From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bobcat.rjmcmahon.com (bobcat.rjmcmahon.com [45.33.58.123]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 071833B2A4 for ; Thu, 13 Mar 2025 22:17:59 -0400 (EDT) Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bobcat.rjmcmahon.com (Postfix) with ESMTPSA id 18E6E1B274 for ; Thu, 13 Mar 2025 19:17:58 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bobcat.rjmcmahon.com 18E6E1B274 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rjmcmahon.com; s=bobcat; t=1741918678; bh=thVBPiPrnCclLmk1JUvBu5tWiKTMWIRPwyUe15oSJxY=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=aZaOWFXEiAsUmwDcfH0UemPJfLVfOIAVaABXKieJuBftgAHtvmjZabWKeJsoJ8Rz/ fW9nF5hlNtOsgJpDFlgLHk3xnm17kqHH7xDGIoDiLq5s4hQ91Eje9mTVOMxybdMNIl 83OvFeG+kJyK68CT3gA5q9I0+qAyOKys7DVsBKV0= Received: by mail-ot1-f53.google.com with SMTP id 46e09a7af769-7272f9b4132so1070787a34.0 for ; Thu, 13 Mar 2025 19:17:58 -0700 (PDT) X-Gm-Message-State: AOJu0YylFiHZaXLUgcxiXNxUmiM2ShRrd+4OzkV9AzVr6hUbheVQPtXK fUcZ9u/pvug928nLvC//lJzoYlFAOsTxIMKZBHxpQTYzQQeMGEfJHByFodPumUknLfpBBUazMpc 1KshYDvoUskkWkne7ExV8bKv1vSo= X-Google-Smtp-Source: AGHT+IHS4KAI6XAuZNOJnRNgU0axrJ+2cU3c3kLGEBZ7WcfiuSrCLhUF4e8hZy1xq0faLUTHUILfwPgrNHRmreKOxJk= X-Received: by 2002:a05:6808:23c3:b0:3fa:f848:8dfa with SMTP id 5614622812f47-3fdf026db54mr387534b6e.30.1741918677299; Thu, 13 Mar 2025 19:17:57 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Robert McMahon Date: Thu, 13 Mar 2025 19:17:46 -0700 X-Gmail-Original-Message-ID: X-Gm-Features: AQ5f1JrKzliBc7Bb4FJz-2N2CSOB1acegcFss2TO9r1U5EtFZsWAe1Wb_HQJoYU Message-ID: To: "David Bray, PhD" Cc: =?UTF-8?Q?Network_Neutrality_is_back=21_Let=C2=B4s_make_the_technical_asp?= =?UTF-8?Q?ects_heard_this_time=21?= , Frantisek Borsik Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [NNagain] FCC - delete, delete, delete X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Mar 2025 02:17:59 -0000 yeah, our space walks to fix outdated satellites isn't easily doable nor cost efficient. The parts need to be pluggable, similar to light bulbs. If they need replacement, just swap them out for the improved version. Or if you get a flat, buy a new tire (and don't send that car into space in the first place.) This approach works well inside buildings. The fiber cables, plastic holders, and antennas themselves are the only fixed, long lived parts. Fiber is actually better than copper w/respect to security. China is doing this already and we're way behind. Bob On Thu, Mar 13, 2025 at 6:38=E2=80=AFPM David Bray, PhD wrote: > > Meanwhile there's Salt Typhoon, Volt Typhoon... also this: > > https://spectrum.ieee.org/iridium-satellite > > White Hat Hackers Expose Iridium Satellite Security Flaws > > Users' locations and texts can be intercepted, including DoD employees > > In a recent demonstration, German white hat hackers showed how to interce= pt text messages sent via the U.S. satellite communication system Iridium a= nd locate users with an accuracy of about 4 kilometers. > > The twohackers, known publicly only under the nicknames Sec and Schneider= , made the revelations during a presentation at the Chaos Communication Con= gress in late December in Hamburg, Germany. During the talk, they highlight= ed severe vulnerabilities in services that tens of thousands of users from = the U.S. Department of Defense rely on. > > Although the DoD uses a secure gateway to route and encrypt its traffic, = the hackers were able to see which devices were connecting via the DoD path= way. That allowed the duo to identify and locate DoD users with an accuracy= of about 4 km using a home-assembled eavesdropping kit consisting of a com= mercially available Iridium antenna, a software-defined radio receiver and = a basic computer, such as the Intel N100 mobile CPU or the Raspberry Pi min= i-computer. > > =E2=80=9CWe see devices that register with the DoD service center and the= n we can find their positions from these registrations,=E2=80=9D Sec said d= uring the talk. =E2=80=9CYou don=E2=80=99t have to see the communication fr= om the actual phone to the network, you just see the network=E2=80=99s answ= er with the position, and you then can map where all the registered devices= are.=E2=80=9D > > Iridium=E2=80=99s Legacy Components Still Cause Problems > > The Iridium constellation, first deployed in the late 1990s, is made up o= f 66 satellites disbursed across six orbital planes roughly 870 km above Ea= rth. The constellation, the first to have provided global commercial satell= ite communications services, supports satellite telephony and connects page= rs, emergency beacons, and Internet of Things devices all over the world. O= ut of Iridium=E2=80=99s 2.3 million subscribers, 145,000 are U.S. governmen= t customers. Iridium receivers are also frequently used by vessels at sea a= nd by aircraft pilots exchanging information with other airplanes and with = ground control. > > =E2=80=9CBack then encryption was not something on everyone=E2=80=99s min= d,=E2=80=9D Sec said during the presentation. =E2=80=9CAll the [first gener= ation] Iridium data is unencrypted.=E2=80=9D > > In response to a request for comment, a spokesperson from Iridium says, = =E2=80=9CThis is old news. The DoD and others encrypt their communications = over our network which address the issues this article raises. There is a r= eason the DoD continues to be such a big customer and we expect that to con= tinue well into the future. We have always allowed others to encrypt their = traffic over our network. Our commercial partners have been doing the same = for decades, when and where the markets request it.=E2=80=9D > > Iridium replaced its first-generation fleet with more secure satellites (= the second-generation NEXT constellation) between 2017 and 2019. But accord= ing to satellite and telecommunications industry analyst Christian von der = Ropp, many Iridium devices in use today, including civilian satellite phone= s, still rely on the first-generation Iridium radio protocol that has no en= cryption. > > =E2=80=9CThe regular satellite phones that they sell still operate under = the old legacy protocol,=E2=80=9D says von der Ropp. =E2=80=9CIf you buy a = brand-new civilian Iridium phone, it still operates using the 30-year-old r= adio protocol, and it is subject to the same vulnerability. So, you can int= ercept everything. You can listen to the voice calls, you can read SMS, abs= olutely everything. Out of the box it=E2=80=99s a totally unsecure service.= =E2=80=9D > > Von der Ropp estimates that tens or even hundreds of thousands of Iridium= devices in use today rely on the old, unsecured radio protocol. > > Hackers Reveal Vulnerabilities in Iridium=E2=80=99s Systems > > While the DoD uses an extra layer of encryption to protect the content of= its exchanges, other nations=E2=80=99 agencies appear to be less aware of = the vulnerabilities. In perhaps the most jaw-dropping moment of the hacking= demonstration, Sec revealed a text message exchanged between two employees= of the German Foreign Office that he and Schneider were able to intercept. > > =E2=80=9CI need a good doctor in [Tel Aviv] who can also look at gunshot = wounds. Can you send me a number ASAP,=E2=80=9D read the message sent by a = worker at the Crisis Response Center of the German Foreign Office=E2=80=99s= mission in Tel Aviv. The hackers did not reveal when the exchange had take= n place. > > Using software he and Schneider had created, Sec also showed a map of dev= ices visible in a single moment to their eavesdropping gear located in Muni= ch. Iridium devices as far as London, central Norway and Syria (more than 3= ,000 km away) could be seen. > > =E2=80=9CWith US $400 worth of equipment and freely available software, y= ou can start right away intercepting Iridium communications in an area with= a diameter of hundreds, sometimes even thousands of kilometers,=E2=80=9D s= aid von der Ropp, who was present at the demonstration. =E2=80=9CThe Iridiu= m signal is divided into spot beams that are about 400 km wide. In principl= e, one should only be able to listen to the spot beam overhead. But the sig= nal is so strong that you can also detect many of the surrounding spot beam= s, sometimes up to 2,000 km away.=E2=80=9D > > The DoD, von der Ropp said, is looking for alternatives to Iridium, inclu= ding Starlink. Still, last year Iridium won a $94 million contract to provi= de communication services to the U.S. Space Force. > > Von der Ropp noted that few Iridium users seemed to be active in Ukraine,= suggesting the local forces are potentially aware of Iridium=E2=80=99s sho= rtcomings. The vulnerability of satellite systems and services to disruptio= n and interference by bad actors has become a hot topic since Russia=E2=80= =99s invasion of the country three years ago. The widespread cyberattack on= the ground infrastructure of satellite communication provider Viasat cripp= led the Ukrainian forces=E2=80=99 access to satcom services on the eve of t= he invasion. The incident, which according to analysts was planned by Russi= an state-backed hackers for months, revealed the weakness of Viasat=E2=80= =99s cyber defenses. > > Since then, the number of cyberattacks on satcom providers has increased = exponentially. Global navigation and positioning satellite systems such as = GPS have also been put to the test. Signal jamming is now a regular occurre= nce even outside conflict zones and instances of sophisticated spoofing att= acks, designed to confuse users and send them to wrong locations, are becom= ing increasingly common. > > This story was updated on 14 February 2025 to add a statement from Iridiu= m. > > > > On Thu, Mar 13, 2025 at 2:36=E2=80=AFPM Robert McMahon via Nnagain wrote: >> >> My opinions: >> >> There should be no more linux kernels in the customer premise with >> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw >> bloat that's impossible to secure. Particularly since most noone is >> getting paid for this work. >> >> Reducing the radio head/client (STA) density to near 1/1 and shrinking >> the cell size will minimize the media access latency. Packet latency >> can use non queue building techniques so there will be no substantial >> packet queueing delays. All delay will be distance and speed of >> photons related per physics & spacetime. >> >> Our issue isn't regulators - it's that white collar workers and our >> leadership haven't engaged the blue collar workers, and we haven't >> kept advancing our engineering. We need to teach fiber installer >> businesses how to build these Fi-Wi networks so that our kids get life >> support and productivity capable networks that can be depended upon. >> >> And everyone that adds value needs to be paid somehow. Best done >> through markets. Fi-Wi creates high paying jobs in the trades for in >> premise fiber installers. >> >> I think we lack vision and leadership, followed by execution. It's not >> a cult thing like Musk's failed prophecies - it's the real deal that >> impacts our lives. Low latency will become ubiquitous if we act to our >> abilities. Waiting on regulators is like Waiting for Godot. >> >> Bob >> >> >> On Thu, Mar 13, 2025 at 10:00=E2=80=AFAM Frantisek Borsik >> wrote: >> > >> > Hey Bob, >> > >> > I don't think that improving latency is about mandating of a specific = algorithm - it's about an improvements to broadband definition. >> > Broadband that servers the needs of us all today, goes beyond 100/20, = it's should include a low latency, low consistent jitter. >> > Now, what are the right numbers, that's another discussion. But it's a= discussion we need to have. >> > I would certainly let market to decide on the tools/algorithms that wi= ll achieve those numbers - be it a Quality of Experience middle box (like L= ibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S e= tc. >> > >> > As for the other issues that need some love - for example, making vend= ors to update kernel and provide updates to routers they sold, that's a goo= d thing. >> > >> > All the best, >> > >> > Frank >> > >> > Frantisek (Frank) Borsik >> > >> > >> > >> > https://www.linkedin.com/in/frantisekborsik >> > >> > Signal, Telegram, WhatsApp: +421919416714 >> > >> > iMessage, mobile: +420775230885 >> > >> > Skype: casioa5302ca >> > >> > frantisek.borsik@gmail.com >> > >> > >> > >> > On Thu, Mar 13, 2025 at 5:33=E2=80=AFPM Robert McMahon via Nnagain wrote: >> >> >> >> > >> >> > As for "what the FCC can do", "dissolve itself" comes to mind. AFAI= K, it's been over a decade since they have done anything helpful or useful = for any American citizen who isn't the head of a major corporation. If you = delete the entire organization, there will be no one around to enforce what= ever regs are still on the books so who cares? ... and you'll save another = few 10's of millions of dollars annually which will fit nicely in the pocke= ts of the "good folks", aka FODT. =F0=9F=98=8A=F0=9F=98=8A=F0=9F=98=8A >> >> > >> >> I worked with a CA state regulator in a tech support role prior to >> >> so-called broadband (actually, internet access beyond dial-up MODEMs) >> >> This was post 1996 telco act, just prior to the dot com bubble. The >> >> lobbyists at the time disliked having 50 States regulating things. >> >> They pushed made it so the 5 commissioners on the FCC became the >> >> primary regulators. Many call this regulatory capture. >> >> >> >> Unfortunately, I don't think we can get rid of the FCC. Our utility >> >> poles are mostly regulated by them as one example. >> >> >> >> I also don't think the FCC can mandage any specific AQM algorithm. >> >> That's a long term disaster in the making for sure. Let network >> >> engineers and the market battle that out. >> >> >> >> Bob >> >> >> >> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi >> >> project you may be interested in - not sure. >> >> _______________________________________________ >> >> Nnagain mailing list >> >> Nnagain@lists.bufferbloat.net >> >> https://lists.bufferbloat.net/listinfo/nnagain >> _______________________________________________ >> Nnagain mailing list >> Nnagain@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/nnagain