[Cerowrt-devel] some comments from elsewhere on the lockdown
laurent at guerby.net
Sat Sep 26 05:46:14 EDT 2015
Another US agency vs free software and user freedom :
Volkswagen’s Diesel Fraud Makes Critic of Secret Code a Prophet
SEPT. 22, 2015
That is not how carmakers or even the E.P.A. see things. The code in
automobiles is tightly protected under the Digital Millennium Copyright
Act. Last year, several groups sought to have the code made available
for “good-faith testing, identifying, disclosing and fixing of
malfunctions, security flaws or vulnerabilities,” as Alex Davies
reported last week in Wired.
A group of automobile manufacturers said that opening the code to
scrutiny could create “serious threats to safety and security.” And two
months ago, the E.P.A. said it, too, opposed such a move because people
might try to reprogram their cars to beat emission rules.
On Thu, 2015-09-24 at 12:49 -0700, Dave Taht wrote:
> a commenter that I will keep anonymous wrote:
> Regarding the FCC firmware lockdown issue, I’m sure you’re aware that
> baseband firmware in cellphones has been subject to similar
> restrictions for some time. In fact, the FCC effectively mandates that
> baseband functionality is implemented on a whole separate subsystem
> with its own CPU to make it easier to isolate and protect. Also, the
> cellphone system is designed so that a misbehaving node can be easily
> identified and blocked from the network, making it useless and
> removing most of the incentive to find ways around regulatory
> restrictions. Wi-Fi devices have none of these protections.
> I believe this new attention to Wi-Fi devices is a consequence of many factors:
> The precedent from cellphone baseband firmware control; regulators are
> easily inspired by success stories in related areas
> The substantial increase in flexibility offered by SDR implementations
> Technical ignorance, for example of the difference between OS,
> protocol, and UI firmware and baseband firmware
> The expansion of allowed capabilities in Wi-Fi hardware (from 5.8 GHz
> ISM to the U-NII bands, increases in transmit power allowances, etc.)
> The improved spectrum utilization of newer Wi-Fi modulation schemes
> Inconsistencies among international regulations for spectrum allocation
> Spectrum sharing between Wi-Fi and life safety applications
> The relative lack of attention to (and sometimes, the deliberate
> flouting of) regulatory constraints in open-source firmware
> The increased availability of open-source firmware for higher-power
> and narrow-beam Wi-Fi devices (not just the WRT-54G :-)
> And probably more I can’t think of off the top of my head, but which
> regulators are obsessing over every day.
> Although I agree with the spirit of your FCC email draft letter, it
> does not address most of these factors, so it’s likely to be seen as
> missing the point by regulators. If you want to reach these people,
> you have to talk about the things they’re thinking about.
> What you ought to be pushing for instead is that Wi-Fi devices be
> partitioned the same way cellphones are, defining a baseband section
> that can be locked down so that the device can’t operate in ways that
> are prohibited by the relevant local regulations, so that the OS,
> protocol, and UI code on the device can be relatively more open for
> the kinds of optimizations and improvements we all want to see.
> It’s possible that the partition could be in software alone, or in
> some combination of hardware and software, that doesn’t require a
> cellphone-style independent baseband processor, which would add a lot
> of cost to Wi-Fi devices. For example, the device vendor could put
> baseband-related firmware into a trusted and _truly minimal_ binary
> module that the OS has to go through to select the desired frequency,
> power, and modulation scheme, even for open-source solutions. That
> doesn’t mean the source code for the binary module can’t be published,
> or even that there can’t be a mandate to publish it.
> I’m sure that doesn’t sound like a great solution to you, but making
> it easy for end users to configure commercial devices to transmit at
> maximum power on unauthorized frequencies using very dense modulation
> schemes doesn’t sound like a great solution to regulators, and the
> difference between you and the regulators is that they are more
> determined and, frankly, better armed. It will do you no good to
> constrain the range of the solutions you’ll accept so that it doesn’t
> overlap with the solutions they will accept.
> . png
> On Sep 21, 2015, at 5:10 AM, Dave Taht <dmt at millcomputing.com> wrote:
> Huh. I have been interested in mesh networking for a couple of years
> now, and curious about Battlemesh, but I had no idea I knew someone
> who was active in it.
> Are there any other reports online from this year or last year? The
> website doesn't seem to serve any purpose beyond announcing the event.
> As you can tell I am way, way behind on my email. I've mostly been
> chasihg funding for my main project, make-wifi-fast for over a year
> now - I added in the mill and the "cake switch chip" to that overall
> list as I tried to climb the financial ladders. My funding at google
> dried up suddenly (due to the re-org), and I was forced to chase other
> avenues. I think i got a grant from comcast coming in, but it is for
> 1/10th the total I needed for make-wifi-fast... and it is hung up in
> legal, and in the fact the work has to mostly happen in europe.
> So I've moved to europe, trying to find bases in bristol, england,
> berlin, and sweden. That's taken a while (I dropped out of the mill
> process in may or so due to the sudden google silences, and the lack
> of compiler - and I view mill's biggest problem is funding, so it
> seems like just combining my own quest with yours the right thing)
> I was very involved in the early days of wireless networking but
> dropped out by 2002 or so, much to my now, later regret. The only devs
> left that understand it at more than one level all go to battlemesh,
> so I've been there twice. I still find it quite discouraging how few
> grok the minstrel algorithm, or what is wrong with packet aggregation.
> A billion+ users that all think wifi "just works", and "always
> sucked"... :( I gave a talk on the latter as well at at this
> anyway the videos and results from this battlemesh are all now online.
> I am pushing on all fronts, but being a manager was a bit wearying so
> I took time out to do some recording at a place called theconvent.net
> for the past 2 weeks. Haven't played the piano so much in 5 years!
> Youtube videos:
> blog post: https://wlan-si.net/en/blog/2015/09/08/battlemesh-v8-and-its-many-stories/
> The test results were dismal, as expected. Finally knocking a few
> heads to use abusive network tests like what toke and I developed were
> hopefully an eye-opener, and a lot more people grok what
> make-wifi-fast is really about, and how to do it.
> one very positive outcome of the fcc talk was a level of net outrage
> and organisation over some new fcc rules I have not seen before. My
> letter to the fcc, in progress, with vint cerf and other
> co-signers is up for review at:
> A similar letter has to go to the eu, as they just passed similar rules.
> as much as I would like to be working on the mill, it seems politics,
> finance, and organisation are in more need of my attentions right now.
> but I will keep plugging y'all at every opportunity.
> But, but... as I said, I just took a few weeks off and am picking up
> the pieces and trying to figure out what to focus on, at the moment.
> If you wish a faster response to my email, please use dave.taht at gmail.com
More information about the Cerowrt-devel