**** BEGIN LOGGING AT Fri Dec 30 03:00:00 2016 Dec 30 15:16:29 https://www.fsf.org/blogs/rms/a-message-from-rms-support-the-free-software-foundation Dec 30 15:16:35 apparently the FSF want to develop a phone.. Dec 30 15:23:06 hah Dec 30 16:51:50 ohmy!!! Dec 30 16:55:30 OH FUCK, when will RMS *EVER* get it? >> With funds, the FSF could develop a mobile phone that encapsulates the modem processor so as to make the phone, in a limited sense, safe to use.<< will just not fly the way HE thinks it should get done. No friggin "make that firmware read-only" will ever work, what works is already being done in Neo900 and he should know, I explained to him a two or three times now Dec 30 16:56:48 so why support FSF if you could support Neo900? Dec 30 17:03:25 >>We also need to enforce the GNU General Public License (GNU GPL) against companies that regard its requirement to respect users' freedom as a nuisance. This too requires funds.<< Err, he really isn't in a cooperative mood, eh? or did he simply never hear of gpl-violations.org? hard to believe Dec 30 17:04:41 RMS' worst problem: considering and treating your allies like competitors or even enemies Dec 30 17:11:16 (FSF could develop a mobile phone) he's not stopping to use the fallacy of "open modem firmware == phone safe to use" - these are very largely unrelated topics Dec 30 17:13:25 also all that "universal back door" blabla that implies that an unchanged firmware would be safe to use... :-S Dec 30 17:15:19 it would make _any_ difference if and *only* if you had fully audited the phone firmware and were absolutely sure it's free of any bugs. And even then the protocol as defined in 3GPP et al is not "safe", heck the whole network is not "safe" Dec 30 17:15:53 the whole rationale basically falls apart if you go into detail Dec 30 17:34:26 but yeah, for *marketing* he's doing a great job, though it's up to anybody's guess if that's a honest way to drum up funds Dec 30 21:01:39 DocScrutinizer05: this post doesn't even mention free modem firmware -- he is well aware that this is not realistic in the forseeable future. AIUI, at this point he is just hoping for a design that prevents remote modification of the firmware Dec 30 21:02:13 but WHY? Dec 30 21:02:52 Neo900 might or might not meet this goal (I don't know enough about it), but that's beside the point, since it's a niche product by design Dec 30 21:02:52 there's no visible benefit from such "preventing remote modification of the firmware" whatsoever Dec 30 21:03:53 which is exactly my criticism about RMS' approach to that topic Dec 30 21:04:27 he's postulating nicely sounding but completely pointless goals Dec 30 21:07:11 I don't think it's pointless. sure, proprietary firmware can always contain built-in backdoors; but making it remote-modifiable increases the attack surface nevertheless Dec 30 21:07:15 preventing (remote) modification of firmware ONLY makes sense when you know *exactly* what firmware you got now and you want to keep exactly this particular firmware. I can't see any of those points satisfied Dec 30 21:07:42 sorry, no. That's absolute nonsense Dec 30 21:07:47 also, while not explicitly stated in this brief writeup, I suspect a major point is actually isolating the modem from the application processor, so at least the main OS is safe Dec 30 21:09:30 which is what Neo900 does (and more), but that's absolutely not identical to "encapsulates the modem processor" and RMS' other repeatedly demanded properties like "***USER*** must not be able to update the firmware" Dec 30 21:13:14 RMS puts the cart before the horse. He sees "oh there's software. Oh it's not GNU FLOSS software. So we don't want it, and we do everything to make it less software-y" Dec 30 21:13:43 implying that GNU FLOSS is implicitly safe software Dec 30 21:14:01 which is the hugest fallacy in this approach Dec 30 21:14:56 or - let me correct that - rather that a FLOSS modem firmware would automatically imply a somewhat safe phone Dec 30 21:15:15 first of all, user freedom is an end to itself; security is just one aspect Dec 30 21:15:44 second, for practical purposes, free software is *hugely* more trustworthy than proprietary -- nobody in his right mind would contest that Dec 30 21:15:45 no, they are totally unrelated. Both desirable but largely orthogonal Dec 30 21:16:20 third, this article doesn't even mention the user upgrade aspect, so your rant is uncalled for Dec 30 21:17:22 this article says FSF could buold a somewhat "safe phone" - sorry I *massively* doubt that RMS has a damn clue what makes a phone safe or unsafe Dec 30 21:18:00 he evidently is focusing on irrelevant unrelated aspects Dec 30 21:18:46 remote update being one of those Dec 30 21:19:40 there's exactly ZILCH additional unsafety from remote update of firmware blobs Dec 30 21:19:56 as for gpl-violations.org, last time I heard they pretty much ceased activities. and even if they didn't, they could never deal with GPL violations for things they don't hold copyright on. only the FSF can act on violations for software the FSF holds copyright on. this got nothing to do with cooperation Dec 30 21:20:14 since you have no damn clue if the original firmware is any better than whatever mught fet updated OTA Dec 30 21:20:27 also, the FSF has a completely different approach at dealing with copyright violations, so there is no ground for cooperation Dec 30 21:20:52 aha Dec 30 21:21:00 I start to dislike FSF Dec 30 21:22:46 DocScrutinizer05: the fact that new payloads can be injected at any time, by different parties, *does* make the security situation worse. just because it is bad anyway, doesn't mean it can't be made worse. security is *always* about grades, not about absolutes Dec 30 21:22:47 could you please elaborate what exactly is FSF's approach to dealing with GPL violations then, and how it's different (and maybe better) than the approach of Harald Welte and gpl-violations.org? Dec 30 21:23:09 DocScrutinizer05: I didn't say it's better. it's different. Dec 30 21:23:10 nonsense Dec 30 21:23:53 and I say nonesense to you, and since neither of us can claim to be security professionals, that's just as (in)valid at yours. let's stop this pointless discussion Dec 30 21:23:56 I can use *exactly same* argument to declare apt a bad thing Dec 30 21:24:23 no you can't. for one, apt upgrades can't be remote-triggered Dec 30 21:24:57 also your "by different parties" is fuzzy and insinuating incorrect situation Dec 30 21:25:13 haha Dec 30 21:25:57 modem OTA also can't get "remote triggered" it needs cooperation by modem, just like for apt Dec 30 21:26:30 also it needs a valid signatire just like any update published via repos by apt Dec 30 21:27:14 sprry bit all this is arguing without getting your facts sorted first Dec 30 21:27:21 it needs cooperation by modem, not by user. huge difference there. Dec 30 21:27:41 oh yeah, and apper needs user's interaction? Dec 30 21:28:05 not that it matters at all Dec 30 21:28:26 we're already arguing about feasibility of something that's irrelevant for security per se Dec 30 21:29:02 when you don't know X67 you don't mind when it gets replaced by X92 Dec 30 21:29:27 there definitely is ZILCH additional risk from that Dec 30 21:29:42 from a security perspective Dec 30 21:30:53 there definitely is. for one, it enables custom-tailored attacks Dec 30 21:31:14 in general, it shifts the logistics in significant ways Dec 30 21:31:32 and logistics is what decides whether attacks are practically feasible or not Dec 30 21:31:40 however when you could (RE)audit the firmware since you for example have a firmware update file you can flash to modem under user control, then you are happy that user can audit that and flash it any time to revert OTA updates that might have been done. Yet RMS explicitly **forbids** such update option for user Dec 30 21:32:23 sorry, you have your facts as a sack of fog Dec 30 21:32:35 any attack via modem firmware, heck what is that? Dec 30 21:33:43 yeah, I know, you are right, I'm wrong, because you say so Dec 30 21:34:06 when the modem is correctly integrated as peripheral with full system's control over all interfaces, there is no attack the modem could run Dec 30 21:34:36 you're not even wrong, you simply have no clear idea what you're talking about Dec 30 21:37:19 you can turn *every* modem (even a 9600baud POTS modem) into a "rogue" device by simply setting the autoanswer register to automatically accept inbound calls after 1 ring. You don't need any rogue firmware for doing so Dec 30 21:37:34 you mean like a modem that has no control whatsoever over audio, local wireless networks, GPS etc.? yeah, I assume that's exactly what he meant by "encapulate". Dec 30 21:38:27 TZZZ, and we need FSF to *build* such stuff??? BWAHAHAHA, get a N900, or any of the other 8 year old smartphones Dec 30 21:38:55 yeah, that's totally what most people are after Dec 30 21:39:23 aha, I suspect you miserably failed at sarcasm here? Dec 30 21:40:27 whatever. I too am not convinced the FSF actually has the means to create such a device; but the goal is not bad IMHO Dec 30 21:40:28 let's face it: RMS has not really a clue about hardware and particularly phones, ans it seems to me you don't either Dec 30 21:42:13 and RMS' problem is that he doesn't realize that and nevertheless tries to define hardware requirements to establish software domain properties Dec 30 21:42:36 and he fails at that Dec 30 21:42:52 obviously and not much surprisingly Dec 30 21:44:02 just because his conclusions don't match your's, doesn't mean he doesn't understand the situation Dec 30 21:44:17 err, yours Dec 30 21:46:03 RMS argumentation is like "I don't want to get location tracked by my phone. So I define any GPS cgip in my phone must not be under phone control" - he's totally missing that location tracking of any arbitrary RF transmitter is faster and simpler and more accurate by U-TDOA and you don't even *need* a GPS for that. And when the modem has a GPS that's double irrelevant when you simply disconnect the GPS antenna Dec 30 21:46:24 and that *proves* he doesn't understand the situation Dec 30 21:47:07 this is only one example. Firmware update is a more glaring one Dec 30 21:47:53 s/phone control/modem control/ Dec 30 21:48:51 so what RMS/FSF define as "secure phone" is a pipe dream and a layman's approach to a EE problem Dec 30 21:49:12 caused by the software centric approach of FSF and RMS Dec 30 21:49:29 and the fact that they evidently don't know hardware Dec 30 21:50:27 for your convenience: https://en.wikipedia.org/wiki/U-TDOA Dec 30 21:52:27 likewise RMS specifies "microphone must not be connected directly to the modem" - not that it would be a generally great idea / concept, but what would be wrong in attaching the digital phone directly to the modem PCM interface but controlling the microphone *power* by linux APE CPU? Dec 30 21:53:20 you can't specify hw requirements when you have no clue about hw Dec 30 21:53:45 well, that says "within 50m", which is definitely less accurate than GPS in most situations... I agree though that at this point it doesn't make much of a difference Dec 30 21:54:26 well, that may be obsolete and somewaht approximate info as well Dec 30 21:54:57 precision of U-TDOA is only determined by the timing resolution of the receivers Dec 30 21:56:32 >>U-TDOA works with all mobile phones and is very accurate, typically identifying location **within 50 meters.** Dec 30 21:56:33 GPS relies on special chipsets in wireless devices to calculate location in relationship to orbiting satellites. GPS can locate phones **within 50 meters**<< Dec 30 21:57:28 so... you shouldn't quote one half and then comclude the opposite than what's written in the second half Dec 30 21:58:39 well, I know for a fact that GPS is usually precise within a few meters :-) Dec 30 21:58:44 evidently the article states both methods are same accuracy Dec 30 21:59:23 and I know U-TDOA can be waaaay more precise than what's stated inb wikipedia Dec 30 22:00:03 yeah, the article is very vague. but as I said, this doesn't really make much of a difference anyway Dec 30 22:00:08 actually both U-TDOA and GPS can be precise to sub-cm range Dec 30 22:00:40 (I suspect that 50m is simply what carriers are aiming at, since it's the legal requirement I presume...) Dec 30 22:00:50 no surprise they don't differ much since they both use exactly same principles Dec 30 22:01:39 GPS works with one receiver and 3+ transmitters, U-TDOA uses one transmitter and 3+ receivers Dec 30 22:01:53 I doubt they make it much more precise then necessary, even if they could Dec 30 22:01:55 the rest is all the same# Dec 30 22:02:23 well, the frequencies are different? I guess that doesn't really matter though... Dec 30 22:02:33 no, not really Dec 30 22:03:16 GPS: ~1.5GHz, U-TDOA 0.8to 2.6GHz Dec 30 22:03:37 anyway, back to GPL violations Dec 30 22:04:51 for GPL-violations ask Haral Welte aka laf0rge Dec 30 22:05:20 I'd not even be surprised when he was an active member of FSF Dec 30 22:06:04 the FSF approach is to convince the offenders that they need to become compliant, because they would clearly not stand in court. the idea is to keep it confidential, rather than making it public. gpl-violations.org used the exact opposite approach Dec 30 22:06:08 and no, they didn't stop activity afaik Dec 30 22:06:29 no need to ask -- I was actually involved in some gpl-violations activity at some point Dec 30 22:06:30 no, they don't Dec 30 22:07:07 actually what you attribute to FSF is *exactly* gpl-violations' approach (too?) Dec 30 22:07:32 no it's not. no idea what makes you think that Dec 30 22:07:47 they even ask people not to escalate the subject in public Dec 30 22:08:15 what makes me think that? simply by reading their website Dec 30 22:08:26 someting you could do as well, it's easy Dec 30 22:09:22 the question is what makes you think they'd go for the public bashing approach Dec 30 22:11:07 pr whatever might be your definition of "the exact opposite approach [to "keep it confidential"]" Dec 30 22:11:13 I didn't say "bashing". legal action is always public, though Dec 30 22:12:08 aaah, I see. And FSF avoids trials at court by all means and rather uses bribary. Makes perfect sense to ask for massive funding then ;-P Dec 30 22:12:50 no, not bribary. just argumentation. Dec 30 22:13:14 aha, and what exactly makes you think gpl-violations doesn't do exactly same? Dec 30 22:13:17 it's a lot of work though, and unlike legal action, it doesn't get refunded. that's the big downside of this approach Dec 30 22:14:07 DocScrutinizer05: again, I was involved. they gave us an introduction on the approach. also, I'm looking at the site right now, and everything I found thus far confirms my understading Dec 30 22:15:35 oh, I see now Dec 30 22:15:56 yeah sure, go ahead preacherman. I'm sure RMS with his infinite patience will convince the world that it every commercial entity needs to obey GPL just because they feel bad otherwise Dec 30 22:16:50 they are telling *others* not to escalate prematurely. but in a different place, they explicitly say that they directly start legal proceedings themselfs... a bit self-contradicting there :-) Dec 30 22:17:51 DocScrutinizer05: it's not about feeling bad. it's just saying, "you really don't have a choice there, as we have a very strong case" Dec 30 22:17:51 they immediately send a C&D since sending emails is wasted time Dec 30 22:18:23 *exactly* gpl-violations' wording Dec 30 22:18:55 yes. as I said, exactly the opposite of what the FSF is doing. Dec 30 22:19:36 both approaches have their advantages and disadvantages. I'm not arguing one or the other. just saying that there really is no room for cooperation... Dec 30 22:22:07 sorry, I'm tired of that "alternativlos" bullshit Merkel and everybody tries to use as ultimate argument. When RMS thinks it's a smart way pitching this fundraiser by simply ignoring all existing similar and possibly much advanced and established efforts/projects in both the GPL violations and the phone building topic, then I feel free to consider this pretty dishonest Dec 30 22:22:42 there's *always* room for cooperation particularly when the goals are the exactly same Dec 30 22:24:53 however I *think* that RMS' goals regarding phones are _not_ exactly the same, even when he claims he's concerned about security and user freedom, I think his true motivations is strictly enforcing FOSS in everything and he just uses user freedom and security as a vehicle for this Dec 30 22:25:38 and that's exactly what I argue Dec 30 22:26:39 for true phone security he's detrimental with his approach Dec 30 22:27:04 asking for stuff that's not a solution to any problem Dec 30 22:27:36 uh... this statement doesn't even make sense: free software *is* about user freedom Dec 30 22:27:40 and users *see* that Dec 30 22:29:16 so explain this to me: [quote RMS] could you implement a write protect so *user* CANNOT update the modem firmware? [/quote] Dec 30 22:29:33 you are angry at the FSF that they don't just abandon their GPL enforcement they have been doing for 25 years, just because someone else started doing it more publicly? that's ridiculous Dec 30 22:29:53 you are tellijg bullshit Dec 30 22:29:56 and again, gpl-violations *can't* handle cases for copyrights held by anyone else Dec 30 22:30:19 I'm not angry at the FSF Dec 30 22:30:37 particularly not for not abandoning anything re GPL Dec 30 22:30:55 you're making that up like a lot of other details during last few hours Dec 30 22:32:02 no, I'm not. you started ranting out of the blue about FSF asking for funds to support their GPL enforcment, claiming that they are evil because something something gpl-violations Dec 30 22:32:19 and re your copyright argument, simply see thanks on gpl-violations site Dec 30 22:32:30 and what exactly am I making up? Dec 30 22:32:52 what you made up? your line 2 above is an excellent example Dec 30 22:33:44 maybe have a nap before continuing that "discussion"? might help Dec 30 22:35:39 while the rest of <2 above> wasn't to the point either, it starts getting totally pathetic at >>claiming that they are evil because something something gpl-violations<< Dec 30 22:36:21 "2016-12-30 18:04" < DocScrutinizer05> >>We also need to enforce the GNU General Public License (GNU GPL) against companies that regard its requirement to respect users' freedom as a nuisance. This Dec 30 22:36:25 too requires funds.<< Err, he really isn't in a cooperative mood, eh? or did he simply never hear of gpl-violations.org? hard to believe Dec 30 22:36:29 "2016-12-30 18:05" < DocScrutinizer05> RMS' worst problem: considering and treating your allies like competitors or even enemies Dec 30 22:36:59 so? Dec 30 22:37:36 you know shit about the FSF's GPL enforcement or their relation to gpl-violations.org, yet you go accusing them of some supposed wrongdoing there Dec 30 22:37:36 unless my charset is totally different from yours, this statement has nothing in common with what you made up Dec 30 22:39:45 yes, I "accuse" RMS (**NOT** FSF) of >>he really isn't in a cooperative mood<< - and that's it Dec 30 22:39:53 the rest you made up Dec 30 22:40:35 >>RMS' worst problem<< was not related to GPL in particular (and also not against FSF, btw) Dec 30 22:40:45 get you facts sorted! get a nap!! Dec 30 22:43:57 btw you yourself are a nice example of the >>considering and treating your allies like competitors or even enemies<< problem, right here and now Dec 30 22:44:32 maybe _that_ is a tad more FSF specific and not only RMS Dec 30 22:44:43 LOL Dec 30 22:45:03 pot calling kettle black :-P Dec 30 22:45:06 heh Dec 30 22:46:56 DocScrutinizer05: I really have no intention of antagonising you. but you constantly show a propensity to jump to conclusions an spread FUD about FSF etc. Dec 30 22:46:59 yes, exactly (or exactly NOT): I'm criticizing RMS for not mentioning the existing "prior art" of what he claims FSF might need funds to accomplish, and you turn that into me bashing FSF of doing evil. Go figure, then post a kettle proverb again Dec 30 22:48:14 sorry this bores me now Dec 30 22:50:29 have you ever seen a fundraiser pointing out others doing related work? I certainly haven't Dec 30 22:51:27 it's a recurring pattern I've seen a 100+ times literally now: when there are two notions about how to do something, and one of the notions is FSF originated, then people jump on us bashing us why *we* are doing wrong deprite the holy FSF instructed us about the only *right* way to do Dec 30 22:52:45 any tiny criticism on anything FSF said or did is making you an enemy Dec 30 22:54:23 >>just saying that there really is no room for cooperation...<< fits in perfectly into this pattern Dec 30 22:55:50 strange enough when it comes to negotioations with GPL violators, suddenly cooperation is the only virtue that counts Dec 30 22:57:05 I haven't bashed you for how you are doing things. I have called you out on inappropriately disparaging the FSF (or RMS specifically in this case I guess) Dec 30 22:58:03 may I fix that for you? >>I have inappropriately called you out on disparaging the FSF << Dec 30 23:25:39 I have to correct my mild push direction FSF re >>maybe _that_ is a tad more FSF specific and not only RMS<<, I have no evidence that this pattern appeared in communications with FSF-affiliates. Might all be just "fans" **** ENDING LOGGING AT Sat Dec 31 03:00:01 2016