know about in a democracy, but where there was no possibility
>> to make it legal by enough money or efforts. Hence I think it is a different
>> category that leaked source codes.
>> 
>> Contrary to that, with GSM modems it is just that we (the public community)
>> do not collect enough money to fund the legal path - which exists.
> 
> If you would collect to get enough money for developing such software
> and following the legal path, I would support you too.
> 
> With regards,
> Paul van der Vlis.
> 
> 
> -- 
> Paul van der Vlis Linux systeembeheer Groningen
> https://www.vandervlis.nl/
> 
> 
> _______________________________________________
> Replicant mailing list
> Replicant at lists.osuosl.org
> http://lists.osuosl.org/mailman/listinfo/replicant

More information about the Replicant mailing list