Slashdot Mirror
Domain: tapr.org
Stories and comments across the archive that link to tapr.org.
Stories · 7
-
Open-Hardware Licensed Handheld Software-Defined Radio In the Works
An anonymous reader writes "Chris Testa recently presented at TAPR Digital Communications Conference and annouced his development work on a hand-held software defined radio. Running uClinux on an ARM Corex-M3 coupled to a Flash-based FPGA, it will be capable of receiving and transmitting from 100MHz to 1GHz. Designed to be low power, Chris has designed the radio primarily with the Amateur 2m and 70cm bands in mind. Currently in early prototyping stage, Chris intends to release the design under the TAPR Open Hardware License." -
Open-Hardware Licensed Handheld Software-Defined Radio In the Works
An anonymous reader writes "Chris Testa recently presented at TAPR Digital Communications Conference and annouced his development work on a hand-held software defined radio. Running uClinux on an ARM Corex-M3 coupled to a Flash-based FPGA, it will be capable of receiving and transmitting from 100MHz to 1GHz. Designed to be low power, Chris has designed the radio primarily with the Amateur 2m and 70cm bands in mind. Currently in early prototyping stage, Chris intends to release the design under the TAPR Open Hardware License." -
Bruce Perens Answers Your Questions
A while ago you had the chance to ask Bruce Perens about how open source has changed in the past 15 years, what's happening now, and what's to come. Bruce has been busy traveling, but he's found some free time and sent in his answers. Read below to see what he has to say. Where Is the Open Source Hardware?
by eldavojohn
Recently at Linux.conf.au 2012 you gave the keynote and you said: “Open source is the only credible producer of software and now hardware that isn’t bound to a single company’s economic interest,” Well, where is this open source hardware? Every time something comes up on Slashdot reported to be "open source hardware" there's a whole slew of comments about how it's not truly open source. Anything from "where are the schematics" all the way down to the verilog/VHDL compilers and place/route algorithms being closed source. I've seen a 3D printer but not much else that meets the most stringent requirements. So tell me, where is this seemingly mythical "open source hardware" that will now free me from a single company's economic interest?
Bruce: Actually, I didn't give a talk about “Open Source Hardware”. All of my speeches are about “Open Hardware” , and I say it that way for marketing reasons. One of my largest criticisms of the entire Free Software community is that we are “inward-facing”. Our communications are mostly targeted to each other rather than to the public we should be marketing to. And then we wonder why the general public aren't using our stuff, and why laws get passed that work against us. It's our own fault.
So, “Open Source Hardware” is marketed to people who already understand Open Source. That's limiting the audience. I try to do real marketing, take time to understand the person who is the target of the message, and I always try to be outward-facing. I joke that the inward-facing crowd might soon call it “Free/Libre Open Source Hardware” or FLOSHW. Ugh.
So, the problem we are having in getting Open Hardware that's really Open is actually diagnosed right in your question: we need it to be separate from any company's economic interest. Which means making it with a non-profit. The very best organization that I've seen for making Open Hardware is TAPR, which specializes in ham radio and ultra-precise frequency and time. Their most interesting current project is a complete software-defined radio transceiver for global-range communications.
TAPR does manufacturing runs successfully, and funds new designs, and have been doing this for decades although only more recently is it formally “Open Hardware”. TAPR decided at their annual meeting this year that they will use their TAPR Open Hardware License on the devices they fund – they previously had a non-commercial license option which is now deprecated.
So, I'd suggest TAPR as a model for organizations that would successfully produce Open Hardware. TAPR, however, caters to a specialist community. Can we do the same thing with a product meant to reach the general public?
Jumping to radio software for a moment, check out the Codec2 project, where we have an excellent codec for two-way radio that does telephone quality voice in 150 bytes per second (1200 Baud). We are replacing the proprietary codecs that, unfortunately, are in commercial products for radio hams and are the government-mandated standard for two-way radio for police, fire, etc.
In about a century of ham radio, this closed codec was the first time that we had a technology that we weren't allowed to understand and to build by ourselves. That had to change, and I'm glad to say we're successful. The first prototype of Free Software for international digital voice communications is working, I think we're close to getting it in the hands of the world's hams. It works with their their SSB radios, but uses half the bandwidth of SSB voice, with better quality and better range.
To put Codec2 in walkie talkies, I am obviously looking at Open Hardware. But I won't talk about that until I have working hardware to show.
Best Open Source hardware licenses?
by Alwin Henseler
On a related note: what are the best licenses for libre hardware designs, that:
1.) Allow linking smaller projects as part of larger ones, possibly with different licensing on those other parts. Think HDL re-implementations of various chips in FPGA based designs that consist of a number of them (and many other things like that). I've seen the GPL slapped on a few smaller projects that are meant to combine with other (differently licensed) parts, where in legal sense this wouldn't even be allowed as everything is linked in the same binary (FPGA programming file).
2.) Don't require an entire evening and/or a lawyer to read (especially for hobbyists). For this reason I personally like BSD style licenses, while at the same time I'm leaning towards (L)GPL when it comes to openness of a design. Appreciated would be a short intro on pro's/con's of specific licenses, and make / break issues why a hardware designer would pick one over the other.
Bruce: Hi Alwin,
You've touched on a few issues that I think we got wrong with Open Source, and that I hope we can do better with Open Hardware.
The first is that there are a ton of licenses, and that too many of us spend time figuring out how they interact. Imagine if all of the recommended licenses actually were compatible with each other, and there were so few that we could understand them all. You really can have that, and have a BSD-like license, a LGPL-like license, and a GPL-like license, each to address a different business requirement. About three licenses that work together would be optimal. I think I know which three would do it today, and am hoping to have the full recommendation out soon.
Now, the bad news. Copyright doesn't really work for schematics the way it works for programs. If you look at the law in the U.S., which is 17 USC 102(b), it's pretty clear:
In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work.
So, functional stuff is the domain of patent rather than copyright. I have had this online for a year or so at Hardware Isn't Generally Copyrightable in the hope that the community's expectations will be corrected.
Having read that, you might wonder why software is copyrightable at all. It turns out that only the expressive elements in software, which (in short) are parts that would be written differently by different programmers, rather than parts that are always required to function, are copyrightable. This was important in the recent Oracle v. Google case (where I played a minor role) and you can understand it better by reading about Computer Associates International, Inc. v. Altai, on Wikipedia.
So, our licenses tend to govern how we can distribute the plans to Open Hardware more than the hardware itself. For example, around 2007 a team applied the GPL to the Gray-Hoverman antenna, which was covered on Slashdot. While a lot of people felt that the GPL would prevent commercial manufacturing of the antenna, I think that anyone can manufacture and sell it as long as they don't redistribute the plans with it. So, our licenses are imperfect for hardware.
That said, let's concentrate on the parts of hardware that are copyrightable and apply licenses to them. There is some special protection for FPGA bitstreams in law, so we do have some copyrightable elements. At the moment, I recommend the TAPR Open Hardware License as a GPL-like license. There is also an Apache-like hardware license that I am considering.
There is a CERN Open Hardware License that I would like to use as a LGPL-like license, but I feel it needs modification before it is safe for the community to use, and thus I either recommend you not use it at present, or that you remove the following paragraph from it.
“6.5 Except as may be otherwise agreed with the Intergovernmental Organization, any dispute with respect to this License involving an Intergovernmental Organization shall, by virtue of the latter's Intergovernmental status, be settled by international arbitration. The arbitration proceedings shall be held at the place where the Intergovernmental Organization has its seat. The arbitral award shall be final and binding upon the parties, who hereby expressly agree to renounce any form of appeal or revision.”
As you can see, that paragraph creates a specially-protected class of users, organizations like CERN, who have their own special court where you, the creator of the design, would be at a severe disadvantage and would have to spend a ton of money just to get there and enforce your rights. No other Open Source license gives special rights to a particular class of users against the developers! This license doesn't comply with the Open Source Definition or the Open Hardware Definition as long as that particular paragraph is in place.
Nothing but that particular paragraph is a problem. If CERN removed it, the license would be acceptable.
Changes in licensing of open source projects
by TWX
At one point, my employer was considering open source software for a particular printing need. During their evaluation phase the producer of the software decided to close the source, and my employer got nervous and decided to back out of using the software. I assume that any version released under GPL is still perfectly valid to use even if later versions are no longer GPL, and that should anyone, be they my employer or anyone else, decide to fork the project from that last GPL-licensed release, they'd be free to do so, and that my employer's decision to no longer use the software was unnecessary. I expect that I'm not the first person to see this occur with a company getting cold feet because of a license change. Have you been involved in this before, and how have other organizations handled it when software they were using stopped being open source or changed licenses in newer releases?
Bruce: There are all sorts of perception problems in business. One of the most disturbing was when a major international bank told me that Linux was no longer gratis (free of charge) because Red Hat was charging per system. They somehow felt that they didn't have an option but to pay Red Hat.
And then there are the companies who feel that they are helping the community by paying for Red Hat or by joining the Linux Foundation. If you want to help Linux or Open Source, help a free software project directly. Red Hat exists for Red Hat's stockholders, and while the Linux Foundation is sometimes helpful, it represents large companies rather than the developer community, and only a fraction of its budget pays actual programmers.
Regarding the problem your company had, I've noticed that sometimes it's when a company decides to close source that the project really gets opened. LibreOffice is an excellent example. It is everything that OpenOffice should have been and never was allowed to be – and not because OpenOffice closed, but because there was a lack of trust that existed for a decade but finally became intolerable with the Oracle purchase. We really should have forked the project away from Sun years earlier.
Interestingly enough, the Oracle-and-IBM-supported “Apache OpenOffice” doesn't have the traction that LibreOffice has, and doesn't look like it's going to get it. There's enough strength in a real community to easily beat one with corporate support.
Yes, the GPL protects your rights forever. It doesn't terminate and it really doesn't matter if someone decides to close their source or not, the GPL code you have is always free. But your company might have had a problem if no viable fork of the project formed. Going it alone might have been no fun.
What has changed since 2001?
by i.r.id10t
Bruce - your interviews make up a large portion of the documentary "Revolution OS". If a second part were to be made starting now in 2012 or early 2013, what changes do you think would be highlighted?
Bruce: It's unfortunate that J.T.S. Moore's Revolution OS is as much the story of VA Linux Systems as it is about Open Source.
So, let's tell the story after the movie ends: people had no problem buying Linux hardware from HP and Dell, even though it wasn't their specialty. VA's sales didn't sustain its stock price, and the few people who had really large amounts of stock kept selling while the stock value fell, and fell, and fell. One or two folks became very rich while most lost. In the end the company was split up mostly for its web assets (including Slashdot), which have been no great performers.
So, in retrospect I think J.T.S. could have stuck to the community side and the film wouldn't be quite so dated today. But I don't know if VA was supporting the film then, and if that's the reason he made it partly about them.
I have a whole lot more hair in that film than I do now :-)
UserLinux vs. Android
by jbolden
Bruce, you were the founder of UserLinux which aimed to create binary compatibility for Linux, a simple VAR platform. Google with Android attempted something similar. How well do you believe Android fulfills the objectives you set out for UserLinux. And where they missed do you believe those misses were unavoidable given the changes in focus (desktop vs. handset) or something where a minor change of strategy could allow them to achieve those missed objectives?
Tablets/Phones
by zoward
Bruce, first off, thank you for everything you've done to advance the cause of FLOSS. My question: It's not hard to notice the shift in mass market computing away from the PC and toward the tablet and phone. While at its core Android runs the Linux kernel, it's hard for me to think of it with the same fondness that I have for my favorite FLOSS OS distributions. I can't just load up a new Linux distro on my Acer tablet, or in many cases even an updated version of Android, short of "jailbreaking" it. It's seems clear to me that such hardware is designed with the intent to replicate Apple's success with a vertical hardware/software stack. Given this (or perhaps not given this, if you disagree with my statements above), what do you think the future of open source will be in the tablet and phone world? Android? Meego? WebOS? Something else? Will it be open source programs in a not-quite-completely open OS like Android?
Bruce: If you just stand in an Apple store some time, you will notice the crowd of happy, enthusiastic people who are joyfully binding themselves to Apple's way of doing things. Those folks sincerely believe that their new tools give them freedom, too. The freedom to do things that would be more difficult or impossible otherwise. Similarly, one must acknowledge that the Kindle gives people freedom from those awkward stacks of paper at the same time we acknowledge the existing and potential abuses of the device.
The fact that normal folks are going with iPad and Kindle or a locked-down Android should not be lost on Free Software developers. We aren't meeting the needs of these folks well enough to even be given the chance to teach them about their electronic freedom. We must change, it makes zero sense to expect them to do so for us until we do.
I am conflicted about Android for the same reasons as user “zoward”, and I do have a strategic direction as requested by “jbolden” but it is not a minor one. I want to change the mission of our entire community to be more outward-facing and to have more sympathy for the common person rather than, as we do today, to make our software mostly for our own community to use. One reason that Android is successful is that we weren't making any alternative and never started any organization that could have gotten phones on carriers. Even Hildon/Maemo/Meego was mainly a Nokia-driven effort rather than a community one. Now, I think the Mozilla project might be able to do that with its feature-phone platform, we'll see.
On the one hand, you might say that Android is the fulfillment of getting Linux in the hands of real users. It's the Linux Desktop that never was, at least never was in the hands of normal people in any large number. I think that there are more Android phones activated daily than there are Ubuntu users.
On the other hand, the usual Android device brings users none of the benefits of Free Software. It's locked down, and unless you are lucky enough to be a target of the latest release of CyanogenMod, your device is probably stuck with the Android version is comes with forever. The rooting community for these devices are more like script kiddies than the Free Software developers I know. With a few exceptions there is nothing like real release management among them, and one has to search through boards for the latest software version for a phone. Some manufacturer's devices are pitifully easy to brick to the point that you need JTAG to recover, although if you build the device the way Google wants you to, that's less of a problem. Samsung, for one, doesn't do things in Google's way for no reason that I understand.
I bought an Android tablet from one of the few companies that respects your freedom. The hardware, though, is rather lacking for the price. Maybe they'll be able to catch up.
I don't really see any Android community that has succeeded in bringing freedom to a significant number of users. I am hoping that the Mozilla foundation will do better with their feature-phone platform.
I think there is room for more community work on making our systems, including GNOME and KDE, attractive to non-geeks and getting together a platform that really does give freedom to non-hackers in significant numbers. Right now, our tablet-oriented interfaces are mostly intolerable on the desktop, but I'm sure they'll improve.
This is part of being outward-facing. If we are not making products for people outside of our community, we're really just playing with ourselves. That's strong, but the mission – of having a real platform with freedom and real people using it – is super-important.
Favorite hack
by vlm
Kick back and tell the tale of your favorite hack. For example, Linus had a good one in his interview. You define hack, and favorite. Hardware, software, legal, moral, ethical, financial whatever. Something you did, or something you saw someone else do. As long as its your story. The only requirement of the story is that it be a good story.
Bruce: My favorite hack is a social one. One day, right here on Slashdot, I announced “Open Source” to the world. We were standing on the shoulders of Richard Stallman, but Richard was poorly suited to empathize with normal people - rather than us hackers – and thus evangelize to them. A policy document that I had created for the Debian project 8 months earlier became the manifesto of the Open Source movement and the definition of Open Source licensing, and has remained that way to this day.
I was just another programmer, out of millions of programmers, sending out a manifesto on the then baby Internet. Six months after the announcement of Open Source there was a Microsoft press conference in which Craig Mundie was asked by a reporter if Microsoft would Open Source Windows NT. Mundie answered that Open Source wasn't just source code, that it was about licensing intellectual property in ways that conflicted with Microsoft's model. Mundie had read my manifesto and was explaining it to the press. That's my favorite hack.
While revolutions eat their leaders, I seem to have survived. As has Richard.
What's out of scope?
by Lev13than
Almost anything you can do or use today has an open source option. You have open source options for everything from your operating system [linux.org] to your chat app [blueimp.net]. You can read open source textbooks, cookbooks [wikibooks.org] and encyclopedias [wikipedia.org]. You can even build an open source airplane [makerplane.org] or brew your own free beer [freebeer.org] (free beer as in free speech, not free beer as in free beer). Given all these options, what part(s) of your life would you be unwilling to open source? Your children's education? Vaccines? A pacemaker? If so, what would your test be for deciding that a closed-source option is the only choice?
Bruce: I defer to Karen Sandler on the topic of pacemakers. If you haven't read her story, do so.
A lot of the life-and-property-critical things you mention would be better if the world could look over the shoulder of their developers the way we do with Open Source developers. Devices aren't safe until they're disclosed and safe. What we've found about medical devices is that their code standards are often horribly low and that they still are based on the idea of security-by-obscurity rather than any real security. Only having many eyes – even though those eyes can't contribute modifications directly – will solve that problem.
In the name of safety, I would like to see disclosure of the code of Google's self-driving automobiles. They don't have to Open Source it, but trade secret is wrong for life-and-property-critical devices that are operating autonomously around us. I think this is a mission that our community should get behind. Let's give Google a nudge on this!
You mentioned cookbooks. For reasons already discussed about hardware above, recipes aren't copyrightable. The photos, the commentary, and the compilation (the organization of all of the recipes into a book) are copyrightable. So, with the proprietary cookbook recipes you have more rights than you might have known.
That MakerPlane's not for real yet, and the RepRap never came close to making other RepRaps so completely as a couple of goldfish can produce more fish. I have been a critic of hype in the community, and at least in the RepRap case I think my criticism helped to get it cleaned up.
So, what's not right for Open Source? I helped to make feature films at Pixar and have an IMDB credit on two of them. While you can create stories in an Open Source paradigm, the best of them seem to be made in the conventional one. I believe that films should be playable on any device and should not be encumbered with DRM. I don't see a problem with an artist being paid for each copy of a film or music.
I put the question of entertainment being different from tools before John Sullivan, the new executive director of the Free Software Foundation, in front of an audience at the Libre Software World Conference a few weeks ago in Santiago de Compostela. John thought the issue of whether entertainment must be free was off-message for the Free Software Foundation. I think it may still be a personal issue for Richard Stallman, but it doesn't appear to clearly be FSF policy.
I don't believe we need the full freedom that we desire in our tools for something that is merely entertainment. But I do think there is a set of freedoms that is important for entertainment: the freedom to move them in place and time and play them on any device, the freedom to convert them in format, the freedom to preserve them as part of history, the freedom to report, caricature and criticize.
For life-and-property critical devices, it may be necessary for someone to stand between any Open Source community and the users, and make sure that the version the users get is free of any chance of malicious, incorrect, or naïve additions. The Debian OpenSSL Key Bug of several years ago is the classic example of a naïve addition. It is worthwhile for some devices to be guarded from that sort of problem, and for the result to be paid for per copy. But this does not mean that there can not be an Open Source community developing experimental versions of the same thing, and (through filters) contributing to the protected one.
Does SaaS change everything?
by Anonymous Coward
Now that most interesting new software is delivered to us over the web or via other network protocols, does this marginalize the contributions of open source and free software? For example Google, Amazon, and Facebook all have had some involvement with open source software as both users and contributors, but for the most part their technology stacks above the OS level (Linux) are under lock and key.
Bruce: Google, Amazon, Facebook all acknowledge a simple economic fact. There is no point in having your own programmers write anything that is not a customer-visible business differentiator for your company if you can get it from the Open Source community. A “business differentiator” in this case means something that makes your company look better than a competitor, to the customer directly. Too much “glue code”, and “infrastructure” is written by organizations that have no real need to do so if they would adopt Open Source. The message that is driving them to do so is the huge stack of cash being made by the companies that do use us.
We are, ironically, seeing a revolution in proprietary software that we created. We enabled these companies to work better with our Free Software, while we didn't, even when we used GPL, compel them to share everything.
Some time ago Free Software evangelists recognized that SaaS breaks the GPL. The Affero GPL was created to handle the Googles of the world. I participated in the very first internal FSF meeting on this issue, which must be more than a decade ago.
There is no economic or technical issue that prevents us from serving Free Software to people. Our community can do better against these companies than we are at present. The story's not over.
Usability in open source software?
by Jim Hall
Bruce, I'm doing a study of usability in open source software - how user interfaces can be designed in Free / open source programs so the program is easy to use by real people. So my question is twofold: What Free / open source program really got it right with usability? What qualities make for good usability in Free / open source software?
Bruce: Although I evangelize the issue of building our software for people outside of our community, I am no expert in usability at all. So, what that means is that there is room for others to evangelize best practices. I'd like to learn. I'll gladly pass your message along, if you build a compelling case.
If I had to guess, I'd say that Mozilla has more expertise in this than many Free Software projects. I have been running the GNOME 3 desktop in Debian Sid for a month or so, and I am not sure GNOME 3 is quite there yet. Keep it up, folks!
Can the Open Source community work smarter?
by WaywardGeek
The days of open collaboration between Linux developers has been hampered by binary incompatibility, and high hurdles to share software on popular software platforms like Debian and Fedora, and Gnome/GTK. We've seen hard feelings and fractures between groups like Ubuntu and Gnome, and lot's of unhappy users. Are the days of freely sharing software on lists essentially in the past, or is there some way to once again pump life into that creative engine? Can we work smarter?
Bruce: I think there are enough of us to staff conflicting forks. It is interesting that most of the conflicts you mention are between user-facing organizations. The lack of binary compatibility is unnecessary, and IMO is mostly driven by commercial distributions for their own economic interest.
I'm going to give you a solution for this that some will find offensive. Sorry, but it's what I believe. Don't help Red Hat. Don't help Ubuntu. Only help community projects and non-profits. Unfortunately, Red Hat and Ubuntu aren't really taking the community where we need to be. We thought they would, but they didn't get us sufficient users, and didn't get us the users we need for the most part, and the negative effects they have (like isolating us from our own users, and being public representatives in their own interest instead of the community's) aren't worth the rest. We need to work on other ways of getting to users that aren't Ubuntu and Red Hat.
Impending death of GPL
by fatphil
What is your reaction to the frequent stories in various media about people migrating away from the GPL and using less restrictive licenses, complete with predictions that the GPL will eventually become irrelevant? Do you believe that there's any truth to that - do you believe that the GPL is intrinsically moribund, or do you dismiss such stories as simply being partisan shiller
Bruce: I think it's 100% B.S. And it appears to me that it's driven by Black Duck and it really is time that someone called them upon it. I think the stories get them publicity, and maybe they are appealing to a prospective customer base who are indeed nervous about the GPL. But the trend they portray isn't a real one.
Of course, business has nothing to fear from the GPL if they will invest in proper due diligence. Bradley Kuhn of the Software Freedom Conservancy, the entity that brings most GPL enforcement action, notes that the companies he goes after are the ones who are “going 100 miles an hour in a crosswalk”. That means a total failure of due diligence. I have seen Bradley waive enforcement against a company once they showed good intention in working to resolve compliance issues. He wanted to spend his time going after the more flagrant ones.
People use licenses for economic purposes, although they might not always think of it that way. Web platforms, because they are all about combining scripts, use the gift-style licenses instead of the sharing-with-rules ones. Black Duck takes this to be some sort of trend against further use of the GPL. The actual trend is that there are more and larger web platforms.
Thanks for the great questions, folks! It was fun to answer them. -
Bruce Perens Answers Your Questions
A while ago you had the chance to ask Bruce Perens about how open source has changed in the past 15 years, what's happening now, and what's to come. Bruce has been busy traveling, but he's found some free time and sent in his answers. Read below to see what he has to say. Where Is the Open Source Hardware?
by eldavojohn
Recently at Linux.conf.au 2012 you gave the keynote and you said: “Open source is the only credible producer of software and now hardware that isn’t bound to a single company’s economic interest,” Well, where is this open source hardware? Every time something comes up on Slashdot reported to be "open source hardware" there's a whole slew of comments about how it's not truly open source. Anything from "where are the schematics" all the way down to the verilog/VHDL compilers and place/route algorithms being closed source. I've seen a 3D printer but not much else that meets the most stringent requirements. So tell me, where is this seemingly mythical "open source hardware" that will now free me from a single company's economic interest?
Bruce: Actually, I didn't give a talk about “Open Source Hardware”. All of my speeches are about “Open Hardware” , and I say it that way for marketing reasons. One of my largest criticisms of the entire Free Software community is that we are “inward-facing”. Our communications are mostly targeted to each other rather than to the public we should be marketing to. And then we wonder why the general public aren't using our stuff, and why laws get passed that work against us. It's our own fault.
So, “Open Source Hardware” is marketed to people who already understand Open Source. That's limiting the audience. I try to do real marketing, take time to understand the person who is the target of the message, and I always try to be outward-facing. I joke that the inward-facing crowd might soon call it “Free/Libre Open Source Hardware” or FLOSHW. Ugh.
So, the problem we are having in getting Open Hardware that's really Open is actually diagnosed right in your question: we need it to be separate from any company's economic interest. Which means making it with a non-profit. The very best organization that I've seen for making Open Hardware is TAPR, which specializes in ham radio and ultra-precise frequency and time. Their most interesting current project is a complete software-defined radio transceiver for global-range communications.
TAPR does manufacturing runs successfully, and funds new designs, and have been doing this for decades although only more recently is it formally “Open Hardware”. TAPR decided at their annual meeting this year that they will use their TAPR Open Hardware License on the devices they fund – they previously had a non-commercial license option which is now deprecated.
So, I'd suggest TAPR as a model for organizations that would successfully produce Open Hardware. TAPR, however, caters to a specialist community. Can we do the same thing with a product meant to reach the general public?
Jumping to radio software for a moment, check out the Codec2 project, where we have an excellent codec for two-way radio that does telephone quality voice in 150 bytes per second (1200 Baud). We are replacing the proprietary codecs that, unfortunately, are in commercial products for radio hams and are the government-mandated standard for two-way radio for police, fire, etc.
In about a century of ham radio, this closed codec was the first time that we had a technology that we weren't allowed to understand and to build by ourselves. That had to change, and I'm glad to say we're successful. The first prototype of Free Software for international digital voice communications is working, I think we're close to getting it in the hands of the world's hams. It works with their their SSB radios, but uses half the bandwidth of SSB voice, with better quality and better range.
To put Codec2 in walkie talkies, I am obviously looking at Open Hardware. But I won't talk about that until I have working hardware to show.
Best Open Source hardware licenses?
by Alwin Henseler
On a related note: what are the best licenses for libre hardware designs, that:
1.) Allow linking smaller projects as part of larger ones, possibly with different licensing on those other parts. Think HDL re-implementations of various chips in FPGA based designs that consist of a number of them (and many other things like that). I've seen the GPL slapped on a few smaller projects that are meant to combine with other (differently licensed) parts, where in legal sense this wouldn't even be allowed as everything is linked in the same binary (FPGA programming file).
2.) Don't require an entire evening and/or a lawyer to read (especially for hobbyists). For this reason I personally like BSD style licenses, while at the same time I'm leaning towards (L)GPL when it comes to openness of a design. Appreciated would be a short intro on pro's/con's of specific licenses, and make / break issues why a hardware designer would pick one over the other.
Bruce: Hi Alwin,
You've touched on a few issues that I think we got wrong with Open Source, and that I hope we can do better with Open Hardware.
The first is that there are a ton of licenses, and that too many of us spend time figuring out how they interact. Imagine if all of the recommended licenses actually were compatible with each other, and there were so few that we could understand them all. You really can have that, and have a BSD-like license, a LGPL-like license, and a GPL-like license, each to address a different business requirement. About three licenses that work together would be optimal. I think I know which three would do it today, and am hoping to have the full recommendation out soon.
Now, the bad news. Copyright doesn't really work for schematics the way it works for programs. If you look at the law in the U.S., which is 17 USC 102(b), it's pretty clear:
In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work.
So, functional stuff is the domain of patent rather than copyright. I have had this online for a year or so at Hardware Isn't Generally Copyrightable in the hope that the community's expectations will be corrected.
Having read that, you might wonder why software is copyrightable at all. It turns out that only the expressive elements in software, which (in short) are parts that would be written differently by different programmers, rather than parts that are always required to function, are copyrightable. This was important in the recent Oracle v. Google case (where I played a minor role) and you can understand it better by reading about Computer Associates International, Inc. v. Altai, on Wikipedia.
So, our licenses tend to govern how we can distribute the plans to Open Hardware more than the hardware itself. For example, around 2007 a team applied the GPL to the Gray-Hoverman antenna, which was covered on Slashdot. While a lot of people felt that the GPL would prevent commercial manufacturing of the antenna, I think that anyone can manufacture and sell it as long as they don't redistribute the plans with it. So, our licenses are imperfect for hardware.
That said, let's concentrate on the parts of hardware that are copyrightable and apply licenses to them. There is some special protection for FPGA bitstreams in law, so we do have some copyrightable elements. At the moment, I recommend the TAPR Open Hardware License as a GPL-like license. There is also an Apache-like hardware license that I am considering.
There is a CERN Open Hardware License that I would like to use as a LGPL-like license, but I feel it needs modification before it is safe for the community to use, and thus I either recommend you not use it at present, or that you remove the following paragraph from it.
“6.5 Except as may be otherwise agreed with the Intergovernmental Organization, any dispute with respect to this License involving an Intergovernmental Organization shall, by virtue of the latter's Intergovernmental status, be settled by international arbitration. The arbitration proceedings shall be held at the place where the Intergovernmental Organization has its seat. The arbitral award shall be final and binding upon the parties, who hereby expressly agree to renounce any form of appeal or revision.”
As you can see, that paragraph creates a specially-protected class of users, organizations like CERN, who have their own special court where you, the creator of the design, would be at a severe disadvantage and would have to spend a ton of money just to get there and enforce your rights. No other Open Source license gives special rights to a particular class of users against the developers! This license doesn't comply with the Open Source Definition or the Open Hardware Definition as long as that particular paragraph is in place.
Nothing but that particular paragraph is a problem. If CERN removed it, the license would be acceptable.
Changes in licensing of open source projects
by TWX
At one point, my employer was considering open source software for a particular printing need. During their evaluation phase the producer of the software decided to close the source, and my employer got nervous and decided to back out of using the software. I assume that any version released under GPL is still perfectly valid to use even if later versions are no longer GPL, and that should anyone, be they my employer or anyone else, decide to fork the project from that last GPL-licensed release, they'd be free to do so, and that my employer's decision to no longer use the software was unnecessary. I expect that I'm not the first person to see this occur with a company getting cold feet because of a license change. Have you been involved in this before, and how have other organizations handled it when software they were using stopped being open source or changed licenses in newer releases?
Bruce: There are all sorts of perception problems in business. One of the most disturbing was when a major international bank told me that Linux was no longer gratis (free of charge) because Red Hat was charging per system. They somehow felt that they didn't have an option but to pay Red Hat.
And then there are the companies who feel that they are helping the community by paying for Red Hat or by joining the Linux Foundation. If you want to help Linux or Open Source, help a free software project directly. Red Hat exists for Red Hat's stockholders, and while the Linux Foundation is sometimes helpful, it represents large companies rather than the developer community, and only a fraction of its budget pays actual programmers.
Regarding the problem your company had, I've noticed that sometimes it's when a company decides to close source that the project really gets opened. LibreOffice is an excellent example. It is everything that OpenOffice should have been and never was allowed to be – and not because OpenOffice closed, but because there was a lack of trust that existed for a decade but finally became intolerable with the Oracle purchase. We really should have forked the project away from Sun years earlier.
Interestingly enough, the Oracle-and-IBM-supported “Apache OpenOffice” doesn't have the traction that LibreOffice has, and doesn't look like it's going to get it. There's enough strength in a real community to easily beat one with corporate support.
Yes, the GPL protects your rights forever. It doesn't terminate and it really doesn't matter if someone decides to close their source or not, the GPL code you have is always free. But your company might have had a problem if no viable fork of the project formed. Going it alone might have been no fun.
What has changed since 2001?
by i.r.id10t
Bruce - your interviews make up a large portion of the documentary "Revolution OS". If a second part were to be made starting now in 2012 or early 2013, what changes do you think would be highlighted?
Bruce: It's unfortunate that J.T.S. Moore's Revolution OS is as much the story of VA Linux Systems as it is about Open Source.
So, let's tell the story after the movie ends: people had no problem buying Linux hardware from HP and Dell, even though it wasn't their specialty. VA's sales didn't sustain its stock price, and the few people who had really large amounts of stock kept selling while the stock value fell, and fell, and fell. One or two folks became very rich while most lost. In the end the company was split up mostly for its web assets (including Slashdot), which have been no great performers.
So, in retrospect I think J.T.S. could have stuck to the community side and the film wouldn't be quite so dated today. But I don't know if VA was supporting the film then, and if that's the reason he made it partly about them.
I have a whole lot more hair in that film than I do now :-)
UserLinux vs. Android
by jbolden
Bruce, you were the founder of UserLinux which aimed to create binary compatibility for Linux, a simple VAR platform. Google with Android attempted something similar. How well do you believe Android fulfills the objectives you set out for UserLinux. And where they missed do you believe those misses were unavoidable given the changes in focus (desktop vs. handset) or something where a minor change of strategy could allow them to achieve those missed objectives?
Tablets/Phones
by zoward
Bruce, first off, thank you for everything you've done to advance the cause of FLOSS. My question: It's not hard to notice the shift in mass market computing away from the PC and toward the tablet and phone. While at its core Android runs the Linux kernel, it's hard for me to think of it with the same fondness that I have for my favorite FLOSS OS distributions. I can't just load up a new Linux distro on my Acer tablet, or in many cases even an updated version of Android, short of "jailbreaking" it. It's seems clear to me that such hardware is designed with the intent to replicate Apple's success with a vertical hardware/software stack. Given this (or perhaps not given this, if you disagree with my statements above), what do you think the future of open source will be in the tablet and phone world? Android? Meego? WebOS? Something else? Will it be open source programs in a not-quite-completely open OS like Android?
Bruce: If you just stand in an Apple store some time, you will notice the crowd of happy, enthusiastic people who are joyfully binding themselves to Apple's way of doing things. Those folks sincerely believe that their new tools give them freedom, too. The freedom to do things that would be more difficult or impossible otherwise. Similarly, one must acknowledge that the Kindle gives people freedom from those awkward stacks of paper at the same time we acknowledge the existing and potential abuses of the device.
The fact that normal folks are going with iPad and Kindle or a locked-down Android should not be lost on Free Software developers. We aren't meeting the needs of these folks well enough to even be given the chance to teach them about their electronic freedom. We must change, it makes zero sense to expect them to do so for us until we do.
I am conflicted about Android for the same reasons as user “zoward”, and I do have a strategic direction as requested by “jbolden” but it is not a minor one. I want to change the mission of our entire community to be more outward-facing and to have more sympathy for the common person rather than, as we do today, to make our software mostly for our own community to use. One reason that Android is successful is that we weren't making any alternative and never started any organization that could have gotten phones on carriers. Even Hildon/Maemo/Meego was mainly a Nokia-driven effort rather than a community one. Now, I think the Mozilla project might be able to do that with its feature-phone platform, we'll see.
On the one hand, you might say that Android is the fulfillment of getting Linux in the hands of real users. It's the Linux Desktop that never was, at least never was in the hands of normal people in any large number. I think that there are more Android phones activated daily than there are Ubuntu users.
On the other hand, the usual Android device brings users none of the benefits of Free Software. It's locked down, and unless you are lucky enough to be a target of the latest release of CyanogenMod, your device is probably stuck with the Android version is comes with forever. The rooting community for these devices are more like script kiddies than the Free Software developers I know. With a few exceptions there is nothing like real release management among them, and one has to search through boards for the latest software version for a phone. Some manufacturer's devices are pitifully easy to brick to the point that you need JTAG to recover, although if you build the device the way Google wants you to, that's less of a problem. Samsung, for one, doesn't do things in Google's way for no reason that I understand.
I bought an Android tablet from one of the few companies that respects your freedom. The hardware, though, is rather lacking for the price. Maybe they'll be able to catch up.
I don't really see any Android community that has succeeded in bringing freedom to a significant number of users. I am hoping that the Mozilla foundation will do better with their feature-phone platform.
I think there is room for more community work on making our systems, including GNOME and KDE, attractive to non-geeks and getting together a platform that really does give freedom to non-hackers in significant numbers. Right now, our tablet-oriented interfaces are mostly intolerable on the desktop, but I'm sure they'll improve.
This is part of being outward-facing. If we are not making products for people outside of our community, we're really just playing with ourselves. That's strong, but the mission – of having a real platform with freedom and real people using it – is super-important.
Favorite hack
by vlm
Kick back and tell the tale of your favorite hack. For example, Linus had a good one in his interview. You define hack, and favorite. Hardware, software, legal, moral, ethical, financial whatever. Something you did, or something you saw someone else do. As long as its your story. The only requirement of the story is that it be a good story.
Bruce: My favorite hack is a social one. One day, right here on Slashdot, I announced “Open Source” to the world. We were standing on the shoulders of Richard Stallman, but Richard was poorly suited to empathize with normal people - rather than us hackers – and thus evangelize to them. A policy document that I had created for the Debian project 8 months earlier became the manifesto of the Open Source movement and the definition of Open Source licensing, and has remained that way to this day.
I was just another programmer, out of millions of programmers, sending out a manifesto on the then baby Internet. Six months after the announcement of Open Source there was a Microsoft press conference in which Craig Mundie was asked by a reporter if Microsoft would Open Source Windows NT. Mundie answered that Open Source wasn't just source code, that it was about licensing intellectual property in ways that conflicted with Microsoft's model. Mundie had read my manifesto and was explaining it to the press. That's my favorite hack.
While revolutions eat their leaders, I seem to have survived. As has Richard.
What's out of scope?
by Lev13than
Almost anything you can do or use today has an open source option. You have open source options for everything from your operating system [linux.org] to your chat app [blueimp.net]. You can read open source textbooks, cookbooks [wikibooks.org] and encyclopedias [wikipedia.org]. You can even build an open source airplane [makerplane.org] or brew your own free beer [freebeer.org] (free beer as in free speech, not free beer as in free beer). Given all these options, what part(s) of your life would you be unwilling to open source? Your children's education? Vaccines? A pacemaker? If so, what would your test be for deciding that a closed-source option is the only choice?
Bruce: I defer to Karen Sandler on the topic of pacemakers. If you haven't read her story, do so.
A lot of the life-and-property-critical things you mention would be better if the world could look over the shoulder of their developers the way we do with Open Source developers. Devices aren't safe until they're disclosed and safe. What we've found about medical devices is that their code standards are often horribly low and that they still are based on the idea of security-by-obscurity rather than any real security. Only having many eyes – even though those eyes can't contribute modifications directly – will solve that problem.
In the name of safety, I would like to see disclosure of the code of Google's self-driving automobiles. They don't have to Open Source it, but trade secret is wrong for life-and-property-critical devices that are operating autonomously around us. I think this is a mission that our community should get behind. Let's give Google a nudge on this!
You mentioned cookbooks. For reasons already discussed about hardware above, recipes aren't copyrightable. The photos, the commentary, and the compilation (the organization of all of the recipes into a book) are copyrightable. So, with the proprietary cookbook recipes you have more rights than you might have known.
That MakerPlane's not for real yet, and the RepRap never came close to making other RepRaps so completely as a couple of goldfish can produce more fish. I have been a critic of hype in the community, and at least in the RepRap case I think my criticism helped to get it cleaned up.
So, what's not right for Open Source? I helped to make feature films at Pixar and have an IMDB credit on two of them. While you can create stories in an Open Source paradigm, the best of them seem to be made in the conventional one. I believe that films should be playable on any device and should not be encumbered with DRM. I don't see a problem with an artist being paid for each copy of a film or music.
I put the question of entertainment being different from tools before John Sullivan, the new executive director of the Free Software Foundation, in front of an audience at the Libre Software World Conference a few weeks ago in Santiago de Compostela. John thought the issue of whether entertainment must be free was off-message for the Free Software Foundation. I think it may still be a personal issue for Richard Stallman, but it doesn't appear to clearly be FSF policy.
I don't believe we need the full freedom that we desire in our tools for something that is merely entertainment. But I do think there is a set of freedoms that is important for entertainment: the freedom to move them in place and time and play them on any device, the freedom to convert them in format, the freedom to preserve them as part of history, the freedom to report, caricature and criticize.
For life-and-property critical devices, it may be necessary for someone to stand between any Open Source community and the users, and make sure that the version the users get is free of any chance of malicious, incorrect, or naïve additions. The Debian OpenSSL Key Bug of several years ago is the classic example of a naïve addition. It is worthwhile for some devices to be guarded from that sort of problem, and for the result to be paid for per copy. But this does not mean that there can not be an Open Source community developing experimental versions of the same thing, and (through filters) contributing to the protected one.
Does SaaS change everything?
by Anonymous Coward
Now that most interesting new software is delivered to us over the web or via other network protocols, does this marginalize the contributions of open source and free software? For example Google, Amazon, and Facebook all have had some involvement with open source software as both users and contributors, but for the most part their technology stacks above the OS level (Linux) are under lock and key.
Bruce: Google, Amazon, Facebook all acknowledge a simple economic fact. There is no point in having your own programmers write anything that is not a customer-visible business differentiator for your company if you can get it from the Open Source community. A “business differentiator” in this case means something that makes your company look better than a competitor, to the customer directly. Too much “glue code”, and “infrastructure” is written by organizations that have no real need to do so if they would adopt Open Source. The message that is driving them to do so is the huge stack of cash being made by the companies that do use us.
We are, ironically, seeing a revolution in proprietary software that we created. We enabled these companies to work better with our Free Software, while we didn't, even when we used GPL, compel them to share everything.
Some time ago Free Software evangelists recognized that SaaS breaks the GPL. The Affero GPL was created to handle the Googles of the world. I participated in the very first internal FSF meeting on this issue, which must be more than a decade ago.
There is no economic or technical issue that prevents us from serving Free Software to people. Our community can do better against these companies than we are at present. The story's not over.
Usability in open source software?
by Jim Hall
Bruce, I'm doing a study of usability in open source software - how user interfaces can be designed in Free / open source programs so the program is easy to use by real people. So my question is twofold: What Free / open source program really got it right with usability? What qualities make for good usability in Free / open source software?
Bruce: Although I evangelize the issue of building our software for people outside of our community, I am no expert in usability at all. So, what that means is that there is room for others to evangelize best practices. I'd like to learn. I'll gladly pass your message along, if you build a compelling case.
If I had to guess, I'd say that Mozilla has more expertise in this than many Free Software projects. I have been running the GNOME 3 desktop in Debian Sid for a month or so, and I am not sure GNOME 3 is quite there yet. Keep it up, folks!
Can the Open Source community work smarter?
by WaywardGeek
The days of open collaboration between Linux developers has been hampered by binary incompatibility, and high hurdles to share software on popular software platforms like Debian and Fedora, and Gnome/GTK. We've seen hard feelings and fractures between groups like Ubuntu and Gnome, and lot's of unhappy users. Are the days of freely sharing software on lists essentially in the past, or is there some way to once again pump life into that creative engine? Can we work smarter?
Bruce: I think there are enough of us to staff conflicting forks. It is interesting that most of the conflicts you mention are between user-facing organizations. The lack of binary compatibility is unnecessary, and IMO is mostly driven by commercial distributions for their own economic interest.
I'm going to give you a solution for this that some will find offensive. Sorry, but it's what I believe. Don't help Red Hat. Don't help Ubuntu. Only help community projects and non-profits. Unfortunately, Red Hat and Ubuntu aren't really taking the community where we need to be. We thought they would, but they didn't get us sufficient users, and didn't get us the users we need for the most part, and the negative effects they have (like isolating us from our own users, and being public representatives in their own interest instead of the community's) aren't worth the rest. We need to work on other ways of getting to users that aren't Ubuntu and Red Hat.
Impending death of GPL
by fatphil
What is your reaction to the frequent stories in various media about people migrating away from the GPL and using less restrictive licenses, complete with predictions that the GPL will eventually become irrelevant? Do you believe that there's any truth to that - do you believe that the GPL is intrinsically moribund, or do you dismiss such stories as simply being partisan shiller
Bruce: I think it's 100% B.S. And it appears to me that it's driven by Black Duck and it really is time that someone called them upon it. I think the stories get them publicity, and maybe they are appealing to a prospective customer base who are indeed nervous about the GPL. But the trend they portray isn't a real one.
Of course, business has nothing to fear from the GPL if they will invest in proper due diligence. Bradley Kuhn of the Software Freedom Conservancy, the entity that brings most GPL enforcement action, notes that the companies he goes after are the ones who are “going 100 miles an hour in a crosswalk”. That means a total failure of due diligence. I have seen Bradley waive enforcement against a company once they showed good intention in working to resolve compliance issues. He wanted to spend his time going after the more flagrant ones.
People use licenses for economic purposes, although they might not always think of it that way. Web platforms, because they are all about combining scripts, use the gift-style licenses instead of the sharing-with-rules ones. Black Duck takes this to be some sort of trend against further use of the GPL. The actual trend is that there are more and larger web platforms.
Thanks for the great questions, folks! It was fun to answer them. -
Eric Blossom on GNU Radio
Eric Blossom has responded to your questions about GNU Radio. He notes that he's gotten a lot of inquiries from people wanting to help out, and that they have their "hands full with the software and are hoping that some other folks will chip in on the hardware", so if you're interested in assisting, go to it.1) Hardware requirements
by wowbagger
The GNU radio page is a little thin on the hardware requirements to run the code - could you spell them out?
I realize this might be complex, and that the answer might be of the form:
"to demodulate a 16QAM signal at 115.2kBaud, you would need an XYZ digitizer card reading the 455 kHz IF and a AAA GHz Athlon CPU. To recover standard multplex FM, you would need a 123 digitizer reading the 455 kHz IF and a BBB GHz Athlon. To decode GSM you need a FFF digitizer reading the 10.7 MHz IF and a quad Athlon."
But as both a ham and one who designs SDRs, I'd like to know where this resides on the Home Hacking Scale....
Eric: There are two basic paths down the software radio path. One I'll call "narrow band", and this corresponds to most of what you're seeing sold as "DSP enhanced" transceivers. The TAPR DSP-10 kit would fall in this category. In effect, these are conventional radios which are down converting to baseband, or near baseband, and have an IF bandwidth in the 20 kHz range.
For narrow band work with GNU Radio, you'll need some kind of RF tuner/transverter. Someone pointed out that in one of the latest issues of QEX magazine there's an article about a kit that is designed to be the RF front end for a software radio that connects to a sound card. I haven't seen the article so I can't comment. The TAPR DSP-10 would also work. Just leave out the Analog Devices DSP and plug the kit into your sound card. You could wiggle the control lines using the parallel port.
To summarize, for narrow band software radio work, you'll need your sound card and some kind of RF front end. Pretty much any contemporary Pentium/Athlon machine will have plenty of horsepower.
The other path I'll call "wide band". This is personally the area that I find most interesting because it is with wide band that you are able to do things that you can't do with a conventional radio. Chief among these is the ability to concurrently receive (or transmit) multiple channels/stations/frequencies. In the examples directory of the GNU Radio code, you'll find an example that receives and demodulates 2 FM broadcast stations and puts one out the left channel and one out the right. Matt Ettus, another GNU Radio developer, has built a demo that receives 4 narrow band FM channels concurrently. These demos run fine on a 1800+ Athlon, or 1.7 GHz P4.
For the wide band stuff our "standard configuration" is a TV tuner module designed for cable modems that tunes from 50MHz to 890MHz with an IF of 5.75 MHz. The module is a Microtune 4937 DI5. We connect the output of the tuner directly to a 20M sample/second 12-bit A/D converter. The converter we're using is the Measurement Computing PCI DAS4020/12. It'll do 4 channels at 10M sample/sec or 2 channels at 20M sample/second. From the hobbyist's point of view, it's not cheap, about $1300, but it is the cheapest, fastest off the shelf solution that we found.
With our "standard configuration" we ought to be able to handle IS-136. GSM would be possible if our RF front end would cover the 1.9 GHz range. Vanu, Inc has a GSM receiver running on a 1GHz pentium laptop, so we know it's possible.
2) Re:Hardware requirements
by d.valued
Tangential to this.. is there any talk amongst the GNU Radio folks on building a piece of hardware that complements this software project, or is supposed to work with whatever devices the user has on hand/will build?
Eric: This question comes up frequently. Mostly we've got our hands full with the software and are hoping that some other folks will chip in on the hardware. From our software point of view, we'll talk to any hardware that you can provide a driver for. Fundamentally all we need is a way to get samples into and out of memory.
We do have some ideas about our ideal hardware. See ettus.com/sdr/. The key items are:- 14-bit A/D converter 40-100 Msamples/sec (e.g., AD6645 or AD9244)
- 14-bit D/A converter 40-100 Msamples/sec
- FPGA (digital downconverter / upconverter / bus interface)
- some kind of bus interface, either 64-bit PCI or USB-2
There are also a few threads in the mailing list archives about ideal hardware.
3) Sounds familiar
by FreshMeat-BWG
As in WinModems doing the modulation/demodulation. These devices were a nightmare. After trying several I went back to a good old hardware-based-modulation modem.
Are there parallels to this technology? and if so, how will GNU Radio avoid those pitfalls?
Eric: Part of the problem with WinModems is the "Win" part of the equation. Modems place pretty substantial hard real time demands on the OS. It's not necessarily the total amount of CPU that's a problem. It's that it the code needs to be run on time or it's no good at all.
So far most of our work has been receive only, and we dodge the bullet by using the Measurement Computing A/D card which combined with the driver I wrote DMAs directly into user space. Given say, 16 MB of buffer, you can cover all sorts of non-real time problems. The driver is written so that it only needs service about once every 10ms, no problem on today's hardware, and will sustain 80 MB / second across the PCI bus.
When we attempt a TDMA transceiver, we may need hardware that will support time stamps so that we can synchronize our input and output streams. See above for ideal hardware with FPGA.
4) What external hardware?
by Consul
I read through the GNU Radio website, and even though I found it informative in terms of the basic idea and examples, I couldn't find anything relating to what extra hardware is needed. (Maybe I just didn't look long enough?)
What extra hardware is needed in addition to a computer? Are we talking DSP chips and boards, or something a little more exotic?
Thank you for a potentially exciting project, though. This makes me want to renew my ham radio license.:o)
Eric: See above. No DSP chips or boards. Today's commodity PC hardware kicks ass on just about all DSPs as long as you're not worried about power consumption. You'll need some kind of RF to IF transverter and A/D & D/A converters (either a sound card, or something with more bandwidth, depending on your interest and budget.)
5) Describe your dream hardware for a software radio
by geirt
I want a feature list containing all the geeky details:
Frequency range.
Eric: 30 MHz up to about 2.5 GHz.
Coverage in the 5 GHz unlicensed band would be nice too.
Bandwidth (do you want to sample the whole FM band (or GSM/GPS/CB/ham bands), or just a single channel/station).
Eric: Whole swaths of the RF spectrum!
12.5 MHz would be nice.
Sample frequency and depth (ie, fast and few bits, and do decimation in software or slow and many bits with less CPU overhead)
Eric: For 12.5 MHz we'll need about 31M samples/sec, call it 40M samples/sec. 14-bits. More is better.
Necessary spurious free dynamic range, or some other dynamic range specification.
Eric: More is better. The best part I know of is the AD6645, and they're claiming 100 dB multitone SFDR.
Interface to the PC (PCI, firewire, USB...).
Eric: 64-bit PCI would work, but it's a lousy interface for a laptop. Maybe USB-2. Firewire would be OK, but I think it's got more hair on both ends. We've also thought about Gig ethernet.
Antenna connector (OK, I know that one: BNC)
Eric: BNC.
6) Convergence Devices
by Nomad7674
This technology sounds like the kind of thing which could greatly add to the convergence of devices that clutter the electronic life. You could extend convergence not only as a Smartphone but have in one device (though perhaps not simultaneously):
1. Cell phone
2. Computing power (PDA)
3. FRS radio device
4. 802.11x network device
5. Police scanner
6. Television reciever
7. etc.
Eric: I believe that convergence is ultimately where we're headed. We're a way off, mostly with respect to power consumption, but I believe that that will take care of itself eventually. The MIPS/Watt of programmable hardware is unlikely to beat that of dedicated ASICs, but ultimately, if my universal reconfigurable communication device runs all day on a single charge, who cares?
Have you been approached by police departments, FedEx, etc. to develop devices to allow their people to do more stuff in fewer packages?
Eric: We haven't. I can see a scenario where somebody else is building the hardware and we're providing the software.
7) As a college student, how do I get involved? by McCart42
If I'm interested in doing research in this field someday, and I'm currently a computer engineering major, what are some good electives that I might take? Aside from general programming necessities, what sort of signal processing courses are necessary to understand the underlying aspects of software-defined radio?
Eric::- DSP fundamentals, filtering, FFT, freq-vs-time domain, etc.
- Basic RF might be useful; you don't need to be a specialist
- Digital comms. Builds on the DSP stuff, but adds specifics for communications. Coding theory, ideal receiver design, channel capacity, phase lock loops, etc.
- Anything about protocols in general. Once you get up above the raw bits, software radios don't look that much different than any other layered communication protocol.
8) FCC vs. Software Radio
by minddog
I was recently at H2K2 and heard this forum which right away made me ecstatic(sp?). An issue that was brought up was how this can impact the DMCA, FCC, and the big corps. You guys were saying Sony, and the other conglomerates were forming a committee that would do a digital signature to say what was allowed to be copied, and not through a dual channel checking...My question is what is the status of digital radio and its rights in the present world? To my understanding you can have a very high number of digital channels inside a single band which makes licensed analog frequencies just a waste of money to corporations if they use GNURadio as a means to transmit data long distances. Anyways, looking forward to some feedback and goodwork, I'll be joining this revolution soon, just got the dual server built;)
Eric: Here are three subtopics under the "FCC vs Software Radio" flag:
(1) General prohibition on receiving certain signals
The FCC, throwing a bone to cell phone operators, banned the reception of certain frequency bands used by cellular phones. In addition, the Electronic Communication Privacy Act (ECPA) expanded the ban to include other communications such as pagers. These provisions have been called by others "The Foreign Intelligence Empowerment Act". That is, they ban the interception of signals that are trivially interceptable, as if making it illegal would "keep the customers safe". In fact, this same sham extends into the world of digital cellular, where the signals are still effectively in the clear, and are vulnerable to eavesdropping.
Free software has no problem complying with such regulations as the code below illustrates:
#ifdef IM_IN_THE_USA
if (freq >= 825e6 && freq throw "Forbidden Frequency";
#endif
(2) ATSC Digital TV "Broadcast Flag" MPAA/CPTWG/BPDG
Alphabet soup:
ATSC: Advanced Television Standards Committee (digital broadcast TV)
MPAA: Motion Picture Association of America (Disney, Fox, et al)
CPTWG: Copy Protection Technology Working Group (www.cptwg.org)
BPDG: Broadcast Protection Discussion Group.
Short form: Certain content providers (MPAA) want TV broadcasters to set a bit, called the "Broadcast Flag", in the MPEG transport stream that TV stations are broadcasting in the clear (i.e., no crypto). The flag is intended to mean "Don't copy me". The MPAA/CPTWG/BPDG folks are then trying to convince the consumer electronics manufacturers that it is in their best interest to build crippled devices that honor the bit, and finally, since it's not obvious than any consumer would buy such a damaged device, they want to ban non-compliant receivers.
After conversations with MPAA/CPTWG/BPDG, we have been unable to find any solution where open source or free software can comply with their proposed "Robustness Requirements". Hence, open source and free software implementations of ATSC receivers, VSB demodulators and VSB modulators would be banned under their proposals. Several fundamental issues are at stake: freedom of choice, freedom to innovate, and software as protected first amendment speech.
The FCC has issued a "Notice of Proposed Rule Making" about the Broadcast Flag. In addition, it is rumored that a bill is being drafted in case the FCC won't play along.
The EFF has a wonderful blog covering this topic in detail.
(3) SDR upgrades and FCC
Recognizing the importance of SDR, the FCC, in its First Report and Order dated September 14, 2001, created a new class of equipment and associated authorization procedures. In its Report the Commission stated, "We anticipate that software defined radio technology will allow manufacturers to develop reconfigurable transmitters or transceivers that can be multi-service, multi-standard and multi-band." Continuing, the FCC stated, "These changes will facilitate the deployment and use of this promising new technology, which we believe will facilitate more efficient use of the spectrum."
From the free software point of view, what remains to be seen is what kind of "authorization procedures" will be approved. What is envisioned is some kind of digitally signed configuration or executable that can be loaded into the existing hardware. In an free software/hardware world with no clear administrative hierarchy, it's not evident who gets to say what signatures the hardware will accept. This looks like a ruling that "software radio is OK for the incumbents", but doesn't really spell out what the situation is for the free software / open source / open spectrum point of view.
9) Re:Interference
by Louis_Wu
"This is one project where hacking the code can kill people or land you in jail. Don't broadcast on the wrong frequency! Keep this away from radio telescopes!"
Eric: OK.
That brings up a good question. Are there going to be some software restrictions on which frequencies you can use? Would those restrictions be in the source or options you can change on the fly?
Eric: Ultimately the frequency range that can be transmitted depends on the RF hardware, not the software. The vast majority (all?) of the code in a software radio has no idea of the final RF frequency. It's doing its processing at some IF frequency, which is ultimately up converted once the samples leave the CPU.
It seems like a good idea to put at least one barrier between users and transmitting on police frequencies. But what kind of barrier? Should any restrictions prevent listening as well? What about military transmissions? Or air traffic control frequencies? Or the band the Secret Service uses?
Eric: In general, my philosophy is that if people don't want their communications listened to they should encrypt them. This has been standard practice for thousands of years (see Kahn, "The Codebreakers").
I agree the that hardware should be designed such that accidents are minimized. One possible route for hobbyists would be to design the RF hardware such that it would only transmit on one of the unlicensed bands. There are still requirements about transmitted power, and these requirements vary depending on the band and the modulation strategy, but that would at least reduce the chances of accidental interference.
Note however, if you're building a software radio that bridges between different public safety networks, you'd certainly want to be able to transmit.
Where should the line be drawn? What does the law say?
Eric: Do no evil? The law of what land?
For another perspective on "interference" and who "owns" spectrum, I heartily recommend the "Open Spectrum Resource Page".
10) Hardware patents?
by cornice
Up until now, free software has mostly threatened closed commercial software. GNU Radio, however, might make some hardware manufacturers squirm a bit. If I can use a generic device along with GNU Radio to emulate a range of devices how will this impact the makers of those devices and are you (or users of GNU Radio) possibly violating patents for some of those devices? It seems that GNU Radio will stir up more mud in the IP and DRM debates. What are your thoughts on this?
Eric: Since the hardware manufacturers make their money selling hardware, and we want to buy hardware I don't really see a problem. I'd just like them to build some nice, inexpensive, fully documented hardware on which I can run my free software.
Yes, we will be able to emulate a bunch of devices, and it might cause some heart burn for certain folks. For example, I don't generally want to be carrying around a GPS receiver, but in the moment that I want to know where I am, it would be handy for my universal communication device to configure itself as one and figure out where we are. I'm not sure of the patent specifics on that particular application, but I understand your point nevertheless.
I think the mud will be stirred far and wide. I think that this is a good thing. General purpose hardware keeps getting more useful and powerful, and hence valuable to the end user. At the same time, in certain situations, dedicated devices clearly win over the general purpose in areas of convenience, size and ease of use. I think this tension is good, and better products will emerge from it.
11) Plans for UWB
by wfrp01
Will GNU Radio support Ultra Wide Band? Soon, someday, never?
Great project. Thanks.
Eric: We currently don't support Ultra Wide Band. GNU Radio is a signal processing toolbox. If you had the appropriate UWB RF front end, you could use GNU Radio for the signal processing.
See aetherwire.com for background info on ultra-wideband technology. -
Interview: The L0pht Answers
This week's "main" interview guest is L0pht Heavy Industries as a group. (We hope to have answers from Linux International head Jon "maddog" Hall tomorrow). Many insightful questions for the L0pht guys were posted Monday. Today, lots of insightful answers on everything from political controls on the Internet to hardware hacking. (Click below to read.)1) Which do you consider more dangerous
by Gleef
Which do you consider more dangerous to personal liberties on the Internet, national governments or multinational corporations, and why?L0pht
While both Governments and multinational corporations are detrimental to personal liberties on the Internet, one must not overlook the greatest danger of them all. The uninformed citizen. In democracies, this is problematic, where governmental policy typically follows public opinion. In the case of the Internet, one will find that most citizens of the world are willing to give up personal liberties in exchange for perceived safety and piece-of-mind. For the safety of the children, is cited commonly.Many people believe that anonymous access to the Internet is criminal behavior. Government would like you to think privacy is an "anti-social" behavior. You should have nothing to hide, should you? You wouldn't be reading up on the consecration of explosives, looking up security holes in various operating systems, or possibly downloading the latest crypto software, would you? Only terrorists do that.
Governments are lobbied by uninformed citizens, or citizens which are easily manipulated and swayed by various groups across the gambit of our modern civilization. Multinational corporations have their hand in the fray by funding these groups or by participation in Associations which provide counsel to government officials on technical matters. Often recommending legislation which will better the profit taking over the sanctity of "personal liberties."
Multinational corporations are problematic in that they operate in a proprietary world. Often outside parties will scrutinize the technological fabric of a communciations service being provided. Should a flaw be found, and published, the corporation claims that the flaw itself is detrimental to the service being provided and litigation is dispatched on the party disclosing the flaw. This has been the case in the Cellular communications venue. Cloning a cellular telephone was a real thorn in the side of the Cellular Industry. They took their gripes to the US Government. The CTIA and their ilk successfully swayed Washington to pass legislation to combat the cellular fraud. Result: A portion of the radio spectrum was made _forbidden_ to reception. Possession of an eprom programmer, a computer, and a cellular telephone became a crime. Meanwhile, the cellular network REMAINS open to eavsdropping. Money is power, and with power comes influence. However, in the end it was the Government, sucking up to industry, which passed the law.
Law Enforcement and Intelligence gathering communities dwell within the governmental domain. Both are lobbying lawmakers to pass laws to give them greater powers to combat crime in this high tech world. Surveillance is paramount. They will convince the lawmakers that without the keys to all communications, a bomb may be set outside Parliment or Congress or .
The government pursuades the people, the people pursuade the government. Who planted the seed first? Those who understand the technology are too busy working on the next cool widget. Meanwhile the technological world rushes toward a global dictatorship and the populace embraces it under the guise of security.
2) The net: strip mall or unlimted human potential?
by garagekubrick
The halcyon days of the net are gone. With ubiquity - the underground vanishes. Is it well on its way, with people like the CEO of Amazon being worshipped by the mainstream press, to becoming an enormous cyber strip mall, marketing tool, PR exercise in control of perception...Or is there still an underground? Does it still have a potential to be the one true medium with liberation? Will governments and coroporations end up controlling it? Cause they are winning small, important victories relentlessly...
L0pht
The Internet has changed dramatically over the last year or two and with it the underground has also changed. Back in the good ole days (1995+6) every web site was underground, hell the entire internet was underground.As the web increasingly encroaches onto the mainstream and large portal and corporate sites take over feeding you only the information they want you to see, the underground will evolve and change and morph to suit its surroundings.
There is definitely still an underground. In some aspects it is a lot larger than it used to be and in others it seems to be much much smaller. I think labeling the underground as 'the one true medium with liberation' is laying it on a little thick. The internet underground has been nothing but the exploration for knowledge, if you are looking to it to save mankind from itself your looking in the wrong place.
Governments are increasingly encroaching on personal liberties and freedoms of the average citizen, this is unfortunate. How much longer before the population as a hole realizes what is going on and says enough? Maybe they will never wake up. Will the governments eventually control the internet? Possibly. It is hard to tell but there will always be those who will resist that control and the underground will continue in one form or another.
While the web, as you put it, may become 'an enormous cyber strip mall' I can't help but think of the trash dumpsters behind that mall and what secrets they may hold.
3) Internet Worm II
by tilly
Several months ago I began predicting that someday someone would find a buffer overflow in the various Windows TCP-IP stacks and use it to write a worm that would bring down the Microsoft part of the Internet and cause so much traffic as to effectively shut down everything else. I further predict that until an event of this magnitude happens, the general public will not really learn the basic lessons about security that the *nix world was forced to learn from the first worm.What are your thoughts on this prediction? (Timeline, reasonableness, etc.)
L0pht:
I believe your prediction is right on track. However, I don't feel that an Internet Worm II is necessary to teach Microsoft, its customers, or its vendors, about security. There are three ways to implement a security model, the slow way, the fast way, and the right way. The slow way involves making a bunch of little mistakes and fixing them over time as you find them, correcting your policies and implementations. The fast way involves having a major disaster occur, after which the faulty parts of the system are completely torn apart and reimplemented. In practice, the slow way often leads to the fast way.Which brings us to the right way: To design software with a security policy in mind, and with extra caution, care, and expenditure during the implementation. OpenBSD's model of proactive security measures is a classic example of 'the job done right'. Retroactively applied security measures are a recipe for disaster.
Rant off.
As for when Microsoft is going to learn about these things, they'll first have to learn that 'bigger isn't necessarily better'. They need to stop believing their own FUD before they can actually make change over there. When I read things like the article at http://www.microsoft.com/ntserver/nts/news/msnw/LinuxMyths.asp, particularly the parts about Linux being less 'secure' than Windows NT, I'm appalled at the ridiculous 'facts' that are being used to back up their claims. For example, they claim that:
"Linux only provides access controls for files and directories. In contrast, every object in Windows NT, from files to operating system data structures, has an access control list and its use can be regulated as appropriate."
While this statement is true, they neglect to mention the fact that under a unix operating system, most things that correspond to Windows NT kernel objects, file, data structures, etc, are represented as files. Hence, the coverage of the security model for Linux is just as extensive, even more so, than Windows NT. This is a particularly bad statement, simply because it's not only incorrect, but the converse is true. Linux is more flexible in terms of permission management. Try setting the access controls on who can bind to a particular port under Windows NT, with the ease of chmod and portfs under Linux, and you'll fail miserably. And the list goes on.
(And as for 'access control lists', we've noticed that Windows can't seem to get the right default ACLs anyway, and that the complexity of managing them has outweighted the value of their 'flexibility'.)
As for your comments on the Windows NT TCP/IP stack being vulnerable to attack (possibly, who knows :P) and the possibility of a worm destroying Windows systems, the possibility is very real. And again, this possiblity is not unique to Windows. They're just a likely target at this point in time.
It would take a feat of dedication and great skill, but the possibility is there. My advice to anyone who's worried about this, is this: If you're going to use Windows NT, you should probably keep that firewall in place between those Windows service ports and the rest of the world. Microsoft loves to add services and open ports to your computer when you're not looking. And it's probably not going to be the IP stack, it'll probably be some goofy listening service, like anonymous share enumeration or something. Or maybe remote access to NetDDE. Or some authentication protocol that doesn't like large Netbios fields. Or possibly even some undocumented functionality in the named pipe filesystem used for RPC. Who knows. Personally, I'm not going to wait around to find out.
4)The Public's Perception of Hacking
by dmuth
First, I should probally preface this geek for several years, and love playing with technology, so I feel I am able to relate to the hacking community.Anyway, my question is, how do you deal with the way the public (including the media) percieves "hackers"? I've seen some clueless people use the term to describe *anyone* who does anything with a computer that they find > objectionable. I've even heard the term applied to spammers!
Needless to say, the misue of the term makes my blood boil, because I feel a certain respect towards the real hackers, such as yourselves, because you guys do know what you're doing, unlike all of the script kiddies out that that either have the term applied by clueless reporters, or they use it on themselves.
So, I'd be interested in knowing how you cope with this sort of problem, as I've noticed this sort of perception of the hacking communtiy for some time.
L0pht:
The first thing you need to do is refer to yourself as a hacker and be prepared to educate the person you are talking to what you mean by that. It doesn't matter if you are talking to someone from the media, or the government, or the business world. People need to know the real meaning of hacking, its history, and what a positive thing it is.A lot of the time we talk to the media just because we are afraid that if we don't there will be no one they talk to who will describe hacking in a positive light. No one to describe it as other than defacing web pages or breaking into .mil sites. This was one of the reasons we wanted to talk to MTV. We were afraid their story would be all about criminal hackers. If you saw the MTV show you saw that sometimes resistance against the media memes is futile. The show was 95% about illegal activity.
Yet the world of hackers is 95% non-criminal. Probably a better percentage of people behaving positively than most segments of society. It is a world of people exploring the edges of technology and building things. The crazy thing is the government is making more and more of that exploration illegal.
Reverse engineering security mechanisms is being considered a crime. Receiving digital radio signals is a crime. We can't let them wall off part of the world we inhabit from investigation.
Hackers have a positive role to play both as builders and critics of the digital world. Unless we speak up and refer to ourselves in that light we have only ourselves to blame. Everyone who can should educate. Its not easy changing perceptions. But sometimes a passionate personal explanation of what hacking means to you can make someone change their mind.
5)security of capability-based operating systems
by sethg
What do you think of capability-based systems, such as EROS? The folks who are working on these systems say they are fundamentally more secure (against both malicious code and heisenbugs) than Unix derivatives, Windows NT, and other ACL-based operating systems. Do you agree with this assessment? Do these systems have security weaknesses that Unix-like systems don't have?L0pht:
It's nice to see work such as EROS comming out of DARPA funded projects. Capability-based systems are quite interesting. However, one must be quite careful when making statements such as the one that these systems are more fundamentally secure that others. One has to keep in mind that Windows NT made a similar claim. Was NT fundamentally more secure that Unix as was presented to the general public? Well, it did have a security model that Unix lacked and it's internals were much more akin to VMS which had various strengths that Unix lacked. Yet we all saw that the implementation is where it matters.In reality the implementation is key. Things can look great on paper and be a real bear to implement (look at communism for example). Another key component that is often overlooked is the functionality. This is a double edged sword. If the system is not universal and generic enough in nature to exist in a plethora of environments then it is difficult, if not impossible, to gain wide scale acceptance and use. Of course, this notion is directly opposed to creating a secure operating system. If it has to work in a multitude of environments then it needs to be relatively open and flexible or else the skill set and support for integrating it into one specific environment is beyond most peoples abilities (ie it won't get used). Sun Microsystems ran in to this problem with older versions of SunOS (now retroactivly named Solaris 1.x) when they used to consistently ship with a '+' in /etc/hosts.equiv. After several years they received enough requests to take it out of the distribution for security reasons. Unfortunately, taking it out caused so many installations to not be "plug-n-play" that they promptly put it back in.
When I look at an operating system such as EROS the following pops out at me when thinking security (this should not be viewed as condemnation by any means).
. RTOS modeled.
Real Time Operating Systems can be very useful for directed applications but suffer in general use often times. In addition, certain security notions at extremely low levels of a system (ie hash signing memory blocks that are passed between processors or ASICS) incur overhead that is quite unwelcomed in most of the "general public's" acceptance in RTOS.. Emulated POSIX and Unix environments
I love Unix. However, it's difficult for someone to maintain the claim that they are more secure than another operating system and then emulate it's behaviour. A good emulation is going to have the good and bad aspects on the security front or many things won't work.. implementation from the ground up can be painful
Often times it is required. But heaven help the "vendor" that decides that in order to be their own maker they will do it from scratch without looking at the mistakes that others have made. We see it all too often that people decide to reinvent the wheel and foist square versions on people the first time around.With all of that being said I believe that in the future, should people start to wake up and really appreciate the notion of security and privacy in a way that really influences the market... we will see more dedicated systems and fewer general purpose ones. In order to go that route projects such as EROS are invaluable.
6)Security Through...Unpredictability?
by Effugas
Would you agree that security and stability are but different sides of the same coin? In other words, a security exploit is truly nothing more than an expertly controlled failure?If so, how much stock can we put into the "metadesign" of limiting the damage an exploit can create by attacking the ability of a failure to be controlled? Should operating systems incorporate such "unpredictability engines" when being run in a production, non-debugging manner? Or is such a design not worth pursuing, for various reasons?
L0pht:
You must be a kindred spirit :) We have been preaching the approach that most stability problems are security problems that have not been looked into enough for quite some time. By fixing security problems you enhance the stability.Now, with that said, it is important to shoot for the pinultimate solution to problems and this ends up being a wonderful academic excercise (out of which great things come). Do we shun any notions that merely raise the bar instead of being the silver-bullet? No. Each elevation in design is a step in the right direction. It is apparent that we have many steps in front of us but this does not mean we should stop progressing until a magic cure is found.
Unpredictability in systems, such as loaders or interpreters that recurse random times to throw off "static" frame location and other mechanisms (ie canary values) etc. are some of the finer points that I see coming out of the security approach to implementations. Are they ready for production systems? It all depends upon what your production system must be capable of. In many cases the answer is yes. In some cases the answer is no.
7) Future of Hardware Hacking?
by Tackhead
Two questions (Well, three, really, but I'm a hardware geek, and I love trying to squeeze three things in the space of two):A) Wireless.
Lots of folks have been asking today about the wireless network project. "Me too"; the page has been up for years, it's a fascinating and extremely powerful idea, but for those of us who aren't RF engineers...> When do we get to see some hardware projects to build, or is it the case that -- due to regulatory restrictions on what can and cannot be transmitted on US airwaves -- work is being done independently on the notion of a secure wireless IP-based network but isn't being released so that those of us who aren't RF engineers can't gum up the works by screwing things up before it's ready? :-)
L0pht:
The Gnet project has been in progress for many years now. Mainly the problem had been lack of funds, but now time allocation and lack of dedicated participants hold back expansion.There is a lot of interest, but no one seems to be willing to put up the nodes. There are 2 sites currently on the network. One at l0pht and one at a residence. This has been the state of the network for the past 2 years. Unfortunately no one with enough initiative in either state has been found to setup other nodes. There has been interest in other states but the long haul capability has yet to be worked out. Encrypted tunneling over the Internet may help span the network over long distances. Once the fabric of the network expands, landlines could be replaced with wireless links/nodes.
High-density, low-power networks sound great in theory, but until the interest level rises above its present state, the cellular structure will remain the dominant topology.
To get the network off the ground, we have been trying to go the Amateur radio route. Going this route does have its drawbacks. Encryption is forbidden, however compression is not. I have been running ssh in compression-only mode for years. The initial ssh authentication is allowed under FCC guidelines, as long as the communications is not encrypted, you are within the rules.
The move off the Amateur frequencies will be made once the cost of National Information Infrastructue (NII) part-15 devices drop under $500 dollars for a pair of nodes. These devices fall operate in the 5Ghz frequency range. The breakdown is as follows:
- 200 milliwatts EIRP (5.15-5.25 GHz) - indoor
- 1 watt EIRP (5.25-5.35 GHz) - inter-campus/neighborhood
- 4 watts EIRP (5.725-5.825 GHz) - Point-to-point, few miles, terrain permitting.
The path to build custom equipment is equally as challenging. For example, the TAPR (Tucson Amateur Packet Radio) group has been in the forefront of Amateur packet radio for the past 15 years. While they have an established base of dedicated users, they continue to have problems developing new hardware. They have been prototyping a Frequency Hopping Spread Spectrum (FHSS) system for 3 years now, with still a protoype just passing a design review. Hopefully this project will come to fruition soon!
Some very talented folks over in Slovenia have developed some BPSK transceivers and a no IF SSB transceiver which will work on 1296, 2304 and 5760MHz. None are in kit form but the schematics, theory, construction notes, and equipment checkout is available in english. (schematics are not in english.). These radios are not for beginners or even intermediate kit builders. It would be nice if someone could kit these units. I started to convert the 23cm BPSK design to utilize a chipset family put out by RF Microdevices, but then my time got sucked into other projects. I may find the time to persue this once again, but I would like to get some semblence of a network greater than 2 nodes up and running first. *sigh*
B) The future of hardware hacking.
With the trend towards more and more functionality becoming embedded into ASICs and single-chip solutions, the golden age of "just desolder this", or "reverse-engineer the schematics and jumper that", or "replace [PROM| EPROM| EEPROM| PIC| FPGA] with one with the following special programming, and here's the [CPU| microcontroller]'s instruction set and a memory map of the embedded system" appears to be drawing to a close. Anyone can desolder a 24-pin DIP EPROM and hack it, but trying to desolder a 100-pin PQFP is a real bear without $500+ worth of specialized equipment, and knowing what to do with the chip after you've desoldered it is well-nigh impossible.Do you see a time when "hardware hacking" (as we've traditionally known it) will have to fall by the wayside? If so - what, if anything, do you see as taking its place? (Perhaps users taking advantage of the vastly more-powerful gear out there today and building their own hackable hardware, eliminating the need to hack other people's hardware?)
I suppose that's tangentially related to the wireless.net question - for mass distribution of the tools needed to build such a network, for instance, it seems to me that re-purposing cheap, widely-available stuff that others have junked is a better path than having to build things from scratch. But if the cheap, widely-available stuff of the future isn't gonna be re-usable... where does one go from there?
L0pht:
It is true that the Electronics industry is moving toward much denser Multi-chip module like IC's. System-on-a-chip (SOC) is beginning to make inroads in communications equipment. Celluar/GSM/PCS phones are beginning to sport such technology. SOC will also revolutionize the security coprocessor industry.What we see here is the bar being raised in the HW hacking arena. Remember cost still drives much of the industry and you will continue to see many devices still using microcontrollers. There are many, many internet appliances using standard Embedded Processors and peripheral IC's. The hackers are just going to have to bone up on thier FPGA hacking skillz. Monitoring the inputs of an FPGA and then the outputs, and hacking together an FPGA to drop inbetween isn't unheard of.
Hardware hacking today does require a bit more than the standard weller solding iron, a 50Mhz scope, and a multimeter. With processor speeds moving up into the 800Mhz range, you fall flat on your face with those stoneage tools. The trend in general is hardware which is becoming more and more abstracted and described by high-level programming languages such as verilog and VHDL. One must stay abreast of the latest tools in his trade. There are also relatively inexpensive "soft" tools, in that a spectrum analyzer, logic analyzer or a scope utilizes the modern PC as the guts of the device and an inexpensive physical interface module is purchased along with software for the host. The interface is typically a data acquisition pod for converting the sampled analog data into the host PC for processing and the presentation.
The security of FPGA's is definately going to become more of a target in the future. I can't think of anyone that doesn't set the security bit of FPGA before programming a device. Ummm.. Hmmm.. maybe I shouldn't say that. ;^) It does happen. There are also some not so well known ways around "securty bits" on FPGA's. Also, most FPGA's will allow you to reprogram them in circuit whether or not the security bit is blown. You just better be sure you can reproduce what you monitored before squirting in your own code.
Remember there are many more ways to fry an egg, such as voltage margining, or operating a circuit over/under current and temperature specifications. Hitting HW with various RF emissions (above and beyond what stantard emissions/immunities tests test for.) can also produce interesting results and insights.
And as you alluded to in your question, hackers will build their own hardware which will interface to the service/system under attack, which will allow for variable, marginable, modules to provide the flexibilty which the stock standard HW didn't provide. Study communications test equipment. Many secrets lie inside.
A lot of today's "hardware hacking" isn't strictly limited to hardware, due to the fact that most products are embedded systems - meaning there is a union of hardware and software. Those who are strictly "hardware guys" will fall by the wayside and those who are strictly "software guys" will also fall. You will need to have a decent knowledge of both the software and the hardware environment you are programming for. I have seen companies struggle because they hire CS folks to write firmware for a product. These particular folks could not grasp that they were writing for a platform other than a PC or desktop. They didn't understand how interrupts worked, how to write to a port, how to write low-level drivers to control external memory or other devices on an SPI, I2C or other inter-chip protocol. What ended up happening is the company called in the hardware engineer (me) to write all the low-level functionality. In order to properly design a product (and reverse engineer the product), you need to be able to grasp all facets...
The industry today is really in a sad state and I am fearful of the quality of the products that are due to come out on the market - the hardware and circuitry is sound and well-structured, but the software will have major fault and, because of this, many possibilities for vulnerabilities.
C) The future of l0pht.
(At least publicly), there's been a lot more activity on the software side of l0pht than on the hardware side.To the extent that you can discuss it openly, do you see l0pht's main activities over the next 3-5 years as continuing to revolve around the "expose weaknesses in software" side or the "work on next-generation hardware projects" side?
L0pht:
Both. Hardware projects, since the beginning of time, are more costly, require more tools than software, and mroe often than not, more time consuming. Due to this, the amount of publicly-known activity appears to be less. As mentioned before, there will be more and more projects that require the knowledge of both hardware and software sides, where L0pht fits the bill perfectly. There are so many products and technologies to look at, there is no way we can limit ourselves by saying what activities we will and will not do. If something comes out, be it hardware or software, that we want to attack, we will.8)What engines/sites do you use to scour the 'Net?
by Bacteriophage
Seriously, I would like to know. When you sometimes don't have all the answers (I assume that would be more than never), where do you guys go on the 'Net to find what you need concerning computer security, **/*acking, or even just news? Do you ever come to /.? This answer shouldn't take very long, and it'd be nice to get the seperate preferences of each crew member, as well as the general preferences of the group.L0pht:
Generic search:
Altavista or NorthernLight for a spider based search Yahoo for a topic search.
Ask Jeeves when I don't really know what it is I am looking for.
security/hacking: altavista - word sequences work well. A recent example would be a search for the PCI specification by looking for "pci spec".
yahoo - when altavista doesn't help
Hacker search:
- The Hacker News Network Search Engine Page - Lots of undergound spiders http://www.hackernews.com/search.html
- attrition stats - http://www.attrition.org/mirror/attrition/stats.html
- eEye stats - http://www.eeye.com/html/Databases/Statistics/os.html
- NMRC - Good Novell NT and Unix info. www.nmrc.org
- counterpane - for books (through amazon) and lots of free information on crypto too.
- www.jya.com/crypto.htm - for the good cypherpunk info
Next week: Steve Wozniak (and a special pair of *surprise* guests Tuesday).
-
Linux on a FlashCard: home project
Juggle writes about "a handy build it yourself interface for using Compact Flash cards. The website even includes instructions on booting Linux off a Compact Flash card! This might be useful for car computers", or webpad-like consumer devices.