LaForge's home page (Posts about ccc)https://laforge.gnumonks.org/blog/tags/ccc.atom2022-06-21T07:49:55ZHarald WelteNikola36C3 Talks on SIM card technology / Mitel DECThttps://laforge.gnumonks.org/blog/20200105-36c3-talks/2020-01-05T00:00:00+01:002020-01-05T00:00:00+01:00Harald Welte<p>At <a class="reference external" href="https://events.ccc.de/congress/2019">36C3</a> in December 2019 I had
the pleasure of presenting: One full talk about <a class="reference external" href="https://media.ccc.de/v/36c3-10737-sim_card_technology_from_a-z">SIM card technology from A to Z</a>
and another talk where I presented together with eventphone team members
about <a class="reference external" href="https://media.ccc.de/v/36c3-10576-mifail_oder_mit_gigaset_ware_das_nicht_passiert">Security issues in the Mitel SIP-DECT system</a>.</p>
<p>The SIM card talk was surprisingly successful, both in terms of a full
audience on-site, as well as in terms of the number of viewers of the
recordings on media.ccc.de. SIM cards are a rather niche topic in the
wider IT industry, and my talk was not covering any vulnerabilities or
the like. Also, there was nothing novel in the talk: SIM cards have
been around for decades, and not much has changed (except maybe eSIM and
TLS) in recent years.</p>
<p>In any case, I'm of course happy that it was well received. So far I've
received lots of positive feedback.</p>
<p>As I'm working [more than] full time in cellular technology for almost
15 years now, it's sometimes hard to imagine what kind of topics people
might be interested in. If you have some kind of suggestion on what
kind of subject within my area of expertise you'd like me to talk about,
please don't hesitate to reach out.</p>
<p>The Mitel DECT talk also went quite well. I covered about 10 minutes of
technical details regarding the reverse engineering of the firmware and
the communication protocols of the device. Thanks again to <a class="reference external" href="http://mirider.com/">Dieter
Spaar</a> for helping with that. He is and remains
the best reverse engineer I have met, and it's always a privilege to
collaborate on any project. It was of course also nice to see what
kind of useful (and/or fun) things the eventphone team have built on
top of the knowledge that was gained by protocol-level reverse
engineering.</p>
<p>If you want to know more low-level technical detail than the 36C3 talk,
I recommend my <a class="reference external" href="https://media.ccc.de/v/osmodevcon2019-100-aastra-mitel-dect-base-station-dissection">earlier talk at the OsmoDevCon 2019 about Aastra/Mitel
DET base station dissection</a>.</p>
<p>If only I had more time, I would love to work on improving the lack of
Free / Open Source Software realted to the DECT protocol family.
There's the abandoned <a class="reference external" href="http://dedected.org/">deDECTed.org</a>, and the
equally abandoned <a class="reference external" href="http://dect.osmocom.org/">dect.osmocom.org</a>
project. The former only deals with the loewst levels of DECT
(PHY/MAC). The latter is to a large extent implemented as part of an
ancient version of the Linux kernel (I would say this should all run in
userspace, like we run all of GSM/UMTS/LTE in userspace today).</p>
<p>If anyone wants to help out, I still think working on the DECT DLC and
NWK dissectors for wireshark is the best way to start. It will create a
tool that's important for anyone working with the DECT protocols, and it
will be more or less a requirement for development and debugging should
anyone ever go further in terms of implementing those protocols on
either the PP or FP side. You can find my humble beginnings of the
related dissectors in the <a class="reference external" href="https://git.osmocom.org/wireshark/log/?h=laforge/dect">laforge/dect branch of osmocom.org/wireshark.git</a>.</p>Retronetworking / BBS-Revival setup at #36C3https://laforge.gnumonks.org/blog/20200105-36c3-retronetworking/2020-01-05T00:00:00+01:002020-01-05T00:00:00+01:00Harald Welte<p>After many years of being involved in various projects at the annual
Chaos Communication Congress (starting from the audio/vidoe recording
team at 15C3), I've finally also departed the GSM team, i.e. the people
who operate (Osmocom based) cellular networks at CCC events.</p>
<p>The <a class="reference external" href="https://events.ccc.de/camp/2019">CCC Camp</a> in August 2019 was
slightly different: Instead of helping an Osmocom based 2G/3G network, I
decided to put up a nextepc-based LTE network and make that use the
2G/3G HLR (osmo-hlr) via a newly-written <a class="reference external" href="http://git.osmocom.org/erlang/osmo_dia2gsup/">DIAMETER-to-GSUP proxy</a>. After lots of hacking
on that proxy and fixing various bugs in nextepc (see my
<a class="reference external" href="https://github.com/laf0rge/nextepc/tree/laforge/cccamp19">laforge/cccamp2019 branch here</a>)
this was working rather fine.</p>
<p>For <a class="reference external" href="https://events.ccc.de/congress/2019">36C3</a> in December 2019 I had
something different in mind: It was supposed to be the first actual
demo of the retronetworking / bbs-revival setup I've been working on
during past months. This setup in turn is sort-of a continuation of my
talk at 34C3 two years ago: <a class="reference external" href="https://media.ccc.de/v/34c3-9034-bbss_and_early_internet_access_in_the_1990ies">BBSs and early Intenet access in the 1990ies</a>.</p>
<p>Rather than just talking about it, I wanted to be able to show people
the real thing: Actual client PCs running (mainly) DOS, dialling over
analog modems and phone lines as well as ISDN-TAs and ISDN lines into
BBSs, together with early Interent access using SLIP and PPP over the
same dial-up lines.</p>
<p>The actual setup can be seen at the
<a class="reference external" href="http://osmocom.org/projects/retro-bbs/wiki/Dialup_Network_In_A_Box">Dialup Network In A Box</a>
wiki page, together with the
<a class="reference external" href="http://osmocom.org/projects/retro-bbs/wiki/36C3">36C3 specific</a> wiki
page.</p>
<p>What took most of the time was - interestingly - mainly two topics:</p>
<ol class="arabic simple">
<li><p>A 1U rack-mount system with four E1 ports. I had lots of old Sangoma
Quad-E1 cards in PCI form-factor available, but wanted to use a PC
with a more modern/faster CPU than those old first-generation Atom
boxes that still had actual PCI slots. Those new mainboards don't
have PCI but PCIe. There are plenty of PCIe to PCI bridges and
associated products on the market, which worked fine with virtually
any PCI card I could find, but not with the Sangoma AFT PCI cards I
wanted to use. Seconds to minutes after boot, the PCI-PCIe bridges
would always forget their secondary bus number. I suspected
excessive power consumption or glitches, but couldn't find anything
wrong when looking at the power rails with a scope. Adding
additional capacitors on every rail also didn't change it. The
!RESET line is also clean. It remains a mystery. I then finally
decided to but a new (expensive) DAHDI 4-port E1 PCIe card to move
ahead. What a waste of money if you have tons of other E1 cards
around.</p></li>
<li><p>Various trouble with FreeSWITCH. All I wanted/needed was some simple
emulation of a PSTN/ISDN switch, operating in NT mode towards both
the Livingston Portmaster 3 RAS and the Auerswald PBX. I would have
used <a class="reference external" href="http://linux-call-router.de/">lcr</a>, but it supports neither
DAHDI nor Sangoma, but only mISDN - and there are no mISDN cards with
four E1 ports :( So I decided to go for FreeSWITCH, knowing it has
had a long history of ISDN/PRI/E1 support. However, it was a big
disappointment. First, there were some segfaults due to a <a class="reference external" href="https://github.com/osmocom/freeswitch/commit/a341d58fbdf6b8bd7d1dd9509dc5319bee206168">classic pointer deref before NULL-check</a>.
Next, libpri and FreeSWITCH have a <a class="reference external" href="https://github.com/osmocom/freeswitch/commit/5621e2a5edbbeec910988eca9446186f19790ab8">different idea how channel (timeslot) numbers are structured</a>,
rendering any call attempt to fail. Finally, FreeSWITCH decided to
<a class="reference external" href="https://github.com/osmocom/freeswitch/commit/83f6bf5276cf70bb11b84615116b0e5cfc590b9d">blindly overwrite any bearer capabilities IE with 'speech'</a>,
even if an ISDN dialup call (unrestricted digital information) was
being handled. The FreeSWITCH documentation contains tons of
references on channel input/output variables related to that - but it
turns out their <a class="reference external" href="https://github.com/osmocom/freeswitch/commit/2cd558502671b9902e0ed05e52d6b5ff10ecbb59">libpri integration doesn't set any of those</a>,
nor use any of them on the outbound side.</p></li>
</ol>
<p>Anyway, after a lot more time than expected the setup was operational,
and we could establish modem calls as well as ISDN dialup calls between
the clients and the Portmaster3. The PM3 in turn then was configured to
forward the dialup sessions via telnet to a variety of BBSs around the
internet. Some exist still (or again) on the public internet.
Some others were explicitly (re)created by 36C3 participants for this
very BBS-Revival setup.</p>
<p>My personal favorite was finding <a class="reference external" href="http://blackflag.acid.org/acid-underworld-on-searchlight.html">ACiD Underworld 2.0</a>, one
of the few BBSs out there today who support RIPscrip, a protocol used to
render vector graphics, text and even mouse-clickable UI via modem
connection to a DOS/EGA client program called RIPterm. So we had one
RIPterm installation on Novell DOS7 that was just used for dialling into
ACiD Underworld 2.0.</p>
<p>Among other things we also tested interoperability between the 1980ies
CCC DIY accoustic coupler "Datenklo" and the Portmaster, and confirmed
that Windows 2000 could establish multilink-PPP not only over two
B-channels (128 kbps) but also over 3 B-Channels (192).</p>
<p>Running this setup for four days meant 36C3 was a quite different
experience than many previous CCC congresses:</p>
<ul class="simple">
<li><p>I was less stressed as I wasn't involved in operating a service that
many people would want to use (GSM).</p></li>
<li><p>I got engaged with many more people with whom I would normally not
have entered a conversation, as they were watching the exhibits/demos
and we got to chat about the technology involved and the 'good old
days'.</p></li>
</ul>
<p>So all in all, despite the <a class="reference external" href="https://twitter.com/LaF0rge/status/1210463996282884096">last minute FreeSWITCH-patching</a>,
it was a much more relaxing and rewarding experience for me.</p>
<p>Special thanks to</p>
<ul class="simple">
<li><p>Sylvain "tnt" Munaut for spending a lot of time with me at the
retronetworking assembly. The fact that I had an E1 interface around
was a good way for him to continue development on his ICE40 based
bi-directional E1 wiretap. He also helped with setup and teardown.</p></li>
<li><p>miaoski and evanslify for reviving two of their old BBSs from Taiwan
so we could use them at this event</p></li>
</ul>
<p>The retronetworking setup is intended to operate at many other future
events, whether CCC related, Vintage Computing or otherwise. It's
relatively small and portable.</p>
<p>I'm very much looking forward to the next incarnations. Until then, I
will hopefully have more software configured and operational, including
a variety of local BBSs (running in VMs/containers), together with the
respective networking (FTN, ZConnect, ...) and point software like
CrossPoint.</p>
<p>If you are interested in helping out with this project: I'm very much
looking for help. It doesn't matter if you're old and have had BBS
experience back in the day, or if you're a younger person who wants to
learn about communications history. Any help is appreciated. Please
reach out to the <a class="reference external" href="mailto:bbs-revival@lists.osmocom.org">bbs-revival@lists.osmocom.org</a> mailing list, or directly
to me via e-mail.</p>34C3 and its Osmocom GSM/UMTS networkhttps://laforge.gnumonks.org/blog/20180101-34c3-gsm/2018-01-01T00:00:00+01:002018-01-01T00:00:00+01:00Harald Welte<p>At the <a class="reference external" href="https://events.ccc.de/congress/2017/">34th annual Chaos Communication Congress</a>,
a team of Osmocom folks continued the many years old tradition of operating
an experimental Osmocom based GSM network at the event. Though I've originally
started that tradition, I'm not involved in installation and/or operation
of that network, all the credits go to Lynxis, neels, tsaitgaist and the
larger team of volunteers surrounding them. My involvement was only
to answer the occasional technical question and to look at bugs that
show up in the software during operation, and if possible fix them on-site.</p>
<p>34C3 marks two significant changes in terms of its cellular network:</p>
<ul class="simple">
<li><p>the new <em>post-nitb</em> Osmocom stack was used, with OsmoBSC, OsmoMSC and OsmoHLR</p></li>
<li><p>both an GSM/GPRS network (on 1800 MHz) was operated ,as well as (for
the first time) an UMTS network (in the 850 MHz band)</p></li>
</ul>
<p>The good news is: The team did great work building this network from
scratch, in a new venue, and without relying on people that have
significant experience in network operation. Definitely, the team was
considerably larger and more distributed than at the time when I was
still running that network.</p>
<p>The bad news is: There was a seemingly endless number of bugs that were discovered
while operating this network. Some shortcomings were known before, but
the extent and number of bugs uncovered all across the stack was quite
devastating to me. Sure, at some point from day 2 onwards we had a
network that provided [some level of] service, and as far as I've
heard, some ~ 23k calls were switched over it. But that was after more
than two days of debugging + bug fixing, and we still saw unexplained
behavior and crashes later on.</p>
<p>This is such a big surprise as we have put a lot of effort into testing
over the last years. This starts from the <a class="reference external" href="https://osmocom.org/projects/osmo-gsm-tester/wiki">osmo-gsm-tester</a>
software and continuously running test setup, and continues with the
<a class="reference external" href="http://git.osmocom.org/osmo-ttcn3-hacks/">osmo-ttcn3-hacks</a>
integration tests that mainly I wrote during the last few months. Both
us and some of our users have also (successfully!) performed
interoperability testing with other vendors' implementations such as
MSCs. And last, but not least, the individual Osmocom developers had
been using the new post-NITB stack on their personal machines.</p>
<p>So what does this mean?</p>
<ul class="simple">
<li><p>I'm sorry about the sub-standard state of the software and the
resulting problems we've experienced in the 34C3 network. The extent
of problems surprised me (and I presume everyone else involved)</p></li>
<li><p>I'm grateful that we've had the opportunity to discover all those
bugs, thanks to the GSM team at 34C3, as well as Deutsche Telekom for
donating 3 ARFCNs from their spectrum, as well as the German
regulatory authority <a class="reference external" href="https://www.bundesnetzagentur.de/">Bundesnetzagentur</a> for
providing the experimental license in the 850 MHz spectrum.</p></li>
<li><p>We need to have even more focus on automatic testing than we had so
far. None of the components should be without exhaustive test coverage
on at least the most common transactions, including all their failure
modes (such as timeouts, rejects, ...)</p></li>
</ul>
<p>My preferred method of integration testing has been by using TTCN-3 and
<a class="reference external" href="https://projects.eclipse.org/projects/tools.titan">Eclipse TITAN</a> to
emulate all the interfaces surrounding a single of the Osmocom programs
(like OsmoBSC) and then test both valid and invalid transactions. For
the BSC, this means emulating MS+BTS on Abis; emulating MSC on A;
emulating the MGW, as well as the CTRL and VTY interfaces.</p>
<p>I currently see the following areas in biggest need of integration
testing:</p>
<ul class="simple">
<li><p>OsmoHLR (which needs a GSUP implementation in TTCN-3, which I've
<a class="reference external" href="http://git.osmocom.org/osmo-ttcn3-hacks/commit/?id=df32723446f5280fe65bd0ef4f25790e39ec8087">created on the spot at 34C3</a>)
where we e.g. discovered that updates to the subscriber via VTY/CTRL would
surprisingly not result in an InsertSubscriberData to VLR+SGSN</p></li>
<li><p>OsmoMSC, particularly when used with external MNCC handlers,
which was so far blocked by the lack of a MNCC implementation in
TTCN-3, which I've been working on both on-site and after returning
back home.</p></li>
<li><p>user plane testing for OsmoMGW and other components. We currently
only test the control plane (MGCP), but not the actual user plane
e.g. on the RTP side between the elements</p></li>
<li><p>UMTS related testing on OsmoHNBGW, OsmoMSC and OsmoSGSN. We currently
have no automatic testing at all in these areas.</p></li>
</ul>
<p>Even before 34C3 and the above-mentioned experiences, I concluded that
for 2018 we will pursue a test-driven development approach for all new
features added by the sysmocom team to the Osmocom code base. The
experience with the many issues at 34C3 has just confirmed that
approach. In parallel, we will have to improve test coverage on the
existing code base, as outlined above. The biggest challenge will of
course be to convince our paying customers of this approach, but I see
very little alternative if we want to ensure production quality of
our cellular stack.</p>
<p>So here we come: 2018, <em>The year of testing</em>.</p>Some thoughts on 33C3https://laforge.gnumonks.org/blog/20161230-33c3/2016-12-30T01:00:00+01:002016-12-30T01:00:00+01:00Harald Welte<p>I've just had the pleasure of attending all four days of <a class="reference external" href="https://events.ccc.de/congress/2016/wiki/Main_Page">33C3</a> and have returned
home with somewhat mixed feelings.</p>
<p>I've been a regular visitor and speaker at CCC events since <a class="reference external" href="https://events.ccc.de/congress/1998/">15C3 in
1998</a>, which among other things
means I'm an old man now. But I digress ;)</p>
<p>The event has come extremely far in those years. And to be honest, I
struggle with the size. Back then, it was a meeting of like-minded
hackers. You had the feeling that you know a significant portion of the
attendees, and it was easy to connect to fellow hackers.</p>
<p>These days, both the number of attendees and the size of the event make
you feel much rather that you're in general public, rather than at some
meeting of fellow hackers. Yes, it is good to see that more people are
interested in what the CCC (and the selected speakers) have to say, but
somehow it comes at the price that I (and I suspect other old-timers)
feel less at home. It feels too much like various other technology
related events.</p>
<p>One aspect creating a certain feeling of estrangement is also the venue
itself. There are an incredible number of rooms, with a labyrinth of
hallways, stairs, lobbies, etc. The size of the venue simply makes it
impossible to simply _accidentally_ running into all of your fellow
hackers and friends. If I want to meet somebody, I have to make an
explicit appointment. That is an option that exits most of the rest of
the year, too.</p>
<p>While <a class="reference external" href="http://blog.fefe.de/?ts=a69b7946">fefe is happy about the many small children attending
the event</a>, to me this seems
somewhat alien and possibly inappropriate. I guess from teenage years
onward it certainly makes sense, as they can follow the talks and
participate in the workshop. But below that age?</p>
<p>The range of topics covered at the event also becomes wider, at least I
feel that way. Topics like IT security, data protection, privacy,
intelligence/espionage and learning about technology have always been
present during all those years. But these days we have bloggers sitting
on stage and talking about bottles of wine (seriously?).</p>
<p>Contrary to many, I also really don't get the excitement about shows
like 'Methodisch Inkorrekt'. Seems to me like mainstream
compatible entertainment in the spirit of the 1990ies <a class="reference external" href="https://en.wikipedia.org/wiki/Die_Knoff-Hoff-Show">Knoff Hoff Show</a> without much
potential to make the audience want to dig deeper into (information)
technology.</p>32C3 is over, GSM and GPRS was running fine, osmo-iuh progresshttps://laforge.gnumonks.org/blog/20151231-32c3/2015-12-31T00:00:00+01:002015-12-31T00:00:00+01:00Harald Welte<div class="section" id="the-32c3-gsm-network">
<h2>The 32C3 GSM Network</h2>
<p>32C3 was great from the Osmocom perspective: We could again run our own
cellular network at the event in order to perform load testing with real
users. We had 7 BTSs running, each with a single TRX. What was new
compared to previous years:</p>
<ul class="simple">
<li><p>OsmoPCU is significantly more robust and stable due to the efforts of
Jacob Erlbeck at sysmocom. This means that GPRS is now actually still
usable in severe overload situations, like 1000 subscribers sharing
only very few kilobits. Of course it will be slow, but at least data
still passes through as much as that's possible.</p></li>
<li><p>We were using half-rate traffic channels from day 2 onwards, in order
to enhance capacity. Phones supporting AMR-HR would use that, but
then there are lots of old phones that only do classic HR (v1).
OsmoNITB with internal MNCC handler supports TCH/H with HR and AMR for
at least five years, but the particular combination of OsmoBTS +
OsmoNITB + lcr (all master branches) was not yet deployed at previous
CCC event networks so far.</p></li>
</ul>
<p>Being forced to provide classic HR codec actually revealed several bugs
in the existing code:</p>
<ul class="simple">
<li><p>OsmoBTS (at least with the sysmoBTS hardware) is using bit ordering
that is not compliant to what the spec says on how GSM-HR frames
should be put into RTP frames. We didn't realize this so far, as
handing frames from one sysmoBTS to another sysmoBTS of course works,
as both use the same (wrong) bit ordering.</p></li>
<li><p>The ETSI reference implementation of the HR codec has lots of
global/static variables, and thus doesn't really support running
multiple transcoders in parallel. This is however what lcr was trying
(and needing) to do, and it of course failed as state from one
transcoder instance was leaking into another. The problem is simple,
but the solution not so simple. If you want to avoid re-structuring
the entire code in very intrusive ways or running one thread per
transcoder instance, then the only solution was to basically memcpy()
the entire data section of the transcoding library every time you
switch the state from one transcoder instance to the other. It's
surprisingly difficult to learn the start + size of that data section
at runtime in a portable way, though.</p></li>
</ul>
<p>Thanks to our resident voice codec expert Sylvain for debugging and
fixing the above two problems.</p>
<p>Thanks also to Daniel and Ulli for taking care of the actual logistics
of bringing + installing (+ later unmounting) all associated equipment.</p>
<p>Thanks furthermore to Kevin who has been patiently handling the 'Level 2
Support' cases of people with various problems ending up in the GSM
room.</p>
<p>It's great that there is a team taking care of those real-world test
networks. We learn a lot more about our software under heavy load
situations this way.</p>
</div>
<div class="section" id="osmo-iuh-progress-talk">
<h2>osmo-iuh progress + talk</h2>
<p>I've been focussing basically full day (and night) over the week ahead
of Christmas and during Christmas to bring the osmo-iuh code into a
state where we could do a end-to-end demo with a regular phone + hNodeB
+ osmo-hnbgw + osmo-sgsn + openggsn. Unfortunately I only got it up to
the point where we do the PDP CONTEXT ACTIVATION on the signalling
plane, with no actual user data going back and forth. And then, for
strange reasons, I couldn't even demo that at the end of the talk.
Well, in either case, the code has made much progress.</p>
<p>The video of the talk can be found at
<a class="reference external" href="https://media.ccc.de/v/32c3-7412-running_your_own_3g_3_5g_network#video">https://media.ccc.de/v/32c3-7412-running_your_own_3g_3_5g_network#video</a></p>
</div>
<div class="section" id="meeting-friends">
<h2>meeting friends</h2>
<p>The annual CCC congress is always an event where you meet old friends
and colleagues. It was great talking to Stefan, Dimitri, Kevin, Nico,
Sylvain, Jochen, Sec, Schneider, bunnie and many other hackers. After
the event is over, I wish I could continue working together with all
those folks the rest of the year, too :/</p>
<p>Some people have been missed dearly. Absence from the CCC congress is
not acceptable. You know who you are, if you're reading this ;)</p>
</div>Anyone interested in supporting SMPP interworking at 32C3?https://laforge.gnumonks.org/blog/20151206-32c3-smpp/2015-12-06T00:00:00+01:002015-12-06T00:00:00+01:00Harald Welte<p>Sylvain brought this up yesterday: Wouldn't it be nice to have some
degree of SMS interfacing from OpenBSC/OsmoNITB to the real world at
32C3? It is something that we've never tried so far, and thus
definitely worthy of testing.</p>
<p>Of course, full interworking is not possible without assigning public
MSISDN to all internal subscribers / 'extensions' how we call them.</p>
<p>But what would most certainly work is to have at least outbound SMS
working by means of an external SMPP interface.</p>
<p>The OsmoNITB-internal SMSC speaks SMPP already (in the SMSC role), so we
would need to implement some small amount of glue logic that behaves as
ESME (external SMS entity) towards both OsmoNITB as well as some
public SMS operator/reseller that speaks SMPP again.</p>
<p>Now of course, sending SMS to public operators doesn't come for free.
So in case anyone reading this has access to SMPP at public operators,
resellers, SMS hubs, it would be interesting to see if there is a chance
for some funding/sponsoring of that experiment.</p>
<p>Feel free to contact me if you see a way to make this happen.</p>GSM test network at 32C3, after allhttps://laforge.gnumonks.org/blog/20151116-gsm_at_32c3/2015-11-16T00:00:00+01:002015-11-16T00:00:00+01:00Harald Welte<p>Contrary to my blog post yesterday, it looks like we will have a private
GSM network at the CCC congress again, after all.</p>
<p>It appears that Vodafone Germany (who was awarded the former DECT guard
band in the 2015 spectrum auctions) is not yet using it in December,
and they agreed that we can use it at the 32C3.</p>
<p>With this approval from Vodafone Germany we can now go to the regulator
(BNetzA) and obtain the usual test license. Given that we used to get
the license in the past, and that Vodafone has agreed, this should be a
mere formality.</p>
<p>For the German language readers who appreciate the language of the
administration, it will be a <em>Frequenzzuteilung für Versuchszwecke im
nichtöffentlichen mobilen Landfunk</em>.</p>
<p>So thanks to Vodafone Germany, who enabled us at least this time to run
a network again. By end of 2016 you can be sure they will have put
their new spectrum to use, so I'm not that optimistic that this would
be possible again.</p>No GSM test network at 32C3https://laforge.gnumonks.org/blog/20151115-no_gsm_at_32c3/2015-11-15T00:00:00+01:002015-11-15T00:00:00+01:00Harald Welte<p>I currently <a class="reference external" href="https://events.ccc.de/congress/2015/wiki/Static:GSM">don't assume that there will be a GSM network at the 32C3</a>.</p>
<p>Ever since <a class="reference external" href="http://openbsc.osmocom.org/">OpenBSC</a> was created in 2008,
the annual CCC congress was a great opportunity to test OpenBSC and
related software with thousands of willing participants. In order to do
so, we obtained a test licence from the German regulatory authority.
This was never any problem, as there was a chunk of spectrum in the
1800 MHz GSM band that was not allocated to any commercial operator, the
so-called <em>DECT guard band</em>. It's called that way as it was kept free
in order to ensure there is no interference between 1800 MHz GSM and the
neighboring DECT cordless telephones.</p>
<p>Over the decades, it was determined on a EU level that this guard band
might not be necessary, or at least not if certain considerations are
taken for BTSs deployed in that band.</p>
<p>When the German regulatory authority re-auctioned the GSM spectrum
earlier this year, they decided to also auction the frequencies of the
former DECT guard band. The DECT guard band was awarded to Vodafone.</p>
<p>This is a pity, as this means that people involved with cellular
research or development of cellular technology now have it significantly
harder to actually test their systems.</p>
<p>In some other EU member states it is easier, like in the Netherlands or
the UK, where the DECT guard band was not treated like any other chunk
of the GSM bands, but put under special rules. Not so in Germany.</p>
<p>To make a long story short: Without the explicit permission of any of
the commercial mobile operators, it is not possible to run a
test/experimental network like we used to ran at the annual CCC
congress.</p>
<p>Given that</p>
<ul class="simple">
<li><p>the event is held in the city center (where frequencies are typically
used and re-used quite densely), and</p></li>
<li><p>an operator has nothing to gain from permitting us to test our open
source GSM/GPRS implementations,</p></li>
</ul>
<p>I think there is little chance that this will become a reality.</p>
<p>If anyone has <em>really good</em> contacts to the <em>radio network planning
team</em> of a German mobile operator and wants to prove me wrong: Feel free
to contact me by e-mail.</p>
<p>Thanks to everyone involved with the GSM team at the CCC events,
particularly Holger Freyther, Daniel Willmann, Stefan Schmidt, Jan
Luebbe, Peter Stuge, Sylvain Munaut, Kevin Redon, Andreas Eversberg,
Ulli (and everyone else whom I may have forgot, my apologies). It's
been a pleasure!</p>
<p>Thanks also to our friends at the POC (Phone Operation Center) who have
provided interfacing to the DECT, ISDN, analog and VoIP network at the
events. Thanks to roh for helping with our special patch requests.
Thanks also to those entities and people who borrowed equipment (like
BTSs) in the pre-sysmocom years.</p>
<p>So long, and thanks for all the fish!</p>29C3. The end of an era?https://laforge.gnumonks.org/blog/20121218-29c3/2012-12-18T03:00:00+01:002012-12-18T03:00:00+01:00Harald Welte<p>
When I first heard that the annual CCC congress was moved to Hamburg, my
immediate reaction was: Fine, but I wouldn't want to be involved in it.
For the last 15 years I've been attending the CCC congress every year,
in most years as a speaker, and in many years in some (small)
contributing role, first in the team doing the video recordings, and in
the last couple of years setting up a GSM network. Contributing to an
event is easy if your home/lab is within 20minutes, so if you need
another strange cable/adapter/tool/whatever, you can just go and grab
it. Doing that at an event that's multiple hours of driving away, in a
new/unknown venue is an entirely different story. I have more than
enough stress already with (paid) work and the various FOSS projects
that I'm leading or involved in.
</p>
<p>
I have no interest in "just" attending the event. That never was a
primary reason for me. In all those years, I've probably attended an
average of one talk each year. The event for me was about being able to
contribute something actively.
</p>
<p>
Now, months after those thoughts and my decision not to attend, there is
a schedule for the 29C3 available. And to say the least, I am shocked.
The entire event seems to have turned into a SIGINT, rather than an
xxC3. Lots of talks on politics and society, and lots of German talks.
</p>
<p>
The debate on implications of technology on society, culture, politics,
etc. is an important debate, there is no doubt. And so far I always had
the feeling that the xxC3 had a pretty good balance between hard-core
technical talks and those non-technical talks. But if I look at the
schedule this year, it really looks like an incarnation of the SIGINT
conference. With too many German talks you are scaring off the
international community. And with focussing on non technical topics,
you scare away the die-hard technical hackers. So why move to a larger
venue, if you at the same time seem to limit the scope of the event?
</p>
<p>
Meanwhile I have heard of a number of friends and colleagues who seem to
share this view. A number of people who have attended in previous years
are not interested in attending this year due to the issues mentioned
above.
</p>
<p>
It's sad to see, but I somehow have the feeling that 29C3 might be the
end of an era. The end of a highly successful series of events with
exceptionally strong technical talks. To me, xxC3 has always been
unique and special. No other event would ever compare to it. Who will
fill the gap for the die-hard technical topics? I am feeling quite sad,
up to the point that I want to start mourning about "the good old
times".
</p>
<p>
I'm not writing this to put blame on anyone. It just reflects my
personal and highly subjective view. Let's see what people will say
after 29C3 has actually happened. Let's see how successful it is in
terms of number of attendees, and in terms of feedback from
participants. I'd like to explicitly thank the many organizers and
volunteers (a lot of whom I know in person) for putting up their time and
energy to make 29C3 happen.
</p>Chaosradio Express 151: ARM CPU Architecture (German)https://laforge.gnumonks.org/blog/20100428-chaosradio_arm_architecture/2010-04-28T03:00:00+02:002010-04-28T03:00:00+02:00Harald Welte<p>
I'm a bit late with this:
The <a href="http://chaosradio.ccc.de/">Chaosradio</a> Express
<a href="http://chaosradio.ccc.de/cre151.html">#151 podcast on the ARM CPU
architecture has been released a week ago</a>. I had a most pleasant
experience spending about 90 minutes getting interviewed by <a href="http://en.wikipedia.org/wiki/Tim_Pritlove">Tim Pritlove</a>.
</p>
<p>
I'm sorry for all the non-German-speakers. But Chaosradio Express is
a German medium, made by and for German hackers :)
</p>German Constitutional Court hearing on data retention lawhttps://laforge.gnumonks.org/blog/20091215-bverfg_vorratsdaten/2009-12-15T03:00:00+01:002009-12-15T03:00:00+01:00Harald Welte<p>
Today I've taken one day off work in order to attend the publich hearing
of <a href="http://www.bundesverfassungsgericht.de/">Germany's constitutional
c ourt</a> on several constitutional complaints against a German national law
on data retention of telecommunications data. As the topic is likely only
relevant to Germans, and due to the fact that I am not very confident with
my English legalese outside of copyright law, I'll switch to German for
this blog post - which I believe is unprecedented in this blog so far.
</p>
<br>
<p>
Tja, da war ich also heute einer der wenigen auserkorenen Besucher beim
BVerfG. Immerhin haben mehr als 34.000 Leute Verfassungsbeschwerde eingelegt,
auch wenn rein formal heute nur eine Hand voll exemplarische Beschwerden
verhandelt wurden. Diesen Trick hat sich das BVerfG wohl ausgedacht, um nicht
vor dem Problem zu stehen dass jeder Beschwerdefuehrer sicher ein Recht haette,
persoenlich vor Gericht anwesend zu sein.
</p>
<p>
Der Gerichtssaal des BVerfG ist sehr klein. So klein, dass bei besonders
bedeutungsvollen Verfahren kaum mehr Platz fuer Besucher ist. Der eigentliche
Gerichtssaal war schon durch die Beschwerdefuehrer, die zahlreichen Vertreter
des Gesetzgebers und der Behoerden und Amstraeger (BKA, Polizeipraesidenten,
Richter an diversen Gerichten, Bundes- und Landesdatenschutzbeauftragte,
Mitglieder des Bundestags und nicht zuletzt die zahlreichen wissenschaftlichen
Mitarbeiter des Bundesverfassungsgerichts selbst belegt. Hinten waren noch zwei
Reihen fuer Besucher frei.
</p>
<p>
Diese beiden Reihen wurden durch Studentengruppen belegt - oder vielleicht
koennte man fast sagen "verschwendet". Ein nicht unerheblicher Teil dieser
Studenten (u.a. der TU Darmstadt) hatte tatsaechlich geschlafen. Was fuer eine
Ungeheuerlichkeit, nicht nur ein Mangel an Respekt gegenueber dem hoechsten
Gericht des Landes und dem Thema gegenueber - sondern auch eine
unverschaemtheit gegenueber den vielen vmtl. hunderten von interessierten
Buergern die gerne der Verhandlung beigewohnt haetten, aber einfach keinen Platz mehr bekommen haben. Freunde von mir haben am 2. Tag nach der Terminankuendigung
versucht noch einen Platz zu bekommen - vergebens.
</p>
<p>
Da haben wir also die nahezu perverse Situation, dass das hoechste Gericht zwar
faktisch von jedem Buerger angerufen werden kann, dies auch eine fuenfstellige
Zahl an Buergern wahrnimmt - dann aber die eigentliche Verhandlung nur fuer
eine kleine Elite zugaenglich ist, und Aufzeichnungen oder Uebertragungen nicht
gestattet sind. Das erscheint mir doch irgendwie ungerecht.
</p>
<p>
Doch nun zur Sache:
</p>
<p>
Der 1. Senat unter dem Vorsitzenden Richter Papier hat die Anhoerung im
Allgemeinen sehr souveraen geleitet. Es gab ein paar amuesante Momente,
als z.B. die Vertreterin des Justizministeriums das Wort an den
Prozessbevollmaechtigten der Bundesregierung uebergeben hat, obwohl doch das
Gericht normalerweise das Wort erteilt, und nicht andersherum ;)
</p>
<p>
Wie auch schon bei der letzten Verhandlung: Die Beitraege der geladenen
Sachverstaendigen waren bisweilen der interessanteste Teil, vor allem eben
die diversen Fragen des Gerichts. Diese Fragen erlauben einerseits einen
Blick hinter die Ueberlegungen der Richter - andererseits aber auch in wie
weit die technischen Zusammenhaenge und deren Folgen vom Gericht bereits
verstanden werden. Das jetzt bitte nicht falsch verstehen: Ich habe tiefsten
Respekt vor dem Gericht, und es ist i.d.R. sehr erstaunlich wie weit sich die
Richter in das jeweilige Fachgebiet einarbeiten. Wie auch schon bei der
Verhandlung zu den Wahlcomputern lassen die Vertreter der Regierung bzw. der
untergeordneten Behoerden da oft deutlich weniger umfassende Kenntnisse
durchblicken.
</p>
<p>
Die ganze Debatte zur VDS (Vorratsdatenspeicherung) ist verzwickt. Wir haben
da historisch einen Bundestag, der keine VDS will, einen Rat der
EU-Innenminister der das dann einfach als EU-Richtlinie beschliesst, und einen
Bundestag, der in Folge die exzellente Ausrede hat, dass er die Richtline ja
umsetzen muesse, um von der EU kein Verfahren angehaengt bekommt.
</p>
<p>
Die EU-Richtline heisst nun eben auch, dass das BVerfG nun nicht nur in der
Sache zur VDS entscheiden kann, sondern sich eben noch mit der Frage
beschaeftigen muss, was denn passiert wenn eine EU-Richtline mit dem Deutschen
Grundgesetz in Konflikt steht.
</p>
<p>
Ein paar voellig ungeordnete aber fuer mich bemerkenswerte Punkte der
Verhandlung heute:
</p><ul>
<li>
Es gibt keine empirisch/wissenschaftliche Grundlage die belegt, dass die VDS
zur bekaempfung von Terroristischen Anschlaegen geeignet ist (das war ja nach
Dem 11.9. sowie den Anschlaegen von Madrid und London die Begruendung).
</li>
<li>
Der Chef der Bundesnetzagentur hat mehrfach ganz unuebersehbar nicht auf eine
wiederholte Frage des BVerfG geantwortet: Gibt es Unternehmen, die gesetzlich
zur VDS verpflichtet sind, aber andererseits keinerlei Verpflichtung zur
erstellung oder Abgabe eines Sicherheitskonzepts zur Sicherheit dieser Daten
haben? (Meine Auffassung: Ja, die gibt es!)
</li>
<li>
Die Bundesnetzagentur macht, wie sie selbst sagt, im wesentlichen Pruefungen
der Sicherheitskonzepte am Schreibtisch. Das muss ja mit der Realitaet in den Unternehmen nicht viel zu tun haben.
</li>
<li>
Einer der Beschwerdefuehrer, Minister A.D. Dr. Burkhard Hirsch hat wohl
die lebhaftesten und unverbluemtesten Redebeitraege gehalten; sehr erfrischend.
</li>
<li>
Der Polizeipraesident von Muenchen wurde gebeten, konkret zu begruenden,
wie die VDS der polizeilichen Ermittlungsarbeit in Muenchen hilft. Fast alle
seiner Beispiele waren ungeeignet, da sie auch ohne VDS aber z.B. mittels
einer telefonischen Fangschaltung oder einer Verbindungsdatenspeicherung nach
expliziter Aufforderung durch die Polizei (und nicht auf Vorrat) moeglich
gewesen weaeren. Zwei seiner Beispiele haben sich zudem generell als falscher
Alarm herausgestellt (Journalist macht einn Testanruf; gelangweilter Schueler
kuendigt aus Spass Amoklauf an). Das klang alles eher nach
Stammtischgeschichten als nach fundierter Ermittlungsarbeit in wichtiger Sache.
</li>
<li>
Die Sicherheitsanforderungen an die Speicherung der VDS-Daten ist derzeit
offensichtlich nicht hoeher als an alle anderen Daten innerhalb des
Fernmeldegeheimnisses insgesamt. Also der gleiche Sicherheitslevel, der uns
zu den Datenschutzskandalen wie z.B. bei der Telekom gefuehrt hat. Das ist
ja mal echt vertrauenerweckend.
</li>
<li>
Der Chef der Bundesnetzagentur spricht gerne vom "bill shock", was laut ihm
eine ueberhoehte Telefonrechnung nach unabsichtlicher Nutzung der teuren
Auslandsroaming-Tarife im Mobilfunk ist.
</li>
<li>
Ein kleiner Schmunzler am Rande war dann noch Burkhard Hirsch's "Blueberry", als
er den Blackberry meinte ;) Ja, klar, jeder weiss was er meint und niemand
nimmt es ihm uebel - aber es zeigt einfach, wie unsicher die "alte Garde"
mit den Begrifflichkeiten der heutigen Alltagswelt umgeht.
</li>
<li>
Die qualitaet der Richterlichen Anordnungen laesst offensichtlich sehr zu
wuenschen uebrig. Es ist aufgabe des jeweiligen Richters, einzuschraenken
genau welche Daten denn vom TK-Dienstleister uebergeben werden sollen.
Laut dem Vertreter des Verbands der Internetwirtschaft (eco e.V.) kommen
hier anscheinend recht allgemeine Anordnungen im Stil von "geben Sie uns mal
alles was Sie haben" vor. Das geht so natuerlich nicht!
</li>
<li>
Es kam zur Sprache, dass deutlich mehr Leute jetzt ihre eigenen e-mail Server
betreiben wollen (privat und bei Firmen), weil man sich damit der e-mail VDS
entziehen kann. Ist ja schoen, dass es den Trend gibt, und gut dass das
auch mal auf dieser Ebene zur Sprache kommt. (Fuer mich kaeme etwas anderes
niemals in Frage. Meine Daten gehoeren mir. Ich wuerde weder die Speicherung
meiner Mails noch jeglicher anderer Daten jemals einer anderen Person
anvertrauen, weder einem Privatunternehmen noch einer staatlichen Stelle).
Das ist genau einer der vielen Tricks, mit denen die "digitale Elite" (und
garantiert auch die vermeintlich zu bekaempfende organisierte Kriminalitaet
oder der Terrorismus) arbeitet. Letztlich trifft man dann nur den
Otto-Normalverbraucher, und benutzt die Daten dann fuer harmlose
Beleidungsdelikte oder Urheberrechtsverletzungen im privaten Bereich.
</li>
</ul>
<br>deDECTed.org receives massive number of hitshttps://laforge.gnumonks.org/blog/20090121-dedected-dos/2009-01-21T03:00:00+01:002009-01-21T03:00:00+01:00Harald Welte<p>
One of the projects that I'm hosting (and which I've helped to initiate) on <a href="http://gnumonks.org/">gnumonks.org</a> is the <a href="http://dedected.org/">deDECTed.org</a> project about security research and
analysis of the DECT protocols.
</p>
<p>
Like I've pointed out in many of my presentations and here in this blog, there
are many communication systems in use today which don't even remotely receive
as much scrutiny as TCP/IP, the Internet and the PC world. RFID is one of
them, which is why I helped to get <a href="http://www.openpcd.org/">OpenPCD</a>, <a href="http://www.openpcd.org/openpicc.0.html">OpenPICC</a>, librfid and other
projects started. My recent work on GSM protocol analysis as well as <a href="http://openbsc.gnumonks.org/">OpenBSC</a> are of similar nature. And
deDECTEd.org is doing the long-neccessarry scrutiny to evaluate practical DECT
cordless telephone security.
</p>
<p>
As it seems, the news about the insecurity of most cordless phones has made its
way into mainstream news, and the website is now getting thrashed quite a bit,
despite running on a dual-core Opteron with quite a bit of RAM and fast SCA
disks. Which is good. This means that people are indeed caring about the
confidentiality of their cordless phones. It's a pity that the industry missed
that fact and is shipping outdated technology way beyond todays
state-of-the-art in IT security. Proprietary symmetric ciphers, weak RNGs, no
user indication if the protocol
falls back to no encryption, etc.
</p>
<p>
I've changed one of my e-mail signatures a couple of years back to a quote from
the ETSI DECT spec: "<b>Privacy in residential applications is a desirable
marketing option</b>". A Marketing option. Not something anyone would have to
give much thought about. I hope the hardware vendors will now get sufficient
public pressure to get their act together...
</p>
<p>
It's also great to see Patrick McHardy of netfilter.org fame now work on
<a href="http://lists.gnumonks.org/pipermail/dedected/2009-January/000269.html">implementing a DECT protocol stack for the Linux kernel</a>. Very exciting work.
</p>
<p>
The only sad thing is that all I can do is sit back and watch. I so much wanted
to work on this project, but never got a chance. There are too many high-priority
things going on, and I'm basically spending all my time in exciting (but
unpaid) GSM protocol related work right now.
</p>If you're at the 25C3: Don't miss the DECT talkhttps://laforge.gnumonks.org/blog/20081228-25c3-dect/2008-12-28T03:00:00+01:002008-12-28T03:00:00+01:00Harald Welte<p>
If you're at the 25C3, I strongly recommend visiting <a href="http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html">the DECT
security talk</a>. Trusty me, you won't be disappointed.
</p>
<p>
It's one of the most exciting thigs that I've been seeing happening recently.
Finally, some more people transcending beyond boring Internet security and
moving into other areas of communications security that are desperately needing
more research.
</p>Blinkenlights is back (stereoscope)https://laforge.gnumonks.org/blog/20081004-blinkenlights_stereoscope/2008-10-04T03:00:00+02:002008-10-04T03:00:00+02:00Harald Welte<p>
Some of you might remember the famous <a href="http://www.blinkenlights.de/">blinkenlights</a> installations of the <a href="http://www.ccc.de/">CCC</a> in Berlin at Alexanderplatz some years back. Basically
they used a matrix of windows on a building for a low-resolution display to
play pong and display all kinds of animations and text.
</p>
<p>
After a long break, they're back, even bigger with <a href="http://www.blinkenlights.net/stereoscope/">blinkenlights stereoscope</a>,
a massive installation spanning 960 windows of <a href="http://blinkenlights.net/stereoscope/toronto-city-hall">Toronto City Hall</a>. The entire backend technology
has been re-implemented based on <a href="http://www.openbeacon.org/">OpenBeacon</a>
, specifically the <a href="http://wiki.openbeacon.net/Blinkenlights_WMCU">WMCU</a> and the <a href="http://wiki.openbeacon.net/Blinkenlights_WDIM">WDIM</a> units.
</p>Chaosradio on Software Defined Radiohttps://laforge.gnumonks.org/blog/20080517-chaosradio-sdr/2008-05-17T03:00:00+02:002008-05-17T03:00:00+02:00Harald Welte<p>
I've had the pleasure of being invited to <a href="http://chaosradio.ccc.de/chaosradio_express.html">Chaosradio Express</a>
maker Tim Pritlove to talk about Software Defined Radio in general, and
gnuradio plus USRP specifically. You can listen to the <a href="http://chaosradio.ccc.de/cre087.html">resulting 2+ hours of podcast (in
German)</a>.
</p>
<p>
It's been a great experience, and I have a good feeling that it was possible for
us to explain this fairly detailed subject to our already at least moderately
technical audience.
</p>
<p>
SDR is really hard since it combines aspects of traditional radio, i.e. physics
of electric waves, electrical engineering both analog and digital, digital
signal processing and software. The biggest part is really advanced
mathematics, and at least from all the subjects that I've seen, it's probably
the most direct and close-to-theory incarnation of applied math.
</p>
<p>
Luckily, a fairly high-level understanding of the algorithms and principles
involved are already sufficient to do a lot, since most of the deep-down
mathematical details of many algorithms have already been implemented as
building blocks for gnuradio. Still, I assume the number of developers who
are actually able to use gnuradio is far too low. If you're looking for an
interesting field of software right now, I suggest going for digital signal
processing. It's in every area of communications, ranging from analog modems
over ISDN, DSL, WiFi, USB2, Bluetooth, GSM, UMTS, DECT, ZigBee, Ethernet, VoIP
and probably any other communication technology that we use today.
</p>My personal favourite from 24C3: Xbox 360 hackinghttps://laforge.gnumonks.org/blog/20080101-24c3-xbox360/2008-01-01T03:00:00+01:002008-01-01T03:00:00+01:00Harald Welte<p>
I've seen quite a number of presentations live at <a href="http://events.ccc.de/congress/2007/">24C3</a> as well as recorded ones in
the days following the event. While many of them cover important subjects,
there is one lecture that is outstanding: <a href="http://events.ccc.de/congress/2007/Fahrplan/events/2279.en.html">"Deconstructing Xbox 360 Security"</a>.
</p>
<p>
The level of technicality of this presentation was just right. Finally
something that went deep down into the technical details. Explaining what kind
of flaws they found in the disassembled power PC object code.
</p>
<p>
I definitely want to see more lectures/presentations like this. Don't be
afraid to overload the audience with technical details. Just go ahead with it :)
</p>
<p>
Also, this presentation has shown how far advanced the game console hacking is
compared to mobile phone hacking (at least from what I've seen in the ETC
(Ada-developers) and and Motorola hacker communities). The problems are
similar: Completely undocumented hardware, cryptographic authentication of code
by the boot loader (sometimes down to mask ROM), ...
</p>
<p>
So I hope that the mobile phone hacker community will grow and more people with
this skillet, attitude and time will join. Free your phones!
</p>Personal reflection on the 24th annual Chaos Communication Congresshttps://laforge.gnumonks.org/blog/20071229-24c3/2007-12-29T03:00:00+01:002007-12-29T03:00:00+01:00Harald Welte<p>
It's great to be at <a href="http://events.ccc.de/congress/2007/">24C3</a>, the
24th incarnation of the <a href="http://www.ccc.de/">Chaos Computer Club</a>s
annual congress in Berlin.
</p>
<p>
In fact, this is my 10th anniversary at this congress, i.e. the first one I
visited was 15C3. I ended up at 15C3 as somewhat of a coincidence by just
following a fellow Linux hacker from the Linux User Group Nuernberg to whom
I've since lost all contact.
</p>
<p>
What's actually worth mentioning is that this is the first CCC congress that I
visit as a pure guest. I have no lecture, and I am not actively involved with
any of the things I have been involved before, such as the video
recording/streaming team or the <a href="http://www.openbeacon.org/">Sputnik</a> RFID location system.
</p>
<p>
Interestingly, I felt the first day much more tiring than usually, despite
having slept more than in any of the previous years. Apparently the lack of
constant adrenaline caused by last-minute-problem-solving has its impact..
</p>
<p>
The congress is a lot of fun, I've been talking to many old friends, colleagues
and fellow hackers from all over the world, involved in all of the projects
and/or companies that I've remotely had any contact throughout that ten year
time period.
</p>
<p>
It's a very nice feeling. I doubt there is any other event or occasion where I
would feel more at home than at this annual congress. This is my culture.
This is where I belong. Here are people who understand, or rather: understood.
</p>Looking forward to the Chaos Camp 2007https://laforge.gnumonks.org/blog/20070804-happy_to_go_to_camp_2007/2007-08-04T03:00:00+02:002007-08-04T03:00:00+02:00Harald Welte<p>
In about 24 hours I'll be on my flight 'back' to Germany. In fact it's not
really a flight back to Germany, but more like a temporary break of my extended
stay in Taipei for the sake of <a href="http://www.openmoko.com/">OpenMoko</a>.
</p>
<p>
The main reason for this trip is to attend the <a href="http://events.ccc.de/events/camp/2007/">Chaos Camp 2007</a> of the <a href="http://www.ccc.de/">CCC</a>. I've so far dropped every conference or other technical
event this year to concentrate on my work for OpenMoko, but I'm not able to compromise
on the camp.
</p>
<p>
On the one hand, I'm looking forward to finally not having any official function at
a CCC event. More than one year after vacating my task as leader of the video
documentation effort, and after my somewhat minor involvement with the <a href="http://www.openbeacon.org/">sputnik RFID tracking project</a> at the congress last
December, this is not really the first CCC event which I'll visit as a pure
visitor. I haven't even submitted any paper.
</p>
<p>
So the camp will be holiday. Time to relax, talk with fellow hackers. Sure,
lots of the German OpenMoko guys (roh, stefan, alphaone, and our newcomer
gismo) will be there. So there will definitely be some kind of productive
outcome for the OpenMoko project, too. But in a very different setting. Doing
thighs that are fun, rather than all the things that have to be done :)
</p>Chaos Communication Camp 2007https://laforge.gnumonks.org/blog/20070126-ccc_camp_2007/2007-01-26T03:00:00+01:002007-01-26T03:00:00+01:00Harald Welte<p>
The <a href="http://events.ccc.de/2007/01/24/chaos-communication-camp-2007/">date and location for the 2007 Chaos Communication Camp have been announced</a>, which is really good news.
</p>First two days of 23C3https://laforge.gnumonks.org/blog/20061228-23c3_first_days/2006-12-28T03:00:00+01:002006-12-28T03:00:00+01:00Harald Welte<p>
I'm currently at the <a href="http://events.ccc.de/congress/2006/">23rd annual
Chaos Communication Congress</a> in my home town Berlin, Germany.
</p>
<p>
After having dropped out of my usual volunteer work in the Audio/Video
recording team, I thought that this year would be slightly more relaxing.
Then came the <a href="http://www.openbeacon.org/59.0.html#opbc_sputnik">Sputnik</a> system,
which suddenly started to eat some of my time weeks and months before the
congress, as well as the last couple days before the congress, during the
build-up. In fact, given my many other projects, I was close to going crazy
and thus dropped out of the project and disappeared completely from the
congress for about one day. Sorry about that, but I just needed to relax and
calm down.
</p>
<p>
After a very stressful 26th of December, the team actually managed to set the
whole back-end and middleware system up on the first day of the event, and the
3D visualization was running by 4am of the second day.
</p>
<p>
Now I'm back to normal mode, present at the event almost all day, which I
intend to do for the next two days, too.
</p>CCC Berlin now proud owner of USRPhttps://laforge.gnumonks.org/blog/20060803-cccb-gnuradio/2006-08-03T03:00:00+02:002006-08-03T03:00:00+02:00Harald Welte<p>
Finally the <a href="http://berlin.ccc.de/">Berlin Section</a> of the <a href="http://www.ccc.de/">CCC</a> has managed to obtain some donations
(courtesy of <a href="http://gpl-violations.org/">) for the purchase
of a </a><a href="http://www.comsec.com/wiki?UniversalSoftwareRadioPeripheral">USRP</a>
with all major front-ends (BasicRX, BasicTX, RFX2400, RFX1800, RFX900, DBSRX,
..).
</p>
<p>
I sincerely hope that this device will be able to fuel even more interest in RF
communications and research of security aspects of popular RF systems such as
DECT. At least a bunch of interested hackers now have all the tools they need :)
</p>Chaosradio 114: Software project managementhttps://laforge.gnumonks.org/blog/20060626-chaosradio-114/2006-06-26T03:00:00+02:002006-06-26T03:00:00+02:00Harald Welte<p>
Tomorrow I'll again be participating in <a href="http://www.chaosradio.de/">Chaosradio</a>. This months <a href="http://www.chaosradio.de/cr114.html">Chaosradio 114</a> issue is about
software project management, both in the proprietary and FOSS world.
</p>Upcoming Chaosradio show on encryptionhttps://laforge.gnumonks.org/blog/20060322-chaosradio-111/2006-03-22T03:00:00+01:002006-03-22T03:00:00+01:00Harald Welte<p>
After quite some time of absence, I'm finally going to participate in
<a href="http://chaosradio.ccc.de/cr111.html">Chaosradio</a> again. The subject
of the upcoming show is encryption for personal use, mostly focusing on hard
disk and email encryption.
</p>22C3 is overhttps://laforge.gnumonks.org/blog/20060102-22c3-over/2006-01-02T03:00:00+01:002006-01-02T03:00:00+01:00Harald Welte<p>
Two days ago, <a href="http://events.ccc.de/congress/2005/">22C3</a> was
closed. This years incarnation of Europe's largest hacker conference can be
seen as a full success. Some 3000 attendees, about 180 lectures, a 10Gigabit
Internet Uplink and our own /16.
</p>
<p>
The video recordings have turned out fine. We've had working WMV live streams,
and somewhat intermittently working MPEG2 and MPEG4 live streams, as well as
working OGG and MP3 audio streams of all four lecture tracks.
</p>
<p>
For archival, we have MPEG2Video (5Mbit) as well as the original DV tapes, and
a FLAC audio recocrding.
</p>
<p>
Looking at the tremendous amount of work that went into the A/V recordings, and
the fact that I'm involved with the A/V team since seven years, I'm actually
thinking about looking for some other area where I can get involved next year.
</p>
<p>
My two lectures (on OpenEZX and librfid/libmrtd) went fine, even though they
both had very little preparation ;)
</p>
<p>
In the next couple of days I'll be cutting the fourth day of the video
recording, and then slowly getting back into netfilter and OpenEZX related
development. Oh yes, and I'll also promise more blog updates.
</p>
<p>
For some strange reason, my git tree seems to have become corrupted over the last two weeks, so I first need to sort this out before getting any reasonable work done.
</p>22C3 preparationshttps://laforge.gnumonks.org/blog/20051222-22ce-preparations/2005-12-22T03:00:00+01:002005-12-22T03:00:00+01:00Harald Welte<p>
The main reason why this blog has been so quite since my return from Bangalore:
I'm spending every free minute in preparations for <a href="http://events.ccc.de/congress/2005/">22C3</a>, the annual Chaos
Communication Congress. As usual, my job is to take care of the audio and
video recording and streaming.
</p>
<p>
So for the last days I've been hunting numerous bugs related to this, mainly in
ffmpeg, but also radeonfb, vlc, Debian ffmpeg / x264 packages, etc.
</p>
<p>
I'll be back on track after 22C3 is over. More blog updates then, I promise.
</p>Lecture on privacy and data protection issues at Potsdam Universityhttps://laforge.gnumonks.org/blog/20051109-privacy-dataprotection-potsdam2005/2005-11-09T03:00:00+01:002005-11-09T03:00:00+01:00Harald Welte<p>
Today I had the honour of holding a guest lecture at the <a href="http://emw.fh-potsdam.de/">Institute of European Media Studies</a> of the
University of Applied Sciences in Potsdam. The lecture was entitled "Privacy,
Data Protection and Surveillance - Risks and side effects of modern
communication technology".
</p>
<p>
To my big surprise, the lecture was very well received, and members of the
institute have suggested that they are interested in some follow-up lectures on
other topics such as copyright / software patent / GPL issues.
</p>Big Brother Awards 2005https://laforge.gnumonks.org/blog/20051028-bigbrother/2005-10-28T03:00:00+02:002005-10-28T03:00:00+02:00Harald Welte<p>
Today, the <a href="http://www.bigbrotherawards.de/en/2005/">sixth "Oscar
awards for data leeches"</a> will be awarded. The BBA is a "negative award"
or "anti award" for persons, organizations, companies, government agencies that
disrespect civil liberties, data protection and privacy.
</p>
<p>
I've always been a big fan of those awards (which are now even awarded in a
number of countries outside of Germany, too). They provide an excellent
opportunity to publicly point at (and rant about) those who further restrict
the [digital] freedom of individuals.
</p>
<p>
This year I'm going to be present at the ceremony for the first time.
</p>Chaosradio on ePassport and Biometricshttps://laforge.gnumonks.org/blog/20050928-chaosradio-biometrics/2005-09-28T03:00:00+02:002005-09-28T03:00:00+02:00Harald Welte<p>
Due to the importance of the subject, we will do the second <a href="http://chaosradio.ccc.de/">Chaosradio</a> show
this year dedicated to electronic passports and biometric identification.
</p>
<p>
Germany will issue them starting with November this year... so now is about the
last possible time to apply for a brand new, shiny, glossy, cheap "old-style"
passport that doesn't contain any biometric information.
</p>Chaosradio 105: Embedded Systemshttps://laforge.gnumonks.org/blog/20050831-chaosradio/2005-08-31T03:00:00+02:002005-08-31T03:00:00+02:00Harald Welte<p>
This month's <a href="http://www.chaosradio.de/">Chaosradio</a> show (held
today) will be looking into the plethora of embedded devices that are present
in todays world.
</p>
<p>
CCC "residents" will be Tim Pritlove and myself.
</p>
<p>
The main focus will be on consumer embedded systems, especially those running
free operating systems and those with good "hack value".
</p>Chaosradio on Electronic Health Cardhttps://laforge.gnumonks.org/blog/20050726-chaosradio-ehc/2005-07-26T03:00:00+02:002005-07-26T03:00:00+02:00Harald Welte<p>
Today I'll be moderating this months' episode of <a href="http://chaosradio.ccc.de/">Chaosradio</a> on the upcoming
German Gesundheitskarte (Electronic Health Card, EHC).
</p>
<p>
This is the latest incarnation of the ever-increasing number of large-scale IT
projects in public atministration. Following-up infamous examples such as
TollCollect, the ALG2 software, INPOL-NEU, ELSTER, and last but not least the
RFID enabled electronic Passport. And it will affect the data privacy and data
protection of even more German citizens than any of the beforementioned
systems!
</p>
<p>
I'm very pleased to announce Thomas Maus (ThoMaus), one (if not the) most
prominent critical experts on the EHC as a live guest in the radio studio.
</p>
<p>
This subject is actually one that I think fits best into the idea of
Chaosradio: Technical, but with vast implications on society.
Even more than my last "favourite" data retention, but less than the upcoming
Chaosradio show on "voting machines".
</p>
<p>
From my point of view there are too many issues currently at this border
between technology, politics and society that need to be adressed. Too many to
just talk about geeky technological stuff that is certainly also happening and woth covering it in Chaosradio.
</p>Chaosradio 100: Energy consumption of the IT industryhttps://laforge.gnumonks.org/blog/20050330-chaosradio-energyconsumption/2005-03-30T03:00:00+02:002005-03-30T03:00:00+02:00Harald Welte<p>
Today we again had our monthly <a href="http://chaosradio.ccc.de/">chaosradio</a> live show. The subject that we picked from the list of suggested topics, and it definitely was worth doing a 3 hour show on it.
</p>
<p>
Computers always get faster. The downside of this is that they always consume
more energy. From 1W of a 80386 to 15W of a Pentium I, we've now arrived at
more than 100W for the latest PC CPU generations. The PowerPC architecture was
quite promising for some time, but at least since the G5, power consumption is
almost equal with the Intel world. About the only promising figures come from
ARM based CPU designs at the moment - something that you will find in PDA's and embedded devices, but not in desktop machines.
</p>
<p>
Apart from the power consumption we're also talking a bit about the ecology in
general, like the amount of energy and raw materials required to build a new
PC. It is quite considerable, especially taking into account that most PC's
are not used for more than two to three years.
</p>
<p>
In case you're now interested (and understand German): A recording of the live is available for <a href="ftp://ftp.ccc.de/chaosradio/cr100">download</a>.
</p>CCCeBIT negative award for Bundesdruckereihttps://laforge.gnumonks.org/blog/20050315-cccebit-bundesdruckerei/2005-03-15T03:00:00+01:002005-03-15T03:00:00+01:00Harald Welte<p>
The <a href="http://www.ccc.de/">CCC</a> has presented it's 2005 CCCeBIT
<a href="http://www.ccc.de/updates/2005/cccebit2005">negative award</a> to the <a href="http://www.bundesdruckerei.de/">Bundesdruckerei</a>, the formerly
state-owned now-privatized company in charge of printing passports in Germany.
</p>
<p>
They are one of the strong forces in Germany behind the announced introduction
of biometric information in passports. To understand this, you have to know
that the law still requires passports being produced by Bundesdruckerei, even
though they're now a private company.
</p>Our Agilest 54622D mixed signal oscilloscope arrivedhttps://laforge.gnumonks.org/blog/20050302-oscilloscope-arrived/2005-03-02T03:00:00+01:002005-03-02T03:00:00+01:00Harald Welte<p>
Due to the generous donation of <a href="http://www.tomtom.com">TomTom</a>, we
were finally able to purchase a second hand digital oscilloscope.
</p>
<p>
The 54622D has two analog channels with 100MHz bandwidth (200Ms/s) and 16
digital channels with 200/400MS/s. The really nice features include stuff like
CAN-, I2C-, USB- and SPI trigger modes :)
</p>
<p>
Let's see how this new toy is getting used to explore yet more technology...
</p>Allnet donates network switches to CCC Berlinhttps://laforge.gnumonks.org/blog/20050122-switches-allnet-donation/2005-01-22T03:00:00+01:002005-01-22T03:00:00+01:00Harald Welte<p>
In very short amount of time, two 19" rack-mountable Ethernet switches went
dead at the <a href="http://berlin.ccc.de/">Berlin Chaos Communication
Club</a>.
</p>
<p>
The chairman of the friendly company <a href="http://www.allnet.de/">Allnet</a>
was immediately willing to donate two replacements. Very kind of him :)
</p>Chaosradio 99 - Telekommunikationsueberwachungsverorndunghttps://laforge.gnumonks.org/blog/20050122-chaosradio-tkuev/2005-01-22T03:00:00+01:002005-01-22T03:00:00+01:00Harald Welte<p>
After about four months, the first <a href="http://chaosradio.ccc.de/">Chaosradio</a> radio show that I was
participating in. Subject of the show was the telecommunications surveillance
act (TKUeV) and the corresponding technical directive. Starting from 1st
January 2005, any "provider of telecommunication services" has to provide
lawful interception interfaces for government and police authorities.
</p>
<p>
The big issue is that it isn't only about providers, but about anybody who runs
more than 1000 mailboxes on an email server, even if it is non-for-profit.
</p>
<p>
If you're interested in the full show, you can <a href="ftp://ftp.ccc.de/chaosradio/cr99/chaosradio_99.ogg">download</a> it from the usual location on ftp.ccc.de.
</p>