Re: Building a new totally free phone

2013-08-22 Thread joerg Reisenweber

ROTFL

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)


signature.asc
Description: This is a digitally signed message part.
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-08-22 Thread joerg Reisenweber
On Fri 23 August 2013 01:58:04 Michael Spacefalcon wrote:
>[blablabla]
> I have found some new and exciting TI firmware source leaks
>(archived on my mini-Wikileaks at ftp.ifctf.org) which will
>hopefully make it unnecessary for me to sacrifice my life in a
>gunfire exchange with the German or Russian police after kidnapping
>a moko-hoarder: these new leaks appear to be much closer to TI's
>"mainline" than the famous PurpleLabs TSM30 source, and I'm quite
>confident that by using these new leaks I can recreate something
>very close to what Om-Inc and its former employees/contractors have
>wrongfully withheld from Humanity

I invite you to visit me at my home trying to force me to hand to you the MOST 
SECRIT SOURCES that everybody passing the idiot test had access to since 
~2011.  And I even promise I won't call the police or any other officials. 
Rather I will do nothing but listening and laughing when I hear you screaming 
for helf, from the bottom of our manure tank you for sure inevitably will 
manage to find and drop in.

good luck!
/j
-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-08-22 Thread joerg Reisenweber
On Fri 23 August 2013 01:58:04 Michael Spacefalcon wrote:
>[yaggediyagediblabblablub...]
> In the case of hardware it means publishing full,
> *unredacted* schematics and PCB EDA files, 

Yeah that *evil* redacting!
Oh, did you ever hear about that funny story? Somebody noticed that the GTA01 
schematics were redacted by a true idiot who didn't notice that the huge black 
blob covering parts of the schematics was easily removed by simply editing the 
pdf, or even simpler by highlighting the area.

PS, maybe that idiot been me :-o

we all love you, no really, we mean it!
/j

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-08-23 Thread Michael Spacefalcon
joerg Reisenweber  wrote:

> I invite you to visit me at my home

If you meant it seriously, you might as well give your address or GPS
coords (by unicast if you prefer) - but I highly doubt that you meant
it seriously.

> trying to force me to hand to you

Hand to me?  What me?  There is no "me" - I could be dead tomorrow and
absolutely *nothing* will change.  I have never, ever, ever asked any
of you "Open"moko bastards to give anything to "me".  Instead I have
merely voiced the demand that the materials be released freely to all
Humanity - with a capital 'H' - and yes, I have indeed contemplated
being the one to sacrifice my life in order for the remaining 7 billion
people on Earth to gain free unrestricted access to a working turnkey
GSM firmware package in the form of COFF objects with full symbolic
information - a format which any embedded software engineer worth his
or her salt should have no problem working with.

[FYI, there is a patch to GNU Binutils which enables objcopy and objdump
 to read TI's COFF.  The support isn't perfect, but it can easily be
 improved if need be - and I also invite you to grep for my name in the
 binutils ChangeLog files.]

> the MOST SECRIT SOURCES that everybody [...] had access to since ~2011.

The reference to "~2011" makes me suspect that you are talking about
the TSM30 version - it was indeed late 2011 when this code (first
released in 2004 apparently) became widely available once again - and
the latter happened because *I* had sent it to Cryptome on a CD-R.

And you know as well as I do (or would know at least, if you ever
actually *looked* at the modem code you're sitting on) that the TSM30
version is drastically different from what you got from TI as Om-Inc:
different RTOS (Nucleus vs. SOS), different code structure, different
flash file system, totally different hardware (ABB, RF and probably a
different Calypso variant), almost everything is different.  Heck, the
TSM30 code isn't even TI, it's Purple Labs, a company that bit the
dust.

OTOH, if you are talking about something *other* than the TSM30 code,
something that "everybody passing the idiot test" supposedly has
access to, why don't you try being transparent once for a change, and
actually post a URL?

> everybody passing the idiot test

Like anyone else, I have my own strengths and weaknesses.  What I'm
good at is designing and writing embedded software, and some hardware
too.  I've been doing it professionally since ~2000 (and as a hobby
long before that), and I make enough money doing it to support not
one, but two full households on my sole income - so I guess I probably
do it pretty well.  I do it on the hobby side of my life too, so you
can look at any of my projects and judge for yourselves.  Like this
one, for example:

http://ifctfvax.Harhan.ORG/OpenWAN/

I'm sending this email through the Internet connection served by that
SDSL modem designed and built by me: hardware, firmware and the logic
in the FPGA - not to mention all the reverse engineering that was
needed to get to this point.

But I have my weaknesses too.  I am NOT good with people, and I am NOT
good with finding information that is passed around in a "hush-hush"
manner.  I don't do *anything* "hush-hush": if I have or find something
that may potentially be of value to others, I announce it publicly and
openly, on the relevant mailing list.

I absolutely do not understand how someone can be like you.  I
absolutely do not understand how ANY human being (or so-called human
being) can be as cruel and callous as the three of you (JR, HW and PF).
It's one thing to be slow with releasing things on occasion.  I've been
slow with releasing my software many a time, mostly because of my
handicaps with modern technologies and my heavy use of seriously
ancient gear - as well as my fear and distrust of any servers or online
services other than my own.

But it's an *entirely* different thing when you are holding something
that someone else is very willing to DIE for, something that you could
easily share with the whole world at absolutely zero cost, risk, loss
or other detriment to you, and yet you STILL refuse to share.  It
absolutely baffles and boggles my mind that there are such cruel people
living on this planet, and *especially* in the so-called community of
so-called freedom and openness.

And because it is so totally incomprehensible to my mind how someone
can be like you, and be able to live with yourself while watching
someone else's life wither away because of your selfishness, I find
myself at a complete loss as to how one should interact with people
like you.

> And I even promise I won't call the police or any other officials. 

It doesn't matter whether you call them or not - I am still the most
wanted criminal in their eyes.

Your country is a police state, no different from the way it was in
WW II and just before, and I have no desire to go anywhere near it.
Unless, of course, I were to enter it in the same manner in which both
of

Re: Building a new totally free phone

2013-08-23 Thread Nick
Your free phone idea appeals to me enormously, Michael. And I, 
(unlike I suspect some others on the list) very much like your 
framing of the issues, too. I fully support the idea that if a law 
makes private conversation illegal, it is a bad law, and regulatory 
blocks on GSM that forbid inspectable and modifiable cannot but be 
such.

However, can GSM really be a base for secure communication anyway?  
I've heard that the encryption used is really crappy, and while some 
things like MITM forced reregistration to disable encryption and 
ease surveillance could be countered by appropriate phone settings, 
if the best encryption algorithm available can be cracked by a home 
PC in a few days, you're still screwed.

A truly free phone is a worthy and very important thing for other 
reasons, but could such a thing be strongly secure too? Or is the 
only solution there to rely on something like ZRTP in voip, and give 
up wishing that GSM could provide security?

I've always been somewhat vague about how modems and their 
processors interact with other parts of a system. Am I correct in 
thinking that once the first firmware part of your project was 
complete, one could flash load that the GTA02 modem, and have a (far 
more 'smart' and Linux-y than you're ultimately planning) free 
openmoko phone? Or would the modem firmware have to be programmed 
differently for the GTA02 compared to your feature phone? While I am 
more interested in a feature phone than a 'smart' phone, I would be 
very happy to have a really free modem firmware on my GTA02 in the 
meantime.

It's interesting to think of the meanings of 'free' in your message.  
Because one of the nice things of free software traditionally has 
been the ability to say "it's free software, so I can do what I like 
with it, and you can't invoke state violence against me for doing 
so," due to a careful 'respect' of the copyrights of people who 
don't want their stuff to be free. While regulatory reigimes 
seemingly make this impossible anyway with GSM, I don't relish the 
idea of essentially giving more power to other people to wield the 
law against the project or its' users. But I understand that writing 
a firmware from scratch for something like the Calypso would be a 
massive amount of work, and I would rather have a reusable and 
inspectable firmware that breaks copyright law, than none at all, 
particularly for something as directly dangerous to one's security 
as a phone.

With this in mind, I do wonder why the OsmocomBB work isn't 
appropriate as a base for your work? Can you explain this a bit more 
why it isn't? Is it just that they are quite a long way from 
producing a complete firmware for a phone?

> And because it is so totally incomprehensible to my mind how someone
> can be like you, and be able to live with yourself while watching
> someone else's life wither away because of your selfishness, I find
> myself at a complete loss as to how one should interact with people
> like you.

I do think you need to be more careful, kind, and forgiving of 
perceived differences, when speaking to others in the community.  
We're all in a similar position here, working towards helping people 
communicate freely. Sure, people have different things they will 
compromise in order to try to effect this, but ultimately I find it 
hard to believe that anybody in the openmoko community isn't here in 
large part because of their wish to see people able to freely 
communicate.

It's fine and healthy to not always agree with others about what 
compromises are appropriate, and to argue to try to figure out what 
the best course of action is, but it is unjust to assume malice,
and saying what I've quoted above (regardless of how true it may feel)
is likely to just turn people off to you. We need all the solidarity 
we can muster, and we need to celebrate the work people are doing, 
and try to respect them, and their differences. Even - nay, 
especially - if there are major differences that you can't 
understand.

I look forward very much to hearing your progress with your project.  
If there's something I as an enthusiastic but comparitively ignorant 
volunteer can do to help, let me know!

Nick

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-08-23 Thread Norayr Chilingarian

Nick, you raised very good questions.

I believe, that we don't need GSM at all. I don't use it for two years 
now.
When we use GSM we use carrier services. Can we be sure that carrier does 
not track us, don't record our calls etc?
For instance, in my country "secret service" has direct access to the 
carrier's switches, and can follow calls of any person in real time. They 
also can write a paper and request this or that person's locations from 
the carrier.


We don't use gmail, because we know they are watching us, then why do we 
use carriers?


The way to be secure is to use trusted service providers, and carriers are 
too big to be trusted.


However we can use own SIP or XMPP servers, we can create small community 
servers where we trust our service providers. And use them for chat/talk. 
Should I mention that we use encryption, in both cases - server to server, 
and client to server.


Here we have connectivity problem. Okay, everybody has a wifi at home (or 
may have). But what if you would like to call someone from the forest?


Here what we can do: get an Internet only tariff, use it for making 
calls/chat etc.
But our location still can be tracked if the carrier requires you to 
identiy yourself when buying a sim card. Here we can do nothing except may 
be mass exchange of sim cards with random people. Like make an action, 
when 1000 people goes to get a card, and then they all exchange cards with 
people they don't even know and won't see most probably in the future.


This also has another plus: why pay for each sms? We can chat in internet 
as long as we wish.


---
sent with alpine
https://spyurk.am/u/norayr
http://norayr.arnet.am/weblog

On Fri, 23 Aug 2013, Nick wrote:


Your free phone idea appeals to me enormously, Michael. And I,
(unlike I suspect some others on the list) very much like your
framing of the issues, too. I fully support the idea that if a law
makes private conversation illegal, it is a bad law, and regulatory
blocks on GSM that forbid inspectable and modifiable cannot but be
such.

However, can GSM really be a base for secure communication anyway?
I've heard that the encryption used is really crappy, and while some
things like MITM forced reregistration to disable encryption and
ease surveillance could be countered by appropriate phone settings,
if the best encryption algorithm available can be cracked by a home
PC in a few days, you're still screwed.

A truly free phone is a worthy and very important thing for other
reasons, but could such a thing be strongly secure too? Or is the
only solution there to rely on something like ZRTP in voip, and give
up wishing that GSM could provide security?

I've always been somewhat vague about how modems and their
processors interact with other parts of a system. Am I correct in
thinking that once the first firmware part of your project was
complete, one could flash load that the GTA02 modem, and have a (far
more 'smart' and Linux-y than you're ultimately planning) free
openmoko phone? Or would the modem firmware have to be programmed
differently for the GTA02 compared to your feature phone? While I am
more interested in a feature phone than a 'smart' phone, I would be
very happy to have a really free modem firmware on my GTA02 in the
meantime.

It's interesting to think of the meanings of 'free' in your message.
Because one of the nice things of free software traditionally has
been the ability to say "it's free software, so I can do what I like
with it, and you can't invoke state violence against me for doing
so," due to a careful 'respect' of the copyrights of people who
don't want their stuff to be free. While regulatory reigimes
seemingly make this impossible anyway with GSM, I don't relish the
idea of essentially giving more power to other people to wield the
law against the project or its' users. But I understand that writing
a firmware from scratch for something like the Calypso would be a
massive amount of work, and I would rather have a reusable and
inspectable firmware that breaks copyright law, than none at all,
particularly for something as directly dangerous to one's security
as a phone.

With this in mind, I do wonder why the OsmocomBB work isn't
appropriate as a base for your work? Can you explain this a bit more
why it isn't? Is it just that they are quite a long way from
producing a complete firmware for a phone?


And because it is so totally incomprehensible to my mind how someone
can be like you, and be able to live with yourself while watching
someone else's life wither away because of your selfishness, I find
myself at a complete loss as to how one should interact with people
like you.


I do think you need to be more careful, kind, and forgiving of
perceived differences, when speaking to others in the community.
We're all in a similar position here, working towards helping people
communicate freely. Sure, people have different things they will
compromise in order to try to effect this, but ultimately I find i

Re: Building a new totally free phone

2013-08-23 Thread Dr . H . Nikolaus Schaller
> 
> However, can GSM really be a base for secure communication anyway?  

IMHO the need for the GSM stack being open sourced is largely overestimated.

Security experts say that the question is how to secure communication over an 
unsecure communication medium.

Depending on which level you want to work, you can try to make GSM more secure 
because it is communicating over an inherently unsecure/open medium 
(electro-magnetical wave broadcast).

Or you can just use what others have built into a black box (i.e. a modem with 
some AT commands). They promise that it is "secure enough". But if you want to 
be really secure, just wrap the potentially unsecure channel and encrypt the 
data sent over it.

BTW: all the recent nsa/prism things have shown that it is not sufficient to 
make a fully transparent (aka open sourced) terminal - if it is easy enough to 
tap the network nodes. Or the servers you are communicating with. I.e. securing 
yourself is best done if you put yourself into eremitage...

So in my view, spending additional work to get an open sourced GSM or even UMTS 
firmware stack is a nice excercise for embedded and real time communication 
protocol engineering, but does not make anything more safe or secure than using 
a black box module, because it just tries to increase security of one small hop 
instead of end-to-end.

In other words: security measures must be done on the highest layers of the OSI 
reference model, not on the lowest ones. And that is the area of the 
application processor and OS. And of course documented schematics help to 
understand if there are potential backdoors to circumvent the OS or not. So we 
need a device where you have control over the OS, but not necessarily over the 
inner workings of all peripherals.

-- hns
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-08-23 Thread Paul Wise
Security experts have moved on from that line of thinking long ago I
think. The problem with it is that a GSM/3G/LTE modem is not just a
communications channel. It is a generic processor running software.
Probably buggy, insecure, proprietary software. Same goes for GPS,
WiFi, Ethernet and other external-facing firmware. Depending on the
architecture of your device and the simplicity and security of the
interface between your modem and your, attackers may be able to turn
their probably relatively-easy-to-aquire modem beachhead into full
control and monitoring of the whole system. This is the reason the
Replicant folks strongly recommend against Qualcomm devices, where the
CPU is controlled by the modem.

Based on the talks I saw at OHM2013, the SIM card may be a similar
threat. The good news is that some SIM cards are insecure enough that
you (and remote attackers) can calculate the Ki, remove the SIM and
use the Ki instead.

OHM2013 also taught me that the carrier networks are full of juicy
insecure Linux based systems, so you don't just have to worry about
carrier collaboration with nation-state adversaries.

Yes, we need better protocols but we also need libre embedded software
and carriers who run libre software and have some ethics.

-- 
bye,
pabs

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-08-23 Thread Sebastian Reinhardt

Am 23.08.2013 14:41, schrieb Dr. H. Nikolaus Schaller:

However, can GSM really be a base for secure communication anyway?

IMHO the need for the GSM stack being open sourced is largely overestimated.

Security experts say that the question is how to secure communication over an 
unsecure communication medium.

Depending on which level you want to work, you can try to make GSM more secure 
because it is communicating over an inherently unsecure/open medium 
(electro-magnetical wave broadcast).

Or you can just use what others have built into a black box (i.e. a modem with some AT 
commands). They promise that it is "secure enough". But if you want to be 
really secure, just wrap the potentially unsecure channel and encrypt the data sent over 
it.

BTW: all the recent nsa/prism things have shown that it is not sufficient to 
make a fully transparent (aka open sourced) terminal - if it is easy enough to 
tap the network nodes. Or the servers you are communicating with. I.e. securing 
yourself is best done if you put yourself into eremitage...

So in my view, spending additional work to get an open sourced GSM or even UMTS 
firmware stack is a nice excercise for embedded and real time communication 
protocol engineering, but does not make anything more safe or secure than using 
a black box module, because it just tries to increase security of one small hop 
instead of end-to-end.

In other words: security measures must be done on the highest layers of the OSI 
reference model, not on the lowest ones. And that is the area of the 
application processor and OS. And of course documented schematics help to 
understand if there are potential backdoors to circumvent the OS or not. So we 
need a device where you have control over the OS, but not necessarily over the 
inner workings of all peripherals.

-- hns
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

I think so, too. At first, everyone is complaining about NSA/PRISM and 
"Orwell". And then, same poeple discuss this topic on "Facefuck" and 
other social media sites, there they have to make an "total data strip". 
It does not make sense! So, the better way is to create an phone with an 
free and save OS, reliable hard- and software, without spyware infected 
apps. I think, this can make the Moko interessting for "bussiness use"! 
One major problem for companies is, the data security (contacts, dates, 
...). Most spyware apps send the data from infected phones via internet 
connection to the criminals/ competitors. Reaching this potential market 
can acquire customers, those are willing and able to  pay more for an 
smartphone.
The idea of getting an communication over GSM/ UMTS without the ability 
of being observed by the secret services can not be realized, because 
they have not to "crack" Your phone, they can get an link into Your 
communication at the next router in Your carriers network (the provider 
are forced by law to make this possible). So do not waste time in this 
idea, there are other issues to solve:


- ability to use the Moko in sunlight (!) => other display (other case 
is required!)

- reliability of hard- and software
- other display, so then change to Multitouch (I do not need it really, 
but needed for creater market acceptance and increasing number of users)
- greatest issue: marketing! (actually there is a real chance to place 
the Moko- idea in peoples mind: [1] so apple and co. are loosing there 
cool image bit by bit)

- maybe, HDMI-output
- working cam, not usable right now :-( (still "pin striped picture")
- better support for data sync (adressbook, dates, ...), not only with 
Google (everyone using this, should not discuss about security!)

- maybe: LTE
- ..[to be continued]..


[1] http://www.cinema.de/film/apple-stories,5693840.html

--
Regards

Sebastian Reinhardt


___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-08-23 Thread Michael Spacefalcon
Nick  wrote:

> Your free phone idea appeals to me enormously, Michael.

Yay, one more supporter!

> However, can GSM really be a base for secure communication anyway?  

I see that after your post, the thread on the mailing list veered off
into a discussion of security.  But that diversion totally misses the
point: it isn't so much about secure communication as it is about the
Four Freedoms of software:

http://www.gnu.org/philosophy/free-sw.html

When it comes to the matters of free software philosophy, I am very
much like RMS.  I have a major problem with carrying a device in my
pocket containing firmware for which I lack the source - not because
it is a security threat, but because it's morally wrong.

The only difference between me and RMS/FSF is on the matter of
legalities.  While I define free software in terms of exactly the same
4 freedoms as the FSF, RMS and the "conventional" free sw camp add an
additional condition that these 4 freedoms be exercised legally -
whereas I add no such extra clause: whether it's legally free or
illegally free, it's still free software to me.

There also are some practical considerations that affect only feature
phones and not smartphones.  I have yet to encounter a phone UI design
that doesn't suck, and I hope that most people on this list will agree
with me that being able to customize the UI to one's preferences is an
essential freedom that a geeky, empowered phone user should have - and
I mean *really* customize the UI, not just twiddle menu settings, but
being able to study, modify or even totally rewrite the UI code.

Smartphones have a separate application processor to run the UI, so
you can indeed play with the UI on Linux to your heart's content while
keeping the modem as a black box.  But this approach does not work for
a feature phone where the UI and the modem are tightly integrated into
a single whole.  Exercising full freedom over the UI code in a feature
phone requires having a complete and rebuildable source for the
firmware suite as a whole.  (Having the GSM stack pieces as binary
objects to be linked with the UI source would work too, but then one
gets tied to a proprietary compiler toolchain, etc.  In any case we
already have full source for the GSM stack thanks to the TSM30 and
LoCosto leaks, so it's a solved problem now.)

Now look at the situation from the perspective of a user who does NOT
want his or her phone to be anything other than a plain phone.  For
such a user, a non-smart feature phone ought to be ideal, but if the
user also wants the freedom to fully own the UI design, s/he currently
has to pay for an otherwise completely unnecessary application
processor.  And when I say "pay for", I'm *not* referring to the
purchase price of the device - I would gladly pay a lot more for my
ideal Free Dumb Phone than the most expensive GTA04 or Ubuntu Edge or
whatever.  Instead I mean pay for in terms of carrying extra weight,
extra power consumption, extra system complexity otherwise unneeded,
many additional points of failure, etc.

*That* is what I seek to rectify with my Free Dumb Phone project,
aside from the moral issue.  Freedom is a right that all phone users
should enjoy, not a privilege that's limited to just Linux smartphones
to the exclusion of non-smart feature phones.

> I've heard that the encryption used is really crappy, and while some 
> things like MITM forced reregistration to disable encryption and 
> ease surveillance could be countered by appropriate phone settings, 
> if the best encryption algorithm available can be cracked by a home 
> PC in a few days, you're still screwed.

The GSM encryption is a red herring - it makes absolutely no difference
whether it's there or not.  Imagine if the GSM encryption were perfect
and unbreakable - what would change?  Nothing.  The over-the-air
encryption is only between the mobile station and the network.  In a
public phone network, where you can dial the phone number of any
stranger and hear each other's voices if the other party answers,
encryption can't be end-to-end.  The network has to be able to decrypt
with one end's key and re-encrypt with a different key for the other
end, so the network itself has (and must have) access to the cleartext
form of your digitized voice.

If I am the world's most wanted criminal and enemy #1 of all major
governments, and they want to spy on my phone conversations, they
aren't going to bother with cracking GSM over-the-air encryption,
they'll just put in a "lawful intercept" at the switch.

The only way to render all "lawful intercept" mechanisms ineffective
is to use end-to-end encryption.  That won't work when calling
strangers, or calling the transit line to check bus/train schedules
etc, but it's a very feasible mechanism for private and secure
communication mechanism among family members, friends etc.

Here in USA we have one advantage over the EU etc lands where most
people on this list seem to be located: CSD (circuit-switched data)
calls stil

Re: Building a new totally free phone

2013-08-23 Thread joerg Reisenweber
On Fri 23 August 2013 21:07:14 Michael Spacefalcon wrote:
> > I would be 
> > very happy to have a really free modem firmware on my GTA02 in the 
> > meantime.
> 
> Then maybe you should try talking some sense into Joerg etc - maybe
> they'll listen to you more than they are willing to listen to me.


I wonder how a single brain can produce that much nonsense and be that dull. 
You seem a smart guy otherwise, so I really don't grok how you can be so weird 
in this single issue.
I told you everybody who been interested - except you - got access to the 
sources you're so terribly _not_ wanting (I wonder what now. Do you need them 
or not? And if you do, then for what since you already got the full radio 
stack which OM never had, and you're not interested in the AT interpreter of 
GTA0x modem but rather in any "UI" which obviously OM also never had). 
Everybody except you since I don't give access to stuff that's under NDA to a 
guy who's calling OM a bunch of rogue idiots and threatening to shoot me. Also 
you clearly say you're not asking for me handing that stuff to you (verbatim, 
see your prev mail) , you want me to PUBLISH it under my full name and stating 
loud that I don't give a flying F about the NDA contracts I'm under, thus 
ruining my professional career just to meet your idea of how industry and FOSS 
and community and the world at large works or should or ought work.
Grow up, dude! You're biting the hand that feeds you, like a rabid dog. Won't 
happen (again, recall glamo?). 
You're seriously blaming OM and its employees for not violating the agreements 
they had to sign (and believe me, we tried hard to avoid signing any such 
agreements, since OM was planned to be as open as feasible), to make the whole 
project possible? I honestly wonder what kind of mater is inside your skull.

YOU are not even worth this lengthy answer, and nobody else got the problem 
YOU have with OM calypso firmware sources, since everybody else asking kindly 
had access to all the stuff since 2011, and nobody found it worth doing much 
leaking about it. Since in some regard, the calypso firmware *is* OSS, it's 
just not FOSS.
Get that! Wrap your head around it. And stop throwing darts at my picture at 
your wall, you honestly need to find a new and better reason for living.

Good bye!
/j

[ps: trying hard to not elaborate on a guy like you talking about morally 
correct behaviour, and about the paradox you're exposing there in just 2 
sentences]


-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community


Re: Building a new totally free phone

2013-09-03 Thread Nick
I'll reply to this now, even though the thread has been dormant for 
a bit.

Quoth Michael Spacefalcon:
> I see that after your post, the thread on the mailing list veered off
> into a discussion of security.  But that diversion totally misses the
> point: it isn't so much about secure communication as it is about the
> Four Freedoms of software:

The four freedoms are about user freedom. And to me freedom from 
surveillance is an very important aspect of living and thinking 
freely.  You're quite right the FSF don't explicitly list this, but 
to me it is just as important as their four freedoms (and indeed 
depends on them).

But anyway. Meeting the four freedoms is an excellent place to 
start!
 
> There also are some practical considerations that affect only feature
> phones and not smartphones.  I have yet to encounter a phone UI design
> that doesn't suck, and I hope that most people on this list will agree
> with me that being able to customize the UI to one's preferences is an
> essential freedom that a geeky, empowered phone user should have - and
> I mean *really* customize the UI, not just twiddle menu settings, but
> being able to study, modify or even totally rewrite the UI code.

The ability to customise is good, but to be honest I am OK with just 
learning whatever weird idioms and bugs exist on a platform and 
working around them. Though obviously I've never had much choice 
before.

> Now look at the situation from the perspective of a user who does NOT
> want his or her phone to be anything other than a plain phone.  For
> such a user, a non-smart feature phone ought to be ideal, but if the
> user also wants the freedom to fully own the UI design, s/he currently
> has to pay for an otherwise completely unnecessary application
> processor.  And when I say "pay for", I'm *not* referring to the
> purchase price of the device - I would gladly pay a lot more for my
> ideal Free Dumb Phone than the most expensive GTA04 or Ubuntu Edge or
> whatever.  Instead I mean pay for in terms of carrying extra weight,
> extra power consumption, extra system complexity otherwise unneeded,
> many additional points of failure, etc.
> 
> *That* is what I seek to rectify with my Free Dumb Phone project,
> aside from the moral issue.  Freedom is a right that all phone users
> should enjoy, not a privilege that's limited to just Linux smartphones
> to the exclusion of non-smart feature phones.

Sounds great to me.

> > I've heard that the encryption used is really crappy, and while some 
> > things like MITM forced reregistration to disable encryption and 
> > ease surveillance could be countered by appropriate phone settings, 
> > if the best encryption algorithm available can be cracked by a home 
> > PC in a few days, you're still screwed.
> 
> The GSM encryption is a red herring - it makes absolutely no difference
> whether it's there or not.  Imagine if the GSM encryption were perfect
> and unbreakable - what would change?  Nothing.  The over-the-air
> encryption is only between the mobile station and the network.  In a
> public phone network, where you can dial the phone number of any
> stranger and hear each other's voices if the other party answers,
> encryption can't be end-to-end.  The network has to be able to decrypt
> with one end's key and re-encrypt with a different key for the other
> end, so the network itself has (and must have) access to the cleartext
> form of your digitized voice.
> 
> If I am the world's most wanted criminal and enemy #1 of all major
> governments, and they want to spy on my phone conversations, they
> aren't going to bother with cracking GSM over-the-air encryption,
> they'll just put in a "lawful intercept" at the switch.
> 
> The only way to render all "lawful intercept" mechanisms ineffective
> is to use end-to-end encryption.  That won't work when calling
> strangers, or calling the transit line to check bus/train schedules
> etc, but it's a very feasible mechanism for private and secure
> communication mechanism among family members, friends etc.

Aah, thanks for the clarification. Of course you're right, I hadn't 
thought through the GSM encryption thing, but of course it's only 
between the mobile station and the network. So yes, end-to-end is 
the only way, and that will obviously be a more distant goal (and 
one that sadly is impossible to make compatible with many other 
things). Fine.

> > Because one of the nice things of free software traditionally has 
> > been the ability to say "it's free software, so I can do what I like 
> > with it, and you can't invoke state violence against me for doing 
> > so,"
> 
> Counter state violence with your own violence: raise your own army
> that can challenge the forces of the state on a tactical battlefield.
> It isn't too hard, we did it successfully back in 1917, and we can do
> it again.

This is where we certainly differ. State violence is awful, but 
organise to counter it with your own violence and you'll at best 
repl