You probably don't want a system where all the hardware and software for controlling mobile radios is readily accessible to and modifiable by anyone. You might think you do, but the first time you try to call an emergency service and you can't get through because one idiot somewhere in range of the same base station has screwed up his debugging code and jammed a control channel, you'll change your mind.
I've been the guy who drives around in a truck with a lot of mobile scanning equipment to try and figure out where the rogue device is. There is no magic button like in the movies, where they can immediately triangulate the source of the interference to within a 5 cubic metre box. You basically have to rely on simple physics and boots on the ground. The device you're hunting for isn't playing nicely, so any assumptions you could normally make based on things like which base stations it's in contact with won't necessarily be valid. Things are a bit smarter in modern networks than they were back when I worked in the field, but physics is still physics.
In short, there is a legitimate justification, born of experience, for every telecommunications regulatory authority in the known universe requiring this stuff to be certified before you can legally use it. This is also why in some jurisdictions agents acting for telecommunications regulators have certain legal rights to access private property.
Of course this only affects the radio equipment. I see no reason it should be necessary or possible for such software to have any control over other integrated peripherals such as cameras, speakers, microphones or local storage. And the primary concern is people who could modify the code and break the network, not preventing any legitimate audit to prove that devices are only doing what they say they're doing.
The FCC already regulates who can broadcast what over the airwaves. And if you're not licensed for that part of the spectrum, the source code will do you a fat lot of good with your radio experimentation.
Nobody is asking for some sort of hacker radio anarchy, here. They're asking to see the source code for machines they own, machines that reside in their pockets, machines that are responsible for storing and communicating their most sensitive personal data.
If you cause the device you own to operate according to your own will (i.e. the core concept of FOSS) instead of the will of the carrier, there is a strong likelihood it will cause a denial or degradation of service for everyone else.
Verizon has the right to transmit on spectrum allocated to it using consumer devices as its agents. It employs engineers and QA processes to make sure that any device transmitting on its spectrum plays well with others before it is allowed to leave RF-isolated testing facilities.
The public does not and should not have the right to transmit on Verizon's spectrum, even using devices they own which are legally and technically capable, except according to Verizon's carefully vetted programming. If they were able to run their own radio firmware, you'd have the situation described in the parent.
Cellular radios necessarily cannot be open source. The source could be released for inspection and audit, but it cannot be possible or permissible for you to run modified source on "your" radios.
Open source != free (libre) baseband hardware that you can directly modify the software on. Being able to compile and modify is fine and has no impact on the network if you're not able to run it on the primary network.
A country could enforce openess of the source code for imported software and firmware.
- If Toyota (or any car manufacturer) wants to import cars into my country, then they better show us the sources of their firmware and software (and let us re-compile it and re-install it, to make sure it corresponds to the embedded code). And let the papers compare the code quality of Toyota vs. BMW.
- If Microsoft (or any software vendor) wants to import software into my country, then they better show us the sources of their systems and applications (and let us re-compile it and re-install it, to make sure it corresponds to the binary code, and doesn't contain backdoors to the NSA (or the MSI, or the MI5 or whatever).
- and so on.
And actually, citizens can do the same at their level, not letting enter their house any device or software whose code is not open source or even libre software (so they can recompile it and reinstall it on their hardware).
But a country has more weight than a few citizen that would be qualified of lunatics, and has more resources to analyse and validate the software and firmware.
This is essentially what Alexandria used to do: any ship coming to port with any books on board was required to give the library at Alexandria those books for as long as it took for their scribes to copy them. The library then gave the ship owners the copied version (because hey, data is data, what does it matter if you have the original or secondhand copy?)
This helped propel a lot of the world's best ancient thinkers, including Euclid, Archimedes and Eratosthenes.
> And actually, citizens can do the same at their level, not letting enter their house any device or software whose code is not open source or even libre software (so they can recompile it and reinstall it on their hardware).
I tried that, but at the moment it means you can't even own a cellphone, etc
Or a new stove, microwave, alarm clock, gas meter, coffee-maker, smart thermostat, ... Limiting yourself to only open-source SW (nevermind HW) is severely crippling, I'd imagine!
hardware manufacturers should be less concerned about what their firmware reveals about their IP and more concerned with what not revealing their firmware source code reveals about their security.
the fact that you can get DMA by compromising _any_ device on the bus is a problem too. imo, none of these peripherals should have unmitigated DMA.
Thats easy to just say, but how wil you financially protect the company developing the software / hardware, if their competitors can just copy the work. Or stated the other way round, how will you keep companies encentivised to develop new software / hardware?
Actually quite the opposite. If legislation were passed that required an entire industry to open source their firmware (automotive, voting machines, medical, etc), it would provide better IP protection. Did company A copy company B's code? Well it's open source ... go look! As opposed to being able to hide things in binaries.
But yes, this only applies if the competition must also open their kimonos. That seems practical for industries where regulation is required or provides reasonable benefits to society (automotive, voting machines, medical, etc).
Making the source code visible would probably be sensible in this case though, so I think the idea is a good one even if you need to be careful with the terminology.
Sorry, I forgot to put the necessary disclaimer in my post stating my intended meaning of open source. You're right, I used it in the 'visible' sense of the word, not 'libre'.
I've been the guy who drives around in a truck with a lot of mobile scanning equipment to try and figure out where the rogue device is. There is no magic button like in the movies, where they can immediately triangulate the source of the interference to within a 5 cubic metre box. You basically have to rely on simple physics and boots on the ground. The device you're hunting for isn't playing nicely, so any assumptions you could normally make based on things like which base stations it's in contact with won't necessarily be valid. Things are a bit smarter in modern networks than they were back when I worked in the field, but physics is still physics.
In short, there is a legitimate justification, born of experience, for every telecommunications regulatory authority in the known universe requiring this stuff to be certified before you can legally use it. This is also why in some jurisdictions agents acting for telecommunications regulators have certain legal rights to access private property.
Of course this only affects the radio equipment. I see no reason it should be necessary or possible for such software to have any control over other integrated peripherals such as cameras, speakers, microphones or local storage. And the primary concern is people who could modify the code and break the network, not preventing any legitimate audit to prove that devices are only doing what they say they're doing.