10:34 <clapont> hi... Joerg-Neo900: why you wish to "sandbox" the modem? isn't it easier a modem driver to be developed, like for any other device in Linux? continuing this idea, a phone focused Linux based distro (Lineage/etc) with a driver for modem would be enough, is it? also, we should realize it's a phone not a full computer to play games/access the bloat sites/etc.. a phone which can do more usefull things, not a 9

10:34 <clapont> 5% compression-crunched computer.

11:07 <dos1> clapont: uhm... "modem driver"? :p

11:09 <enyc> clapont: certifications for mobile modem is very hard to get ... and fundaemantl problem is the modem able to access main device memory.

11:10 <dos1> modem has to be "sandboxed" because it's basically an opaque blob full of potentially exploitable code you don't control

11:10 <enyc> clapont: so, makes much more sense to segregate an existing usable approved modem and consider it as untrusted as network itself.

11:13 <dos1> and that blob is not "a driver" - it's pretty much an essence of what makes a modem modem. you'd pretty much have to make your own modem to change it, which is itself much bigger task than producing a smartphone

11:23 <bencoh> think of it as a firmware running on the modem cpu

11:41 <dos1> when it comes to actual "drivers", it's usually well-supported already on both kernel and userspace middleware levels, as most modem modules communicate via either AT or QMI

11:41 <dos1> so you only have to deal with vendor quirks ;D

11:50 <clapont> enyc, dos1: sorry, I don't understand... and maybe is something too obvious for you :-) this is how I think: a hardware device has IO for data/command words... a software written in asm/c/etc can control that device and expose it to the OS through an API (for AT commands/etc)

11:52 <dos1> that software already lives in the modem; you don't even have access to lower level IO

11:52 <clapont> why a modem driver has to be "certified"? are the Linux drivers "certified", all of them. for example, take any USB camera, knowing/using the "uvc" protocol.. they just work

11:53 <dos1> in turn, to support AT with modem like PLS8, all you need on the Linux side is a regular USB serial device driver

11:54 <clapont> dos1: maybe here is my missunderstanding.. a modem has wires/antenna and chip to control antenna/data... cannot be these programmed? I am only thinking back to a z80 processor/a51/etc

11:54 <dos1> this is where this whole certification issue comes in

11:56 <clapont> why it has to be "certified"? if I have a modem, I make a driver for it (to expose it to USB), I put the code online for everyone to see it with their own eyes.. then what more? anyone who wishes, is using the modem and my code

11:56 <dos1> this is not wifi range where you're free to transmit within some power limits - cellular range is highly regulated and you need certifications and/or other permits in order to transmit

11:56 <dos1> (at least in most of the world - I'm sure you can find some autonomic island where it's legal :D)

11:57 <clapont> aha. right, the cellular ranges are highly regulated by governments... well, they can get the code on a cd or even printed on paper

11:58 <dos1> so you deal with all this legal mambo jumbo by either being a big company that can deal with that easily, or by buying a complete module that's already certified and exposes some usable interface to you, like AT or QMI

11:58 <clapont> so this is the big deal? this is the "certification" issue? how much would this cost, what is this proces taking?

11:59 <dos1> well, at the beginning you would have to make a modem, as most of those available on the market use cryptographically signed firmwares and verify them when trying to update

12:00 <dos1> (you could also try to find some exploit and "break in" ;))

12:00 <clapont> dos1: understood, thank you for explanation. now I see the problem is easier than I thought. so there is a way to have your drive on modem, just it is about bureaucracy!

12:00 <dos1> basically both bureaucracy and resources

12:01 <dos1> if all you need is a 2G module, resources are already there

12:01 <clapont> "cryptographically signed firmwares" - hmm, isn't this driver we're speaking about - supposed to replace the proprietary "cryptographically signed firmwares" ?

12:01 <dos1> if you want shiny LTE/5G, you probably need a huge investment just to write your own software

12:02 <dos1> clapont: but how? all you get from the module is AT/QMI. you can't do anything lower level without replacing the firmware

12:02 <clapont> what about 3g? 3g allows enough speed. I started browsing the internet through a 14400bps so I know to be very very reasonable

12:02 <dos1> you may try looking for some holes or debug interfaces, but that's about it

12:02 <dos1> AFAIK 3G is way more complicated than both 2G and 4G

12:04 <dos1> solutions for 2G already exist, although not very "user oriented" (OsmocomBB)

12:04 <clapont> dos1: so the firmware can be written, just the certification of it is the problem?

12:05 <dos1> clapont: but where will you run your new shiny open firmware?

12:05 <dos1> there were some modules that allowed you to flash your own firmware, and that's what OsmocomBB operates on

12:05 <dos1> mostly 2G stuff

12:06 <clapont> so you suggest the modem itself is the root of the problem?

12:06 <dos1> so the first issue is actually getting your firmware to run

12:06 <dos1> when you tackle that, then you won't be able to do anything with it legally without certification

12:07 <dos1> only when you get that certified (and I'm not exactly sure if anything that allows user modification will actually pass certifications in US and Europe), you can think about selling that officially

12:08 <dos1> (plus, of course, the "issue zero" - those firmwares are complicated and costly to make in the first place)

12:08 <clapont> a hardware manufacturer of the modem (the board + wiring + antenna + chip) which will provide the full specs (pin i/o, diagrams etc) can be found? or it is available already?

12:09 <dos1> how many modem makers do we actually have on earth right now? qualcomm, intel... anything else?

12:10 <dos1> I heard some rumours that Apple is working on their own, but they already worked with both Qualcomm and Intel and even been in court being accused of copying their designs xd

12:10 <clapont> dos1: sorry not to be updated.. I knew there were more modem providers.. even the Winmodems were something. but I realize the miniaturization got everything to new levels and only huge companies afford to continue

12:11 <dos1> well, yeah, there used to be more even in GSM space

12:13 <dos1> now even the Cinterion modules that were planned to be used in Neo900 are pretty much wrapped Qualcomm chips

12:13 <clapont> ericcson was making 3G modems for laptops.. I have such modem, like 50x30x4mm, miniPCIe

12:14 <dos1> lots of companies make modems in different form factors, but usually there are the same things inside

12:15 <clapont> the laptops use Intel CPUs (most of); so using an Intel CPU means you trust the Intel.. so.... you can as well trust Intel's modems

12:15 <dos1> although back in the 3G times it could have been a bit more varied than today

12:16 <clapont> I mean... if I suspect everything and everyone.. I may have to trust myself only - and I die this way :-)

12:17 <dos1> even Intel was actually a bit late to the LTE party. I think they haven't had anything working yet when Neo900 was started

12:17 <clapont> (without any working solution/phone I mean)

12:22 <clapont> I think Intel modem is a very good solution. in the end I only wish an reasonable assurance that my phone does what I wont, without stealing my data. the ones who need 1000% secrecy could/should invest in the proper certification/top-down process and eventually making a business out of it

12:22 <clapont> *what I want

12:26 <Joerg-Neo900> 3G/LTE firmware is something around 500 manyears of development (been there seen that: ST-Ericsson NovaThor, Thorium, Radium chipsets, I done debugging of the local interface drivers e.g. HSI, I2C. UART)

12:28 <Joerg-Neo900> >>I'm not exactly sure if anything that allows user modification will actually pass certifications...<< nope, you must sign a paper that guarantees that your firmware&chipset combo as evaluated&approved&certified doesn't allow any messing around with IMEI

12:28 <Joerg-Neo900> the CTO signs that paper

12:30 <Joerg-Neo900> >>Cinterion modules that were planned to be used in Neo900 are pretty much wrapped Qualcomm chips<< s/pretty much//

12:32 <Joerg-Neo900> the point is we DO NOT trust any modem

12:38 <Joerg-Neo900> >> only wish an reasonable assurance that my phone does what I wont, without stealing my data. the ones who need 1000% secrecy could/should invest in the proper certification/top-down process<< Please read again what I explained above (>>[4 Apr 2019 23:26:59] <Joerg-Neo900> Neo900 approach to backdoors always been: ...<<), your idea of >>proper certification/top-down process<< isn't feasible, it's exactly like producing a Linux distro that is *

12:38 <Joerg-Neo900> guaranteed* to have ZERO bugs/CVEs

12:38 <Joerg-Neo900> clapont: ^^^

12:59 <Joerg-Neo900> clapont: http://www.gemalto.com/brochures-site/download-site/Documents/M2M_PLS8_datasheet.pdf setpoint.gr/wp-content/uploads/Gemalto_Modules-Terminals_Portfolio.pdf

12:59 <Joerg-Neo900> https://www.gs-m2m.de/index.php?id=171

13:00 <Joerg-Neo900> DAMN! needs auth

13:11 <Joerg-Neo900> ok, here it is: https://fccid.io/QIPPHS8-P/User-Manual/User-Manual-1597398.pdf

13:12 <Joerg-Neo900> actually https://fccid.io/QIPPHS8-P/User-Manual/User-Manual-1597398.iframe

13:15 <Joerg-Neo900> cert: https://fccid.io/QIPPHS8-P/Letter/modular-approval-letter-1597436

13:17 <Joerg-Neo900> <3 FCC ;-D https://fccid.io/QIPPHS8-P

13:25 <Joerg-Neo900> Hardware Integration Manual: https://fccid.io/QIPPHS8-P/User-Manual/user-manual-1597427.iframe

13:27 <Joerg-Neo900> this looks better though https://fccid.io/QIPPHS8-P/Users-Manual/user-manual-1597427

13:33 <Joerg-Neo900> oh right, I missed to answer the question about cost of certification (https://fccid.io/QIPPHS8-P/Test-Report/Test-Report-1597401.pdf is a final summary of such cert process doen by 3rd party) - it's anywhere in the 5 to 6 figures USD

13:34 <Joerg-Neo900> then you got FCC. You might want to get approval/cert of other authorities as well, for other countries/regions of globe

13:39 <Joerg-Neo900> >>The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons<< *cough*

13:40 <Joerg-Neo900> aah well >>A separate approval is required for portable operating configurations, as defined in 2.1093 of the rules<<

15:44 <Joerg-Neo900> OOOOOHOHO they do same "trick" like Neo900 >>The X210 is a strange machine. A set of Chinese enthusiasts developed a series of motherboards that slot into old Thinkpad chassis, providing significantly more up to date hardware.<<

15:44 <Joerg-Neo900> https://mjg59.dreamwidth.org/50924.html

15:50 <Joerg-Neo900> and a nice detail: >>The other fun thing about it is that none of the firmware flashing protection is enabled, including Intel Boot Guard.<<

18:55 <clapont> Joerg-Neo900: thank you very much for you kind explanations and time.

18:56 <Joerg-Neo900> yw :-)

18:59 <Joerg-Neo900> you got he chat of 4 Apr 2019 21:00 +x ?

18:59 <Joerg-Neo900> in /topic there's a link to chanlogs

19:00 <Joerg-Neo900> ummm

19:04 <Joerg-Neo900> http://maemo.cloud-7.de/irclogs/freenode/_neo900/_neo900.2019-04-04.log.html

19:28 <Joerg-Neo900> could somebody please test if the first URL of logs in /topic throws any errors?

19:29 <sicelo> wfm

19:29 <Joerg-Neo900> ta!

19:30 <clapont> wfm2

19:30 <Joerg-Neo900> taa!

19:35 <Joerg-Neo900> ~Neo900-9line is Neo900 uniqueness in 9 lines of text: http://maemo.cloud-7.de/irclogs/freenode/_neo900/_neo900.2019-04-04.log.html#t2019-04-04T22:54:06

19:35 <infobot> Joerg-Neo900: okay

19:36 <Joerg-Neo900> ~#Neo900 concept is Neo900 uniqueness in 9 lines of text: http://maemo.cloud-7.de/irclogs/freenode/_neo900/_neo900.2019-04-04.log.html#t2019-04-04T22:54:06

19:36 <infobot> okay, Joerg-Neo900

19:38 <Joerg-Neo900> infobot: no, Neo900-9line is <reply>see #Neo900 concept

19:38 <infobot> Joerg-Neo900: okay

19:38 <Joerg-Neo900> infobot: Neo900-9line

19:38 <infobot> i guess #neo900 concept is Neo900 uniqueness in 9 lines of text: http://maemo.cloud-7.de/irclogs/freenode/_neo900/_neo900.2019-04-04.log.html#t2019-04-04T22:54:06

19:39 <Joerg-Neo900> ~concept

19:39 <infobot> hmm... concept is Neo900 uniqueness in 9 lines of text: http://maemo.cloud-7.de/irclogs/freenode/_neo900/_neo900.2019-04-04.log.html#t2019-04-04T22:54:06

19:50 <Joerg-Neo900> ~concept

19:50 <infobot> well, concept is Neo900 uniqueness in one slightly overlength post (thus split into 4 lines, plus 2 'footnotes' added): http://maemo.cloud-7.de/irclogs/freenode/_neo900/_neo900.2019-04-04.log.html#t2019-04-04T23:26:59