Interesting People mailing list archives
Re: Feds snub open source for 'smart' radios
From: David Farber <dave () farber net>
Date: Tue, 24 Jul 2007 12:57:01 -0400
Begin forwarded message: From: John Shoch <shoch () alloyventures com> Date: July 24, 2007 11:17:38 AM EDT To: dave () farber net, ip () v2 listbox com Cc: John Shoch <shoch () alloyventures com> Subject: RE: [IP] Feds snub open source for 'smart' radiosI fear that many people may misunderstand this somewhat overstated article.
An assertion like, "If the decision stands, it may take longer for consumers to get their hands on these all-in-one devices" makes it seem like consumers will have no chance to get some new-fangled mobile device.
As I read the FCC action, it is much more narrow. Their concern appears to be that people will be able to manipulate the software in a software-defined-radio to make the radio behave beyond its specified operating characteristics (e.g., blast too much power).
Three excerpts from the Final Rule, at http://a257.g.akamaitech.net/ 7/257/2422/01jan20071800/edocket.access.gpo.gov/2007/07-2684.htm:
"In the Cognitive Radio Report and Order, the Commission modified the rules to require that radios in which the software is designed or expected to be modified by a party other than the manufacturer be certified as software defined radios. To minimize the filing burden on manufacturers, this requirement was narrowly tailored to affect only those radios where the software can be modified by a party other than the manufacturer because such radios pose a higher risk of interference to authorized radio services." "...only radios in which the software is designed or expected to be modified by a party other than the manufacturer and would affect the listed operating parameters or circumstances under which the radio transmits must be certified as software defined radios." "manufacturers should not intentionally make the distinctive elements that implement that manufacturer's particular security measures in a software defined radio public, if doing so would increase the risk that these security measures could be defeated or otherwise circumvented to allow operation of the radio in a manner that violates the Commission's rules."This is a pretty narrow constraint just on the security/control aspects of running the radio component.
But it does not mean that open source will not be a powerful factor in the development or deployment of next generation mobile devices (Panasonic, NEC, and Motorola are already deploying smart-phones based on MontaVista's embedded Linux......).
John Shoch Alloy Ventures -----Original Message----- From: David Farber [mailto:dave () farber net] Sent: Monday, July 23, 2007 1:19 PM To: ip () v2 listbox com Subject: [IP] Feds snub open source for 'smart' radios Begin forwarded message: From: Kurt Albershardt <kurt () nv net> Date: July 23, 2007 3:37:00 PM EDT To: dave () farber net Subject: Feds snub open source for 'smart' radios By Anne Broache<http://news.com.com/Feds+snub+open+source+for+smart+radios/ 2100-1041_3-6195102.html>
Story last modified Fri Jul 06 08:10:42 PDT 2007 ...a new federal rule set to take effect Friday could mean that radios built on "open-source elements" may encounter a more sluggish path to market--or, in the worst case scenario, be shut out altogether. U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving "a high burden to demonstrate that it is sufficiently secure." If the decision stands, it may take longer for consumers to get their hands on these all-in-one devices. The nascent industry is reluctant to rush to market with products whose security hasn't been thoroughly vetted, and it fears the Federal Communications Commission's preference for keeping code secret could allow flaws to go unexposed, potentially killing confidence in their products. By effectively siding with what is known in cryptography circles as "security through obscurity," the controversial idea that keeping security methods secret makes them more impenetrable, the FCC has drawn an outcry from the software radio set and raised eyebrows among some security experts. "There is no reason why regulators should discourage open-source approaches that may in the end be more secure, cheaper, more interoperable, easier to standardize, and easier to certify," Bernard Eydt, chairman of the security committee for a global industry association called the SDR (software-defined radio) Forum, said in an e-mail interview this week. The Forum, which represents research institutions and companies such as Motorola, AT&T Labs, Northrup Grumman and Virginia Tech, urged the FCC to back away from that stance in a formal petition <http:// www.sdrforum.org/uploads/pub_439156SDRF-07-A-0012- V0_0_0_Response_to_MOO.pdf> this week. Those concerns were endorsed by the Software Freedom Law Center, which provides legal services to the free and open-source software community, staff attorney Matt Norwood said in an interview this week. Still, in a white paper released Friday <http:// www.softwarefreedom.org/resources/2007/fcc-sdr-whitepaper.html>, the group says there's also good news for its developers in the FCC's rule: because it focuses narrowly on security-related software, it appears that programmers would not be restricted from collaboration with hardware makers on the many other kinds of open-source wireless applications. (Many 802.11 wireless routers that are under the FCC's control already rely on open-source systems for network management.) ... "Obscurity works best when the hackers can't test their attacks," said Peter Swire, an Ohio State University law professor who has written about the tensions between closed and open approaches to computer security. "For software like this, used in distributed devices, there should be no extra burden on open source." There's also no clear evidence that the number of vulnerabilities in open-source software differs dramatically from that of proprietary software, said Alan Paller, director of research for the SANS Institute, which provides computer security training. (Some earlier studies have found that the generally more intensive scrutiny of open- source code can help keep its quality higher and vulnerabilities lower.) "They should be defining it as software with reliable maintenance or software without reliable maintenance--that's the fundamental security issue," Paller said in a telephone interview. "If I don't have somebody I can call when I find out there's a vulnerability in my software, I'm dead." ... ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Feds snub open source for 'smart' radios David Farber (Jul 07)
- <Possible follow-ups>
- Feds snub open source for 'smart' radios David Farber (Jul 23)
- Re: Feds snub open source for 'smart' radios David Farber (Jul 24)
- Re: Feds snub open source for 'smart' radios David Farber (Jul 24)