[NNagain] FCC - delete, delete, delete

[NNagain] FCC - delete, delete, delete

[Dave Taht]

See: https://docs.fcc.gov/public/attachments/DA-25-219A1.pdf

... the Commission has opened a new docket, titled “In re: Delete,
Delete, Delete,” in which the agency seeks comment “on every rule,
regulation, or guidance document that the FCC should eliminate for the
purposes of alleviating unnecessary regulatory burdens.”

I don't have a big list (today!) of what I've found unnecessarily
restrictive. I find many of the rules around ham radio and the
internet pretty overly restrictive, and thought that the outdoor
licensing system for wifi6 pretty painful (but that seems to be mostly
resolved). Most of the stuff
I care about seems to require more regulation not less (router
security, deploying AQM and FQ technology). I wish it didn't.

My impression is that the FCC is not going to regain any authority
over the internet more than they have and title II is dead. They might
get spectrum authority back (which would be a good thing IMHO).

What oxes will get put up to be gored?

What programs need to be preserved?


-- 
Dave Täht CSO, LibreQoS
"A perfect storm" - https://www.youtube.com/watch?v=CQX1PmRULU0

Re: [NNagain] FCC - delete, delete, delete

[Richard Roy]

[-- Attachment #1: Type: text/plain, Size: 2910 bytes --]

This administration is a total reflection of Musk's crash and burn philosophy evidenced by his cavalier approach to space flight.  This can be tolerated when lives and prosperity of millions of citizens are not at stake, however it's a disaster when they are.  Thinking the entire government can be run like Musk runs SpaceX is a recipe for "every man and woman for themselves" appearing at a theater near you very soon.  If you thought the "wild west of the 1880's" was interesting, just wait.  Instead of Winchesters, we have AK47's everywhere and enough ammunition to take out the entire population ... 10 times over.  Did you order yours yet?? 😊😊😊



As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK, it's been over a decade since they have done anything helpful or useful for any American citizen who isn't the head of a major corporation. If you delete the entire organization, there will be no one around to enforce whatever regs are still on the books so who cares? ... and you'll save another few 10's of millions of dollars annually which will fit nicely in the pockets of the "good folks", aka FODT. 😊😊😊



RR



-----Original Message-----
From: Nnagain <nnagain-bounces@lists.bufferbloat.net> On Behalf Of Dave Taht via Nnagain
Sent: Wednesday, March 12, 2025 10:39 AM
To: Network Neutrality is back! Let´s make the technical aspects heard this time! <nnagain@lists.bufferbloat.net>
Cc: Dave Taht <dave.taht@gmail.com>
Subject: [NNagain] FCC - delete, delete, delete



See: https://docs.fcc.gov/public/attachments/DA-25-219A1.pdf



... the Commission has opened a new docket, titled “In re: Delete, Delete, Delete,” in which the agency seeks comment “on every rule, regulation, or guidance document that the FCC should eliminate for the purposes of alleviating unnecessary regulatory burdens.”



I don't have a big list (today!) of what I've found unnecessarily restrictive. I find many of the rules around ham radio and the internet pretty overly restrictive, and thought that the outdoor licensing system for wifi6 pretty painful (but that seems to be mostly resolved). Most of the stuff I care about seems to require more regulation not less (router security, deploying AQM and FQ technology). I wish it didn't.



My impression is that the FCC is not going to regain any authority over the internet more than they have and title II is dead. They might get spectrum authority back (which would be a good thing IMHO).



What oxes will get put up to be gored?



What programs need to be preserved?





--

Dave Täht CSO, LibreQoS

"A perfect storm" - https://www.youtube.com/watch?v=CQX1PmRULU0

_______________________________________________

Nnagain mailing list

Nnagain@lists.bufferbloat.net<mailto:Nnagain@lists.bufferbloat.net>

https://lists.bufferbloat.net/listinfo/nnagain

[-- Attachment #2: Type: text/html, Size: 6191 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

[-- Attachment #1: Type: text/plain, Size: 1321 bytes --]

>
> As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK, it's been over a decade since they have done anything helpful or useful for any American citizen who isn't the head of a major corporation. If you delete the entire organization, there will be no one around to enforce whatever regs are still on the books so who cares? ... and you'll save another few 10's of millions of dollars annually which will fit nicely in the pockets of the "good folks", aka FODT. 😊😊😊
>
I worked with a CA state regulator in a tech support role prior to
so-called broadband (actually, internet access beyond dial-up MODEMs)
This was post 1996 telco act, just prior to the dot com bubble. The
lobbyists at the time disliked having 50 States regulating things.
They pushed made it so the 5 commissioners on the FCC became the
primary regulators. Many call this regulatory capture.

Unfortunately, I don't think we can get rid of the FCC. Our utility
poles are mostly regulated by them as one example.

I also don't think the FCC can mandage any specific AQM algorithm.
That's a long term disaster in the making for sure. Let network
engineers and the market battle that out.

Bob

PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
project you may be interested in - not sure.

[-- Attachment #2: who-regulates-telephone-and-power-poles-Google-Search-03-13-2025_09_22_AM.png --]
[-- Type: image/png, Size: 237619 bytes --]

[-- Attachment #3: image.png --]
[-- Type: image/png, Size: 692302 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[Frantisek Borsik]

[-- Attachment #1: Type: text/plain, Size: 2651 bytes --]

Hey Bob,

I don't think that improving latency is about mandating of a specific
algorithm - it's about an improvements to broadband definition.
Broadband that servers the needs of us all today, goes beyond 100/20, it's
should include a low latency, low consistent jitter.
Now, what are the right numbers, that's another discussion. But it's a
discussion we need to have.
I would certainly let market to decide on the tools/algorithms that will
achieve those numbers - be it a Quality of Experience middle box (like
LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S
etc.

As for the other issues that need some love - for example, making vendors
to update kernel and provide updates to routers they sold, that's a good
thing.

All the best,

Frank

Frantisek (Frank) Borsik



https://www.linkedin.com/in/frantisekborsik

Signal, Telegram, WhatsApp: +421919416714

iMessage, mobile: +420775230885

Skype: casioa5302ca

frantisek.borsik@gmail.com


On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <
nnagain@lists.bufferbloat.net> wrote:

> >
> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK,
> it's been over a decade since they have done anything helpful or useful for
> any American citizen who isn't the head of a major corporation. If you
> delete the entire organization, there will be no one around to enforce
> whatever regs are still on the books so who cares? ... and you'll save
> another few 10's of millions of dollars annually which will fit nicely in
> the pockets of the "good folks", aka FODT. 😊😊😊
> >
> I worked with a CA state regulator in a tech support role prior to
> so-called broadband (actually, internet access beyond dial-up MODEMs)
> This was post 1996 telco act, just prior to the dot com bubble. The
> lobbyists at the time disliked having 50 States regulating things.
> They pushed made it so the 5 commissioners on the FCC became the
> primary regulators. Many call this regulatory capture.
>
> Unfortunately, I don't think we can get rid of the FCC. Our utility
> poles are mostly regulated by them as one example.
>
> I also don't think the FCC can mandage any specific AQM algorithm.
> That's a long term disaster in the making for sure. Let network
> engineers and the market battle that out.
>
> Bob
>
> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
> project you may be interested in - not sure.
> _______________________________________________
> Nnagain mailing list
> Nnagain@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain
>

[-- Attachment #2: Type: text/html, Size: 4449 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

My opinions:

There should be no more linux kernels in the customer premise with
Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
bloat that's impossible to secure. Particularly since most noone is
getting paid for this work.

Reducing the radio head/client (STA) density to near 1/1 and shrinking
the cell size will minimize the media access latency. Packet latency
can use non queue building techniques so there will be no substantial
packet queueing delays. All delay will be distance and speed of
photons related per physics & spacetime.

Our issue isn't regulators - it's that white collar workers and our
leadership haven't engaged the blue collar workers, and we haven't
kept advancing our engineering. We need to teach fiber installer
businesses how to build these Fi-Wi networks so that our kids get life
support and productivity capable networks that can be depended upon.

And everyone that adds value needs to be paid somehow. Best done
through markets. Fi-Wi creates high paying jobs in the trades for in
premise fiber installers.

I think we lack vision and leadership, followed by execution. It's not
a cult thing like Musk's failed prophecies - it's the real deal that
impacts our lives. Low latency will become ubiquitous if we act to our
abilities. Waiting on regulators is like Waiting for Godot.

Bob


On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
<frantisek.borsik@gmail.com> wrote:
>
> Hey Bob,
>
> I don't think that improving latency is about mandating of a specific algorithm - it's about an improvements to broadband definition.
> Broadband that servers the needs of us all today, goes beyond 100/20, it's should include a low latency, low consistent jitter.
> Now, what are the right numbers, that's another discussion. But it's a discussion we need to have.
> I would certainly let market to decide on the tools/algorithms that will achieve those numbers - be it a Quality of Experience middle box (like LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S etc.
>
> As for the other issues that need some love - for example, making vendors to update kernel and provide updates to routers they sold, that's a good thing.
>
> All the best,
>
> Frank
>
> Frantisek (Frank) Borsik
>
>
>
> https://www.linkedin.com/in/frantisekborsik
>
> Signal, Telegram, WhatsApp: +421919416714
>
> iMessage, mobile: +420775230885
>
> Skype: casioa5302ca
>
> frantisek.borsik@gmail.com
>
>
>
> On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
>>
>> >
>> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK, it's been over a decade since they have done anything helpful or useful for any American citizen who isn't the head of a major corporation. If you delete the entire organization, there will be no one around to enforce whatever regs are still on the books so who cares? ... and you'll save another few 10's of millions of dollars annually which will fit nicely in the pockets of the "good folks", aka FODT. 😊😊😊
>> >
>> I worked with a CA state regulator in a tech support role prior to
>> so-called broadband (actually, internet access beyond dial-up MODEMs)
>> This was post 1996 telco act, just prior to the dot com bubble. The
>> lobbyists at the time disliked having 50 States regulating things.
>> They pushed made it so the 5 commissioners on the FCC became the
>> primary regulators. Many call this regulatory capture.
>>
>> Unfortunately, I don't think we can get rid of the FCC. Our utility
>> poles are mostly regulated by them as one example.
>>
>> I also don't think the FCC can mandage any specific AQM algorithm.
>> That's a long term disaster in the making for sure. Let network
>> engineers and the market battle that out.
>>
>> Bob
>>
>> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
>> project you may be interested in - not sure.
>> _______________________________________________
>> Nnagain mailing list
>> Nnagain@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/nnagain

Re: [NNagain] FCC - delete, delete, delete

[David Lang]

[-- Attachment #1: Type: text/plain, Size: 4448 bytes --]

On Thu, 13 Mar 2025, Robert McMahon via Nnagain wrote:

> My opinions:
>
> There should be no more linux kernels in the customer premise with
> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
> bloat that's impossible to secure. Particularly since most noone is
> getting paid for this work.

so it should be proprietary codde instead?

David Lang

> Reducing the radio head/client (STA) density to near 1/1 and shrinking
> the cell size will minimize the media access latency. Packet latency
> can use non queue building techniques so there will be no substantial
> packet queueing delays. All delay will be distance and speed of
> photons related per physics & spacetime.
>
> Our issue isn't regulators - it's that white collar workers and our
> leadership haven't engaged the blue collar workers, and we haven't
> kept advancing our engineering. We need to teach fiber installer
> businesses how to build these Fi-Wi networks so that our kids get life
> support and productivity capable networks that can be depended upon.
>
> And everyone that adds value needs to be paid somehow. Best done
> through markets. Fi-Wi creates high paying jobs in the trades for in
> premise fiber installers.
>
> I think we lack vision and leadership, followed by execution. It's not
> a cult thing like Musk's failed prophecies - it's the real deal that
> impacts our lives. Low latency will become ubiquitous if we act to our
> abilities. Waiting on regulators is like Waiting for Godot.
>
> Bob
>
>
> On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
> <frantisek.borsik@gmail.com> wrote:
>>
>> Hey Bob,
>>
>> I don't think that improving latency is about mandating of a specific algorithm - it's about an improvements to broadband definition.
>> Broadband that servers the needs of us all today, goes beyond 100/20, it's should include a low latency, low consistent jitter.
>> Now, what are the right numbers, that's another discussion. But it's a discussion we need to have.
>> I would certainly let market to decide on the tools/algorithms that will achieve those numbers - be it a Quality of Experience middle box (like LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S etc.
>>
>> As for the other issues that need some love - for example, making vendors to update kernel and provide updates to routers they sold, that's a good thing.
>>
>> All the best,
>>
>> Frank
>>
>> Frantisek (Frank) Borsik
>>
>>
>>
>> https://www.linkedin.com/in/frantisekborsik
>>
>> Signal, Telegram, WhatsApp: +421919416714
>>
>> iMessage, mobile: +420775230885
>>
>> Skype: casioa5302ca
>>
>> frantisek.borsik@gmail.com
>>
>>
>>
>> On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
>>>
>>> >
>>> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK, it's been over a decade since they have done anything helpful or useful for any American citizen who isn't the head of a major corporation. If you delete the entire organization, there will be no one around to enforce whatever regs are still on the books so who cares? ... and you'll save another few 10's of millions of dollars annually which will fit nicely in the pockets of the "good folks", aka FODT. 😊😊😊
>>> >
>>> I worked with a CA state regulator in a tech support role prior to
>>> so-called broadband (actually, internet access beyond dial-up MODEMs)
>>> This was post 1996 telco act, just prior to the dot com bubble. The
>>> lobbyists at the time disliked having 50 States regulating things.
>>> They pushed made it so the 5 commissioners on the FCC became the
>>> primary regulators. Many call this regulatory capture.
>>>
>>> Unfortunately, I don't think we can get rid of the FCC. Our utility
>>> poles are mostly regulated by them as one example.
>>>
>>> I also don't think the FCC can mandage any specific AQM algorithm.
>>> That's a long term disaster in the making for sure. Let network
>>> engineers and the market battle that out.
>>>
>>> Bob
>>>
>>> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
>>> project you may be interested in - not sure.
>>> _______________________________________________
>>> Nnagain mailing list
>>> Nnagain@lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/nnagain
> _______________________________________________
> Nnagain mailing list
> Nnagain@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

> so it should be proprietary code instead?

Mostly RTL that can't be modified by a black hat. ASICs for ethernet
switches come to mind. 802.11 can be done this way too. A Sun
workstation isn't required.

https://www.youtube.com/watch?v=IujKrI3BlOM

"In the context of semiconductor manufacturing, Tapeout is a
significant milestone in the production of integrated circuits (ICs).
The term originates from the era of reel-to-reel magnetic tape, which
was used to store design data. During the tapeout process, the final
design data of the IC is sent to a semiconductor foundry for
fabrication. This data is stored on a magnetic tape, hence the term
'tapeout'.

The tapeout process is a critical phase because it signifies the
transition from the design phase to the production phase. Any errors
or issues in the design must be identified and corrected before
tapeout, as changes after this point can be costly and time-consuming.
So, it naturally involves rigorous checks and validations to ensure
the design is error-free and ready for production.

The importance of the tapeout process in semiconductor manufacturing
cannot be overstated. It is the culmination of months, or even years,
of design work. The quality of the tapeout process directly impacts
the success of the IC in the market."

Bob

On Thu, Mar 13, 2025 at 4:59 PM David Lang <david@lang.hm> wrote:
>
> On Thu, 13 Mar 2025, Robert McMahon via Nnagain wrote:
>
> > My opinions:
> >
> > There should be no more linux kernels in the customer premise with
> > Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
> > bloat that's impossible to secure. Particularly since most noone is
> > getting paid for this work.
>
> so it should be proprietary codde instead?
>
> David Lang
>
> > Reducing the radio head/client (STA) density to near 1/1 and shrinking
> > the cell size will minimize the media access latency. Packet latency
> > can use non queue building techniques so there will be no substantial
> > packet queueing delays. All delay will be distance and speed of
> > photons related per physics & spacetime.
> >
> > Our issue isn't regulators - it's that white collar workers and our
> > leadership haven't engaged the blue collar workers, and we haven't
> > kept advancing our engineering. We need to teach fiber installer
> > businesses how to build these Fi-Wi networks so that our kids get life
> > support and productivity capable networks that can be depended upon.
> >
> > And everyone that adds value needs to be paid somehow. Best done
> > through markets. Fi-Wi creates high paying jobs in the trades for in
> > premise fiber installers.
> >
> > I think we lack vision and leadership, followed by execution. It's not
> > a cult thing like Musk's failed prophecies - it's the real deal that
> > impacts our lives. Low latency will become ubiquitous if we act to our
> > abilities. Waiting on regulators is like Waiting for Godot.
> >
> > Bob
> >
> >
> > On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
> > <frantisek.borsik@gmail.com> wrote:
> >>
> >> Hey Bob,
> >>
> >> I don't think that improving latency is about mandating of a specific algorithm - it's about an improvements to broadband definition.
> >> Broadband that servers the needs of us all today, goes beyond 100/20, it's should include a low latency, low consistent jitter.
> >> Now, what are the right numbers, that's another discussion. But it's a discussion we need to have.
> >> I would certainly let market to decide on the tools/algorithms that will achieve those numbers - be it a Quality of Experience middle box (like LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S etc.
> >>
> >> As for the other issues that need some love - for example, making vendors to update kernel and provide updates to routers they sold, that's a good thing.
> >>
> >> All the best,
> >>
> >> Frank
> >>
> >> Frantisek (Frank) Borsik
> >>
> >>
> >>
> >> https://www.linkedin.com/in/frantisekborsik
> >>
> >> Signal, Telegram, WhatsApp: +421919416714
> >>
> >> iMessage, mobile: +420775230885
> >>
> >> Skype: casioa5302ca
> >>
> >> frantisek.borsik@gmail.com
> >>
> >>
> >>
> >> On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
> >>>
> >>> >
> >>> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK, it's been over a decade since they have done anything helpful or useful for any American citizen who isn't the head of a major corporation. If you delete the entire organization, there will be no one around to enforce whatever regs are still on the books so who cares? ... and you'll save another few 10's of millions of dollars annually which will fit nicely in the pockets of the "good folks", aka FODT. 😊😊😊
> >>> >
> >>> I worked with a CA state regulator in a tech support role prior to
> >>> so-called broadband (actually, internet access beyond dial-up MODEMs)
> >>> This was post 1996 telco act, just prior to the dot com bubble. The
> >>> lobbyists at the time disliked having 50 States regulating things.
> >>> They pushed made it so the 5 commissioners on the FCC became the
> >>> primary regulators. Many call this regulatory capture.
> >>>
> >>> Unfortunately, I don't think we can get rid of the FCC. Our utility
> >>> poles are mostly regulated by them as one example.
> >>>
> >>> I also don't think the FCC can mandage any specific AQM algorithm.
> >>> That's a long term disaster in the making for sure. Let network
> >>> engineers and the market battle that out.
> >>>
> >>> Bob
> >>>
> >>> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
> >>> project you may be interested in - not sure.
> >>> _______________________________________________
> >>> Nnagain mailing list
> >>> Nnagain@lists.bufferbloat.net
> >>> https://lists.bufferbloat.net/listinfo/nnagain
> > _______________________________________________
> > Nnagain mailing list
> > Nnagain@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/nnagain

Re: [NNagain] FCC - delete, delete, delete

[David Bray, PhD]

[-- Attachment #1: Type: text/plain, Size: 12735 bytes --]

Meanwhile there's Salt Typhoon, Volt Typhoon... also this:

https://spectrum.ieee.org/iridium-satellite

White Hat Hackers Expose Iridium Satellite Security Flaws

Users' locations and texts can be intercepted, including DoD employees

In a recent demonstration, German white hat hackers
<https://spectrum.ieee.org/tag/hackers> showed how to intercept text
messages sent via the U.S. satellite communication system Iridium
<https://spectrum.ieee.org/tag/iridium> and locate users with an accuracy
of about 4 kilometers.

The twohackers, known publicly only under the nicknames Sec and Schneider,
made the revelations during a presentation at the Chaos Communication
Congress <https://events.ccc.de/congress/2024/infos/index.html> in late
December in Hamburg, Germany <https://spectrum.ieee.org/tag/germany>.
During the talk, they highlighted severe vulnerabilities in services that
tens of thousands of users from the U.S. Department of Defense
<https://spectrum.ieee.org/tag/department-of-defense> rely on.

Although the DoD uses a secure gateway to route and encrypt its traffic,
the hackers were able to see which devices were connecting via the DoD
pathway. That allowed the duo to identify and locate DoD users with an
accuracy of about 4 km using a home-assembled eavesdropping kit consisting
of a commercially available Iridium antenna, a software-defined radio
<https://spectrum.ieee.org/passive-radar-with-sdr> receiver and a basic
computer, such as the Intel <https://spectrum.ieee.org/tag/intel> N100
mobile CPU or the Raspberry Pi <https://spectrum.ieee.org/tag/raspberry-pi>
mini-computer.

“We see devices that register with the DoD service center and then we can
find their positions from these registrations,” Sec said during the talk.
“You don’t have to see the communication from the actual phone to the
network, you just see the network’s answer with the position, and you then
can map where all the registered devices are.”
Iridium’s Legacy Components Still Cause Problems

The Iridium constellation <https://www.iridium.com/network/>, first
deployed in the late 1990s, is made up of 66 satellites
<https://spectrum.ieee.org/tag/satellites> disbursed across six orbital
planes roughly 870 km above Earth. The constellation, the first to have
provided global commercial satellite communications
<https://spectrum.ieee.org/tag/satellite-communications> services, supports
satellite telephony <https://spectrum.ieee.org/tag/telephony> and connects
pagers, emergency beacons, and Internet of Things
<https://spectrum.ieee.org/tag/internet-of-things> devices all over the
world. Out of Iridium’s 2.3 million subscribers, 145,000 are U.S.
government customers. Iridium receivers are also frequently used by vessels
at sea and by aircraft pilots exchanging information with other airplanes
and with ground control.

“Back then encryption <https://spectrum.ieee.org/tag/encryption> was not
something on everyone’s mind,” Sec said during the presentation. “All the
[first generation] Iridium data is unencrypted.”

In response to a request for comment, a spokesperson from Iridium says,
“This is old news. The DoD and others encrypt their communications over our
network which address the issues this article raises. There is a reason the
DoD continues to be such a big customer and we expect that to continue well
into the future. We have always allowed others to encrypt their traffic
over our network. Our commercial partners have been doing the same for
decades, when and where the markets request it.”

Iridium replaced its first-generation fleet with more secure satellites
(the second-generation NEXT constellation
<https://www.iridium.com/blog/iridium-next-review/>) between 2017 and 2019.
But according to satellite and telecommunications industry
<https://spectrum.ieee.org/tag/telecommunications-industry> analyst
Christian von der Ropp, many Iridium devices in use today, including
civilian satellite phones <https://spectrum.ieee.org/tag/satellite-phones>,
still rely on the first-generation Iridium radio protocol that has no
encryption <https://spectrum.ieee.org/fully-homomorphic-encryption>.

“The regular satellite phones that they sell still operate under the old
legacy protocol,” says von der Ropp. “If you buy a brand-new civilian
Iridium phone, it still operates using the 30-year-old radio protocol, and
it is subject to the same vulnerability. So, you can intercept everything.
You can listen to the voice calls, you can read SMS
<https://spectrum.ieee.org/tag/sms>, absolutely everything. Out of the box
it’s a totally unsecure service.”

Von der Ropp estimates that tens or even hundreds of thousands of Iridium
devices in use today rely on the old, unsecured radio protocol.
Hackers Reveal Vulnerabilities in Iridium’s Systems

While the DoD uses an extra layer of encryption to protect the content of
its exchanges, other nations’ agencies appear to be less aware of the
vulnerabilities. In perhaps the most jaw-dropping moment of the hacking
demonstration, Sec revealed a text message exchanged between two employees
of the German Foreign Office that he and Schneider were able to intercept.

“I need a good doctor in [Tel Aviv] who can also look at gunshot wounds.
Can you send me a number ASAP,” read the message sent by a worker at the
Crisis Response Center of the German Foreign Office’s mission in Tel Aviv.
The hackers did not reveal when the exchange had taken place.

Using software he and Schneider had created, Sec also showed a map of
devices visible in a single moment to their eavesdropping gear located in
Munich. Iridium devices as far as London, central Norway
<https://spectrum.ieee.org/tag/norway> and Syria
<https://spectrum.ieee.org/tag/syria> (more than 3,000 km away) could be
seen.

“With US $400 worth of equipment and freely available software, you can
start right away intercepting Iridium communications in an area with a
diameter of hundreds, sometimes even thousands of kilometers,” said von der
Ropp, who was present at the demonstration. “The Iridium signal is divided
into spot beams that are about 400 km wide. In principle, one should only
be able to listen to the spot beam overhead. But the signal is so strong
that you can also detect many of the surrounding spot beams, sometimes up
to 2,000 km away.”

The DoD, von der Ropp said, is looking for alternatives to Iridium,
including Starlink <https://spectrum.ieee.org/tag/starlink>. Still, last
year Iridium won a $94 million contract to provide communication services
to the U.S. Space Force.

Von der Ropp noted that few Iridium users seemed to be active in Ukraine
<https://spectrum.ieee.org/tag/ukraine>, suggesting the local forces are
potentially aware of Iridium’s shortcomings. The vulnerability of satellite
systems and services to disruption and interference by bad actors has
become a hot topic since Russia’s invasion of the country three years ago.
The widespread cyberattack on the ground infrastructure of satellite
communication provider Viasat crippled the Ukrainian forces’ access to
satcom services on the eve of the invasion. The incident, which according
to analysts was planned by Russian state-backed hackers for months,
revealed the weakness of Viasat’s cyber defenses.

Since then, the number of cyberattacks
<https://spectrum.ieee.org/tag/cyberattacks> on satcom providers has
increased exponentially. Global navigation and positioning satellite
systems such as GPS <https://spectrum.ieee.org/tag/gps> have also been put
to the test. Signal jamming <https://spectrum.ieee.org/satellite-jamming>
is now a regular occurrence even outside conflict zones and instances of
sophisticated spoofing attacks
<https://spectrum.ieee.org/gps-spoofing-2670499105>, designed to confuse
users and send them to wrong locations, are becoming increasingly common.

*This story was updated on 14 February 2025 to add a statement from
Iridium.*


On Thu, Mar 13, 2025 at 2:36 PM Robert McMahon via Nnagain <
nnagain@lists.bufferbloat.net> wrote:

> My opinions:
>
> There should be no more linux kernels in the customer premise with
> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
> bloat that's impossible to secure. Particularly since most noone is
> getting paid for this work.
>
> Reducing the radio head/client (STA) density to near 1/1 and shrinking
> the cell size will minimize the media access latency. Packet latency
> can use non queue building techniques so there will be no substantial
> packet queueing delays. All delay will be distance and speed of
> photons related per physics & spacetime.
>
> Our issue isn't regulators - it's that white collar workers and our
> leadership haven't engaged the blue collar workers, and we haven't
> kept advancing our engineering. We need to teach fiber installer
> businesses how to build these Fi-Wi networks so that our kids get life
> support and productivity capable networks that can be depended upon.
>
> And everyone that adds value needs to be paid somehow. Best done
> through markets. Fi-Wi creates high paying jobs in the trades for in
> premise fiber installers.
>
> I think we lack vision and leadership, followed by execution. It's not
> a cult thing like Musk's failed prophecies - it's the real deal that
> impacts our lives. Low latency will become ubiquitous if we act to our
> abilities. Waiting on regulators is like Waiting for Godot.
>
> Bob
>
>
> On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
> <frantisek.borsik@gmail.com> wrote:
> >
> > Hey Bob,
> >
> > I don't think that improving latency is about mandating of a specific
> algorithm - it's about an improvements to broadband definition.
> > Broadband that servers the needs of us all today, goes beyond 100/20,
> it's should include a low latency, low consistent jitter.
> > Now, what are the right numbers, that's another discussion. But it's a
> discussion we need to have.
> > I would certainly let market to decide on the tools/algorithms that will
> achieve those numbers - be it a Quality of Experience middle box (like
> LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S
> etc.
> >
> > As for the other issues that need some love - for example, making
> vendors to update kernel and provide updates to routers they sold, that's a
> good thing.
> >
> > All the best,
> >
> > Frank
> >
> > Frantisek (Frank) Borsik
> >
> >
> >
> > https://www.linkedin.com/in/frantisekborsik
> >
> > Signal, Telegram, WhatsApp: +421919416714
> >
> > iMessage, mobile: +420775230885
> >
> > Skype: casioa5302ca
> >
> > frantisek.borsik@gmail.com
> >
> >
> >
> > On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <
> nnagain@lists.bufferbloat.net> wrote:
> >>
> >> >
> >> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK,
> it's been over a decade since they have done anything helpful or useful for
> any American citizen who isn't the head of a major corporation. If you
> delete the entire organization, there will be no one around to enforce
> whatever regs are still on the books so who cares? ... and you'll save
> another few 10's of millions of dollars annually which will fit nicely in
> the pockets of the "good folks", aka FODT. 😊😊😊
> >> >
> >> I worked with a CA state regulator in a tech support role prior to
> >> so-called broadband (actually, internet access beyond dial-up MODEMs)
> >> This was post 1996 telco act, just prior to the dot com bubble. The
> >> lobbyists at the time disliked having 50 States regulating things.
> >> They pushed made it so the 5 commissioners on the FCC became the
> >> primary regulators. Many call this regulatory capture.
> >>
> >> Unfortunately, I don't think we can get rid of the FCC. Our utility
> >> poles are mostly regulated by them as one example.
> >>
> >> I also don't think the FCC can mandage any specific AQM algorithm.
> >> That's a long term disaster in the making for sure. Let network
> >> engineers and the market battle that out.
> >>
> >> Bob
> >>
> >> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
> >> project you may be interested in - not sure.
> >> _______________________________________________
> >> Nnagain mailing list
> >> Nnagain@lists.bufferbloat.net
> >> https://lists.bufferbloat.net/listinfo/nnagain
> _______________________________________________
> Nnagain mailing list
> Nnagain@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain
>

[-- Attachment #2: Type: text/html, Size: 16332 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

yeah, our space walks to fix outdated satellites isn't easily doable
nor cost efficient.

The parts need to be pluggable, similar to light bulbs. If they need
replacement, just swap them out for the improved version. Or if you
get a flat, buy a new tire (and don't send that car into space in the
first place.)

This approach works well inside buildings.

The fiber cables, plastic holders, and antennas themselves are the
only fixed, long lived parts. Fiber is actually better than copper
w/respect to security.

China is doing this already and we're way behind.

Bob

On Thu, Mar 13, 2025 at 6:38 PM David Bray, PhD <david.a.bray@gmail.com> wrote:
>
> Meanwhile there's Salt Typhoon, Volt Typhoon... also this:
>
> https://spectrum.ieee.org/iridium-satellite
>
> White Hat Hackers Expose Iridium Satellite Security Flaws
>
> Users' locations and texts can be intercepted, including DoD employees
>
> In a recent demonstration, German white hat hackers showed how to intercept text messages sent via the U.S. satellite communication system Iridium and locate users with an accuracy of about 4 kilometers.
>
> The twohackers, known publicly only under the nicknames Sec and Schneider, made the revelations during a presentation at the Chaos Communication Congress in late December in Hamburg, Germany. During the talk, they highlighted severe vulnerabilities in services that tens of thousands of users from the U.S. Department of Defense rely on.
>
> Although the DoD uses a secure gateway to route and encrypt its traffic, the hackers were able to see which devices were connecting via the DoD pathway. That allowed the duo to identify and locate DoD users with an accuracy of about 4 km using a home-assembled eavesdropping kit consisting of a commercially available Iridium antenna, a software-defined radio receiver and a basic computer, such as the Intel N100 mobile CPU or the Raspberry Pi mini-computer.
>
> “We see devices that register with the DoD service center and then we can find their positions from these registrations,” Sec said during the talk. “You don’t have to see the communication from the actual phone to the network, you just see the network’s answer with the position, and you then can map where all the registered devices are.”
>
> Iridium’s Legacy Components Still Cause Problems
>
> The Iridium constellation, first deployed in the late 1990s, is made up of 66 satellites disbursed across six orbital planes roughly 870 km above Earth. The constellation, the first to have provided global commercial satellite communications services, supports satellite telephony and connects pagers, emergency beacons, and Internet of Things devices all over the world. Out of Iridium’s 2.3 million subscribers, 145,000 are U.S. government customers. Iridium receivers are also frequently used by vessels at sea and by aircraft pilots exchanging information with other airplanes and with ground control.
>
> “Back then encryption was not something on everyone’s mind,” Sec said during the presentation. “All the [first generation] Iridium data is unencrypted.”
>
> In response to a request for comment, a spokesperson from Iridium says, “This is old news. The DoD and others encrypt their communications over our network which address the issues this article raises. There is a reason the DoD continues to be such a big customer and we expect that to continue well into the future. We have always allowed others to encrypt their traffic over our network. Our commercial partners have been doing the same for decades, when and where the markets request it.”
>
> Iridium replaced its first-generation fleet with more secure satellites (the second-generation NEXT constellation) between 2017 and 2019. But according to satellite and telecommunications industry analyst Christian von der Ropp, many Iridium devices in use today, including civilian satellite phones, still rely on the first-generation Iridium radio protocol that has no encryption.
>
> “The regular satellite phones that they sell still operate under the old legacy protocol,” says von der Ropp. “If you buy a brand-new civilian Iridium phone, it still operates using the 30-year-old radio protocol, and it is subject to the same vulnerability. So, you can intercept everything. You can listen to the voice calls, you can read SMS, absolutely everything. Out of the box it’s a totally unsecure service.”
>
> Von der Ropp estimates that tens or even hundreds of thousands of Iridium devices in use today rely on the old, unsecured radio protocol.
>
> Hackers Reveal Vulnerabilities in Iridium’s Systems
>
> While the DoD uses an extra layer of encryption to protect the content of its exchanges, other nations’ agencies appear to be less aware of the vulnerabilities. In perhaps the most jaw-dropping moment of the hacking demonstration, Sec revealed a text message exchanged between two employees of the German Foreign Office that he and Schneider were able to intercept.
>
> “I need a good doctor in [Tel Aviv] who can also look at gunshot wounds. Can you send me a number ASAP,” read the message sent by a worker at the Crisis Response Center of the German Foreign Office’s mission in Tel Aviv. The hackers did not reveal when the exchange had taken place.
>
> Using software he and Schneider had created, Sec also showed a map of devices visible in a single moment to their eavesdropping gear located in Munich. Iridium devices as far as London, central Norway and Syria (more than 3,000 km away) could be seen.
>
> “With US $400 worth of equipment and freely available software, you can start right away intercepting Iridium communications in an area with a diameter of hundreds, sometimes even thousands of kilometers,” said von der Ropp, who was present at the demonstration. “The Iridium signal is divided into spot beams that are about 400 km wide. In principle, one should only be able to listen to the spot beam overhead. But the signal is so strong that you can also detect many of the surrounding spot beams, sometimes up to 2,000 km away.”
>
> The DoD, von der Ropp said, is looking for alternatives to Iridium, including Starlink. Still, last year Iridium won a $94 million contract to provide communication services to the U.S. Space Force.
>
> Von der Ropp noted that few Iridium users seemed to be active in Ukraine, suggesting the local forces are potentially aware of Iridium’s shortcomings. The vulnerability of satellite systems and services to disruption and interference by bad actors has become a hot topic since Russia’s invasion of the country three years ago. The widespread cyberattack on the ground infrastructure of satellite communication provider Viasat crippled the Ukrainian forces’ access to satcom services on the eve of the invasion. The incident, which according to analysts was planned by Russian state-backed hackers for months, revealed the weakness of Viasat’s cyber defenses.
>
> Since then, the number of cyberattacks on satcom providers has increased exponentially. Global navigation and positioning satellite systems such as GPS have also been put to the test. Signal jamming is now a regular occurrence even outside conflict zones and instances of sophisticated spoofing attacks, designed to confuse users and send them to wrong locations, are becoming increasingly common.
>
> This story was updated on 14 February 2025 to add a statement from Iridium.
>
>
>
> On Thu, Mar 13, 2025 at 2:36 PM Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
>>
>> My opinions:
>>
>> There should be no more linux kernels in the customer premise with
>> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
>> bloat that's impossible to secure. Particularly since most noone is
>> getting paid for this work.
>>
>> Reducing the radio head/client (STA) density to near 1/1 and shrinking
>> the cell size will minimize the media access latency. Packet latency
>> can use non queue building techniques so there will be no substantial
>> packet queueing delays. All delay will be distance and speed of
>> photons related per physics & spacetime.
>>
>> Our issue isn't regulators - it's that white collar workers and our
>> leadership haven't engaged the blue collar workers, and we haven't
>> kept advancing our engineering. We need to teach fiber installer
>> businesses how to build these Fi-Wi networks so that our kids get life
>> support and productivity capable networks that can be depended upon.
>>
>> And everyone that adds value needs to be paid somehow. Best done
>> through markets. Fi-Wi creates high paying jobs in the trades for in
>> premise fiber installers.
>>
>> I think we lack vision and leadership, followed by execution. It's not
>> a cult thing like Musk's failed prophecies - it's the real deal that
>> impacts our lives. Low latency will become ubiquitous if we act to our
>> abilities. Waiting on regulators is like Waiting for Godot.
>>
>> Bob
>>
>>
>> On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
>> <frantisek.borsik@gmail.com> wrote:
>> >
>> > Hey Bob,
>> >
>> > I don't think that improving latency is about mandating of a specific algorithm - it's about an improvements to broadband definition.
>> > Broadband that servers the needs of us all today, goes beyond 100/20, it's should include a low latency, low consistent jitter.
>> > Now, what are the right numbers, that's another discussion. But it's a discussion we need to have.
>> > I would certainly let market to decide on the tools/algorithms that will achieve those numbers - be it a Quality of Experience middle box (like LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S etc.
>> >
>> > As for the other issues that need some love - for example, making vendors to update kernel and provide updates to routers they sold, that's a good thing.
>> >
>> > All the best,
>> >
>> > Frank
>> >
>> > Frantisek (Frank) Borsik
>> >
>> >
>> >
>> > https://www.linkedin.com/in/frantisekborsik
>> >
>> > Signal, Telegram, WhatsApp: +421919416714
>> >
>> > iMessage, mobile: +420775230885
>> >
>> > Skype: casioa5302ca
>> >
>> > frantisek.borsik@gmail.com
>> >
>> >
>> >
>> > On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
>> >>
>> >> >
>> >> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK, it's been over a decade since they have done anything helpful or useful for any American citizen who isn't the head of a major corporation. If you delete the entire organization, there will be no one around to enforce whatever regs are still on the books so who cares? ... and you'll save another few 10's of millions of dollars annually which will fit nicely in the pockets of the "good folks", aka FODT. 😊😊😊
>> >> >
>> >> I worked with a CA state regulator in a tech support role prior to
>> >> so-called broadband (actually, internet access beyond dial-up MODEMs)
>> >> This was post 1996 telco act, just prior to the dot com bubble. The
>> >> lobbyists at the time disliked having 50 States regulating things.
>> >> They pushed made it so the 5 commissioners on the FCC became the
>> >> primary regulators. Many call this regulatory capture.
>> >>
>> >> Unfortunately, I don't think we can get rid of the FCC. Our utility
>> >> poles are mostly regulated by them as one example.
>> >>
>> >> I also don't think the FCC can mandage any specific AQM algorithm.
>> >> That's a long term disaster in the making for sure. Let network
>> >> engineers and the market battle that out.
>> >>
>> >> Bob
>> >>
>> >> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
>> >> project you may be interested in - not sure.
>> >> _______________________________________________
>> >> Nnagain mailing list
>> >> Nnagain@lists.bufferbloat.net
>> >> https://lists.bufferbloat.net/listinfo/nnagain
>> _______________________________________________
>> Nnagain mailing list
>> Nnagain@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/nnagain

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

On Thu, Mar 13, 2025 at 7:17 PM Robert McMahon <rjmcmahon@rjmcmahon.com> wrote:
>
> yeah, our space walks to fix outdated satellites isn't easily doable
> nor cost efficient.
>
> The parts need to be pluggable, similar to light bulbs. If they need
> replacement, just swap them out for the improved version. Or if you
> get a flat, buy a new tire (and don't send that car into space in the
> first place.)
>
> This approach works well inside buildings.
>
> The fiber cables, plastic holders, and antennas themselves are the
> only fixed, long lived parts. Fiber is actually better than copper
> w/respect to security.
>
> China is doing this already and we're way behind.
>
> Bob
>
> On Thu, Mar 13, 2025 at 6:38 PM David Bray, PhD <david.a.bray@gmail.com> wrote:
> >
> > Meanwhile there's Salt Typhoon, Volt Typhoon... also this:
> >
> > https://spectrum.ieee.org/iridium-satellite
> >
> > White Hat Hackers Expose Iridium Satellite Security Flaws
> >
> > Users' locations and texts can be intercepted, including DoD employees
> >
> > In a recent demonstration, German white hat hackers showed how to intercept text messages sent via the U.S. satellite communication system Iridium and locate users with an accuracy of about 4 kilometers.
> >
> > The twohackers, known publicly only under the nicknames Sec and Schneider, made the revelations during a presentation at the Chaos Communication Congress in late December in Hamburg, Germany. During the talk, they highlighted severe vulnerabilities in services that tens of thousands of users from the U.S. Department of Defense rely on.
> >
> > Although the DoD uses a secure gateway to route and encrypt its traffic, the hackers were able to see which devices were connecting via the DoD pathway. That allowed the duo to identify and locate DoD users with an accuracy of about 4 km using a home-assembled eavesdropping kit consisting of a commercially available Iridium antenna, a software-defined radio receiver and a basic computer, such as the Intel N100 mobile CPU or the Raspberry Pi mini-computer.
> >
> > “We see devices that register with the DoD service center and then we can find their positions from these registrations,” Sec said during the talk. “You don’t have to see the communication from the actual phone to the network, you just see the network’s answer with the position, and you then can map where all the registered devices are.”
> >
> > Iridium’s Legacy Components Still Cause Problems
> >
> > The Iridium constellation, first deployed in the late 1990s, is made up of 66 satellites disbursed across six orbital planes roughly 870 km above Earth. The constellation, the first to have provided global commercial satellite communications services, supports satellite telephony and connects pagers, emergency beacons, and Internet of Things devices all over the world. Out of Iridium’s 2.3 million subscribers, 145,000 are U.S. government customers. Iridium receivers are also frequently used by vessels at sea and by aircraft pilots exchanging information with other airplanes and with ground control.
> >
> > “Back then encryption was not something on everyone’s mind,” Sec said during the presentation. “All the [first generation] Iridium data is unencrypted.”
> >
> > In response to a request for comment, a spokesperson from Iridium says, “This is old news. The DoD and others encrypt their communications over our network which address the issues this article raises. There is a reason the DoD continues to be such a big customer and we expect that to continue well into the future. We have always allowed others to encrypt their traffic over our network. Our commercial partners have been doing the same for decades, when and where the markets request it.”
> >
> > Iridium replaced its first-generation fleet with more secure satellites (the second-generation NEXT constellation) between 2017 and 2019. But according to satellite and telecommunications industry analyst Christian von der Ropp, many Iridium devices in use today, including civilian satellite phones, still rely on the first-generation Iridium radio protocol that has no encryption.
> >
> > “The regular satellite phones that they sell still operate under the old legacy protocol,” says von der Ropp. “If you buy a brand-new civilian Iridium phone, it still operates using the 30-year-old radio protocol, and it is subject to the same vulnerability. So, you can intercept everything. You can listen to the voice calls, you can read SMS, absolutely everything. Out of the box it’s a totally unsecure service.”
> >
> > Von der Ropp estimates that tens or even hundreds of thousands of Iridium devices in use today rely on the old, unsecured radio protocol.
> >
> > Hackers Reveal Vulnerabilities in Iridium’s Systems
> >
> > While the DoD uses an extra layer of encryption to protect the content of its exchanges, other nations’ agencies appear to be less aware of the vulnerabilities. In perhaps the most jaw-dropping moment of the hacking demonstration, Sec revealed a text message exchanged between two employees of the German Foreign Office that he and Schneider were able to intercept.
> >
> > “I need a good doctor in [Tel Aviv] who can also look at gunshot wounds. Can you send me a number ASAP,” read the message sent by a worker at the Crisis Response Center of the German Foreign Office’s mission in Tel Aviv. The hackers did not reveal when the exchange had taken place.
> >
> > Using software he and Schneider had created, Sec also showed a map of devices visible in a single moment to their eavesdropping gear located in Munich. Iridium devices as far as London, central Norway and Syria (more than 3,000 km away) could be seen.
> >
> > “With US $400 worth of equipment and freely available software, you can start right away intercepting Iridium communications in an area with a diameter of hundreds, sometimes even thousands of kilometers,” said von der Ropp, who was present at the demonstration. “The Iridium signal is divided into spot beams that are about 400 km wide. In principle, one should only be able to listen to the spot beam overhead. But the signal is so strong that you can also detect many of the surrounding spot beams, sometimes up to 2,000 km away.”
> >
> > The DoD, von der Ropp said, is looking for alternatives to Iridium, including Starlink. Still, last year Iridium won a $94 million contract to provide communication services to the U.S. Space Force.
> >
> > Von der Ropp noted that few Iridium users seemed to be active in Ukraine, suggesting the local forces are potentially aware of Iridium’s shortcomings. The vulnerability of satellite systems and services to disruption and interference by bad actors has become a hot topic since Russia’s invasion of the country three years ago. The widespread cyberattack on the ground infrastructure of satellite communication provider Viasat crippled the Ukrainian forces’ access to satcom services on the eve of the invasion. The incident, which according to analysts was planned by Russian state-backed hackers for months, revealed the weakness of Viasat’s cyber defenses.
> >
> > Since then, the number of cyberattacks on satcom providers has increased exponentially. Global navigation and positioning satellite systems such as GPS have also been put to the test. Signal jamming is now a regular occurrence even outside conflict zones and instances of sophisticated spoofing attacks, designed to confuse users and send them to wrong locations, are becoming increasingly common.
> >
> > This story was updated on 14 February 2025 to add a statement from Iridium.
> >
> >
> >
> > On Thu, Mar 13, 2025 at 2:36 PM Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
> >>
> >> My opinions:
> >>
> >> There should be no more linux kernels in the customer premise with
> >> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
> >> bloat that's impossible to secure. Particularly since most noone is
> >> getting paid for this work.
> >>
> >> Reducing the radio head/client (STA) density to near 1/1 and shrinking
> >> the cell size will minimize the media access latency. Packet latency
> >> can use non queue building techniques so there will be no substantial
> >> packet queueing delays. All delay will be distance and speed of
> >> photons related per physics & spacetime.
> >>
> >> Our issue isn't regulators - it's that white collar workers and our
> >> leadership haven't engaged the blue collar workers, and we haven't
> >> kept advancing our engineering. We need to teach fiber installer
> >> businesses how to build these Fi-Wi networks so that our kids get life
> >> support and productivity capable networks that can be depended upon.
> >>
> >> And everyone that adds value needs to be paid somehow. Best done
> >> through markets. Fi-Wi creates high paying jobs in the trades for in
> >> premise fiber installers.
> >>
> >> I think we lack vision and leadership, followed by execution. It's not
> >> a cult thing like Musk's failed prophecies - it's the real deal that
> >> impacts our lives. Low latency will become ubiquitous if we act to our
> >> abilities. Waiting on regulators is like Waiting for Godot.
> >>
> >> Bob
> >>
> >>
> >> On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
> >> <frantisek.borsik@gmail.com> wrote:
> >> >
> >> > Hey Bob,
> >> >
> >> > I don't think that improving latency is about mandating of a specific algorithm - it's about an improvements to broadband definition.
> >> > Broadband that servers the needs of us all today, goes beyond 100/20, it's should include a low latency, low consistent jitter.
> >> > Now, what are the right numbers, that's another discussion. But it's a discussion we need to have.
> >> > I would certainly let market to decide on the tools/algorithms that will achieve those numbers - be it a Quality of Experience middle box (like LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S etc.
> >> >
> >> > As for the other issues that need some love - for example, making vendors to update kernel and provide updates to routers they sold, that's a good thing.
> >> >
> >> > All the best,
> >> >
> >> > Frank
> >> >
> >> > Frantisek (Frank) Borsik
> >> >
> >> >
> >> >
> >> > https://www.linkedin.com/in/frantisekborsik
> >> >
> >> > Signal, Telegram, WhatsApp: +421919416714
> >> >
> >> > iMessage, mobile: +420775230885
> >> >
> >> > Skype: casioa5302ca
> >> >
> >> > frantisek.borsik@gmail.com
> >> >
> >> >
> >> >
> >> > On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
> >> >>
> >> >> >
> >> >> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAIK, it's been over a decade since they have done anything helpful or useful for any American citizen who isn't the head of a major corporation. If you delete the entire organization, there will be no one around to enforce whatever regs are still on the books so who cares? ... and you'll save another few 10's of millions of dollars annually which will fit nicely in the pockets of the "good folks", aka FODT. 😊😊😊
> >> >> >
> >> >> I worked with a CA state regulator in a tech support role prior to
> >> >> so-called broadband (actually, internet access beyond dial-up MODEMs)
> >> >> This was post 1996 telco act, just prior to the dot com bubble. The
> >> >> lobbyists at the time disliked having 50 States regulating things.
> >> >> They pushed made it so the 5 commissioners on the FCC became the
> >> >> primary regulators. Many call this regulatory capture.
> >> >>
> >> >> Unfortunately, I don't think we can get rid of the FCC. Our utility
> >> >> poles are mostly regulated by them as one example.
> >> >>
> >> >> I also don't think the FCC can mandage any specific AQM algorithm.
> >> >> That's a long term disaster in the making for sure. Let network
> >> >> engineers and the market battle that out.
> >> >>
> >> >> Bob
> >> >>
> >> >> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
> >> >> project you may be interested in - not sure.
> >> >> _______________________________________________
> >> >> Nnagain mailing list
> >> >> Nnagain@lists.bufferbloat.net
> >> >> https://lists.bufferbloat.net/listinfo/nnagain
> >> _______________________________________________
> >> Nnagain mailing list
> >> Nnagain@lists.bufferbloat.net
> >> https://lists.bufferbloat.net/listinfo/nnagain

Re: [NNagain] FCC - delete, delete, delete

[David Bray, PhD]

[-- Attachment #1: Type: text/plain, Size: 12988 bytes --]

Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?


On Thu, Mar 13, 2025 at 10:17 PM Robert McMahon <rjmcmahon@rjmcmahon.com>
wrote:

> yeah, our space walks to fix outdated satellites isn't easily doable
> nor cost efficient.
>
> The parts need to be pluggable, similar to light bulbs. If they need
> replacement, just swap them out for the improved version. Or if you
> get a flat, buy a new tire (and don't send that car into space in the
> first place.)
>
> This approach works well inside buildings.
>
> The fiber cables, plastic holders, and antennas themselves are the
> only fixed, long lived parts. Fiber is actually better than copper
> w/respect to security.
>
> China is doing this already and we're way behind.
>
> Bob
>
> On Thu, Mar 13, 2025 at 6:38 PM David Bray, PhD <david.a.bray@gmail.com>
> wrote:
> >
> > Meanwhile there's Salt Typhoon, Volt Typhoon... also this:
> >
> > https://spectrum.ieee.org/iridium-satellite
> >
> > White Hat Hackers Expose Iridium Satellite Security Flaws
> >
> > Users' locations and texts can be intercepted, including DoD employees
> >
> > In a recent demonstration, German white hat hackers showed how to
> intercept text messages sent via the U.S. satellite communication system
> Iridium and locate users with an accuracy of about 4 kilometers.
> >
> > The twohackers, known publicly only under the nicknames Sec and
> Schneider, made the revelations during a presentation at the Chaos
> Communication Congress in late December in Hamburg, Germany. During the
> talk, they highlighted severe vulnerabilities in services that tens of
> thousands of users from the U.S. Department of Defense rely on.
> >
> > Although the DoD uses a secure gateway to route and encrypt its traffic,
> the hackers were able to see which devices were connecting via the DoD
> pathway. That allowed the duo to identify and locate DoD users with an
> accuracy of about 4 km using a home-assembled eavesdropping kit consisting
> of a commercially available Iridium antenna, a software-defined radio
> receiver and a basic computer, such as the Intel N100 mobile CPU or the
> Raspberry Pi mini-computer.
> >
> > “We see devices that register with the DoD service center and then we
> can find their positions from these registrations,” Sec said during the
> talk. “You don’t have to see the communication from the actual phone to the
> network, you just see the network’s answer with the position, and you then
> can map where all the registered devices are.”
> >
> > Iridium’s Legacy Components Still Cause Problems
> >
> > The Iridium constellation, first deployed in the late 1990s, is made up
> of 66 satellites disbursed across six orbital planes roughly 870 km above
> Earth. The constellation, the first to have provided global commercial
> satellite communications services, supports satellite telephony and
> connects pagers, emergency beacons, and Internet of Things devices all over
> the world. Out of Iridium’s 2.3 million subscribers, 145,000 are U.S.
> government customers. Iridium receivers are also frequently used by vessels
> at sea and by aircraft pilots exchanging information with other airplanes
> and with ground control.
> >
> > “Back then encryption was not something on everyone’s mind,” Sec said
> during the presentation. “All the [first generation] Iridium data is
> unencrypted.”
> >
> > In response to a request for comment, a spokesperson from Iridium says,
> “This is old news. The DoD and others encrypt their communications over our
> network which address the issues this article raises. There is a reason the
> DoD continues to be such a big customer and we expect that to continue well
> into the future. We have always allowed others to encrypt their traffic
> over our network. Our commercial partners have been doing the same for
> decades, when and where the markets request it.”
> >
> > Iridium replaced its first-generation fleet with more secure satellites
> (the second-generation NEXT constellation) between 2017 and 2019. But
> according to satellite and telecommunications industry analyst Christian
> von der Ropp, many Iridium devices in use today, including civilian
> satellite phones, still rely on the first-generation Iridium radio protocol
> that has no encryption.
> >
> > “The regular satellite phones that they sell still operate under the old
> legacy protocol,” says von der Ropp. “If you buy a brand-new civilian
> Iridium phone, it still operates using the 30-year-old radio protocol, and
> it is subject to the same vulnerability. So, you can intercept everything.
> You can listen to the voice calls, you can read SMS, absolutely everything.
> Out of the box it’s a totally unsecure service.”
> >
> > Von der Ropp estimates that tens or even hundreds of thousands of
> Iridium devices in use today rely on the old, unsecured radio protocol.
> >
> > Hackers Reveal Vulnerabilities in Iridium’s Systems
> >
> > While the DoD uses an extra layer of encryption to protect the content
> of its exchanges, other nations’ agencies appear to be less aware of the
> vulnerabilities. In perhaps the most jaw-dropping moment of the hacking
> demonstration, Sec revealed a text message exchanged between two employees
> of the German Foreign Office that he and Schneider were able to intercept.
> >
> > “I need a good doctor in [Tel Aviv] who can also look at gunshot wounds.
> Can you send me a number ASAP,” read the message sent by a worker at the
> Crisis Response Center of the German Foreign Office’s mission in Tel Aviv.
> The hackers did not reveal when the exchange had taken place.
> >
> > Using software he and Schneider had created, Sec also showed a map of
> devices visible in a single moment to their eavesdropping gear located in
> Munich. Iridium devices as far as London, central Norway and Syria (more
> than 3,000 km away) could be seen.
> >
> > “With US $400 worth of equipment and freely available software, you can
> start right away intercepting Iridium communications in an area with a
> diameter of hundreds, sometimes even thousands of kilometers,” said von der
> Ropp, who was present at the demonstration. “The Iridium signal is divided
> into spot beams that are about 400 km wide. In principle, one should only
> be able to listen to the spot beam overhead. But the signal is so strong
> that you can also detect many of the surrounding spot beams, sometimes up
> to 2,000 km away.”
> >
> > The DoD, von der Ropp said, is looking for alternatives to Iridium,
> including Starlink. Still, last year Iridium won a $94 million contract to
> provide communication services to the U.S. Space Force.
> >
> > Von der Ropp noted that few Iridium users seemed to be active in
> Ukraine, suggesting the local forces are potentially aware of Iridium’s
> shortcomings. The vulnerability of satellite systems and services to
> disruption and interference by bad actors has become a hot topic since
> Russia’s invasion of the country three years ago. The widespread
> cyberattack on the ground infrastructure of satellite communication
> provider Viasat crippled the Ukrainian forces’ access to satcom services on
> the eve of the invasion. The incident, which according to analysts was
> planned by Russian state-backed hackers for months, revealed the weakness
> of Viasat’s cyber defenses.
> >
> > Since then, the number of cyberattacks on satcom providers has increased
> exponentially. Global navigation and positioning satellite systems such as
> GPS have also been put to the test. Signal jamming is now a regular
> occurrence even outside conflict zones and instances of sophisticated
> spoofing attacks, designed to confuse users and send them to wrong
> locations, are becoming increasingly common.
> >
> > This story was updated on 14 February 2025 to add a statement from
> Iridium.
> >
> >
> >
> > On Thu, Mar 13, 2025 at 2:36 PM Robert McMahon via Nnagain <
> nnagain@lists.bufferbloat.net> wrote:
> >>
> >> My opinions:
> >>
> >> There should be no more linux kernels in the customer premise with
> >> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
> >> bloat that's impossible to secure. Particularly since most noone is
> >> getting paid for this work.
> >>
> >> Reducing the radio head/client (STA) density to near 1/1 and shrinking
> >> the cell size will minimize the media access latency. Packet latency
> >> can use non queue building techniques so there will be no substantial
> >> packet queueing delays. All delay will be distance and speed of
> >> photons related per physics & spacetime.
> >>
> >> Our issue isn't regulators - it's that white collar workers and our
> >> leadership haven't engaged the blue collar workers, and we haven't
> >> kept advancing our engineering. We need to teach fiber installer
> >> businesses how to build these Fi-Wi networks so that our kids get life
> >> support and productivity capable networks that can be depended upon.
> >>
> >> And everyone that adds value needs to be paid somehow. Best done
> >> through markets. Fi-Wi creates high paying jobs in the trades for in
> >> premise fiber installers.
> >>
> >> I think we lack vision and leadership, followed by execution. It's not
> >> a cult thing like Musk's failed prophecies - it's the real deal that
> >> impacts our lives. Low latency will become ubiquitous if we act to our
> >> abilities. Waiting on regulators is like Waiting for Godot.
> >>
> >> Bob
> >>
> >>
> >> On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
> >> <frantisek.borsik@gmail.com> wrote:
> >> >
> >> > Hey Bob,
> >> >
> >> > I don't think that improving latency is about mandating of a specific
> algorithm - it's about an improvements to broadband definition.
> >> > Broadband that servers the needs of us all today, goes beyond 100/20,
> it's should include a low latency, low consistent jitter.
> >> > Now, what are the right numbers, that's another discussion. But it's
> a discussion we need to have.
> >> > I would certainly let market to decide on the tools/algorithms that
> will achieve those numbers - be it a Quality of Experience middle box (like
> LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S
> etc.
> >> >
> >> > As for the other issues that need some love - for example, making
> vendors to update kernel and provide updates to routers they sold, that's a
> good thing.
> >> >
> >> > All the best,
> >> >
> >> > Frank
> >> >
> >> > Frantisek (Frank) Borsik
> >> >
> >> >
> >> >
> >> > https://www.linkedin.com/in/frantisekborsik
> >> >
> >> > Signal, Telegram, WhatsApp: +421919416714
> >> >
> >> > iMessage, mobile: +420775230885
> >> >
> >> > Skype: casioa5302ca
> >> >
> >> > frantisek.borsik@gmail.com
> >> >
> >> >
> >> >
> >> > On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <
> nnagain@lists.bufferbloat.net> wrote:
> >> >>
> >> >> >
> >> >> > As for "what the FCC can do", "dissolve itself" comes to mind.
> AFAIK, it's been over a decade since they have done anything helpful or
> useful for any American citizen who isn't the head of a major corporation.
> If you delete the entire organization, there will be no one around to
> enforce whatever regs are still on the books so who cares? ... and you'll
> save another few 10's of millions of dollars annually which will fit nicely
> in the pockets of the "good folks", aka FODT. 😊😊😊
> >> >> >
> >> >> I worked with a CA state regulator in a tech support role prior to
> >> >> so-called broadband (actually, internet access beyond dial-up MODEMs)
> >> >> This was post 1996 telco act, just prior to the dot com bubble. The
> >> >> lobbyists at the time disliked having 50 States regulating things.
> >> >> They pushed made it so the 5 commissioners on the FCC became the
> >> >> primary regulators. Many call this regulatory capture.
> >> >>
> >> >> Unfortunately, I don't think we can get rid of the FCC. Our utility
> >> >> poles are mostly regulated by them as one example.
> >> >>
> >> >> I also don't think the FCC can mandage any specific AQM algorithm.
> >> >> That's a long term disaster in the making for sure. Let network
> >> >> engineers and the market battle that out.
> >> >>
> >> >> Bob
> >> >>
> >> >> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
> >> >> project you may be interested in - not sure.
> >> >> _______________________________________________
> >> >> Nnagain mailing list
> >> >> Nnagain@lists.bufferbloat.net
> >> >> https://lists.bufferbloat.net/listinfo/nnagain
> >> _______________________________________________
> >> Nnagain mailing list
> >> Nnagain@lists.bufferbloat.net
> >> https://lists.bufferbloat.net/listinfo/nnagain
>

[-- Attachment #2: Type: text/html, Size: 15344 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[Tara Stella]

[-- Attachment #1: Type: text/plain, Size: 725 bytes --]

On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:
> Indeed. Yet here on ground SS7 remains vulnerable and exploitable
> too? 

I'm working for a big telco in Europe, and I'm just marginally involved
in the telco network.
AFAIK, in our infrastructure, SS7 is a niche in some very old equipment
sitting somewhere.
On fixed broadband, we migrated everything over IP, voice is SIP,
including VAS services, that are somehow fading away as well (IMS still
in place for voicemail).
On 5G Standalone, everything is HTTP on the control plane and GTP
encapsulation on the user plane.

I'm not an expert, but I wonder if the complexity has increased the
potential attacking surface.
Cheers,
Tara


[-- Attachment #2: Type: text/html, Size: 1268 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.

I'm not an expert here either - but I do think complexity does
increase the attack service. Breaking up the control and data planes
seems like a good idea to me.

Also, devices like CPUs that run programmable logic are a target
because their logic flows can be hijacked. Hardware solutions for
simple functions like forwarding packets cannot be reprogrammed at the
data plane level, minimizing their attack service.

Moving the control plane(s) into a management domain where security
experts do their work everyday seems a must to me. Pushing this into
consumer premises and adding more and more seems like a disaster in
the making.

https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html

Bob

On Fri, Mar 14, 2025 at 1:16 AM Tara Stella <tara@tara.sh> wrote:
>
> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:
>
> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?
>
>
> I'm working for a big telco in Europe, and I'm just marginally involved in the telco network.
> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment sitting somewhere.
> On fixed broadband, we migrated everything over IP, voice is SIP, including VAS services, that are somehow fading away as well (IMS still in place for voicemail).
> On 5G Standalone, everything is HTTP on the control plane and GTP encapsulation on the user plane.
>
> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
> Cheers,
> Tara
>

Re: [NNagain] FCC - delete, delete, delete

[Richard Roy]

[-- Attachment #1: Type: text/plain, Size: 2966 bytes --]

Bob,



You are certainly correct.  Complexity of implementation always leads to the potential for more attack surfaces.  As importantly, security as an add-on is really no security at all.  If security is not designed in at the outset, optimal security can rarely if ever be achieved.  First and foremost at the core of security is "credential material" that MUST be protected IN TAMPER-PROOF/EVIDENT HARDWARE (e.g. FIPS 140-x).  It is nearly impossible to secure a system without this capability, and not all of the systems out there today are so "equipped" making system-wide trust nearly impossible. ☹☹☹



Cheers,

RR



-----Original Message-----
From: Nnagain <nnagain-bounces@lists.bufferbloat.net> On Behalf Of Robert McMahon via Nnagain
Sent: Friday, March 14, 2025 11:53 AM
To: Tara Stella <tara@tara.sh>
Cc: Robert McMahon <rjmcmahon@rjmcmahon.com>; Network Neutrality is back! Let´s make the technical aspects heard this time! <nnagain@lists.bufferbloat.net>
Subject: Re: [NNagain] FCC - delete, delete, delete



> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.



I'm not an expert here either - but I do think complexity does increase the attack service. Breaking up the control and data planes seems like a good idea to me.



Also, devices like CPUs that run programmable logic are a target because their logic flows can be hijacked. Hardware solutions for simple functions like forwarding packets cannot be reprogrammed at the data plane level, minimizing their attack service.



Moving the control plane(s) into a management domain where security experts do their work everyday seems a must to me. Pushing this into consumer premises and adding more and more seems like a disaster in the making.



https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html



Bob



On Fri, Mar 14, 2025 at 1:16 AM Tara Stella <tara@tara.sh<mailto:tara@tara.sh>> wrote:

>

> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:

>

> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?

>

>

> I'm working for a big telco in Europe, and I'm just marginally involved in the telco network.

> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment sitting somewhere.

> On fixed broadband, we migrated everything over IP, voice is SIP, including VAS services, that are somehow fading away as well (IMS still in place for voicemail).

> On 5G Standalone, everything is HTTP on the control plane and GTP encapsulation on the user plane.

>

> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.

> Cheers,

> Tara

>

_______________________________________________

Nnagain mailing list

Nnagain@lists.bufferbloat.net<mailto:Nnagain@lists.bufferbloat.net>

https://lists.bufferbloat.net/listinfo/nnagain

[-- Attachment #2: Type: text/html, Size: 6646 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[David Lang]

[-- Attachment #1: Type: text/plain, Size: 3533 bytes --]

it's also impossible to fix bugs when you prevent updates.

show me any product deployed at large scale that has not had bugs.

David Lang

On Fri, 14 Mar 2025, Richard Roy via Nnagain wrote:

> Date: Fri, 14 Mar 2025 19:05:18 +0000
> From: Richard Roy via Nnagain <nnagain@lists.bufferbloat.net>
> To: Network Neutrality is back! Let´s make the technical aspects heard this
>     time! <nnagain@lists.bufferbloat.net>, Tara Stella <tara@tara.sh>
> Cc: Richard Roy <dickroy@alum.mit.edu>
> Subject: Re: [NNagain] FCC - delete, delete, delete
> 
> Bob,
>
>
>
> You are certainly correct.  Complexity of implementation always leads to the potential for more attack surfaces.  As importantly, security as an add-on is really no security at all.  If security is not designed in at the outset, optimal security can rarely if ever be achieved.  First and foremost at the core of security is "credential material" that MUST be protected IN TAMPER-PROOF/EVIDENT HARDWARE (e.g. FIPS 140-x).  It is nearly impossible to secure a system without this capability, and not all of the systems out there today are so "equipped" making system-wide trust nearly impossible. ☹☹☹
>
>
>
> Cheers,
>
> RR
>
>
>
> -----Original Message-----
> From: Nnagain <nnagain-bounces@lists.bufferbloat.net> On Behalf Of Robert McMahon via Nnagain
> Sent: Friday, March 14, 2025 11:53 AM
> To: Tara Stella <tara@tara.sh>
> Cc: Robert McMahon <rjmcmahon@rjmcmahon.com>; Network Neutrality is back! Let´s make the technical aspects heard this time! <nnagain@lists.bufferbloat.net>
> Subject: Re: [NNagain] FCC - delete, delete, delete
>
>
>
>> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
>
>
>
> I'm not an expert here either - but I do think complexity does increase the attack service. Breaking up the control and data planes seems like a good idea to me.
>
>
>
> Also, devices like CPUs that run programmable logic are a target because their logic flows can be hijacked. Hardware solutions for simple functions like forwarding packets cannot be reprogrammed at the data plane level, minimizing their attack service.
>
>
>
> Moving the control plane(s) into a management domain where security experts do their work everyday seems a must to me. Pushing this into consumer premises and adding more and more seems like a disaster in the making.
>
>
>
> https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html
>
>
>
> Bob
>
>
>
> On Fri, Mar 14, 2025 at 1:16 AM Tara Stella <tara@tara.sh<mailto:tara@tara.sh>> wrote:
>
>>
>
>> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:
>
>>
>
>> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?
>
>>
>
>>
>
>> I'm working for a big telco in Europe, and I'm just marginally involved in the telco network.
>
>> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment sitting somewhere.
>
>> On fixed broadband, we migrated everything over IP, voice is SIP, including VAS services, that are somehow fading away as well (IMS still in place for voicemail).
>
>> On 5G Standalone, everything is HTTP on the control plane and GTP encapsulation on the user plane.
>
>>
>
>> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
>
>> Cheers,
>
>> Tara
>
>>
>
> _______________________________________________
>
> Nnagain mailing list
>
> Nnagain@lists.bufferbloat.net<mailto:Nnagain@lists.bufferbloat.net>
>
> https://lists.bufferbloat.net/listinfo/nnagain
>

[-- Attachment #2: Type: text/plain, Size: 146 bytes --]

_______________________________________________
Nnagain mailing list
Nnagain@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain

Re: [NNagain] FCC - delete, delete, delete

[Dick Roy]

Yup ... and the must be SECURE updates by the way!  Security is required throughout the supply chain!

RR

-----Original Message-----
From: David Lang <david@lang.hm> 
Sent: Friday, March 14, 2025 2:09 PM
To: Richard Roy via Nnagain <nnagain@lists.bufferbloat.net>
Cc: Tara Stella <tara@tara.sh>; Richard Roy <dickroy@alum.mit.edu>
Subject: Re: [NNagain] FCC - delete, delete, delete

it's also impossible to fix bugs when you prevent updates.

show me any product deployed at large scale that has not had bugs.

David Lang

On Fri, 14 Mar 2025, Richard Roy via Nnagain wrote:

> Date: Fri, 14 Mar 2025 19:05:18 +0000
> From: Richard Roy via Nnagain <nnagain@lists.bufferbloat.net>
> To: Network Neutrality is back! Let´s make the technical aspects heard this
>     time! <nnagain@lists.bufferbloat.net>, Tara Stella <tara@tara.sh>
> Cc: Richard Roy <dickroy@alum.mit.edu>
> Subject: Re: [NNagain] FCC - delete, delete, delete
> 
> Bob,
>
>
>
> You are certainly correct.  Complexity of implementation always leads to the potential for more attack surfaces.  As importantly, security as an add-on is really no security at all.  If security is not designed in at the outset, optimal security can rarely if ever be achieved.  First and foremost at the core of security is "credential material" that MUST be protected IN TAMPER-PROOF/EVIDENT HARDWARE (e.g. FIPS 140-x).  It is nearly impossible to secure a system without this capability, and not all of the systems out there today are so "equipped" making system-wide trust nearly impossible. ☹☹☹
>
>
>
> Cheers,
>
> RR
>
>
>
> -----Original Message-----
> From: Nnagain <nnagain-bounces@lists.bufferbloat.net> On Behalf Of Robert McMahon via Nnagain
> Sent: Friday, March 14, 2025 11:53 AM
> To: Tara Stella <tara@tara.sh>
> Cc: Robert McMahon <rjmcmahon@rjmcmahon.com>; Network Neutrality is back! Let´s make the technical aspects heard this time! <nnagain@lists.bufferbloat.net>
> Subject: Re: [NNagain] FCC - delete, delete, delete
>
>
>
>> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
>
>
>
> I'm not an expert here either - but I do think complexity does increase the attack service. Breaking up the control and data planes seems like a good idea to me.
>
>
>
> Also, devices like CPUs that run programmable logic are a target because their logic flows can be hijacked. Hardware solutions for simple functions like forwarding packets cannot be reprogrammed at the data plane level, minimizing their attack service.
>
>
>
> Moving the control plane(s) into a management domain where security experts do their work everyday seems a must to me. Pushing this into consumer premises and adding more and more seems like a disaster in the making.
>
>
>
> https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html
>
>
>
> Bob
>
>
>
> On Fri, Mar 14, 2025 at 1:16 AM Tara Stella <tara@tara.sh<mailto:tara@tara.sh>> wrote:
>
>>
>
>> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:
>
>>
>
>> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?
>
>>
>
>>
>
>> I'm working for a big telco in Europe, and I'm just marginally involved in the telco network.
>
>> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment sitting somewhere.
>
>> On fixed broadband, we migrated everything over IP, voice is SIP, including VAS services, that are somehow fading away as well (IMS still in place for voicemail).
>
>> On 5G Standalone, everything is HTTP on the control plane and GTP encapsulation on the user plane.
>
>>
>
>> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
>
>> Cheers,
>
>> Tara
>
>>
>
> _______________________________________________
>
> Nnagain mailing list
>
> Nnagain@lists.bufferbloat.net<mailto:Nnagain@lists.bufferbloat.net>
>
> https://lists.bufferbloat.net/listinfo/nnagain
>

Re: [NNagain] FCC - delete, delete, delete

[David Lang]

[-- Attachment #1: Type: text/plain, Size: 5735 bytes --]

In case it's not clear. I am NOT happy with how device manufacturers ship old 
code and never update it.

I just believe that the fix is not to make the devices impossible to update 
(other than scrapping and replacing them), but it's to make it so that the 
devices are easier to update. They are mostly using opensource code, so force 
them to make it so that you can easily install newer versions of code, don't let 
them have proprietary device drivers.

If the CIA and other three letter agencies can't prevent leaks and hacks, it's 
unreasonable to base your security on the idea of a company having better 
security so they never have any bugs, hacks, or leaks.

Even govenments fail to eliminate all problems (see submarines and spacecraft) 
with near unlimited budgets

companies that try to make software perfect before release go out of business 
before release.

companies that try to prove that an upgrade cannot cause any problem before it's 
deployed have lots of vulnerabilities because they take so long to upgrade (and 
eventually get bit by some bug that makes it through their testing)

I am firmly on the side of release early, release often. be it product releases 
or patching. When (not IF) an update has problems, it's a lot easier to roll 
back a small amount, and far easier to to figure out what went wrong when there 
are fewer changes.

David Lang


On Fri, 14 Mar 2025, Dick Roy wrote:

> Date: Fri, 14 Mar 2025 14:20:00 -0700
> From: Dick Roy <dickroy@alum.mit.edu>
> To: 'David Lang' <david@lang.hm>,
>     'Richard Roy via Nnagain' <nnagain@lists.bufferbloat.net>
> Cc: 'Tara Stella' <tara@tara.sh>
> Subject: RE: [NNagain] FCC - delete, delete, delete
> 
> Yup ... and the must be SECURE updates by the way!  Security is required throughout the supply chain!
>
> RR
>
> -----Original Message-----
> From: David Lang <david@lang.hm>
> Sent: Friday, March 14, 2025 2:09 PM
> To: Richard Roy via Nnagain <nnagain@lists.bufferbloat.net>
> Cc: Tara Stella <tara@tara.sh>; Richard Roy <dickroy@alum.mit.edu>
> Subject: Re: [NNagain] FCC - delete, delete, delete
>
> it's also impossible to fix bugs when you prevent updates.
>
> show me any product deployed at large scale that has not had bugs.
>
> David Lang
>
> On Fri, 14 Mar 2025, Richard Roy via Nnagain wrote:
>
>> Date: Fri, 14 Mar 2025 19:05:18 +0000
>> From: Richard Roy via Nnagain <nnagain@lists.bufferbloat.net>
>> To: Network Neutrality is back! Let´s make the technical aspects heard this
>>     time! <nnagain@lists.bufferbloat.net>, Tara Stella <tara@tara.sh>
>> Cc: Richard Roy <dickroy@alum.mit.edu>
>> Subject: Re: [NNagain] FCC - delete, delete, delete
>>
>> Bob,
>>
>>
>>
>> You are certainly correct.  Complexity of implementation always leads to the potential for more attack surfaces.  As importantly, security as an add-on is really no security at all.  If security is not designed in at the outset, optimal security can rarely if ever be achieved.  First and foremost at the core of security is "credential material" that MUST be protected IN TAMPER-PROOF/EVIDENT HARDWARE (e.g. FIPS 140-x).  It is nearly impossible to secure a system without this capability, and not all of the systems out there today are so "equipped" making system-wide trust nearly impossible. ☹☹☹
>>
>>
>>
>> Cheers,
>>
>> RR
>>
>>
>>
>> -----Original Message-----
>> From: Nnagain <nnagain-bounces@lists.bufferbloat.net> On Behalf Of Robert McMahon via Nnagain
>> Sent: Friday, March 14, 2025 11:53 AM
>> To: Tara Stella <tara@tara.sh>
>> Cc: Robert McMahon <rjmcmahon@rjmcmahon.com>; Network Neutrality is back! Let´s make the technical aspects heard this time! <nnagain@lists.bufferbloat.net>
>> Subject: Re: [NNagain] FCC - delete, delete, delete
>>
>>
>>
>>> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
>>
>>
>>
>> I'm not an expert here either - but I do think complexity does increase the attack service. Breaking up the control and data planes seems like a good idea to me.
>>
>>
>>
>> Also, devices like CPUs that run programmable logic are a target because their logic flows can be hijacked. Hardware solutions for simple functions like forwarding packets cannot be reprogrammed at the data plane level, minimizing their attack service.
>>
>>
>>
>> Moving the control plane(s) into a management domain where security experts do their work everyday seems a must to me. Pushing this into consumer premises and adding more and more seems like a disaster in the making.
>>
>>
>>
>> https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html
>>
>>
>>
>> Bob
>>
>>
>>
>> On Fri, Mar 14, 2025 at 1:16 AM Tara Stella <tara@tara.sh<mailto:tara@tara.sh>> wrote:
>>
>>>
>>
>>> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:
>>
>>>
>>
>>> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?
>>
>>>
>>
>>>
>>
>>> I'm working for a big telco in Europe, and I'm just marginally involved in the telco network.
>>
>>> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment sitting somewhere.
>>
>>> On fixed broadband, we migrated everything over IP, voice is SIP, including VAS services, that are somehow fading away as well (IMS still in place for voicemail).
>>
>>> On 5G Standalone, everything is HTTP on the control plane and GTP encapsulation on the user plane.
>>
>>>
>>
>>> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
>>
>>> Cheers,
>>
>>> Tara
>>
>>>
>>
>> _______________________________________________
>>
>> Nnagain mailing list
>>
>> Nnagain@lists.bufferbloat.net<mailto:Nnagain@lists.bufferbloat.net>
>>
>> https://lists.bufferbloat.net/listinfo/nnagain
>>
>
>

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

[-- Attachment #1: Type: text/plain, Size: 1897 bytes --]

>
> In case it's not clear. I am NOT happy with how device manufacturers ship old
> code and never update it.
>

I was unhappy about my home network and my paying job is to provide
components for such.

My home network wasn't resilient enough to carry entertainment,
productivity (including distance learning) and medical traffic.

The fixes so far have been:

o) Don't use an all in one AP anywhere, just use it for wireless bridging
o) Use a fronthaul architecture (2.5G - will go to 100G when Fi-Wi is ready)
o) Use a dedicated firewall & dhcp server with AQM such as fq_codel (I
use a protectcli vault)
o) Connect the APs (4 for me in 100 sq ft) configured in bridge mode
and optimize spacetime, allow for proper RF overlap - not too much,
not too little, but just right like the story says.
o) Use AP's that support the 6G band
o) Use keep connect devices to detect AP failures and power cycle them
(hammer approach)
o) Use separate ethernet switches where 802.3 switching is needed
(don't use the AP integrated switches, they go down per the crappy
gateway sw you're likely talking about)
o) Implement DHCP guard to protect against rogue DHCP servers

Then for monitoring
o) Install rpi 5bs with INTC BE200 and pcie Wi-Fi adapters in the
rooms that need monitoring
o) Install kismet and integrate with kismet to monitor
o) Turn on firewall & WAN port monitoring services

Only access to devices is ssh with encryption keys, and configure ssh
passwordless access.

Now, my family can be entertained, do their work and learning, and use
their medical instruments with high in-home reliability.

It's a thankless job we Dads must do. The home frustration level goes
way down and the complaints of "Dad, the internet isn't working again"
have gone away - except for when the OSP goes down. The OSP provider
tends to send information to me when that happens so my family can
work around it.

Bob

[-- Attachment #2: Medical-Devices-with-Wi-Fi-03-15-2025_10_41_AM.png --]
[-- Type: image/png, Size: 341666 bytes --]

Re: [NNagain] FCC - delete, delete, delete

[Daniel Ezell]

This is one of the most helpful posts on this list ever. I appreciate the whole scope of the discussion, but from time to time you guys drop a gem of helpful advice for my real-world needs. Nothing may ever top Dave’s 2021 email with the crontab script for updating OpenWrt, but this will certainly be a reference for me as I prepare my home for the upcoming revelation of 10G Sonic Fiber later this year. Thank you Bob, and thank you all. 

Daniel Ezell
https://chronos.academy

> On Mar 15, 2025, at 11:16 AM, Robert McMahon via Nnagain <nnagain@lists.bufferbloat.net> wrote:
> 
>> 
>> In case it's not clear. I am NOT happy with how device manufacturers ship old
>> code and never update it.
>> 
> 
> I was unhappy about my home network and my paying job is to provide
> components for such.
> 
> My home network wasn't resilient enough to carry entertainment,
> productivity (including distance learning) and medical traffic.
> 
> The fixes so far have been:
> 
> o) Don't use an all in one AP anywhere, just use it for wireless bridging
> o) Use a fronthaul architecture (2.5G - will go to 100G when Fi-Wi is ready)
> o) Use a dedicated firewall & dhcp server with AQM such as fq_codel (I
> use a protectcli vault)
> o) Connect the APs (4 for me in 100 sq ft) configured in bridge mode
> and optimize spacetime, allow for proper RF overlap - not too much,
> not too little, but just right like the story says.
> o) Use AP's that support the 6G band
> o) Use keep connect devices to detect AP failures and power cycle them
> (hammer approach)
> o) Use separate ethernet switches where 802.3 switching is needed
> (don't use the AP integrated switches, they go down per the crappy
> gateway sw you're likely talking about)
> o) Implement DHCP guard to protect against rogue DHCP servers
> 
> Then for monitoring
> o) Install rpi 5bs with INTC BE200 and pcie Wi-Fi adapters in the
> rooms that need monitoring
> o) Install kismet and integrate with kismet to monitor
> o) Turn on firewall & WAN port monitoring services
> 
> Only access to devices is ssh with encryption keys, and configure ssh
> passwordless access.
> 
> Now, my family can be entertained, do their work and learning, and use
> their medical instruments with high in-home reliability.
> 
> It's a thankless job we Dads must do. The home frustration level goes
> way down and the complaints of "Dad, the internet isn't working again"
> have gone away - except for when the OSP goes down. The OSP provider
> tends to send information to me when that happens so my family can
> work around it.
> 
> Bob
> <Medical-Devices-with-Wi-Fi-03-15-2025_10_41_AM.png>_______________________________________________
> Nnagain mailing list
> Nnagain@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

A correction, some additions and a short allegory

o) I'm using 4 APs for 1800 sq ft, but it's two story stacked like two
blocks, so the radius per the RF spray pattern design can (and does)
take advantage of that
o) I placed high quality UPS where needed
o) I didn't mention IoT like irrigation control, PV monitoring,
weather systems, etc. Those are managed by a RPi4 with a UPS board and
battery. Scripts and c - code is written by me.
o) I didn't mention my in home lab/work network where each test device
has it's own GPS signal to get pulse per second from those atomic
clocks. That really helps a lot in my iperf 2 work
o) Having an in home lab gives me back an 30 minute commute (or 1 hr
for both directions) which is a lot and adds up. Unfortunately, my CEO
thinks we're children and need to follow an attendance policy so now I
have to waste time driving to do emails and get an attendance credit.
I started working at age 13 at a Baskin Robbins and within a month the
immigrant owner asked me to run the crews so he and his wife could go
home and rest w/o worrying about their primary means of  income. It's
very sad to be treated like a child, even when a child. SV is run by
children's mindsets now.

Bob

On Sat, Mar 15, 2025 at 11:16 AM Robert McMahon <rjmcmahon@rjmcmahon.com> wrote:
>
> >
> > In case it's not clear. I am NOT happy with how device manufacturers ship old
> > code and never update it.
> >
>
> I was unhappy about my home network and my paying job is to provide
> components for such.
>
> My home network wasn't resilient enough to carry entertainment,
> productivity (including distance learning) and medical traffic.
>
> The fixes so far have been:
>
> o) Don't use an all in one AP anywhere, just use it for wireless bridging
> o) Use a fronthaul architecture (2.5G - will go to 100G when Fi-Wi is ready)
> o) Use a dedicated firewall & dhcp server with AQM such as fq_codel (I
> use a protectcli vault)
> o) Connect the APs (4 for me in 100 sq ft) configured in bridge mode
> and optimize spacetime, allow for proper RF overlap - not too much,
> not too little, but just right like the story says.
> o) Use AP's that support the 6G band
> o) Use keep connect devices to detect AP failures and power cycle them
> (hammer approach)
> o) Use separate ethernet switches where 802.3 switching is needed
> (don't use the AP integrated switches, they go down per the crappy
> gateway sw you're likely talking about)
> o) Implement DHCP guard to protect against rogue DHCP servers
>
> Then for monitoring
> o) Install rpi 5bs with INTC BE200 and pcie Wi-Fi adapters in the
> rooms that need monitoring
> o) Install kismet and integrate with kismet to monitor
> o) Turn on firewall & WAN port monitoring services
>
> Only access to devices is ssh with encryption keys, and configure ssh
> passwordless access.
>
> Now, my family can be entertained, do their work and learning, and use
> their medical instruments with high in-home reliability.
>
> It's a thankless job we Dads must do. The home frustration level goes
> way down and the complaints of "Dad, the internet isn't working again"
> have gone away - except for when the OSP goes down. The OSP provider
> tends to send information to me when that happens so my family can
> work around it.
>
> Bob

Re: [NNagain] FCC - delete, delete, delete

[Robert McMahon]

[-- Attachment #1: Type: text/plain, Size: 4710 bytes --]

Hi David,

I'm glad it helped.

The reason for the breakouts are a few things:

o) reduce the fault domain when a failure occurs, including a power supply
failure which is exacerbated by POE. (I don't use POE)
o) leverage different non recurring engineering (NRE) pools, i.e. each
domain is done by engineers specializing in that domain. Any group that
claims deep expertise in all are fooling themselves
o) Gateways tend to use a programmable forwarding plane, typically via CPUs
or NPUs. This is both a fault and attack service. 802.3 forwarding is so
well known it should be done in RTL and realized in transistors.

An all-in-one gateway goes against this. It's cheaper and easier but not
robust enough by my opinion.

As an aside, the Space Shuttle computer system handled byzantine faults
similarly, 4+1 redundant computers that voted at check points. Coded by
different contractors.

I started my career working networks for the initial Space Station design.
We had to identify fault domains first, then build fault tolerance and
redundancy per those. It was called FDIR - fault detection isolation and
recovery.

I then went to Cisco where router engineers thought it ok to have buggy
code and hammer resets because the protocols were designed for self
healing.  But that healing takes time and causes disruptions, e.g latency
spikes.

APs are closer to the latter. Fi-Wi with remote radio heads will be closer
to the former.

Bob


On Sat, Mar 15, 2025, 11:49 AM Daniel Ezell via Nnagain <
nnagain@lists.bufferbloat.net> wrote:

> This is one of the most helpful posts on this list ever. I appreciate the
> whole scope of the discussion, but from time to time you guys drop a gem of
> helpful advice for my real-world needs. Nothing may ever top Dave’s 2021
> email with the crontab script for updating OpenWrt, but this will certainly
> be a reference for me as I prepare my home for the upcoming revelation of
> 10G Sonic Fiber later this year. Thank you Bob, and thank you all.
>
> Daniel Ezell
> https://chronos.academy
>
> > On Mar 15, 2025, at 11:16 AM, Robert McMahon via Nnagain <
> nnagain@lists.bufferbloat.net> wrote:
> >
> >>
> >> In case it's not clear. I am NOT happy with how device manufacturers
> ship old
> >> code and never update it.
> >>
> >
> > I was unhappy about my home network and my paying job is to provide
> > components for such.
> >
> > My home network wasn't resilient enough to carry entertainment,
> > productivity (including distance learning) and medical traffic.
> >
> > The fixes so far have been:
> >
> > o) Don't use an all in one AP anywhere, just use it for wireless bridging
> > o) Use a fronthaul architecture (2.5G - will go to 100G when Fi-Wi is
> ready)
> > o) Use a dedicated firewall & dhcp server with AQM such as fq_codel (I
> > use a protectcli vault)
> > o) Connect the APs (4 for me in 100 sq ft) configured in bridge mode
> > and optimize spacetime, allow for proper RF overlap - not too much,
> > not too little, but just right like the story says.
> > o) Use AP's that support the 6G band
> > o) Use keep connect devices to detect AP failures and power cycle them
> > (hammer approach)
> > o) Use separate ethernet switches where 802.3 switching is needed
> > (don't use the AP integrated switches, they go down per the crappy
> > gateway sw you're likely talking about)
> > o) Implement DHCP guard to protect against rogue DHCP servers
> >
> > Then for monitoring
> > o) Install rpi 5bs with INTC BE200 and pcie Wi-Fi adapters in the
> > rooms that need monitoring
> > o) Install kismet and integrate with kismet to monitor
> > o) Turn on firewall & WAN port monitoring services
> >
> > Only access to devices is ssh with encryption keys, and configure ssh
> > passwordless access.
> >
> > Now, my family can be entertained, do their work and learning, and use
> > their medical instruments with high in-home reliability.
> >
> > It's a thankless job we Dads must do. The home frustration level goes
> > way down and the complaints of "Dad, the internet isn't working again"
> > have gone away - except for when the OSP goes down. The OSP provider
> > tends to send information to me when that happens so my family can
> > work around it.
> >
> > Bob
> >
> <Medical-Devices-with-Wi-Fi-03-15-2025_10_41_AM.png>_______________________________________________
> > Nnagain mailing list
> > Nnagain@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/nnagain
>
> _______________________________________________
> Nnagain mailing list
> Nnagain@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain
>

[-- Attachment #2: Type: text/html, Size: 6356 bytes --]