From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp105.iad3a.emailsrvr.com (smtp105.iad3a.emailsrvr.com [173.203.187.105]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 5CF4F21FC76 for ; Fri, 25 Sep 2015 18:08:49 -0700 (PDT) Received: from smtp6.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp6.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id B5569180129; Fri, 25 Sep 2015 21:08:48 -0400 (EDT) Received: by smtp6.relay.iad3a.emailsrvr.com (Authenticated sender: dpreed-AT-reed.com) with ESMTPSA id F308F1800B8; Fri, 25 Sep 2015 21:08:47 -0400 (EDT) X-Sender-Id: dpreed@reed.com Received: from [100.76.128.12] (90.sub-70-192-10.myvzw.com [70.192.10.90]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:465 (trex/5.4.2); Sat, 26 Sep 2015 01:08:48 GMT User-Agent: K-@ Mail X-Priority: 3 In-Reply-To: References: <49d53a3e-b7a0-4069-a87b-d9778bb8a229@reed.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----C78UZK7CAASMVN9HTQQA31S6N3S7GX" Content-Transfer-Encoding: 7bit From: "David P. Reed" Date: Fri, 25 Sep 2015 21:08:46 -0400 To: Dave Taht Message-ID: <61e9ae97-5904-44a5-94c4-3b0aedc8be1d@reed.com> Cc: make-wifi-fast@lists.bufferbloat.net, "cerowrt-devel@lists.bufferbloat.net" , fcc@lists.prplfoundation.org Subject: Re: [Cerowrt-devel] some comments from elsewhere on the lockdown X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Sep 2015 01:09:12 -0000 ------C78UZK7CAASMVN9HTQQA31S6N3S7GX Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sounds great to me On Sep 25, 2015, Dave Taht wr= ote: >The core of the FCC letter is currently this=2E comments? > >snip sni= p > >In place of last year=E2=80=99s and the new proposed regulations, we p= ropose a >system of rules that would foster innovation, improve security, m= ake >Wi-Fi better, and overall improve usage of the Wi-Fi spectrum for >eve= rybody=2E > >1) Mandate that: for a SDR, wireless, or Wi-Fi radio of any so= rt - in >order to achieve FCC compliance - full and maintained source code = for >at least the device driver and radio firmware be made publicly >availa= ble in a source code repository on the internet, available for >review and = improvement by all=2E > >2) Mandate that: the vendor supply a continuous up= date stream, one >that must respond to regulatory transgressions and CVEs w= ithin 45 days >of disclosure, for the warranted lifetime of the product + 5= years >after last customer ship=2E > >3) Mandate that: secure update of fi= rmware be working at shipment, and >that update streams be under ultimate c= ontrol of the owner of the >equipment=2E Problems with compliance can then = be fixed going forward=2E > >4) Failure to comply with these regulations w= ill result in FCC >decertification of the existing product and in severe ca= ses, bar new >products from that vendor from being considered for certifica= tion=2E > >5) In addition, we ask that the FCC review and rescind the rules= for >anything that conflicts with open source best practices, and/or which= >causes the vendors to believe they should hide the mechanisms they use >b= y shipping undocumented =E2=80=9Cbinary blobs=E2=80=9D of compiled code=2E = This had >been an ongoing problem to all in the internet community trying = to do >change control and error correction on safety-critical systems=2E > = > >On Fri, Sep 25, 2015 at 9:16 PM, David P=2E Reed wro= te: >> Those of us who innovate at the waveform and MAC layer would argue >= > differently=2E The cellular operators are actually the responsible >cont= rol >> operators and hold licenses for that=2E They may want to lock down >= phones' >> cellular transmitters=2E But U-NII and ism bands are not license= d to >these >> operators=2E There is no license requirement for those bands= to use >particular >> waveforms or MAC layers=2E >> >> So this is massive = overreach=2E The control operator of the "licensed >by rule" >> Part 15 rad= ios in your phone or home are licensed to the device user >and not >> to th= e mfr at all=2E For example, the user is responsible that the >device not >= > interfere with licensed services, and that the device stop >transmitting = if >> such harmful interference is called to their attention, *even* if the= >device >> passed certification=2E >> >> Lock down has not been demonstrat= ed to be necessary=2E This is all due >to >> fearful what - if speculation = by people who have no data to justify >the >> need, plus attempt to stop in= novation by licensees who want to >exclude >> competitors from being create= d, like LTE operators proposing LTE-U >which >> will be locked down and is = the stalking horse for taking back open >part 15 >> operation into a licens= ed regime based on property rights to >spectrum=2E >> >> >> On Sep 24, 2015= , Dave Taht wrote: >>> >>> a commenter that I wil= l keep anonymous wrote: >>> >>> >>> Regarding the FCC firmware lockdown iss= ue, I=E2=80=99m sure you=E2=80=99re aware >that >>> baseband firmware in ce= llphones has been subject to similar >>> restrictions for some time=2E In f= act, the FCC effectively mandates >that >>> baseband functionality is imple= mented on a whole separate subsystem >>> with its own CPU to make it easier= to isolate and protect=2E Also, the >>> cellphone system is designed so th= at a misbehaving node can be >easily >>> identified and blocked from the ne= twork, making it useless and >>> removing most of the incentive to find way= s around regulatory >>> restrictions=2E Wi-Fi devices have none of these pr= otections=2E >>> >>> I believe this new attention to Wi-Fi devices is a con= sequence of >many >>> factors: >>> >>> The precedent from cellphone baseban= d firmware control; regulators >are >>> easily inspired by success stories = in related areas >>> The substantial increase in flexibility offered by SDR= >implementations >>> Technical ignorance, for example of the difference be= tween OS, >>> protocol, and UI firmware and baseband firmware >>> The expan= sion of allowed capabilities in Wi-Fi hardware (from 5=2E8 >GHz >>> ISM to = the U-NII bands, increases in transmit power allowances, >etc=2E) >>> The i= mproved spectrum utilization of newer Wi-Fi modulation schemes >>> Inconsis= tencies among international regulations for spectrum >allocation >>> Spectr= um sharing between Wi-Fi and life safety applications >>> The relative lack= of attention to (and sometimes, the deliberate >>> flouting of) regulatory= constraints in open-source firmware >>> The increased availability of open= -source firmware for higher-power >>> and narrow-beam Wi-Fi devices (not ju= st the WRT-54G :-) >>> >>> >>> And probably more I can=E2=80=99t think of o= ff the top of my head, but which >>> regulators are obsessing over every da= y=2E >>> >>> Although I agree with the spirit of your FCC email draft lette= r, it >>> does not address most of these factors, so it=E2=80=99s likely to= be seen as >>> missing the point by regulators=2E If you want to reach the= se people, >>> you have to talk about the things they=E2=80=99re thinking a= bout=2E >>> >>> What you ought to be pushing for instead is that Wi-Fi devi= ces be >>> partitioned the same way cellphones are, defining a baseband sec= tion >>> that can be locked down so that the device can=E2=80=99t operate i= n ways >that >>> are prohibited by the relevant local regulations, so that = the OS, >>> protocol, and UI code on the device can be relatively more open= for >>> the kinds of optimizations and improvements we all want to see=2E = >>> >>> It=E2=80=99s possible that the partition could be in software alone= , or in >>> some combination of hardware and software, that doesn=E2=80=99t= require a >>> cellphone-style independent baseband processor, which would = add a >lot >>> of cost to Wi-Fi devices=2E For example, the device vendor c= ould put >>> baseband-related firmware into a trusted and _truly minimal_ b= inary >>> module that the OS has to go through to select the desired >frequ= ency, >>> power, and modulation scheme, even for open-source solutions=2E T= hat >>> doesn=E2=80=99t mean the source code for the binary module can=E2= =80=99t be >published, >>> or even that there can=E2=80=99t be a mandate to= publish it=2E >>> >>> I=E2=80=99m sure that doesn=E2=80=99t sound like a g= reat solution to you, but making >>> it easy for end users to configure com= mercial devices to transmit at >>> maximum power on unauthorized frequencie= s using very dense >modulation >>> schemes doesn=E2=80=99t sound like a gre= at solution to regulators, and the >>> difference between you and the regul= ators is that they are more >>> determined and, frankly, better armed=2E It= will do you no good to >>> constrain the range of the solutions you=E2=80= =99ll accept so that it >doesn=E2=80=99t >>> overlap with the solutions the= y will accept=2E >>> >>> =2E png >>> >>> >>> On Sep 21, 2015,= at 5:10 AM, Dave Taht >wrote: >>> >>> >>> Dave, = >>> >>> >>> Huh=2E I have been interested in mesh networking for a couple o= f years >>> now, and curious about Battlemesh, but I had no idea I knew som= eone >>> who was active in it=2E >>> >>> >>> Are there any other reports on= line from this year or last year? The >>> website doesn't seem to serve any= purpose beyond announcing the >event=2E >>> >>> >>> >>> As you can tell I = am way, way behind on my email=2E I've mostly been >>> chasihg funding for = my main project, make-wifi-fast for over a year >>> now - I added in the mi= ll and the "cake switch chip" to that overall >>> list as I tried to climb = the financial ladders=2E My funding at google >>> dried up suddenly (due to= the re-org), and I was forced to chase >other >>> avenues=2E I think i got= a grant from comcast coming in, but it is for >>> 1/10th the total I neede= d for make-wifi-fast=2E=2E=2E and it is hung up in >>> legal, and in the fa= ct the work has to mostly happen in europe=2E >>> >>> So I've moved to euro= pe, trying to find bases in bristol, england, >>> berlin, and sweden=2E Tha= t's taken a while (I dropped out of the mill >>> process in may or so due t= o the sudden google silences, and the lack >>> of compiler - and I view mil= l's biggest problem is funding, so it >>> seems like just combining my own = quest with yours the right thing) >>> >>> I was very involved in the early = days of wireless networking but >>> dropped out by 2002 or so, much to my n= ow, later regret=2E The only >devs >>> left that understand it at more than= one level all go to battlemesh, >>> so I've been there twice=2E I still fi= nd it quite discouraging how few >>> grok the minstrel algorithm, or what i= s wrong with packet >aggregation=2E >>> A billion+ users that all think wif= i "just works", and "always >>> sucked"=2E=2E=2E :( I gave a talk on the la= tter as well at at this >>> battlemesh=2E >>> >>> anyway the videos and res= ults from this battlemesh are all now >online=2E >>> I am pushing on all fr= onts, but being a manager was a bit wearying >so >>> I took time out to do = some recording at a place called >theconvent=2Enet >>> for the past 2 weeks= =2E Haven't played the piano so much in 5 years! >>> >>> Youtube videos: >>= > >>> https://www=2Eyoutube=2Ecom/channel/UCxfh-2aOR5hZUjxJLQ2CIHw >>> >>> = blog post: >>> >https://wlan-si=2Enet/en/blog/2015/09/08/battlemesh-v8-and-= its-many-stories/ >>> >>> The test results were dismal, as expected=2E Fina= lly knocking a few >>> heads to use abusive network tests like what toke an= d I developed >were >>> hopefully an eye-opener, and a lot more people grok= what >>> make-wifi-fast is really about, and how to do it=2E >>> >>> http:= //docs=2Ebattlemesh=2Eorg/ >>> >>> one very positive outcome of the fcc tal= k was a level of net outrage >>> and organisation over some new fcc rules I= have not seen before=2E My >>> letter to the fcc, in progress, with vint c= erf and other >>> co-signers is up for review at: >>> >>> >>> >https://docs= =2Egoogle=2Ecom/document/d/1VTOHEpRXSvhWvQ0leM-sROJ_XC7Fk1WjFXq57ysFtAA/edi= t?usp=3Dsharing >>> >>> A similar letter has to go to the eu, as they just = passed similar >rules=2E >>> >>> as much as I would like to be working on t= he mill, it seems >politics, >>> finance, and organisation are in more need= of my attentions right >now=2E >>> but I will keep plugging y'all at every= opportunity=2E >>> >>> But, but=2E=2E=2E as I said, I just took a few week= s off and am picking up >>> the pieces and trying to figure out what to foc= us on, at the moment=2E >>> >>> If you wish a faster response to my email, = please use >dave=2Etaht@gmail=2Ecom >>> >>> >>> >> >> -- Sent with K-@ Mail= - the evolution of emailing=2E -- Sent with K-@ Mail - the evolution of e= mailing=2E ------C78UZK7CAASMVN9HTQQA31S6N3S7GX Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Sounds great to me

On Sep 25, 2015, Dave Taht <dave=2Etaht@gmail=2Ecom> wrote: 
The core of the FCC letter is currently this=2E comments?

snip snip

In place of last year’s and the new proposed regulations, we propose=
 a
system of rules that would foster innovation, improve =
security, make
Wi-Fi better, and overall improve usage of=
 the Wi-Fi spectrum for
everybody=2E
1) Mandate that: for a SDR, wireless, or Wi-Fi radio of an=
y sort - in
order to achieve FCC compliance - full and ma=
intained source code for
at least the device driver and r=
adio firmware be made publicly
available in a source code=
 repository on the internet, available for
review and imp=
rovement by all=2E

2) Mandate that: th=
e vendor supply a continuous update stream, one
that must=
 respond to regulatory transgressions and CVEs within 45 days
of disclosure, for the warranted lifetime of the product + 5 years
after last customer ship=2E

3) Mandate that: secure update of firmware be working at shipment, and=

that update streams be under ultimate control of the own=
er of the
equipment=2E Problems with compliance can then =
be fixed going forward=2E

4)  Failure =
to comply with these regulations will result in FCC
decer=
tification of the existing product and in severe cases, bar new
products from that vendor from being considered for certification=2E=


5) In addition, we ask that the FCC r=
eview and rescind the rules for
anything that conflicts w=
ith open source best practices, and/or which
causes the v=
endors to believe they should hide the mechanisms they use
by shipping undocumented “binary blobs” of compiled code=2E  =
This had
been an ongoing problem to all in the internet c=
ommunity trying to do
change control and error correction=
 on safety-critical systems=2E


On Fri, Sep 25, 2015 at 9:16 PM, David P=2E Reed <dpreed@ree=
d=2Ecom> wrote:
Those of us who innovate at the waveform and MAC layer wou= ld argue
differently=2E The cellular operators are actua= lly the responsible control
operators and hold licenses f= or that=2E They may want to lock down phones'
cellular tr= ansmitters=2E But U-NII and ism bands are not licensed to these
operators=2E There is no license requirement for those bands to use = particular
waveforms or MAC layers=2E
<= br clear=3D"none">So this is massive overreach=2E The control operator of t= he "licensed by rule"
Part 15 radios in your ph= one or home are licensed to the device user and not
to th= e mfr at all=2E For example, the user is responsible that the device notinterfere with licensed services, and that the device stop = transmitting if
such harmful interference is called to th= eir attention, *even* if the device
passed certification= =2E

Lock down has not been demonstrate= d to be necessary=2E This is all due to
fearful what - if= speculation by people who have no data to justify the
ne= ed, plus attempt to stop innovation by licensees who want to exclude
competitors from being created, like LTE operators proposing LT= E-U which
will be locked down and is the stalking horse f= or taking back open part 15
operation into a licensed reg= ime based on property rights to spectrum=2E


On Sep 24, 2015, Dave Taht <dave=2Etaht@gmail=2Ecom> wrote:

a commenter that I will keep anonymous wrote:


Regarding the FCC firmware lockdown issue, I&= rsquo;m sure you’re aware that
baseband firmware in= cellphones has been subject to similar
restrictions for = some time=2E In fact, the FCC effectively mandates that
b= aseband functionality is implemented on a whole separate subsystem
with its own CPU to make it easier to isolate and protect=2E Also= , the
cellphone system is designed so that a misbehaving = node can be easily
identified and blocked from the networ= k, making it useless and
removing most of the incentive t= o find ways around regulatory
restrictions=2E Wi-Fi devic= es have none of these protections=2E

I= believe this new attention to Wi-Fi devices is a consequence of many
factors:

The precedent fr= om cellphone baseband firmware control; regulators are
ea= sily inspired by success stories in related areas
The sub= stantial increase in flexibility offered by SDR implementations
Technical ignorance, for example of the difference between OS,
protocol, and UI firmware and baseband firmware
The expansion of allowed capabilities in Wi-Fi hardware (from 5=2E8 GHz=
ISM to the U-NII bands, increases in transmit power allo= wances, etc=2E)
The improved spectrum utilization of newe= r Wi-Fi modulation schemes
Inconsistencies among internat= ional regulations for spectrum allocation
Spectrum sharin= g between Wi-Fi and life safety applications
The relative= lack of attention to (and sometimes, the deliberate
flou= ting of) regulatory constraints in open-source firmware
T= he increased availability of open-source firmware for higher-power
and narrow-beam Wi-Fi devices (not just the WRT-54G :-)


And probably more I can&rsq= uo;t think of off the top of my head, but which
regulator= s are obsessing over every day=2E

Alth= ough I agree with the spirit of your FCC email draft letter, it
does not address most of these factors, so it’s likely to be s= een as
missing the point by regulators=2E If you want to = reach these people,
you have to talk about the things the= y’re thinking about=2E

What you = ought to be pushing for instead is that Wi-Fi devices be
= partitioned the same way cellphones are, defining a baseband section
that can be locked down so that the device can’t operate = in ways that
are prohibited by the relevant local regulat= ions, so that the OS,
protocol, and UI code on the device= can be relatively more open for
the kinds of optimizatio= ns and improvements we all want to see=2E

It’s possible that the partition could be in software alone, or i= n
some combination of hardware and software, that doesn&r= squo;t require a
cellphone-style independent baseband pro= cessor, which would add a lot
of cost to Wi-Fi devices=2E= For example, the device vendor could put
baseband-relate= d firmware into a trusted and _truly minimal_ binary
modu= le that the OS has to go through to select the desired frequency,
power, and modulation scheme, even for open-source solutions=2E T= hat
doesn’t mean the source code for the binary mod= ule can’t be published,
or even that there can&rsqu= o;t be a mandate to publish it=2E

I&rs= quo;m sure that doesn’t sound like a great solution to you, but makin= g
it easy for end users to configure commercial devices t= o transmit at
maximum power on unauthorized frequencies u= sing very dense modulation
schemes doesn’t sound li= ke a great solution to regulators, and the
difference bet= ween you and the regulators is that they are more
determi= ned and, frankly, better armed=2E It will do you no good to
constrain the range of the solutions you’ll accept so that it does= n’t
overlap with the solutions they will accept=2E<= br clear=3D"none">
=2E png


On Sep 21, 2015, at 5:10 AM, Dave T= aht <dmt@millcomputing=2Ecom> wrote:


Dave,


Huh=2E I have been interested in mesh networking for a couple of= years
now, and curious about Battlemesh, but I had no id= ea I knew someone
who was active in it=2E


Are there any other reports online= from this year or last year? The
website doesn't seem to= serve any purpose beyond announcing the event=2E



As you can tell I am way,= way behind on my email=2E I've mostly been
chasihg fundi= ng for my main project, make-wifi-fast for over a year
no= w - I added in the mill and the "cake switch chip" to that overal= l
list as I tried to climb the financial ladders=2E My fu= nding at google
dried up suddenly (due to the re-org), an= d I was forced to chase other
avenues=2E I think i got a = grant from comcast coming in, but it is for
1/10th the to= tal I needed for make-wifi-fast=2E=2E=2E and it is hung up in
legal, and in the fact the work has to mostly happen in europe=2E

So I've moved to europe, trying to find ba= ses in bristol, england,
berlin, and sweden=2E That's tak= en a while (I dropped out of the mill
process in may or s= o due to the sudden google silences, and the lack
of comp= iler - and I view mill's biggest problem is funding, so it
seems like just combining my own quest with yours the right thing)

I was very involved in the early days of wir= eless networking but
dropped out by 2002 or so, much to m= y now, later regret=2E The only devs
left that understand= it at more than one level all go to battlemesh,
so I've = been there twice=2E I still find it quite discouraging how few
grok the minstrel algorithm, or what is wrong with packet aggregation= =2E
A billion+ users that all think wifi "just works= ", and "always
sucked"=2E=2E=2E :( I gave = a talk on the latter as well at at this
battlemesh=2E

anyway the videos and results from this b= attlemesh are all now online=2E
I am pushing on all front= s, but being a manager was a bit wearying so
I took time = out to do some recording at a place called theconvent=2Enet
for the past 2 we= eks=2E Haven't played the piano so much in 5 years!

Youtube videos:

https://www=2Eyoutube=2Ecom/channel/UCxfh-2aOR5hZUjxJLQ2CIHw

blog post:
https://wlan-si=2Enet/en/blog/2015/09/08/battlemesh-v8-and-it= s-many-stories/

The test results w= ere dismal, as expected=2E Finally knocking a few
heads t= o use abusive network tests like what toke and I developed were
hopefully an eye-opener, and a lot more people grok what
make-wifi-fast is really about, and how to do it=2E

http://docs=2Ebattlemesh=2Eorg/

one very positive outcome of the fcc talk was a level of net outrage
and organisation over some new fcc rules I have not seen befo= re=2E My
letter to the fcc, in progress, with vint cerf a= nd other
co-signers is up for review at:


https://docs=2Egoogle=2Ecom/document/d/1VTOHEpRXSvhWvQ0= leM-sROJ_XC7Fk1WjFXq57ysFtAA/edit?usp=3Dsharing

A similar letter has to go to the eu, as they just passed sim= ilar rules=2E

as much as I would like = to be working on the mill, it seems politics,
finance, an= d organisation are in more need of my attentions right now=2E
but I will keep plugging y'all at every opportunity=2E

But, but=2E=2E=2E as I said, I just took a few weeks = off and am picking up
the pieces and trying to figure out= what to focus on, at the moment=2E

If= you wish a faster response to my email, please use dave=2Etaht@gmail=2Ecom




-- Sent = with K-@ Mail - the evolution of emailing=2E



-- Sent with <= a shape=3D"rect" href=3D"https://play=2Egoogle=2Ecom/store/apps/details?id= =3Dcom=2Eonegravity=2Ek10=2Epro2">K-@ Mail - the evolution of email= ing=2E ------C78UZK7CAASMVN9HTQQA31S6N3S7GX--