11:21 <enyc> I never quete got answer how big the layout-job for protov2 is

11:22 <sn0wmonster> enyc, big enough to hire a company to do it :D

11:22 <Joerg-Neo900> I don't know how to answer that

11:25 <enyc> especially, how long does that kind of ithng take ?? what major steps does it take??

11:25 <enyc> not entirely sture whats' vene involved

11:25 <Joerg-Neo900> I can't even figure a possible answer, please give an example

11:27 <enyc> e.g. "involves firstl fixing all the previous component/pad definitions,, rebuilding the connection diagram in new tool, running layout engine on existing physical size definitions, gothrough connectiv verification ... they claim it could take anyhtnig from 2 to 4 weeks to complete and verify ...

11:27 <Joerg-Neo900> it can take from a week when a big company assigns multiple employees to it, to 'forever' when one guy with no clue tries it. For "what major steps does it take" please see http://kicad-pcb.org/discover/pcbnew/

11:29 <enyc> ooooooooooooooooh can take a look further at main machine

11:33 <Joerg-Neo900> we provide the schematics and further details like PCB shape, footprints, requirements, and Esa will provide a ready made layout file

11:34 <Joerg-Neo900> made in pcbnew, kicad's pcb layout suite

11:35 <Joerg-Neo900> the footprints are supposed to be already done, thanks to Nikolaus, Werner, ceene

11:37 <Joerg-Neo900> tbh I don't even know what are the canonical procedures involved in making a layout, I only did that on an amateur level so far, or did supervise others doing it

11:38 <Joerg-Neo900> maybe each layouter has their very own workflow

11:39 <Joerg-Neo900> compare making a layout to writing a book maybe. Both tasks are similar

11:41 <Joerg-Neo900> the footprints are equivalent to the character fontsets, and pcbnew equivalent to the edtor, heck it even is called 'layout' for desktop publishing as well

11:45 <enyc> i see

11:45 <enyc> i've been pasting long document together myself and fun to tie-it-a-ll-together !!!!

11:51 <Joerg-Neo900> is your question answered?

12:01 <enyc> Joerg-Neo900: more-or-less yes =) i will want to reread it when i cana also see said video....

12:01 <enyc> I generally see overview, its a well skilled-task/workflow/process

12:02 <enyc> I definitely wonder if there is a ''time vs risk'' aspect -- can take longer on the layout and less chance of a mistake that makes the resulting board unusable.

12:03 <enyc> Joerg-Neo900: thankyou for comments nonetheless, makes more sense and will make more sense when i read again later =)

12:03 <Joerg-Neo900> such risk/time always applies it seems

12:06 <Joerg-Neo900> also see https://en.wikipedia.org/wiki/Printed_circuit_board#Design and https://en.wikipedia.org/wiki/Printed_circuit_board#PCB_CAM - Esa will provide Gerbers basically

12:10 <jonsger> sn0wmonster: thx for the news :)

12:12 <sn0wmonster> all of this Neo900 talk has made me go from casual observer to https://cdn0.iconfinder.com/data/icons/iconshock-windows7-icons/256/secure_search_config.png

12:31 <Joerg-Neo900> compare the nifty semi-additive: https://en.wikipedia.org/wiki/Printed_circuit_board#Subtractive.2C_additive_and_semi-additive_processes

12:31 <Joerg-Neo900> oops wrong channel

17:04 <pigeons> this was recently put up: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-freecalypso.pdf

17:08 <DocScrutinizer05> not that it matters much to Neo900

17:08 <pigeons> no, of course not. I just thought there might be some folks here with overlapping interests

17:09 <DocScrutinizer05> that radio stack is largely copied sources from TI's calypso support software, and even if it was "free" as in FOSS, it's for one terribly obsolete chipset only, and it's illegal to use since it doesn't have any approval

17:10 <pigeons> thanks

17:11 <DocScrutinizer05> it's for sure interesting for educational and scientific purposes. Just make sure you don't get caught using it

17:12 <DocScrutinizer05> which is not as simple as it might sound, since every mobile equipment that has a cell radio is registering to the BTS and those have means to spot the devices that don't comply with a rileset

17:13 <DocScrutinizer05> ruleset*

17:14 <DocScrutinizer05> so odds are the alarms might yell at provider's end as soon as you power up that stuff

17:14 <DocScrutinizer05> just depends on whether it appeared on their radar already, or not

17:15 <DocScrutinizer05> technically it's no big issue to track down the devices that use this radiostack

17:15 <DocScrutinizer05> automatically

17:16 <DocScrutinizer05> particularly when Flaconia applied some changes to the code, compared to what been in TI's original stuff

17:17 <jonsger> DocScrutinizer05: but if there are just a few users who use this "phone". I think the telcos don't care

17:18 <DocScrutinizer05> depends

17:18 <DocScrutinizer05> when they don't cause issues on the network, odds are they never show up "on radar"

17:19 <pigeons> play in the desert with your own bts

17:19 <DocScrutinizer05> when they however don't comply to all technical parameters then they will trigger automatic alarms, more or less

17:21 <DocScrutinizer05> providers run constant compliance tests to ensure network quality of service. E.g. a cloned SIM would get detected instantly when the same IMSI is used concurrently on two devices in same network

17:21 <DocScrutinizer05> same goes for IMEI

17:21 <DocScrutinizer05> and I guess they also check a lot of other technical parameters

17:22 <DocScrutinizer05> e.g. compliance with timing advance and power level control

17:29 <DocScrutinizer05> just some completely OT warning: plastic is dangerous to plastic! http://maemo.cloud-7.de/share-service/DSCF2624.JPG The Soft plastic sleeves on the clips at end caused that http://maemo.cloud-7.de/share-service/DSCF2625.JPG on my Rigol scope, during a few weeks of contact (thanks to wpwrak for contributing:) http://downloads.qi-hardware.com/people/werner/tmp/dissolvent.jpg

17:35 <DocScrutinizer05> (radio stack compliance) the nasty detail aspect in all this: when you learn about your device causing issues and thus triggering alarms, it's likely the time when some police together with some technicions with probing equipment shows up at your door, and they won't go away before they hand you a ticket for a fine that depending on your local laws ranges from a few 1000 bucks to a few years of prison

17:37 <DocScrutinizer05> I heard in USA they are particularly tough on that, fines I heard of are in the 6 digit range, with a few months of jail on top

17:41 <DocScrutinizer05> re SpaceFalconia, I really don't like the flase statement about OsmocomBB either >> using knowledge from leaked sources for driving Calypso hardware and DSP<< Actually most of the knowledge is lehit knowledge about GSM specs from reading the literally 100s of 1000s of pages of documents. something Michaela completely denies to ever do

17:43 <DocScrutinizer05> then some guys did real RE for the calypso, also something she refuses to do

17:53 <DocScrutinizer05> I sympathize with the "GSM forever" demand. And actually the requests regarding support for that are reasonable in that slidestack

17:54 <DocScrutinizer05> aiui in european countries GSM support is legally mandatory. There's just too much M2M stuff out there using GSM only modem

17:55 <DocScrutinizer05> in USA carriers do whatever they want. You see where that gets them to

18:00 <DocScrutinizer05> pihyou don't need a desert, a temporary licence for a camp or congress like https://events.ccc.de/2008/12/18/gsm-hacking-not-even-wireless-can-hide-from-the-25c3/ will do. That's what the osmocom guys do

18:00 <DocScrutinizer05> pigeons: ^^^

18:04 <DocScrutinizer05> I think the licence was as much as a few 100 bucks for one channel one week

18:04 <DocScrutinizer05> for a BTS with only 2W, sufficient for a radius of maybe 500m to 1km

18:05 <DocScrutinizer05> or was it 50W? can't remember

18:10 <DocScrutinizer05> however even with such licence still operating a phone with freecalypso firmware is formally illegal, unless the licence explicitly would include such experimental devices

18:11 <pigeons> I appreciate all your information, and I feel a little bad distracting you since I know you're really busy. I am aware of much of these caveats and also am not testing anytime soon, but its important to mention

18:11 <DocScrutinizer05> and even then you get into trouble as soon as any such phone would try to log in on any other than the licences local BTS

18:12 <DocScrutinizer05> no worries

18:12 <DocScrutinizer05> :-)

18:13 <DocScrutinizer05> I love elaborating on those aspects once in a year or two

18:13 <DocScrutinizer05> it's basic knowledge necessary to understand the whole complex topic of "free GSM"

18:14 <DocScrutinizer05> and thus why Neo900 used the approach we chosen

18:15 <DocScrutinizer05> we aim at a legally safe phone, that's nevertheless protecting users against any (avoidable) privacy attacks from the network

18:16 <DocScrutinizer05> a hypothetical smartphone with freecalypso would be neither legal nor protect users per se

18:16 <DocScrutinizer05> Michaela's radiostack is no bit safer against exploits than any arbitrary commercial legal radiostack

18:21 <DocScrutinizer05> so from a security/privacy aspect, tackling the radiostack is barking up the wrong tree really

18:24 <DocScrutinizer05> it would be very nice if the radiostack was open to community review, so any vulnerabilities could get spotted by community as well as the manufacturer and the agencuies that alwasys can have access to the sourcecode. But for the end user not much would change really

18:36 <atk> DocScrutinizer05: Well, "YubiKey" was entirely open source to begin with

18:36 <atk> DocScrutinizer05: then someone found a big bug in the open source implementation, and the company had to issue replacements

18:36 <atk> (because the firmware was immutable)

18:36 <atk> Then a short while later, the next product line from the company was entirely closed source

18:37 <DocScrutinizer05> hmm, I don't see the point

18:37 <atk> If I had to guess, the higher-up people thought that "people being able to find exploits and us having to fund replacements" was a liability

18:38 <atk> I mean, you could still find the bug if it was closed source, but it would have been much more difficult

18:38 <DocScrutinizer05> sure

18:38 <atk> the point is, that these company CEOs probably care more about money than about absolute security

18:38 <DocScrutinizer05> of course they do

18:39 <atk> But yes, I think the first step would be to actually ALLOW a publicly auditable implementation to exist

18:39 <atk> is that even allowed?

18:39 <atk> what are the specific FCC rules on how locked down the modem must be for legal use

18:39 <DocScrutinizer05> but even if they would consider secuity the top prio goal, they still couldn't guarantee it

18:40 <DocScrutinizer05> sure auditing is allowed

18:40 <atk> but like, public auditing?

18:40 <DocScrutinizer05> the FCC rules say very little but with huge implications. Like "the IMEI must be immutable"

18:40 <atk> I see

18:41 <atk> So really, they don't care if everyone can view the source, as long as nobody can change it?

18:41 <DocScrutinizer05> and, more generically, "the device must obey to the technical specifications (both physical and protocol) at all times"

18:41 <DocScrutinizer05> yes

18:42 <atk> Well, the next step is to incentivise companies to make their source available

18:42 <atk> but I think that's going to be a lot harder

18:42 <atk> especially if the firmware is actually immutable

18:42 <DocScrutinizer05> the companies have no economical benefit from allowing that

18:42 <atk> exactly

18:43 <DocScrutinizer05> the firmware *is* immutable for all known contenporary chipsets afaik. Thanks to crypto-signatire on reflashing

18:45 <DocScrutinizer05> the sourcecode is considered a highly secret company asset particularly for competitors copying stuff or finding vulnerabilities to block the project the moment it costs the company most to fix that issue

18:46 <DocScrutinizer05> it's all just business

18:47 <DocScrutinizer05> everything a company does, from secret closed source to OTA update, is only done for risk management

18:49 <DocScrutinizer05> and don't be mistaken on the complexity of a contemporary 3G or LTE radio stack - it's a multitude of lines of sourcecode compared to e.g. an average linux system (without apps)

19:53 <ravelo> I like this german news: https://www.golem.de/news/unsichere-android-version-verbraucherschuetzer-verklagen-haendler-1707-129064.html

19:53 <ravelo> could be worth a microblog-Post on neo900.org

20:00 <Joerg-Neo900> alas microblog is borked

20:00 <Joerg-Neo900> some mess with twitter integration

20:19 <enyc> o dear ;p

20:36 <ravelo> ok

21:35 <Joerg-Neo900> the article is indeed a nuce read

21:37 <Joerg-Neo900> nice* - akas in German only. Short summary: German NGO for consumer rights starts a lawsuit against a shop selling old Android phones which can't get sucrity-updated. Calim: "the shop must inform users about the fact that the device has known unfixable vulnerabilities"

21:38 <Joerg-Neo900> ohmy let me retry

21:38 <Joerg-Neo900> nice* - alas in German only. Short summary: German NGO for consumer rights starts a lawsuit against a shop selling old Android phones which can't get security-updated. Claim: "the shop must inform users about the fact that the device has known unfixable vulnerabilities"

21:42 <ShadowJK> Hopefully one day that could be extended to "Must inform the users about the fact that the manufacturer has not fixed security holes for more than 6 months for each model"

21:43 <ShadowJK> :D

21:53 <Joerg-Neo900> indeed

21:55 <Joerg-Neo900> though I actually hope more for a "manufacturer must facilitate users to install/modify the firmware on their own devices" - however unlikely