As I just wrote in my post about TelcoSecDay, I sometimes
worry about the choices I made with Osmocom, particularly when I see
all the great stuff people doing in fields that I previously was working
in, such as applied IT security as well as Linux Kernel development.
When people like Dieter, Holger and I started to play with what later
became OpenBSC, it was just for fun. A challenge to master. A closed
world to break open and which to attack with the tools, the mindset and
the values that we brought with us.
Later, Holger and I started to do freelance development for commercial
users of Osmocom (initially basically only OpenBSC, but then OsmoSGSN,
OsmoBSC, OsmoBTS, OsmoPCU and all the other bits on the infrastructure
side). This lead to the creation of sysmocom in 2011, and ever since we
are trying to use revenue from hardware sales as well as development
contracts to subsidize and grow the Osmocom projects. We're investing
most of our earnings directly into more staff that in turn works on
Osmocom related projects.
It's important to draw the distinction betewen the Osmocom cellular
which are mostly driven by commercial users and sysmocom these days,
and all the many other pure juts-for-fun community projects under
the Osmocom umbrella, like OsmocomTETRA, OsmocomGMR, rtl-sdr, etc.
I'm focussing only on the cellular infrastructure projects, as they
are in the center of my life during the past 6+ years.
In order to do this, I basically gave up my previous career[s] in IT
security and Linux kernel development (as well as put things like
gpl-violations.org on hold). This is a big price to pay for crating
more FOSS in the mobile communications world, and sometimes I'm a bit
melancholic about the "old days" before.
Financial wealth is clearly not my primary motivation, but let me be
honest: I could have easily earned a shitload of money continuing to do
freelance Linux kernel development, IT security or related consulting.
There's a lot of demand for related skills, particularly with some
experience and reputation attached. But I decided against it, and
worked several years without a salary (or almost none) on Osmocom
related stuff [as did Holger].
But then, even with all the sacrifices made, and the amount of revenue
we can direct from sysmocom into Osmocom development: The complexity of
cellular infrastructure vs. the amount of funding and resources is always
only a fraction of what one would normally want to have to do a proper
implementation. So it's constant resource shortage, combined with lots
of unpaid work on those areas that are on the immediate short-term
feature list of customers, and that nobody else in the community feels
like he wants to work on. And that can be a bit frustrating at times.
Is it worth it?
So after 7 years of OpenBSC, OsmocomBB and all the related projects, I'm
sometimes asking myself whether it has been worth the effort, and
whether it was the right choice.
It was right from the point that cellular technology is still an area
that's obscure and unknown to many, and that has very little FOSS
(though Improving!). At the same time, cellular networks are becoming
more and more essential to many users and applications. So on an
abstract level, I think that every step in the direction of FOSS for
cellular is as urgently needed as before, and we have had quite some
success in implementing many different protocols and network elements.
Unfortunately, in most cases incompletely, as the amount of funding
and/or resources were always extremely limited.
On the other hand, when it comes to metrics such as personal
satisfaction or professional pride, I'm not very happy or satisfied.
The community remains small, the commercial interest remains limited,
and as opposed to the Linux world, most players have a complete lack of
understanding that FOSS is not a one-way road, but that it is important
for all stakeholders to contribute to the development in terms of
I think a collaborative development project (which to me is what FOSS is
about) is only then truly successful, if its success is not related to
a single individual, a single small group of individuals or a single
entity (company). And no matter how much I would like the above to be
the case, it is not true for the Osmocom cellular infrastructure
projects. Take away Holger and me, or take away sysmocom, and I think
it would be pretty much dead. And I don't think I'm exaggerating here.
This makes me sad, and after all these years, and after knowing quite a
number of commercial players using our software, I would have hoped that
the project rests on many more shoulders by now.
This is not to belittle the efforts of all the people contributing to
it, whether the team of developers at sysmocom, whether those in the
community that still work on it 'just for fun', or whether those
commercial users that contract sysmocom for some of the work we do.
Also, there are known and unknown donors/funders, like the NLnet
foundation for some parts of the work. Thanks to all of you, and
clearly we wouldn't be where we are now without all of that!
But I feel it's not sufficient for the overall scope, and it's not [yet]
sustainable at this point. We need more support from all sides,
particularly those not currently contributing. From vendors of BTSs and
related equipment that use Osmocom components. From operators that use
it. From individuals. From academia.
Yes, we're making progress. I'm happy about new developments like the
Iu and Iuh support, the OsmoHLR/VLR split and 2G/3G authentication that Neels just blogged about. And
there's progress on the SIMtrace2 firmware with card emulation and MITM,
just as well as there's progress on libosmo-sigtran (with a more
complete SUA, M3UA and connection-oriented SCCP stack), etc.
But there are too little people working on this, and those people are
mostly coming from one particular corner, while most of the [commercial]
users do not contribute the way you would expect them to contribute in
collaborative FOSS projects. You can argue that most people in the
Linux world also don't contribute, but then the large commercial
beneficiaries (like the chipset and hardware makers) mostly do, as are
the large commercial users.
All in all, I have the feeling that Osmocom is as important as it
ever was, but it's not grown up yet to really walk on its own feet. It
may be able to crawl, though ;)
So for now, don't panic. I'm not suffering from burn-out, mid-life
crisis and I don't plan on any big changes of where I put my energy: It
will continue to be Osmocom. But I also think we have to have a more
open discussion with everyone on how to move beyond the current
situation. There's no point in staying quiet about it, or to claim that
everything is fine the way it is. We need more commitment. Not from
the people already actively involved, but from those who are not [yet].
If that doesn't happen in the next let's say 1-2 years, I think it's
fair that I might seriously re-consider in which field and in which way
I'd like to dedicate my [I would think considerable] productive energy and