I'm still alive - short update...
In the last two months I barely found time to update this blog. I'm now
back on track and will try to update the blog more frequently.
The CCC Camp 2011 has been
great, and the OpenBSC based camp GSM network has
been a success, despite some initial problems. Thanks again to everyone
helping with the build-up and operation of it, and thanks for all our
Most of the time since I've been buried alive in work, almost
exclusively related to various sub-projects surrounding the Osmocom GSM
protocol implementations. We're working on every level of the protocol
stack at the same time, and on network elements from BTS, BSC up well
into the core network, media gateways, etc.
Most recently I've been doing some work with openembedded (OE) again, and I've
had more contact with the intrinsics of GSM AMR than I ever imagined I
There's lots of exciting stuff ahead, but I don't want to talk about it
until the respective code is public and the stuff actually works.
The only really ugly thing that I have to deal with again and again is
a lawsuit related to the GPL infringement of the German vendor of the
Fritz!Box DSL routers. I'll follow-up on that shortly. One of the
most ridiculous things they claim is that their products are not
DSL routers :)
Ground-breaking research on APCO P25 security
While we at OsmocomTETRA
have been looking only at implementing the TETRA protocols as
they are (and doing a bit of sniffing on unencrypted networks),
some researchers have recently published two ground-breaking papers on
the (lack of) security in the APCO P25 radio system.
In case you haven't heard about APCO P25: It is a digital mobile radio
system mainly used by Police in non-EU English speaking countries like
the US, Australia and New Zealand.
You can find the respective papers here and here.
So apparently P25 uses either single-DES or a proprietary cipher with
only 40 bit key-length. No, I'm not joking. Seems like it was
developed by people who have not the slightest clue about communications
security at all.
And guess what they used to receive and transmit P25 waveforms? Of
course the USRP and gnuradio. This once again proves how invaluable
those tools are, not just for the FOSS community, but also for the
communications research community.
Ramblings on German battery law
Germany has laws for everything, including batteries (Batteriegesetz).
In order to be able to e.g. import products with batteries from outside
the EU and sell them inside Germany (or the EU), you need to be
registered as a battery manufacturer/importer. You also need to become
member of one of the registered/accredited companies that take care of
recycling the batteries (i.e. put small boxes in supermarkets where
people can put their old batteries).
What's funny is that there is absolutely no lower boundary for that for
small businesses. What that means for my company: I need to pay 1
Eurocent for each LiIon powered mobile phone to that recycling company.
I guess at current estimated volume, we will have to pay something like
1 to 2 EUR every year. The recycling company won't even send us an
invoice if the amount is < 20 EUR total.
So all this comes down is an exercise in buerocracy. We need to send a
monthly report on the quantities every month, and there's a hard
deadline that needs to be followed.
Furthermore, we need to put fancy stickers on each of the battery,
covering at least 3% of the battery surface. That means opening every
box, removing the battery from packaging, putting the sticker on it and
re-packaging the box. Modern batteries normally have the symbol printed
by the manufacturer, but we're talking about Motorola C1xx phones that
have been produced from 2005 to 2008 here.
I certainly don't object to manufacturers or importers having to pay for
the recycling. But if recycling is actually that cheap, and we're
talking about single-digit EUR amounts per year, the administrative
overhead (time needed for making the monthly reports, putting
stickers on the batteries, etc) costs something like 100 times the
actual recycling cost. Is that really worth it? Why not have a lower
threshold for small businesses?