We are intervening in the Apple vs.EC litigation. Become a proud supporter of the FSFE and join us in defending software freedom from monopoly control!

Transcript of SFP#3 about Free Software in the mobile phone communication with Harald Welte

Back to the episode SFP#3

This is a transcript created with the Free Software tool Whisper. For more information and feedback reach out to podcast@fsfe.org

WEBVTT

00:00.000 --> 00:18.300
Welcome to the third episode of the Software Freedom Podcast.

00:18.300 --> 00:22.180
This podcast is presented to you by the Free Software Foundation Europe, where a charity

00:22.180 --> 00:24.580
that empowers users to control technology.

00:24.580 --> 00:27.980
I'm Matthias Kirschner, I'm the President of the Free Software Foundation Europe and

00:27.980 --> 00:30.780
I'm doing this podcast with Bonnie Merring, our current intern.

00:30.780 --> 00:33.460
Hello, our guest for today is Harald Welter.

00:33.460 --> 00:37.320
Harald is a free software activist and he is involved in many projects.

00:37.320 --> 00:41.420
He was a free software developer for the Netfilter IP tables on the Linux system and involved

00:41.420 --> 00:45.860
in OpenMoco, a project which is delivering mobile phones with free software stack.

00:45.860 --> 00:50.060
And for transparency we want to mention that he also co-funded the company CISMOCOM Game

00:50.060 --> 00:53.180
Baha, which is the donor of the FSFE.

00:53.180 --> 00:58.780
Harald is also the person behind GPL violations.org and together with him the FSFE worked

00:58.780 --> 01:04.780
on many legal topics before and today we talk with Harald about free software in the

01:04.780 --> 01:06.580
infrastructure of mobile networks.

01:06.580 --> 01:11.980
I'm confident we will also talk about some legal topics in the future, but first of all

01:11.980 --> 01:12.980
welcome Harald.

01:12.980 --> 01:14.580
Thank you very much.

01:14.580 --> 01:20.460
Before we dive into the world of mobile networks, can you tell us a bit how you got involved

01:20.460 --> 01:22.460
in free software in the first place?

01:22.460 --> 01:24.260
Ah, that's a long time ago.

01:24.260 --> 01:32.380
I have to think, I think at the time we are in the year about 94 I would say.

01:32.380 --> 01:39.700
I was very fascinated by networking technology and networking at that time in something like

01:39.700 --> 01:48.740
Coaxial Ethernet and things like that and analog modems and ISDN cards and so on and I was

01:48.740 --> 01:56.180
using an open source but on DOS, basically an open source, DOS-based network operating

01:56.180 --> 02:02.620
system called KA9Q NOS that was written by Phil Karn, a pretty famous person also in

02:02.620 --> 02:05.580
the context of mobile telephony.

02:05.580 --> 02:13.460
He works at Qualcomm until today and at some point somebody in a non-for-profit association

02:13.460 --> 02:18.500
that I was involved back then called Communications Netzfranken EFOW, which was a member of the

02:18.500 --> 02:24.820
individual network EFOW, which was an entity caring about internet connectivity for individuals

02:24.820 --> 02:28.420
without any academic or whatever background because it was difficult at the time.

02:28.420 --> 02:34.220
So somebody there said, oh, there is this Linux thing and then I think I tried half a year

02:34.220 --> 02:40.940
or so installing it and it just wouldn't install on my PC because I had an IDE controller

02:40.940 --> 02:46.460
and the wood disk was for Scasi and then finally after that was resolved, I think I never

02:46.460 --> 02:53.900
looked back so that's sort of the way how I went it to free software and Linux both.

02:53.900 --> 02:54.900
Very technical.

02:54.900 --> 02:57.980
Well, let's keep it technical.

02:57.980 --> 03:03.820
I found that you were doing a talk on the 25th CCC Congress about the anatomy of smartphone

03:03.820 --> 03:04.820
hardware.

03:04.820 --> 03:08.660
Could you give us a short overview of what smartphones are?

03:08.660 --> 03:14.820
Yeah, so of course this is 13 years ago so the architecture may have changed a few

03:14.820 --> 03:22.100
while, but fundamentally we still find in smartphones today at least two major, let's

03:22.100 --> 03:23.860
say, computing systems.

03:23.860 --> 03:29.620
One of them, it's called the application processor, which is the one which runs your Android

03:29.620 --> 03:34.100
or iOS or whatever the operating system that the user interacts with.

03:34.100 --> 03:37.700
And there's another computing system which let's call it the baseband processor, which

03:37.700 --> 03:43.780
runs the actual software that relates to the interface to the cellular networks, whether

03:43.780 --> 03:48.100
it's GSM or 3G or 5G in the future or whatever.

03:48.100 --> 03:54.700
And then there's various differences on how closely these two computer domain, let's say,

03:54.700 --> 04:00.220
interact and that has implications of who controls whom and who sort of owns the phone in

04:00.220 --> 04:03.620
the end or then again has security implications and so on.

04:03.620 --> 04:07.620
But I think that's sort of the, if you want to have a very high level overview then have

04:07.620 --> 04:12.340
to be aware that there are these two different subsystems and that the application processor

04:12.340 --> 04:17.860
which runs all the apps and which the user interacts with is basically just a very,

04:17.860 --> 04:22.460
like the front end on top and it doesn't really deal with the cellular network.

04:22.460 --> 04:28.260
So when we leave the phone and then there's the rest of the, of the infrastructure of the

04:28.260 --> 04:33.180
mobile network, can you briefly explain like from a hardware point of view how that looks

04:33.180 --> 04:34.180
like?

04:34.180 --> 04:35.180
Sure.

04:35.180 --> 04:38.380
So first of all, if you look at the network side what most people are familiar with of

04:38.380 --> 04:39.620
course are the antennas.

04:39.620 --> 04:44.740
So you'll see some antenna on a roof or on some kind of other physical structure.

04:44.740 --> 04:49.980
And next to those antennas you have what's called the base station hardware, there's different

04:49.980 --> 04:53.660
technical terms for depending on which technology which doesn't matter.

04:53.660 --> 04:58.740
But in the end you have some device which does the modulation and demodulation of the radio

04:58.740 --> 05:03.460
frequencies and which converts it into some kind of wired interface.

05:03.460 --> 05:08.300
And that's this wired interface which is called the back hall which gets these signals

05:08.300 --> 05:13.780
from wherever the antenna might be located to a more central location in the network where

05:13.780 --> 05:20.060
then you have other network elements which are generally referred to as the core network.

05:20.060 --> 05:25.020
And the core network itself then contains various different logical elements which also

05:25.020 --> 05:29.940
are often not different physical elements like let's say a central subscriber database

05:29.940 --> 05:36.420
that knows which subscribers exist in this network or not or some kind of tunnel endpoint

05:36.420 --> 05:42.340
where your IP connectivity leaves towards the internet because basically your IP data

05:42.340 --> 05:49.820
on the phone gets encapsulated in this many, many different protocol layers of cellular

05:49.820 --> 05:50.820
technology.

05:50.820 --> 05:55.940
And then it creates a tunnel through the mobile network and at some point there is a tunnel

05:55.940 --> 06:00.540
endpoint where the IP data is decapsulated and it leaves to the public internet or most

06:00.540 --> 06:02.820
of the cases at least the public internet.

06:02.820 --> 06:06.940
Regarding mobile phones you not only know about the hardware back around, you also work

06:06.940 --> 06:08.540
with the Osmocom project.

06:08.540 --> 06:13.260
A project covering different topics concerning the free software mobile communications.

06:13.260 --> 06:14.260
What does this include?

06:14.260 --> 06:16.100
Could you give us a brief overview?

06:16.100 --> 06:18.980
So it's a very wide project.

06:18.980 --> 06:23.380
Today I think we have more than a hundred kit repositories or so with lots of different

06:23.380 --> 06:25.020
projects in different areas.

06:25.020 --> 06:30.780
The main focus area is the cellular telephone systems as people know it so that's basically

06:30.780 --> 06:40.580
the GSM, GPS, the UMDS or 3G networks, LTE and related topics but we also cover other

06:40.580 --> 06:46.100
more exotic mobile communication standards for example the tetra system which is used

06:46.100 --> 06:52.100
in emergency communications and police radio or in Europe or OP25 which is the same used

06:52.100 --> 06:56.340
in the US or satellite telephony systems and so on.

06:56.340 --> 07:03.180
So basically it all got started by a bunch of people who were into free software and communication

07:03.180 --> 07:08.300
protocols and radio systems and whenever there's some interesting system out there somebody

07:08.300 --> 07:12.300
finds some time they look into it and create some free software around it.

07:12.300 --> 07:15.580
What is the status of free software in this different areas?

07:16.060 --> 07:22.140
Well as I said the main focus is the what let's say the commercial cellular telephony area

07:22.140 --> 07:27.820
and in that focus the software is most mature though all these other areas are more exploratory

07:27.820 --> 07:34.780
and more experimental but in the commercial cellular telephony system area so that's basically

07:34.780 --> 07:41.420
the 2G, 3G, 4G stuff that people are using today there is quite a lot of I would also say

07:41.500 --> 07:47.900
rather solid free software now. The focus in the project though is mostly on the network side

07:47.900 --> 07:53.820
so our main focus is not to create an open source phone or something like that but an open

07:53.820 --> 08:00.380
source network side implementation which people then can use let's say in smaller private installations

08:00.380 --> 08:05.740
or in rural communications or in whatever kind of niche use cases.

08:05.740 --> 08:07.980
Why are people using OsmoCom there?

08:07.980 --> 08:13.900
I think there is depends a bit on the user group so we have I think two main motivations one

08:13.900 --> 08:19.420
is if you're doing any kind of research whether it's security related or not but some kind of

08:19.420 --> 08:24.060
research in that area of course it's very nice that you can modify all parts of the system

08:24.060 --> 08:28.700
since it's free software you can you know change every aspect for it and then write a paper

08:28.700 --> 08:32.300
about how more efficient it is if you change this button here or whatever.

08:32.300 --> 08:39.580
The other area is mostly people who normally would not have access to cellular technology because

08:39.580 --> 08:46.780
the traditional technology that is sold by the large vendors of equipment like Ericsson

08:46.780 --> 08:52.940
like Huawei and so on that's relatively hard to get your hands on in terms of buying it even

08:52.940 --> 08:58.860
if you have the money they are used to selling to large multinational corporations operators

08:58.940 --> 09:04.700
and let's say I mean just take the example how many universities in Germany have a cellular network

09:05.580 --> 09:10.540
on their premises not of course for operating but for teaching and for doing you know

09:10.540 --> 09:15.020
practical exercises with students in their topics there's not so many of them I think there's

09:15.020 --> 09:20.300
like three or four or so so it's very hard to access and with free software of course that change

09:20.300 --> 09:27.340
is completely because everyone can use it. I remember that you once spent quite a while on

09:27.420 --> 09:35.820
container ships how is that related with cellular networks. In general if you are on board of vessels

09:35.820 --> 09:42.220
at high C of course you don't have cellular coverage anymore so on land we are used to at least

09:42.220 --> 09:47.980
in western countries that most areas are covered with some form of cellular communication even

09:47.980 --> 09:54.060
if it's the oldest technology 2G these days but as soon as you leave off the coast to the ocean

09:54.140 --> 09:59.260
of course you don't have base stations anymore and you lose cellular signal and now whether it's

09:59.260 --> 10:04.860
for the communication of the crew on board or whether it's for some kind of container monitoring

10:04.860 --> 10:10.060
or other say IOTs how people would call it today for me it's still machine-to-machine communication

10:10.060 --> 10:15.260
so in that area if you want some coverage on board you basically have to run your own network

10:15.260 --> 10:20.700
or at least parts of a network on board and that's one of the niche areas in which Osmocom is

10:20.700 --> 10:27.340
deployed quite heavily also on cruise ships and ferries and these kinds of vessels so you already

10:27.340 --> 10:33.740
mentioned 2G just to get the basics out for everyone what is the difference between 2G 3G 4G

10:33.740 --> 10:41.820
which is LTE and 5G well so in general the numbers indicate technology generations all right so

10:41.820 --> 10:48.700
2G is the second generation and 3G is the third generation and so on so it's a technological

10:48.780 --> 10:54.220
generation of a given technology and there are differences there couldn't be more fundamental

10:54.220 --> 10:58.140
between some of those systems so I mean they have in common that they are used for cellular

10:58.140 --> 11:04.860
networks but stops sort of there in some cases and in terms of free software of course older

11:04.860 --> 11:11.180
technologies that have been around longer have more complete implementations in in terms of free

11:11.180 --> 11:17.340
software so for if you want to run a 2G network today you basically have a fully featured

11:17.340 --> 11:22.780
implementation in Osmocom but if you want to run a 5G network you have nothing in Osmocom but

11:22.780 --> 11:27.900
there are some other free software projects working in that field but it's all rather early stage

11:27.900 --> 11:35.260
development I would say more experimental and research. Does 4G like LTE work with Osmocom?

11:36.460 --> 11:45.580
Osmocom doesn't itself have a lot of 4G related code we mostly implement 2G and 3G plus the

11:45.580 --> 11:49.980
interfaces to interface with 4G networks and then there are other free software projects that

11:49.980 --> 11:55.340
implement 4G there is a project called SRS LTE which implements mostly the radio side to the

11:55.340 --> 12:02.060
base station and there is another project called next EPC which is implementing the core network

12:02.060 --> 12:06.380
they're so called EPC the evolved packet core which is the core component of the 4G network

12:06.380 --> 12:11.500
and you can basically combine these three together and then you have a 2G 3G and 4G network

12:11.580 --> 12:16.540
running on free software and that's for example what we did at the case communication camp this summer

12:17.340 --> 12:26.060
if I would be on a lowly island and I would like to have some network there to communicate with

12:26.060 --> 12:30.860
the other person who is on the on the island what would I need to set this up with free software?

12:31.740 --> 12:36.700
You need some kind of radio hardware of course since you want to talk radio that could be

12:37.500 --> 12:42.940
a software-defined radio how it's called it's basically a rather generic hardware device which

12:43.500 --> 12:50.460
allows you to generate virtually any kind of radio waveform and or receive that and the entire

12:50.460 --> 12:54.860
implementation of this radio waveform is then done in software why it's called software-defined

12:54.860 --> 13:02.460
radio and with such a device and sufficient computing power in terms of a high-performance PC for

13:02.460 --> 13:06.380
example and the open source software you can then set up such a network that's sort of the

13:06.380 --> 13:11.260
absolute minimum configuration and then of course reality comes and then you want to deploy

13:11.260 --> 13:16.380
that on a remote island you have to think of what of these lightning strikes are happening and

13:16.380 --> 13:21.580
how to protect my equipment from the environment and what about temperature and heat dissipation

13:21.580 --> 13:26.780
and so on and so on but those are not free software specific topics I mean that's just the real world

13:26.860 --> 13:35.420
out there yeah maybe I find another solution for the island once you stated we shouldn't trust

13:35.420 --> 13:40.700
mobile networks more than the internet what do you mean by that and what will be better with Osmo

13:40.700 --> 13:46.700
Com well this question of not trusting mobile networks more than the internet I think

13:47.340 --> 13:51.820
was a long time ago but I think it was mostly in the context of people thinking that

13:51.900 --> 13:56.540
sending transaction numbers for banking over SMS is somehow more secure than sending more

13:56.540 --> 14:01.900
the internet is sort of a very weird idea and it particularly wasn't even more weird idea back

14:01.900 --> 14:07.340
then when the statement was made where basically we had decades of security research into IP and

14:07.340 --> 14:13.580
the internet technologies but in the cellular industry we basically had no almost nobody doing

14:13.580 --> 14:18.460
any kind of penetration testing or active you know red team testing or anything like that in terms

14:18.460 --> 14:27.340
of ID security what would be better with free software in those networks of course is that if

14:27.340 --> 14:32.940
the source code for a given technology in particular it's a critical infrastructure as many people

14:32.940 --> 14:38.220
consider mobile networks these days it could be audited and many people can have a look and can

14:38.220 --> 14:45.260
understand and can possibly point out problems or back doors or whatever that might be there or

14:45.260 --> 14:51.180
whatever kind of security problems and it would make a technology more accessible I'm speaking

14:51.180 --> 14:57.500
in terms of wood because in terms of actual deployed networks public deployed networks Osmo Com is

14:57.500 --> 15:05.020
used very little I mean unless you live on let's say indigenous community in Wahaka in Mexico or

15:05.020 --> 15:10.300
you work on a cruise ship or something like that then it's unlikely that your network actually

15:10.300 --> 15:16.860
will be running Osmo Com because the commercial large operators don't use it or at least only

15:16.860 --> 15:22.940
very small components of it you also mentioned before that briefly emergency communication what do

15:22.940 --> 15:29.260
you think in general about handling more emergency communication on mobile networks there's nothing

15:29.260 --> 15:36.300
wrong with emergency communication and I think we have to distinguish between the classic emergency

15:36.380 --> 15:42.060
calls in a sense that you know you have you in a traffic accident and you want to call for some help

15:42.060 --> 15:47.100
or you know you subject of a robbery or a burglary or whatever and you call some help and

15:48.380 --> 15:52.620
mobile technology and cellular technologies from the very beginning always had explicit support

15:52.620 --> 15:58.460
for having highest priority emergency calls and for making sure that even other calls get kicked

15:58.460 --> 16:05.660
out and emergency calls basically always work and so that is the same until today in the more

16:05.660 --> 16:12.460
modern technologies what is a different subject is communication of the emergency services themselves

16:12.460 --> 16:18.860
and that's something that's more of a current topic where until now all the emergency services

16:18.860 --> 16:23.900
whether it's firefighters police and so on they have a separate physical infrastructure with

16:23.900 --> 16:29.820
separate devices separate technologies on separate frequency bands which is a very old

16:29.820 --> 16:35.100
fashion but also an extremely reliable approach at the problem where you have infrastructure that's

16:35.100 --> 16:41.180
owned by the government that's operated by the government that's dedicated so no matter what

16:41.180 --> 16:46.780
happens on the business side of some company or what happens to whatever aspect it is a public

16:46.780 --> 16:53.100
service for first responders and there's a lot of communication in recent years particularly by

16:53.100 --> 17:00.460
the cellular operators to basically virtualize that and move emergency services onto the existing

17:01.340 --> 17:07.980
commercial public telephony networks which I find not surprisingly very questionable but

17:07.980 --> 17:14.540
I think it looks like it's the trend you know ever we live in in interesting times where

17:14.540 --> 17:19.340
everybody thinks it's the best idea to put their data into other people's computers in the cloud

17:19.340 --> 17:24.860
and people think it's a good idea to move public emergency services on top of works that

17:25.580 --> 17:31.180
for the general public so your advice would be to keep some of those old walkie talkies in case

17:31.180 --> 17:37.580
you need them well it doesn't necessarily have to be old walkie talkies but separate infrastructure

17:37.580 --> 17:42.780
on separate frequencies makes a lot of sense I'm not saying it necessarily has to be the type of

17:42.780 --> 17:49.740
technology that's in use today where tetra what is used is very well engineered highly robust

17:49.740 --> 17:55.020
very secure but the problem is it's also very exotic which makes the devices very expensive

17:55.020 --> 18:01.260
and everything around it so it's questionable I mean yes for military or for police that makes

18:01.260 --> 18:07.020
sense but for let's say emergency services or firefighters do we really need that kind of

18:07.020 --> 18:15.260
expensive super secure technology but is that fundamentally having physically different resources

18:15.340 --> 18:21.340
than the normal commercial networks that everybody uses for their less relevant communications

18:21.340 --> 18:27.580
makes sense just to cover the basics what are the programs you see when emergency communication

18:27.580 --> 18:32.380
is handled over the public mobile phone infrastructure but first of all you have of course

18:32.380 --> 18:37.820
the question of prioritization can the existing technology that has not been specifically

18:37.820 --> 18:43.180
designed for that really make sure that the emergency services will always get the preferential

18:43.180 --> 18:47.820
treatment that they deserve even in extreme situations where let's say you have tens of

18:47.820 --> 18:52.700
thousands of other phones trying to everybody there's some some kind of emergency everybody tries

18:52.700 --> 18:58.060
to make calls and so on so that's technically solvable but at least I would say it has not been

18:58.060 --> 19:05.420
a focus of the development of the existing equipment that we have today and another problem

19:05.420 --> 19:11.580
I find less is less related to using the same network or the same technology but more to the fact

19:11.580 --> 19:18.540
that it's in terms of reliability and service levels because mobile telephony operators

19:18.540 --> 19:25.260
private companies they are motivated by profit of course that's just normal but then it also means

19:25.260 --> 19:30.940
they don't have an interest in providing services let's say after blackout of the electrical grit

19:30.940 --> 19:36.780
for more than a very short amount of time we had this infamous power outage in Copenhagen Berlin

19:36.780 --> 19:42.780
a year ago or some some time ago and all mobile telephony networks were gone two hours after the

19:42.780 --> 19:49.020
power cut I think even the government or the administration tried to motivate mobile operators

19:49.020 --> 19:53.340
to put up some temporary base stations because it was clear that it would take you know longer

19:53.340 --> 19:58.140
I don't know how many hours it was I think it was more than 48 hours in total and they just wouldn't

19:58.140 --> 20:04.460
do it I mean why would they it's not you know it's not in their profit interest to create emergency

20:04.460 --> 20:09.180
communication services that nobody pays extra for so it's I think there's a conflict of interest

20:09.180 --> 20:14.060
there and it's not you know it's not something that these companies should be blamed for it's

20:14.060 --> 20:19.420
just normal you know their motivation is not to provide an emergency system for keeping

20:19.420 --> 20:25.020
emergency services and public services in case of catastrophes but it's to create the highest profit

20:25.020 --> 20:32.380
for the shareholder in during this year there was a lot of discussion about the usage of who

20:32.380 --> 20:39.420
are wise technology for the 5G networks and the US said that they will not use it

20:40.460 --> 20:44.780
for themselves and they're also trying to convince other governments that they should not use

20:44.780 --> 20:51.580
who are wise technology do you think that European countries should not use who are wise

20:52.220 --> 20:59.420
5G technology to to build this networks because it would be too dangerous for for Europe

21:00.380 --> 21:07.420
it depends a bit on the motivation and the the reasons behind it so in general of course

21:08.300 --> 21:15.420
with any kind of proprietary software in these networks it means that nobody really knows what

21:15.420 --> 21:21.020
happens in these devices nobody can audit it nobody can inspect it nobody can really analyze it

21:21.020 --> 21:27.100
at least not to the level that would be needed except those manufacturers and that doesn't matter

21:27.100 --> 21:33.420
whether it's Nokia or Huawei or Ericsson or whatever device unless these entities would have

21:33.420 --> 21:39.260
open source software in their devices which today they don't so that's not a specific argument

21:39.260 --> 21:44.540
against Huawei but it's an argument against having proprietary software in such devices

21:45.340 --> 21:51.820
the second discussion is whether this is really a security concern or whether it's economic

21:51.820 --> 21:58.060
protection so from a security point of view yes of course it's sort of easy to say oh this is

21:58.060 --> 22:02.380
a Chinese company and the Chinese government can basically mandate them to do whatever

22:02.860 --> 22:06.380
but then you have the same situation if you put a Cisco switch in your network where

22:06.380 --> 22:11.980
or a Cisco VPN gateway then you say oh yeah but you know with everything we know from the last

22:11.980 --> 22:17.740
decade of leaks and so on the amount of control that American governments and agencies have over

22:17.740 --> 22:23.500
mandating things to be done by manufacturers again it's an argument against proprietary

22:23.500 --> 22:29.180
technology from different jurisdictions but not against Huawei in specific so if you want to follow

22:29.180 --> 22:36.220
that line of argument in the first place and finally of course it's a question of whether or not

22:36.220 --> 22:44.300
it's an economic or let's say a general discussion whether Europe should become very dependent on

22:44.380 --> 22:50.780
other regions or other countries in terms of essential infrastructure I mean it's it is an

22:50.780 --> 22:57.660
interesting discussion to be had whether it makes sense on a political or you know economic or

22:57.660 --> 23:05.420
whatever level to sort of ensure that European companies also develop the latest technologies

23:05.420 --> 23:10.300
and so on or whether we leave that to other countries and buy it from there but that's I mean

23:10.300 --> 23:15.260
that's a political discussion and a strategic discussion that needs to be happening but I think

23:15.260 --> 23:21.660
with an open discussion in a sense that an honest discussion and not say oh you know this is

23:21.660 --> 23:26.140
there could be back doors in equipment from China and so on and so on but I mean the discussion

23:26.140 --> 23:31.180
should be and I think that would be the more honest discussion about whether or not in such a key

23:31.180 --> 23:38.860
infrastructure area the European governments should mandate by regulation or by subsidization

23:38.940 --> 23:42.700
basically subsidize a European industry there and that says that there's a political discussion

23:42.700 --> 23:48.220
and you can have different views on it but it should be about that and not some kind of fake

23:48.220 --> 23:54.220
arguments when you say that if they would use free software there it would be more transparent

23:54.220 --> 24:00.540
do you think that free software alone in this infrastructure would be enough to make sure that

24:00.540 --> 24:05.740
this stack there is transparent and can be controlled by the governments

24:06.220 --> 24:14.540
well I think it's not enough to create trust but it's one mandatory step in order to create

24:14.540 --> 24:21.820
trusted technology so if let's say free software would be used on such devices whether or not

24:21.820 --> 24:27.500
which particular area and what particular technology of course the first question is well how

24:27.500 --> 24:32.620
can I validate that this exact source code that is produced somewhere matches exactly what's running

24:32.620 --> 24:38.780
on the device so I also have to be able to compile that and actually took into executable code and

24:38.780 --> 24:43.900
to verify that the executable code that I'm running corresponds to that source code so the free

24:43.900 --> 24:49.260
software then also somebody actually needs to care to read that source code right it's not sufficient

24:49.260 --> 24:53.980
that it's out there somewhere and everybody trusts that oh yes somebody will have had a look at it

24:53.980 --> 24:58.300
and we're not talking about small basis of code right I mean we're talking of about millions and

24:58.300 --> 25:03.420
millions and millions and millions of lines of code maybe sometimes even in obscure languages

25:03.420 --> 25:09.020
or using an infrastructure that is not so commonly understood in terms of libraries and tools

25:09.020 --> 25:17.740
and so on so that's a second aspect and only if those different parts come together so people

25:17.740 --> 25:23.180
with time and or resources to really have a look at it and the source code and some method of

25:23.180 --> 25:27.340
validation that this is actually the code that's running there only then you can create a trust

25:27.340 --> 25:32.460
work system in terms of free software and mobile communication do you think there will be more or

25:32.460 --> 25:40.860
less free software in the future I think there will be more because less is hardly possible so that's

25:40.860 --> 25:47.340
a rather interesting or easy question and response to that I think though we will not see free

25:47.340 --> 25:55.500
software as a means of building trust or of having trustworthy technology we see it because some of

25:55.500 --> 26:01.740
the underlying infrastructure in those networks changes so cellular systems have for decades

26:01.740 --> 26:09.820
always been sort of in their own niche environment creating their entirely own planet of protocols

26:09.820 --> 26:16.060
and encodings and things like that and at least in the core network this is changing significantly

26:16.060 --> 26:23.100
with 5G when our suddenly HTTP is used between core network elements and we have restful services

26:23.100 --> 26:28.700
specified in open API and so on so there is some technological migration happening on the

26:28.700 --> 26:34.380
standardization area that uses more common from the internet point of view or from the rest of the

26:34.380 --> 26:39.820
world point of view more common technologies as parts of the infrastructure which means that some

26:39.820 --> 26:45.660
of the existing free software from other areas can be used and that alone will increase the free software

26:45.660 --> 26:52.940
used in cellular technology I'm coming to the last question already on 14th of February we always

26:52.940 --> 26:58.380
celebrate the I love free software day because we think that we need more people saying thank you

26:58.380 --> 27:05.740
to others in our community and well we don't want to wait all the time for 14th of February so in

27:05.740 --> 27:10.460
the podcast we also give people here the opportunity to say thank you to to some others out there

27:11.260 --> 27:16.380
is there anyone out there whom you would like to thank for their work on free software I think it's

27:16.380 --> 27:22.140
always hard to single out individuals I think it's really hard I would like to thank everyone who

27:22.140 --> 27:28.620
has ever dedicated time to free software I think it's a very important movement particularly let's

27:28.620 --> 27:33.260
say I would like without naming anyone in specific or without thinking about any specific project but

27:33.260 --> 27:42.780
I would extend my thanks to projects in very exotic niche areas you know not doing what 99.9

27:42.780 --> 27:47.980
percent of the other developers do but those people who go into other areas and into other technologies

27:47.980 --> 27:54.620
that are not so well understood and that are not so popular let's say maybe some of the areas

27:54.620 --> 28:01.500
that I have personally experienced I think in technology in general anything that goes away

28:01.500 --> 28:05.900
from the web and anything that goes away from the internet technology is severely underrepresented

28:05.900 --> 28:12.060
in free software I mean one area that I looked into very earlier on was I think in around 2005

28:12.060 --> 28:17.660
was of us RFID and protocols related to that will be created some free software around RFID

28:18.300 --> 28:22.940
that's mostly obsolete because there are many more free software projects by now but any kind of

28:22.940 --> 28:29.020
communication system for I mean it's that sort of been my area but yes cellular communications at

28:29.020 --> 28:35.820
least back then when I started in 2008 there was no free software at all in an area that spans you

28:35.820 --> 28:41.100
know probably hundreds of thousands of pages of publicly available documentation in terms of

28:41.100 --> 28:46.780
specification of those protocols but nobody implemented any free software in that area and you

28:46.780 --> 28:54.060
can find many other technologies whether it's let's say in the automotive industry or whether in

28:54.060 --> 28:59.820
the automation industry where I think there are many systems but also now we talk about all this

29:01.260 --> 29:07.740
IoT systems I don't like the term but there are many protocols and many systems for example

29:07.740 --> 29:12.780
that communicate different elements in smart homes how they communicate with each other based on

29:12.780 --> 29:19.500
proprietary protocols based on undocumented systems understanding them creating systems that

29:19.500 --> 29:25.260
don't rely on the cloud but they keep the communication local for example I would say particularly

29:25.260 --> 29:32.380
in the area that is closer to the physical layer and closer to electrical engineering I think

29:32.380 --> 29:37.100
there's a lot of free software missing okay thank you Harald this was the third episode of

29:37.100 --> 29:41.100
the software Freedom Podcast if you liked this episode please recommend it to your friends and

29:41.100 --> 29:47.260
rated also subscribe to make sure you will get the next episode this podcast is presented to you

29:47.260 --> 29:52.540
by the free software foundation europe we are a charity that works on promoting software freedom

29:52.540 --> 29:57.340
if you like our work please consider supporting us with a donation you find more information on

29:57.340 --> 30:11.180
my.fsv.org slash donate thank you very much and looking forward to our next episode

Back to the episode SFP#3