Transcript of SFP#3 about Free Software in the mobile phone communication with Harald Welte
This is a transcript created with the Free Software tool Whisper. For more information and feedback reach out to podcast@fsfe.org
WEBVTT 00:00.000 --> 00:18.300 Welcome to the third episode of the Software Freedom Podcast. 00:18.300 --> 00:22.180 This podcast is presented to you by the Free Software Foundation Europe, where a charity 00:22.180 --> 00:24.580 that empowers users to control technology. 00:24.580 --> 00:27.980 I'm Matthias Kirschner, I'm the President of the Free Software Foundation Europe and 00:27.980 --> 00:30.780 I'm doing this podcast with Bonnie Merring, our current intern. 00:30.780 --> 00:33.460 Hello, our guest for today is Harald Welter. 00:33.460 --> 00:37.320 Harald is a free software activist and he is involved in many projects. 00:37.320 --> 00:41.420 He was a free software developer for the Netfilter IP tables on the Linux system and involved 00:41.420 --> 00:45.860 in OpenMoco, a project which is delivering mobile phones with free software stack. 00:45.860 --> 00:50.060 And for transparency we want to mention that he also co-funded the company CISMOCOM Game 00:50.060 --> 00:53.180 Baha, which is the donor of the FSFE. 00:53.180 --> 00:58.780 Harald is also the person behind GPL violations.org and together with him the FSFE worked 00:58.780 --> 01:04.780 on many legal topics before and today we talk with Harald about free software in the 01:04.780 --> 01:06.580 infrastructure of mobile networks. 01:06.580 --> 01:11.980 I'm confident we will also talk about some legal topics in the future, but first of all 01:11.980 --> 01:12.980 welcome Harald. 01:12.980 --> 01:14.580 Thank you very much. 01:14.580 --> 01:20.460 Before we dive into the world of mobile networks, can you tell us a bit how you got involved 01:20.460 --> 01:22.460 in free software in the first place? 01:22.460 --> 01:24.260 Ah, that's a long time ago. 01:24.260 --> 01:32.380 I have to think, I think at the time we are in the year about 94 I would say. 01:32.380 --> 01:39.700 I was very fascinated by networking technology and networking at that time in something like 01:39.700 --> 01:48.740 Coaxial Ethernet and things like that and analog modems and ISDN cards and so on and I was 01:48.740 --> 01:56.180 using an open source but on DOS, basically an open source, DOS-based network operating 01:56.180 --> 02:02.620 system called KA9Q NOS that was written by Phil Karn, a pretty famous person also in 02:02.620 --> 02:05.580 the context of mobile telephony. 02:05.580 --> 02:13.460 He works at Qualcomm until today and at some point somebody in a non-for-profit association 02:13.460 --> 02:18.500 that I was involved back then called Communications Netzfranken EFOW, which was a member of the 02:18.500 --> 02:24.820 individual network EFOW, which was an entity caring about internet connectivity for individuals 02:24.820 --> 02:28.420 without any academic or whatever background because it was difficult at the time. 02:28.420 --> 02:34.220 So somebody there said, oh, there is this Linux thing and then I think I tried half a year 02:34.220 --> 02:40.940 or so installing it and it just wouldn't install on my PC because I had an IDE controller 02:40.940 --> 02:46.460 and the wood disk was for Scasi and then finally after that was resolved, I think I never 02:46.460 --> 02:53.900 looked back so that's sort of the way how I went it to free software and Linux both. 02:53.900 --> 02:54.900 Very technical. 02:54.900 --> 02:57.980 Well, let's keep it technical. 02:57.980 --> 03:03.820 I found that you were doing a talk on the 25th CCC Congress about the anatomy of smartphone 03:03.820 --> 03:04.820 hardware. 03:04.820 --> 03:08.660 Could you give us a short overview of what smartphones are? 03:08.660 --> 03:14.820 Yeah, so of course this is 13 years ago so the architecture may have changed a few 03:14.820 --> 03:22.100 while, but fundamentally we still find in smartphones today at least two major, let's 03:22.100 --> 03:23.860 say, computing systems. 03:23.860 --> 03:29.620 One of them, it's called the application processor, which is the one which runs your Android 03:29.620 --> 03:34.100 or iOS or whatever the operating system that the user interacts with. 03:34.100 --> 03:37.700 And there's another computing system which let's call it the baseband processor, which 03:37.700 --> 03:43.780 runs the actual software that relates to the interface to the cellular networks, whether 03:43.780 --> 03:48.100 it's GSM or 3G or 5G in the future or whatever. 03:48.100 --> 03:54.700 And then there's various differences on how closely these two computer domain, let's say, 03:54.700 --> 04:00.220 interact and that has implications of who controls whom and who sort of owns the phone in 04:00.220 --> 04:03.620 the end or then again has security implications and so on. 04:03.620 --> 04:07.620 But I think that's sort of the, if you want to have a very high level overview then have 04:07.620 --> 04:12.340 to be aware that there are these two different subsystems and that the application processor 04:12.340 --> 04:17.860 which runs all the apps and which the user interacts with is basically just a very, 04:17.860 --> 04:22.460 like the front end on top and it doesn't really deal with the cellular network. 04:22.460 --> 04:28.260 So when we leave the phone and then there's the rest of the, of the infrastructure of the 04:28.260 --> 04:33.180 mobile network, can you briefly explain like from a hardware point of view how that looks 04:33.180 --> 04:34.180 like? 04:34.180 --> 04:35.180 Sure. 04:35.180 --> 04:38.380 So first of all, if you look at the network side what most people are familiar with of 04:38.380 --> 04:39.620 course are the antennas. 04:39.620 --> 04:44.740 So you'll see some antenna on a roof or on some kind of other physical structure. 04:44.740 --> 04:49.980 And next to those antennas you have what's called the base station hardware, there's different 04:49.980 --> 04:53.660 technical terms for depending on which technology which doesn't matter. 04:53.660 --> 04:58.740 But in the end you have some device which does the modulation and demodulation of the radio 04:58.740 --> 05:03.460 frequencies and which converts it into some kind of wired interface. 05:03.460 --> 05:08.300 And that's this wired interface which is called the back hall which gets these signals 05:08.300 --> 05:13.780 from wherever the antenna might be located to a more central location in the network where 05:13.780 --> 05:20.060 then you have other network elements which are generally referred to as the core network. 05:20.060 --> 05:25.020 And the core network itself then contains various different logical elements which also 05:25.020 --> 05:29.940 are often not different physical elements like let's say a central subscriber database 05:29.940 --> 05:36.420 that knows which subscribers exist in this network or not or some kind of tunnel endpoint 05:36.420 --> 05:42.340 where your IP connectivity leaves towards the internet because basically your IP data 05:42.340 --> 05:49.820 on the phone gets encapsulated in this many, many different protocol layers of cellular 05:49.820 --> 05:50.820 technology. 05:50.820 --> 05:55.940 And then it creates a tunnel through the mobile network and at some point there is a tunnel 05:55.940 --> 06:00.540 endpoint where the IP data is decapsulated and it leaves to the public internet or most 06:00.540 --> 06:02.820 of the cases at least the public internet. 06:02.820 --> 06:06.940 Regarding mobile phones you not only know about the hardware back around, you also work 06:06.940 --> 06:08.540 with the Osmocom project. 06:08.540 --> 06:13.260 A project covering different topics concerning the free software mobile communications. 06:13.260 --> 06:14.260 What does this include? 06:14.260 --> 06:16.100 Could you give us a brief overview? 06:16.100 --> 06:18.980 So it's a very wide project. 06:18.980 --> 06:23.380 Today I think we have more than a hundred kit repositories or so with lots of different 06:23.380 --> 06:25.020 projects in different areas. 06:25.020 --> 06:30.780 The main focus area is the cellular telephone systems as people know it so that's basically 06:30.780 --> 06:40.580 the GSM, GPS, the UMDS or 3G networks, LTE and related topics but we also cover other 06:40.580 --> 06:46.100 more exotic mobile communication standards for example the tetra system which is used 06:46.100 --> 06:52.100 in emergency communications and police radio or in Europe or OP25 which is the same used 06:52.100 --> 06:56.340 in the US or satellite telephony systems and so on. 06:56.340 --> 07:03.180 So basically it all got started by a bunch of people who were into free software and communication 07:03.180 --> 07:08.300 protocols and radio systems and whenever there's some interesting system out there somebody 07:08.300 --> 07:12.300 finds some time they look into it and create some free software around it. 07:12.300 --> 07:15.580 What is the status of free software in this different areas? 07:16.060 --> 07:22.140 Well as I said the main focus is the what let's say the commercial cellular telephony area 07:22.140 --> 07:27.820 and in that focus the software is most mature though all these other areas are more exploratory 07:27.820 --> 07:34.780 and more experimental but in the commercial cellular telephony system area so that's basically 07:34.780 --> 07:41.420 the 2G, 3G, 4G stuff that people are using today there is quite a lot of I would also say 07:41.500 --> 07:47.900 rather solid free software now. The focus in the project though is mostly on the network side 07:47.900 --> 07:53.820 so our main focus is not to create an open source phone or something like that but an open 07:53.820 --> 08:00.380 source network side implementation which people then can use let's say in smaller private installations 08:00.380 --> 08:05.740 or in rural communications or in whatever kind of niche use cases. 08:05.740 --> 08:07.980 Why are people using OsmoCom there? 08:07.980 --> 08:13.900 I think there is depends a bit on the user group so we have I think two main motivations one 08:13.900 --> 08:19.420 is if you're doing any kind of research whether it's security related or not but some kind of 08:19.420 --> 08:24.060 research in that area of course it's very nice that you can modify all parts of the system 08:24.060 --> 08:28.700 since it's free software you can you know change every aspect for it and then write a paper 08:28.700 --> 08:32.300 about how more efficient it is if you change this button here or whatever. 08:32.300 --> 08:39.580 The other area is mostly people who normally would not have access to cellular technology because 08:39.580 --> 08:46.780 the traditional technology that is sold by the large vendors of equipment like Ericsson 08:46.780 --> 08:52.940 like Huawei and so on that's relatively hard to get your hands on in terms of buying it even 08:52.940 --> 08:58.860 if you have the money they are used to selling to large multinational corporations operators 08:58.940 --> 09:04.700 and let's say I mean just take the example how many universities in Germany have a cellular network 09:05.580 --> 09:10.540 on their premises not of course for operating but for teaching and for doing you know 09:10.540 --> 09:15.020 practical exercises with students in their topics there's not so many of them I think there's 09:15.020 --> 09:20.300 like three or four or so so it's very hard to access and with free software of course that change 09:20.300 --> 09:27.340 is completely because everyone can use it. I remember that you once spent quite a while on 09:27.420 --> 09:35.820 container ships how is that related with cellular networks. In general if you are on board of vessels 09:35.820 --> 09:42.220 at high C of course you don't have cellular coverage anymore so on land we are used to at least 09:42.220 --> 09:47.980 in western countries that most areas are covered with some form of cellular communication even 09:47.980 --> 09:54.060 if it's the oldest technology 2G these days but as soon as you leave off the coast to the ocean 09:54.140 --> 09:59.260 of course you don't have base stations anymore and you lose cellular signal and now whether it's 09:59.260 --> 10:04.860 for the communication of the crew on board or whether it's for some kind of container monitoring 10:04.860 --> 10:10.060 or other say IOTs how people would call it today for me it's still machine-to-machine communication 10:10.060 --> 10:15.260 so in that area if you want some coverage on board you basically have to run your own network 10:15.260 --> 10:20.700 or at least parts of a network on board and that's one of the niche areas in which Osmocom is 10:20.700 --> 10:27.340 deployed quite heavily also on cruise ships and ferries and these kinds of vessels so you already 10:27.340 --> 10:33.740 mentioned 2G just to get the basics out for everyone what is the difference between 2G 3G 4G 10:33.740 --> 10:41.820 which is LTE and 5G well so in general the numbers indicate technology generations all right so 10:41.820 --> 10:48.700 2G is the second generation and 3G is the third generation and so on so it's a technological 10:48.780 --> 10:54.220 generation of a given technology and there are differences there couldn't be more fundamental 10:54.220 --> 10:58.140 between some of those systems so I mean they have in common that they are used for cellular 10:58.140 --> 11:04.860 networks but stops sort of there in some cases and in terms of free software of course older 11:04.860 --> 11:11.180 technologies that have been around longer have more complete implementations in in terms of free 11:11.180 --> 11:17.340 software so for if you want to run a 2G network today you basically have a fully featured 11:17.340 --> 11:22.780 implementation in Osmocom but if you want to run a 5G network you have nothing in Osmocom but 11:22.780 --> 11:27.900 there are some other free software projects working in that field but it's all rather early stage 11:27.900 --> 11:35.260 development I would say more experimental and research. Does 4G like LTE work with Osmocom? 11:36.460 --> 11:45.580 Osmocom doesn't itself have a lot of 4G related code we mostly implement 2G and 3G plus the 11:45.580 --> 11:49.980 interfaces to interface with 4G networks and then there are other free software projects that 11:49.980 --> 11:55.340 implement 4G there is a project called SRS LTE which implements mostly the radio side to the 11:55.340 --> 12:02.060 base station and there is another project called next EPC which is implementing the core network 12:02.060 --> 12:06.380 they're so called EPC the evolved packet core which is the core component of the 4G network 12:06.380 --> 12:11.500 and you can basically combine these three together and then you have a 2G 3G and 4G network 12:11.580 --> 12:16.540 running on free software and that's for example what we did at the case communication camp this summer 12:17.340 --> 12:26.060 if I would be on a lowly island and I would like to have some network there to communicate with 12:26.060 --> 12:30.860 the other person who is on the on the island what would I need to set this up with free software? 12:31.740 --> 12:36.700 You need some kind of radio hardware of course since you want to talk radio that could be 12:37.500 --> 12:42.940 a software-defined radio how it's called it's basically a rather generic hardware device which 12:43.500 --> 12:50.460 allows you to generate virtually any kind of radio waveform and or receive that and the entire 12:50.460 --> 12:54.860 implementation of this radio waveform is then done in software why it's called software-defined 12:54.860 --> 13:02.460 radio and with such a device and sufficient computing power in terms of a high-performance PC for 13:02.460 --> 13:06.380 example and the open source software you can then set up such a network that's sort of the 13:06.380 --> 13:11.260 absolute minimum configuration and then of course reality comes and then you want to deploy 13:11.260 --> 13:16.380 that on a remote island you have to think of what of these lightning strikes are happening and 13:16.380 --> 13:21.580 how to protect my equipment from the environment and what about temperature and heat dissipation 13:21.580 --> 13:26.780 and so on and so on but those are not free software specific topics I mean that's just the real world 13:26.860 --> 13:35.420 out there yeah maybe I find another solution for the island once you stated we shouldn't trust 13:35.420 --> 13:40.700 mobile networks more than the internet what do you mean by that and what will be better with Osmo 13:40.700 --> 13:46.700 Com well this question of not trusting mobile networks more than the internet I think 13:47.340 --> 13:51.820 was a long time ago but I think it was mostly in the context of people thinking that 13:51.900 --> 13:56.540 sending transaction numbers for banking over SMS is somehow more secure than sending more 13:56.540 --> 14:01.900 the internet is sort of a very weird idea and it particularly wasn't even more weird idea back 14:01.900 --> 14:07.340 then when the statement was made where basically we had decades of security research into IP and 14:07.340 --> 14:13.580 the internet technologies but in the cellular industry we basically had no almost nobody doing 14:13.580 --> 14:18.460 any kind of penetration testing or active you know red team testing or anything like that in terms 14:18.460 --> 14:27.340 of ID security what would be better with free software in those networks of course is that if 14:27.340 --> 14:32.940 the source code for a given technology in particular it's a critical infrastructure as many people 14:32.940 --> 14:38.220 consider mobile networks these days it could be audited and many people can have a look and can 14:38.220 --> 14:45.260 understand and can possibly point out problems or back doors or whatever that might be there or 14:45.260 --> 14:51.180 whatever kind of security problems and it would make a technology more accessible I'm speaking 14:51.180 --> 14:57.500 in terms of wood because in terms of actual deployed networks public deployed networks Osmo Com is 14:57.500 --> 15:05.020 used very little I mean unless you live on let's say indigenous community in Wahaka in Mexico or 15:05.020 --> 15:10.300 you work on a cruise ship or something like that then it's unlikely that your network actually 15:10.300 --> 15:16.860 will be running Osmo Com because the commercial large operators don't use it or at least only 15:16.860 --> 15:22.940 very small components of it you also mentioned before that briefly emergency communication what do 15:22.940 --> 15:29.260 you think in general about handling more emergency communication on mobile networks there's nothing 15:29.260 --> 15:36.300 wrong with emergency communication and I think we have to distinguish between the classic emergency 15:36.380 --> 15:42.060 calls in a sense that you know you have you in a traffic accident and you want to call for some help 15:42.060 --> 15:47.100 or you know you subject of a robbery or a burglary or whatever and you call some help and 15:48.380 --> 15:52.620 mobile technology and cellular technologies from the very beginning always had explicit support 15:52.620 --> 15:58.460 for having highest priority emergency calls and for making sure that even other calls get kicked 15:58.460 --> 16:05.660 out and emergency calls basically always work and so that is the same until today in the more 16:05.660 --> 16:12.460 modern technologies what is a different subject is communication of the emergency services themselves 16:12.460 --> 16:18.860 and that's something that's more of a current topic where until now all the emergency services 16:18.860 --> 16:23.900 whether it's firefighters police and so on they have a separate physical infrastructure with 16:23.900 --> 16:29.820 separate devices separate technologies on separate frequency bands which is a very old 16:29.820 --> 16:35.100 fashion but also an extremely reliable approach at the problem where you have infrastructure that's 16:35.100 --> 16:41.180 owned by the government that's operated by the government that's dedicated so no matter what 16:41.180 --> 16:46.780 happens on the business side of some company or what happens to whatever aspect it is a public 16:46.780 --> 16:53.100 service for first responders and there's a lot of communication in recent years particularly by 16:53.100 --> 17:00.460 the cellular operators to basically virtualize that and move emergency services onto the existing 17:01.340 --> 17:07.980 commercial public telephony networks which I find not surprisingly very questionable but 17:07.980 --> 17:14.540 I think it looks like it's the trend you know ever we live in in interesting times where 17:14.540 --> 17:19.340 everybody thinks it's the best idea to put their data into other people's computers in the cloud 17:19.340 --> 17:24.860 and people think it's a good idea to move public emergency services on top of works that 17:25.580 --> 17:31.180 for the general public so your advice would be to keep some of those old walkie talkies in case 17:31.180 --> 17:37.580 you need them well it doesn't necessarily have to be old walkie talkies but separate infrastructure 17:37.580 --> 17:42.780 on separate frequencies makes a lot of sense I'm not saying it necessarily has to be the type of 17:42.780 --> 17:49.740 technology that's in use today where tetra what is used is very well engineered highly robust 17:49.740 --> 17:55.020 very secure but the problem is it's also very exotic which makes the devices very expensive 17:55.020 --> 18:01.260 and everything around it so it's questionable I mean yes for military or for police that makes 18:01.260 --> 18:07.020 sense but for let's say emergency services or firefighters do we really need that kind of 18:07.020 --> 18:15.260 expensive super secure technology but is that fundamentally having physically different resources 18:15.340 --> 18:21.340 than the normal commercial networks that everybody uses for their less relevant communications 18:21.340 --> 18:27.580 makes sense just to cover the basics what are the programs you see when emergency communication 18:27.580 --> 18:32.380 is handled over the public mobile phone infrastructure but first of all you have of course 18:32.380 --> 18:37.820 the question of prioritization can the existing technology that has not been specifically 18:37.820 --> 18:43.180 designed for that really make sure that the emergency services will always get the preferential 18:43.180 --> 18:47.820 treatment that they deserve even in extreme situations where let's say you have tens of 18:47.820 --> 18:52.700 thousands of other phones trying to everybody there's some some kind of emergency everybody tries 18:52.700 --> 18:58.060 to make calls and so on so that's technically solvable but at least I would say it has not been 18:58.060 --> 19:05.420 a focus of the development of the existing equipment that we have today and another problem 19:05.420 --> 19:11.580 I find less is less related to using the same network or the same technology but more to the fact 19:11.580 --> 19:18.540 that it's in terms of reliability and service levels because mobile telephony operators 19:18.540 --> 19:25.260 private companies they are motivated by profit of course that's just normal but then it also means 19:25.260 --> 19:30.940 they don't have an interest in providing services let's say after blackout of the electrical grit 19:30.940 --> 19:36.780 for more than a very short amount of time we had this infamous power outage in Copenhagen Berlin 19:36.780 --> 19:42.780 a year ago or some some time ago and all mobile telephony networks were gone two hours after the 19:42.780 --> 19:49.020 power cut I think even the government or the administration tried to motivate mobile operators 19:49.020 --> 19:53.340 to put up some temporary base stations because it was clear that it would take you know longer 19:53.340 --> 19:58.140 I don't know how many hours it was I think it was more than 48 hours in total and they just wouldn't 19:58.140 --> 20:04.460 do it I mean why would they it's not you know it's not in their profit interest to create emergency 20:04.460 --> 20:09.180 communication services that nobody pays extra for so it's I think there's a conflict of interest 20:09.180 --> 20:14.060 there and it's not you know it's not something that these companies should be blamed for it's 20:14.060 --> 20:19.420 just normal you know their motivation is not to provide an emergency system for keeping 20:19.420 --> 20:25.020 emergency services and public services in case of catastrophes but it's to create the highest profit 20:25.020 --> 20:32.380 for the shareholder in during this year there was a lot of discussion about the usage of who 20:32.380 --> 20:39.420 are wise technology for the 5G networks and the US said that they will not use it 20:40.460 --> 20:44.780 for themselves and they're also trying to convince other governments that they should not use 20:44.780 --> 20:51.580 who are wise technology do you think that European countries should not use who are wise 20:52.220 --> 20:59.420 5G technology to to build this networks because it would be too dangerous for for Europe 21:00.380 --> 21:07.420 it depends a bit on the motivation and the the reasons behind it so in general of course 21:08.300 --> 21:15.420 with any kind of proprietary software in these networks it means that nobody really knows what 21:15.420 --> 21:21.020 happens in these devices nobody can audit it nobody can inspect it nobody can really analyze it 21:21.020 --> 21:27.100 at least not to the level that would be needed except those manufacturers and that doesn't matter 21:27.100 --> 21:33.420 whether it's Nokia or Huawei or Ericsson or whatever device unless these entities would have 21:33.420 --> 21:39.260 open source software in their devices which today they don't so that's not a specific argument 21:39.260 --> 21:44.540 against Huawei but it's an argument against having proprietary software in such devices 21:45.340 --> 21:51.820 the second discussion is whether this is really a security concern or whether it's economic 21:51.820 --> 21:58.060 protection so from a security point of view yes of course it's sort of easy to say oh this is 21:58.060 --> 22:02.380 a Chinese company and the Chinese government can basically mandate them to do whatever 22:02.860 --> 22:06.380 but then you have the same situation if you put a Cisco switch in your network where 22:06.380 --> 22:11.980 or a Cisco VPN gateway then you say oh yeah but you know with everything we know from the last 22:11.980 --> 22:17.740 decade of leaks and so on the amount of control that American governments and agencies have over 22:17.740 --> 22:23.500 mandating things to be done by manufacturers again it's an argument against proprietary 22:23.500 --> 22:29.180 technology from different jurisdictions but not against Huawei in specific so if you want to follow 22:29.180 --> 22:36.220 that line of argument in the first place and finally of course it's a question of whether or not 22:36.220 --> 22:44.300 it's an economic or let's say a general discussion whether Europe should become very dependent on 22:44.380 --> 22:50.780 other regions or other countries in terms of essential infrastructure I mean it's it is an 22:50.780 --> 22:57.660 interesting discussion to be had whether it makes sense on a political or you know economic or 22:57.660 --> 23:05.420 whatever level to sort of ensure that European companies also develop the latest technologies 23:05.420 --> 23:10.300 and so on or whether we leave that to other countries and buy it from there but that's I mean 23:10.300 --> 23:15.260 that's a political discussion and a strategic discussion that needs to be happening but I think 23:15.260 --> 23:21.660 with an open discussion in a sense that an honest discussion and not say oh you know this is 23:21.660 --> 23:26.140 there could be back doors in equipment from China and so on and so on but I mean the discussion 23:26.140 --> 23:31.180 should be and I think that would be the more honest discussion about whether or not in such a key 23:31.180 --> 23:38.860 infrastructure area the European governments should mandate by regulation or by subsidization 23:38.940 --> 23:42.700 basically subsidize a European industry there and that says that there's a political discussion 23:42.700 --> 23:48.220 and you can have different views on it but it should be about that and not some kind of fake 23:48.220 --> 23:54.220 arguments when you say that if they would use free software there it would be more transparent 23:54.220 --> 24:00.540 do you think that free software alone in this infrastructure would be enough to make sure that 24:00.540 --> 24:05.740 this stack there is transparent and can be controlled by the governments 24:06.220 --> 24:14.540 well I think it's not enough to create trust but it's one mandatory step in order to create 24:14.540 --> 24:21.820 trusted technology so if let's say free software would be used on such devices whether or not 24:21.820 --> 24:27.500 which particular area and what particular technology of course the first question is well how 24:27.500 --> 24:32.620 can I validate that this exact source code that is produced somewhere matches exactly what's running 24:32.620 --> 24:38.780 on the device so I also have to be able to compile that and actually took into executable code and 24:38.780 --> 24:43.900 to verify that the executable code that I'm running corresponds to that source code so the free 24:43.900 --> 24:49.260 software then also somebody actually needs to care to read that source code right it's not sufficient 24:49.260 --> 24:53.980 that it's out there somewhere and everybody trusts that oh yes somebody will have had a look at it 24:53.980 --> 24:58.300 and we're not talking about small basis of code right I mean we're talking of about millions and 24:58.300 --> 25:03.420 millions and millions and millions of lines of code maybe sometimes even in obscure languages 25:03.420 --> 25:09.020 or using an infrastructure that is not so commonly understood in terms of libraries and tools 25:09.020 --> 25:17.740 and so on so that's a second aspect and only if those different parts come together so people 25:17.740 --> 25:23.180 with time and or resources to really have a look at it and the source code and some method of 25:23.180 --> 25:27.340 validation that this is actually the code that's running there only then you can create a trust 25:27.340 --> 25:32.460 work system in terms of free software and mobile communication do you think there will be more or 25:32.460 --> 25:40.860 less free software in the future I think there will be more because less is hardly possible so that's 25:40.860 --> 25:47.340 a rather interesting or easy question and response to that I think though we will not see free 25:47.340 --> 25:55.500 software as a means of building trust or of having trustworthy technology we see it because some of 25:55.500 --> 26:01.740 the underlying infrastructure in those networks changes so cellular systems have for decades 26:01.740 --> 26:09.820 always been sort of in their own niche environment creating their entirely own planet of protocols 26:09.820 --> 26:16.060 and encodings and things like that and at least in the core network this is changing significantly 26:16.060 --> 26:23.100 with 5G when our suddenly HTTP is used between core network elements and we have restful services 26:23.100 --> 26:28.700 specified in open API and so on so there is some technological migration happening on the 26:28.700 --> 26:34.380 standardization area that uses more common from the internet point of view or from the rest of the 26:34.380 --> 26:39.820 world point of view more common technologies as parts of the infrastructure which means that some 26:39.820 --> 26:45.660 of the existing free software from other areas can be used and that alone will increase the free software 26:45.660 --> 26:52.940 used in cellular technology I'm coming to the last question already on 14th of February we always 26:52.940 --> 26:58.380 celebrate the I love free software day because we think that we need more people saying thank you 26:58.380 --> 27:05.740 to others in our community and well we don't want to wait all the time for 14th of February so in 27:05.740 --> 27:10.460 the podcast we also give people here the opportunity to say thank you to to some others out there 27:11.260 --> 27:16.380 is there anyone out there whom you would like to thank for their work on free software I think it's 27:16.380 --> 27:22.140 always hard to single out individuals I think it's really hard I would like to thank everyone who 27:22.140 --> 27:28.620 has ever dedicated time to free software I think it's a very important movement particularly let's 27:28.620 --> 27:33.260 say I would like without naming anyone in specific or without thinking about any specific project but 27:33.260 --> 27:42.780 I would extend my thanks to projects in very exotic niche areas you know not doing what 99.9 27:42.780 --> 27:47.980 percent of the other developers do but those people who go into other areas and into other technologies 27:47.980 --> 27:54.620 that are not so well understood and that are not so popular let's say maybe some of the areas 27:54.620 --> 28:01.500 that I have personally experienced I think in technology in general anything that goes away 28:01.500 --> 28:05.900 from the web and anything that goes away from the internet technology is severely underrepresented 28:05.900 --> 28:12.060 in free software I mean one area that I looked into very earlier on was I think in around 2005 28:12.060 --> 28:17.660 was of us RFID and protocols related to that will be created some free software around RFID 28:18.300 --> 28:22.940 that's mostly obsolete because there are many more free software projects by now but any kind of 28:22.940 --> 28:29.020 communication system for I mean it's that sort of been my area but yes cellular communications at 28:29.020 --> 28:35.820 least back then when I started in 2008 there was no free software at all in an area that spans you 28:35.820 --> 28:41.100 know probably hundreds of thousands of pages of publicly available documentation in terms of 28:41.100 --> 28:46.780 specification of those protocols but nobody implemented any free software in that area and you 28:46.780 --> 28:54.060 can find many other technologies whether it's let's say in the automotive industry or whether in 28:54.060 --> 28:59.820 the automation industry where I think there are many systems but also now we talk about all this 29:01.260 --> 29:07.740 IoT systems I don't like the term but there are many protocols and many systems for example 29:07.740 --> 29:12.780 that communicate different elements in smart homes how they communicate with each other based on 29:12.780 --> 29:19.500 proprietary protocols based on undocumented systems understanding them creating systems that 29:19.500 --> 29:25.260 don't rely on the cloud but they keep the communication local for example I would say particularly 29:25.260 --> 29:32.380 in the area that is closer to the physical layer and closer to electrical engineering I think 29:32.380 --> 29:37.100 there's a lot of free software missing okay thank you Harald this was the third episode of 29:37.100 --> 29:41.100 the software Freedom Podcast if you liked this episode please recommend it to your friends and 29:41.100 --> 29:47.260 rated also subscribe to make sure you will get the next episode this podcast is presented to you 29:47.260 --> 29:52.540 by the free software foundation europe we are a charity that works on promoting software freedom 29:52.540 --> 29:57.340 if you like our work please consider supporting us with a donation you find more information on 29:57.340 --> 30:11.180 my.fsv.org slash donate thank you very much and looking forward to our next episode