Hacker News new | past | comments | ask | show | jobs | submit login
The FCC Might Ban Specific Operating Systems (prpl.works)
240 points by dsr_ on Sept 21, 2015 | hide | past | web | favorite | 131 comments



This title is kind of click-bait - they aren't prohibiting operating systems, they _might_ be prohibiting installation of operating systems that are not approved on certain types of devices that allow software defined radio - that is, transceivers that can be tweaked easily by software.

That is not at all the same thing as banning an operating system.

This is already present insofar as hardware requirements in radios - radios cannot be permitted to listen on frequencies reserved for cell phones, and must not be restricted in such way as they can be easily modified to enable it (e.g., a header/jumper). This really just extends this requirement that it is non-trivial to enable illegal broadcasting or reception on software defined radios.

Now - insofar as if this should impact open source operating systems, we have a good question. I don't think it does that - my interpretation, potentially wrong of course, just as the article's could be wrong, is that you would have to restrict the actual firmware in question to a blob that communicates with the hardware in a secure way. This would prevent open/free components insofar as the actual driver, but would not permit the operating system itself from being installed. They mention this, but only at the end of the article.

I also doubt the impact of this for non software-defined/modular radio systems. I don't see a way this would really impact everyday wifi or non-modular systems in a way most people would care about. That isn't to say it isn't _bad_ but once again, it just seems super misleading and alarmist.

Whether or not the FCC should or shouldn't do this is a different question, but the link's title seems intentionally misleading.


> they aren't prohibiting operating systems, they _might_ be prohibiting installation of operating systems that are not approved on certain types of devices that ...

"prohibit installation" means to ban.

"operating systems that are not approved on certain types of devices that ..." means specific operating systems.

So, the FCC "might ban specific operating systems"; you've paraphrased what the title says.


I disagree - saying they might ban operating systems, with no context, leaves out the fact they're only talking about modular radio systems or software defined radio systems.

Edit: also to be clear, as another comment pointed out, this doesn't have any impact on test/kit equipment that is not compliant with FCC regulations anyway and requires a separate license to use - this is targeting consumer equipment. So I still think it's pretty misleading.

The rest is the fact that I think the article is wrong anyway :)


It's a title. Of course it's lacking context. If you want context, you read the rest of the essay, which explains everything you're doing much better than you are, and makes a solid case for why the FCC is, indeed, banning certain operating systems.


I still think it's kind of alarmist, but I can see your point of view as well. My goal was not to be better than their explanations, but only to summarize why I think they're being alarmist - I agree it's a topic worthy of discussion though :).


The context is more or less obvious from "FCC". We know from those three letters that it's not about, say, banning Ubuntu from your PC.


But the FCC regulates a great deal of equipment, and this is only targeting a very specific subset of that equipment - not all of it. I was initially pretty concerned as I'm a Ham radio operator, but this really does not concern me overly much now that it's clear it's:

A) SDR/Modular only B) Consumer only


Quite a bit of "consumer" equipment is halfway to an SDR already, and a ruling like this would mean you could never write or release FOSS firmware for a wireless card. (Note that wireless cards with FOSS firmware exist today.)


Yeah - it sucks and this FCC rules is concerning, but not as concerning as I initially thought it was.

Don't get me wrong - I think this is a stupid rule, but I just don't think it's as big a deal as the article, and title in particular, make it out to be.


and you can be certain that companies that make wireless routers and cellphones will take the easy route out and fully lock things down.


> they're only talking about modular radio systems or software defined radio systems

Which, in practice, means any computer/electronic device that has a radio in it.

> this is targeting consumer equipment

Including "consumer" equipment that is being used for research, software coding, etc.


    Which, in practice, means any computer/electronic device that has a radio in it.
No. FCC approvals apply to the modular transmitter. Another approval may apply to the overall device.


> FCC approvals apply to the modular transmitter.

Including the software that controls it. Which, in practice, includes the OS of a laptop or the firmware of a router, as discussed in the article. Technically that might not be the "entire device", but it's the part that matters.


> Which, in practice, includes the OS of a laptop or the firmware of a router, as discussed in the article.

The article is continuing to imply that the FCC is explicitly banning alt firmware for 5GHz WiFi devices. That is only the case if the module manufacturer fails to come up with any other way of getting their device approved. I don't see anywhere in the regs where banning alt. firmware is a goal of the regs.

Given that this also means a brave new world of region-locked/region-specific 5GHz WiFi devices, and the added compliance burden for integrators ("host device manufacturers") trying to use modular transmitters that rely on host device manufacturer controls to achieve FCC approval, I am hopeful that this will change the way that WiFi manufacturers lock down their radio firmware - and that is exactly what the FCC wants.

The situation where a modular transmitter places additional avoidable test/conformance/approval burden on the host device will also be a PITA for manufacturers, not just end-users.

Check my other comment here https://news.ycombinator.com/item?id=10256905


> I don't see anywhere in the regs where banning alt. firmware is a goal of the regs.

It's not an explicit goal. But the article argues (and I tend to agree) that the practical result will be manufacturers locking down their devices to prevent alt firmware from being loaded, since that will be the easiest and cheapest way for them to demonstrate compliance.

> I am hopeful that this will change the way that WiFi manufacturers lock down their radio firmware - and that is exactly what the FCC wants.

Are you saying the manufacturers will come up with some way of locking down their radio firmware that still permits something like OpenWRT to be installed on a router (or Linux on a laptop, for that matter)? Why would they bother when they could just lock the device down completely?


> Are you saying the manufacturers will come up with some way of locking down their radio firmware that still permits something like OpenWRT to be installed on a router (or Linux on a laptop, for that matter)? Why would they bother when they could just lock the device down completely?

Yes. In the actual regs (which nobody seems to read), they suggest a list ("including but not limited to") a number of mechanisms by which manufacturers may choose to control the portion of their radio software that would impact the validity on their RF testing/validation/compliance results. One of them is signed firmware blobs: to me, that's the easiest, cheapest non-invasive method for WiFi module makers that won't create a huge compliance burden on the host device manufacturer. You go from having to load an unsigned firmware blob anyway, to a signed one. Which is a huge step in the right direction for firmware security anyway. As for modules which don't have blobs but do have the means to create non-compliant emissions just through the driver: it doesn't seem like much of a stretch that they could run new region-locked revs of their modules, or at least move those previously adjustable RF parameters/behaviours over to a signed image in a $0.10 SPI EEPROM chip.

All of this isn't just a PITA for users, it's a PITA for the device manufactures as well.

Particularly for laptop manufacturers. They could save $5 locking down the entire laptop, something they've never been able to do even when they try, or they could spend the extra $5 and get the module that's got a stand-alone certification and only requires them to submit a reference to the module's own FCC approval and some demonstration that the gain of the antennas in their product are in-spec.


> One of them is signed firmware blobs

I'm not sure I understand what you're describing here. Suppose I have a router and I want to run OpenWRT on it. Are you saying that the router will have basically two "firmwares" in it? One that controls the radio chip only, and is signed, and has some kind of defined driver interface; and another that controls the rest of the device, and has a driver that talks to the signed blob, so as long as OpenWRT has that driver, I'm good?

Or suppose I have a laptop and I want to load Linux on it. Are you saying the wifi chip inside the laptop will have a signed firmware blob that controls the radio, and has a Linux driver interface, so I can load Linux on the laptop and talk to the chip?

Assuming the above is correct, how different is it from the way these devices are designed now?


FCC is talking about the radio firmware blobs which drive the radio MCU/DSP chip. That is where you have the capability to drive the device out-of-spec. Not (necessarily) the Linux environment it is being driven from. This is a discrete, separate part to the main ARM or x86 CPU running Linux (though some SoCs are blurring those lines).

We already use firmware blobs on WiFi chips. It's why OpenWRT and friends are locked into old kernel versions for some routers: they don't have the source to the WiFi radio blob and can't recompile or reverse-engineer to make it work on newer kernels with different ABI. It's why we have a /lib/firmware directory for certain drivers in Linux: the device doesn't bother with flash memory, you have to load its firmware onto the device every power cycle into the DSP chip's memory.

So for many devices currently in existence, separate radio firmware is already how things are architected.

Some devices are flashed though, and don't require the host computer to load its own firmware, which is why I discussed a smaller EEPROM that would store signed config locking down the RF parameters and other aspects affecting certification.

Basically separate radio and OS firmware are how mobile phones currently work. That's why you see separate baseband versions from your OS version info in "about this phone": these new rules for SDR devices (separate to U-NII discussion here) will actually require a whole new FCC approval for each radio firmware change.

EDIT: And we haven't properly distinguished FCC approval process differences between modular WiFi transmitters (Eg. miniPCI-e cards) used in laptops and more expensive routers, which can self-contain and solve these issues by themselves without requiring the host device to care about U-NII security measures at all, versus cheaper/integrated products that may be crappy enough to require security measures in the main host device firmware in order to guarantee the radio firmware integrity to the FCC's satisfaction.


Thanks, this is very helpful information.

> for many devices currently in existence, separate radio firmware is already how things are architected

This makes me feel better about things like laptops and routers (at least the more expensive ones), but this...

> cheaper/integrated products that may be crappy enough to require security measures in the main host device firmware in order to guarantee the radio firmware integrity to the FCC's satisfaction.

...makes me wonder about the future, since the trend for pretty much every category of device is towards "cheaper/integrated products". You mention that some SoCs blur the lines already.

> these new rules for SDR devices (separate to U-NII discussion here) will actually require a whole new FCC approval for each radio firmware change.

To make sure I understand, this would be an incentive for mobile phone manufacturers (for example) to continue to have separate radio firmware, even if they move to cheaper SoC designs, correct? Since otherwise (if there were only one firmware blob that contained both the OS and the radio controls), they would have to get FCC approval every time they wanted to push an OS update.


> ...makes me wonder about the future, since the trend for pretty much every category of device is towards "cheaper/integrated products". You mention that some SoCs blur the lines already.

Yes, that's a legitimate concern, but there's a small consolation that this is a problem only for existing SoC architectures doing 5GHz. The new regs don't rule out new SoC architectures which would implement the enforced separation in silicon somehow. Although you're still stuck not having access to modular transmitter rules but that was the case already.

> To make sure I understand, this would be an incentive for mobile phone manufacturers (for example) to continue to have separate radio firmware, even if they move to cheaper SoC designs, correct?

Indeed, although I have oversimplified somewhat - some basebands do run on the same CPU as the OS, but something resembling a secure hypervisor (with secured boot, among other things) is used to enforce isolation between the baseband and OS (see OKL4).


FWIW there's a recap in Ars with a response from the FCC.

http://arstechnica.com/information-technology/2015/09/fcc-op...


Are you being obtuse on purpose? The headline is intentionally worded in such a way to make people believe the FCC is going to ban OSX, Linux, or Windows.

If the author believes it's an important issue, he should be intellectually honest about it, because otherwise he risks having people write him off as a quack. It makes it look appear as if there aren't many valid arguments in his favor, so he has to resort to FUD.


The FCC will ban linux from being installed on devices with a radio that can be controlled via software. That's pretty bad.


Everything is an "operating system" these days.


> This is already present insofar as hardware requirements in radios - radios cannot be permitted to listen on frequencies reserved for cell phones, and must not be restricted in such way as they can be easily modified to enable it (e.g., a header/jumper). This really just extends this requirement that it is non-trivial to enable illegal broadcasting or reception on software defined radios.

Cough, cough, HackRF(https://greatscottgadgets.com/hackrf/) + GNURadio(http://gnuradio.org/) don't seem to have these limitations.


As I recall, they got around this by not being FCC licensed - in other words, HackRF is classified as a kit/developer component, and is not legal to operate unless you hold an independent license from FCC (e.g.: if you're a Ham you can use it on Ham frequencies you are licensed for). Read the disclaimer at bottom

> HackRF One is test equipment for RF systems. It has not been tested for compliance with regulations governing transmission of radio signals. You are responsible for using your HackRF One legally.

Realistically you're not going to probably get in trouble, but I _will_ caution you - if you use this kind of equipment illegally, the FCC does have radio direction finding equipment and will send someone out to find you if you piss them off - they've done this for people that were on Ham frequencies without authorization, people doing nasty things on government frequencies, and anything disturbing people who paid for a license.

Re: GNURadio The software itself has no requirement - there is no "if you run radio software, it has to do X" and there still is no requirement under proposed rules for that as far as I can tell - it's just if you build hardware, your hardware must enforce that only certain software can be installed :).


There seems to be some incredibly bizarre idea floating around here that it is illegal to MONITOR using the equipment (id est "listen") and that is simply not true, except for listening to cell frequencies. That is in American law, but here's the thing: They will not be able to determine that you're listening on those frequencies without looking at your equipment. You can possess and operate your equipment in monitor mode without a license. One must simply get a license (in most countries) to transmit using the equipment. Now, the other thing I want to mention is that the parent comment is right that the FCC has dogs of war that will chase you down and put you in jail (or levy heavy fines) for operating without a license. And they do chase people down with location equipment. I'm not advocating operating a station without a license, but if you keep the power very low and use it sparsely for testing, you have a very, very small chance of being caught by the FCCs enforcement arm. And in most of these cases of nerds transmitting without a license, they are satisfied with merely confiscating your equipment.


I've seen some of the enforcement actions - on a first offense they often just give you a stern warning unless it's clear you were doing it willfully and maliciously (interfering with a company's communications because you have a bone to pick, for instance).

Amusingly, there's been a few cases local law enforcement has asked the ham community to RDF people using their frequencies - at least here most law enforcement uses APCO-25 without encryption, so is easy to monitor and mess with by and large - because it's easier than having FCC get involved.

My favorite mistaken transmission was when a friend noted spurs coming off the strategic command in Omaha that were ending up on ham frequencies. We reported it, an hour later all their spurs were gone.

In any event - yes - monitor mode stuff they won't be able to detect unless they see your equipment, but most equipment is required to restrict the cell frequencies in such a way it's not easy to modify to detect. Most other equipment you have a jumper to enable "everything but cell" TX/RX (Looking at you Yaesu VX-9).


RDF = Radio Direction Finder


What harm does listening on a frequency cause? If radio waves travel through my house I'm not allowed to listen to them?


That rule was put in place in the early, analog, days of cell phone usage to help build confidence that J Random Somebody wasn't listening to your calls. Cordless phones at the time were well known for being easy to listen to, and the wireless industry didn't want that stigma on cell phones.


What harm does spying on my neighbour through her window cause ?

If light travels through my telescope into my house I'm not allowed to watch it ?

Seriously just because something is "in your house" does not mean you some inherent right to it.


I'm not in the US and I don't know much about US laws, so can you enlighten me on the relevant laws regarding this? Would it be illegal to stick a 4k camera on your window sill? What about for surveillance purposes?


I doubt the possibility of detection is very high if you're only receiving.


Agreed - they're more concerned about transmission, which is part of why they have more strict requirements around scanners to try a lot harder to avoid this.


> This would prevent open/free components insofar as the actual driver, but would not permit the operating system itself from being installed.

If the SDR has a microcontroller, you potentially only need the firmware of the microcontroller to be signed (with the microcontroller checking the signature), and can have a fully free driver around it. You can even release the source of the firmware (and allow reproducible builds!) because it's guaranteed by the signature, not by the availability of the source.


Good call - similar to how you load firmware for Wifi using a blob a lot of the time. But for a lot of advocates of this they still might not be okay with this as they don't want any blobs. Which I can get, but even more reason it's kind of alarmist in my view.


radios cannot be permitted to listen on frequencies reserved for cell phones

Is this true ? I've never heard of the FCC restricting receivers before. You don't need a license to buy or operate a HAM receiver.


Listening to the the cell frequencies, selling a device capabable of listening to them, or modifying a device to enable listening to them, has been illegal in the US for years: http://www.gpo.gov/fdsys/pkg/CFR-2010-title47-vol1/xml/CFR-2...

The law dates back to the days when cell phone tranmissions were analog and could be picked up with a consumer-grade police scanner. As I recall, it was passed soon after an incident where a congressman's conversation with his mistress was picked up and publicized, but I don't have a authoritative source for that.

Even with modern phones being digital and encrypted, the law remains in effect.


The regulation you linked to appears to date to 2010, long after analog phones had been replaced.

18 U.S.C. 2512 may be older but I wonder why such a regulation would have been issued so recently.

Also if this regulation is intended to implement 18 U.S.C. 2512 it appears to be broader in scope than that law. The law only prohibits devices that are "primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications". The regulation on the other hand restricts scanners that are capable of receiving such communications. I don't see how a broadband scanner that includes cell phone frequencies along with other bands could be considered to be "primarily useful" for intercepting cell phone communications.


This is ancient, dating back to when cell phones didn't use encryption. As opposed to today, when many of them still use fundamentally broken encryption like A5/1 and A5/2, other than the ones doing something vaguely sensible like VoLTE. (Though I haven't heard anything about the ban on such devices being lifted.)

But in general, "you can't listen to this frequency" is completely crazy; "listen all you like but you won't get anything useful" makes more sense (along with "don't broadcast on this frequency above this power without a license").


Depends on the licensing/certification of the device - for consumer equipment (particularly scanners) it's required, for certain experimental and test equipment it is not.

EDIT: I think this happened in 1994 - google "cell blocked" scanner and you'll find stuff on it.

Edit Again: Here's a QRZ thread on it: http://forums.qrz.com/index.php?threads/why-are-ham-radios-s...


I don't know if it is true, but I think that many commercial receivers that you can buy nowadays don't allow you to listen to those frequencies


[flagged]


Honestly I don't know what was "going through my head". I think most letter case decisions are handled by my brain below the threshold of conscious awareness. I don't spend a lot of time agonizing over trivialities in my online comments that are completely irrelevant to my question or point.


Perhaps you have Amiga on the brain :)

https://en.wikipedia.org/wiki/Hold-And-Modify


This is needlessly abusive.


Many people capitalize HAM. Probably comes from a number of proposed origins [0]. No need to make a big deal of it.

[0] https://en.wikipedia.org/wiki/Etymology_of_ham_radio


It's not crazy to assume that "ham" from "ham radio" would be an acronym for something. You're being needlessly confrontational because of a misunderstanding on the internet.


It's a reasonably-common capitalization.


If the net result is that I can't install OpenWRT on my router in Australia, then yes, that's really bad.


My contribution to the commentary:

I feel that the proposal to regulate device firmware and effectively ban non-vendor firmware is both overbroad and will result in significantly increased security risks faced by the general public (myself included). If the FCC chooses to go forward with this, it should also require and put in place penalties to enforce MANDATORY security updates from vendors within tightly constrained timelines, including to products which the vendors no longer sell or wish to support.

I have used various third-party firmware replacements (generally OpenWRT, occasionally DD-WRT) to replace firmware on routers with known security holes, undoubtedly including some for which patches were years late if ever delivered. I have done this for myself, friends, family and customers.

If the FCC mandates that I may not legally replace the firmware with secure versions unless they come from the equipment vendors without also taking steps to ensure the availability of those security fixes, then the FCC is acting to ensure that the state of network security in the United States is AND WILL REMAIN unacceptably poor.


They are struggling with a very simple problem. If you configure your 5GHz U-NII device to the wrong country, and turn it on, it will stomp all over licensed/restricted spectrum.

That's because unlike 2.4GHz, 5GHz has been carved up very differently in different parts of the world (each place has had its own evolution of technology and spectrum pressures).

To such a degree that this isn't even about power and frequency. As an FCC registrant seeking to slap FCC stickers on your new/imported devices, you'll be required to submit proof of conformance documentation which demonstrates you've properly implemented radar avoidance in your frequency hopping/spread spectrum algorithms.

Finally, the FCC has made it obvious that this aimed at the transmitter module, not the overall device. And so, "banning" OpenWRT and other 3rd-party/alt firmwares would only be required if that's the only half-arsed way a manufacturer can hope to comply with the new regs.

In future, I'd hope hardware becoming better isolated from radio components, this ruling (and similar around the world) are essentially mandating region-locked devices, so we might see something similar to what's happening in mobile phones (Eg. baseband radio firmware separately versioned/updated from OS firmware).


I thought to myself: "This looks like a good time to stock up on SDR equipment, in case this ever goes through."

And then I realized this is exactly the same thing gun enthusiasts thought when they though Obama would limit their guns/bullets, and stocked up on them, and I thought it was silly. I guess we're a lot more similar than I would have thought, made me think a little bit more about it. I'm reminded a bit of that "first they came for me" poem/story.


FWIW, I don't think there's a lot of regret among gun enthusiasts who stocked up. They like guns, they like ammo, and they found a reason to buy in bulk.

The people I know are happy they did.

I can imagine being pretty happy in a year or two having stocked up on SDR gear. :-)


As a gun enthusiast who didn't stock up, I really hate those guys. I basically couldn't go to the range for over a year because Walmart was always out of the Winchester White Box and whatever other cheap FMJ they carried, and everyone else who could keep inventory had jacked their prices to unreasonable levels.

I finally had to start going to Walmart every morning before work to figure out which day the shelves got stocked. A couple of Tuesday morning visits later I had made my own little contribution to the problem by building my own hoard of bullets that I didn't really want just because I wanted to be able to go to the range once in a while without paying range prices for ammo...

Hoarders suck.


And I bet those people would never concede that their favorite political commentators that whipped up a frenzy without any evidence were 100% completely wrong about what Obama was going to do. I wouldn't be surprised if some of those people think that Obama actually did ban bullets. And they still listen to their favorite loud mouths and take them seriously.

The FCC thing is based on actual information, not the fevered mind of deranged anti-Obama conspiracy theorists.


Your mileage may of course vary, but as I said, in my circles it wasn't so much a knee-jerk reaction as a decision to take the occasion to buy in bulk.

I haven't yet met any of the stereotypical deranged gun owners that I keep hearing about. Although I'm not a gun owner myself, I have visited ranges and gun shops throughout the US and all the "gun people" I've met have been peaceful, helpful, open-minded, and friendly.

And FWIW, you don't need to subscribe to a "deranged anti-Obama conspiracy theory"; the market mostly moved (quite rationally) after the Obama administration announced support for the so-called UN Treaty on Trade in Small Arms. The conference concluded without adoption of a treaty, but US support has made it more likely, and passage may well mean decreased availability of small arms and ammunition.


I'm reminded of another similar saying (paraphrased): "If you outlaw free operating systems, only outlaws will have free operating systems."

Also, http://www.gnu.org/philosophy/right-to-read.en.html


Just a nitpick, but the poem wouldn't make much sense if the first line was "first they came for me" :-)


Do you have any FCC certified SDR kit currently?

This only impacts an OEM/importer's ability to gain FCC approval/certification for new devices.

If you're not slapping FCC stickers on things, or are using something that never had an FCC sticker on it in the first place, this doesn't impact such apparatus (you always needed a separate license to operate HackRF & friends).


Specifically, SDR kits are usually rated as professional and test equipment, which are not certified by the FCC. The OP is about consumer products and other FCC-certified products.


I think they're not rated as anything. They simply have no manufacturer-supplied licensing/approvals whatsoever. So it is up to the user to gain an appropriate license and operate them to the conditions stipulated by that license.


>SDR kits are usually rated as professional and test equipment

The cheap ones aren't even that. They're repurposed/upcycled television DTV receivers.


Often by people manually modifying ones they bought themselves.

And, interestingly, many satellite receivers allow users to just enter a frequency in the supported range and they will happily load and display the data on that frequency.


FWIW I haven't seen anything in the new rules (admittedly I have focused on SDR and U-NII regs) which pretends to cover anything but intentional radiators (i.e. transmitters).


I was slightly surprised about a week ago when I came across the NPRM by accident and realized the comment period was already over.

But, I'm more taken aback though by the reactions here to this guy's (admittedly alarmist) thoughts... From reading the comments here, it sounds like only a couple people scanned past the headlines.

TL/DR, Eric (Who is actively involved in the OpenWrt project), makes a very good case that the FCCs proposed rules will require DRM for software on all devices with radios, thus preventing the use of third party OS like OpenWRT (although he thinks the rules could probably be applied to computers, phones, etc. too).

Sure, the FCC won't "ban" OpenWrt et al, but lets not be pedantic here; if there are no devices left that allow you to legally (or otherwise) install your own firmware, projects like that will die a death by a thousand cuts.


I actually completely agree with you on this - what they're proposing is going to stifle a lot of wireless hacking and will be overall harmful to try to avoid what is probably already at best a marginal problem. Most people that overpower their equipment already burn it out very quickly, and I don't think I'd worry about it as much as they are.

I think the alarmist point of view on this actually hurts his points though - because it comes off as a less legitimate concern than I think it actually is. It is something we should be concerned with, because FCC rules are often hard to change once they're made.


The FCC responded to Ars saying that the line about DD-WRT was clumsily worded. I'm under the impression that if the OEM/importer demonstrates in their filing that their proof of conformance documentation will always be representative (valid) of the device no matter what the user can do through user-accessible features and menus, i.e. they can prove that the radio module is locked down in some way other than the main device firmware, this should be sufficient and does in fact meet the requirements.

After all, preventing APs from stomping on licensed spectrum due to wrong country selection seems to be half of what's driving all this anyway.


Do you have a link for that? I'd like to see it...

The original wording from the FCC about DD-WRT was pretty awful, and I don't see how their intent can be interpreted otherwise (although they may be backpedalling now):

"2. What prevents third parties from loading non US versions of the software/firmware on the device? Describe in detail how the device is protected from "flashing" and the installation of third party firmware such as DD-WRT."

As seen on this thread and the document linked within: http://lists.prplfoundation.org/pipermail/openwrt/2015-July/...


    Do you have a link for that? I'd like to see it...
It's the very same document - I'd encourage everyone to read it in full. There are only 3 pages of content after all: "Software Security Requirements for U-NII Devices" [1]. But keep in mind - this is not representative of the actual license conditions and regulations, it is a piece of bureaucratic administrivia that helps the FCC staff process and assess your applications!

    "2. What prevents third parties from loading non US versions of the software/firmware on the device? Describe in detail how the device is protected from "flashing" and the installation of third party firmware such as DD-WRT."
Again, I think people are picking stuff at random and missing the context. I could find much scarier wording than this if you really wanted to FUD this up some more. This is part of a bureaucratic administrative process used to help assess applications.

It even says that follow-up questions may be asked. As someone familiar with regulatory compliance processes in another country (.au), just because you answer in the negative does not mean your application will be rejected - your other responses (see the rest of the questions to see how redundant they are) will be taken into consideration.

Even though we have the old joke where our equivalent of the FCC has an unofficial motto, "We're not happy until you're not happy", even bureaucrats have enough imagination to see that scripted questions can't capture every single possible way to meet the underlying requirements for a given regulatory compliance issue.

The questions are centered around identifying how the device is restricted from operating outside of the conditions asserted and tested in the conformance documentation submitted with the FCC registrant's application. That's not an unreasonable expection from a spectrum regulator's POV, but it is terrifying given that this will likely mean region-locked (or region-specific) devices - choosing a country from a drop-down list will become a thing of the past (after all, 5GHz is carved up quite differently in different parts of the world compared to 2.4GHz, where things are already a complete mess).

Whilst you might find that "OMG, these questions seem to assume that the FCC wants only OEM-approved firmwarez", as per the DD-WRT wording this is because the questionnaire has been written from the assumption that these drastic measures are necessary to meet the new regulations. If you read the proposed regs themselves, carefully [2], I don't see anywhere where the "host device" is explicitly required to control OS firmware unless this is the only means that the registrant can meet the U-NII security requirements.

It doesn't help that we have a whole new population of people trying to read and understand these documents (me included). They use the term "software" rather loosely, and you have to have some background understanding of how the existing FCC registration/approval/certification process works (difference between an approval for a host device vs module etc).

I even see people mixing up the SDR rules. Technically an SDR product must undergo a completely new FCC approval process with new validation test results/proof of conformance for every firmware update! There's no way WiFi router AP vendors are going to go down that path; this is reserved for things like mobile phone baseband firmware that change infrequently and are profitable enough (check out Qualcomm's profits) to actually afford to be able to do this.

This [2] basically summarizes the intent behind the U-NII security requirements:

    Manufacturers must implement security features in any digitally modulated
    devices capable of operating in any of the U-NII bands, so that third parties
    are not able to reprogram the device to operate outside the parameters for which
    the device was certified. The software must prevent the user from operating the
    transmitter with operating frequencies, output power, modulation types or other
    radio frequency parameters outside those that were approved for the device.
    Manufacturers may use means including, but not limited to the use of a private
    network that allows only authenticated users to download software, electronic
    signatures in software or coding in hardware that is decoded by software to
    verify that new software can be legally loaded into a device to meet these
    requirements and must describe the methods in their application for equipment
    authorization.
[1] https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869Rsy...

[2] http://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=9a15d7771e...

Edit: I guess you meant the Ars article! Here it is:

http://arstechnica.com/information-technology/2015/09/fcc-ac...

    Ars is attempting to schedule an interview with the FCC to explore this issue in
    more depth. So far, the commission has only told us that “versions of this open
    source software can be used as long as they do not add the functionality to
    modify the underlying operating characteristics of the RF [radio frequency]
    parameters. It depends on the manufacturer to provide us the information at the
    time of application on how such controls are implemented. We are looking for
    manufacturers of routers to take more responsibility to ensure that the devices
    cannot be easily modified.”


New ars article: http://arstechnica.com/information-technology/2015/09/fcc-op...

"Despite an FCC guidance to router manufacturers that seems to ban open source firmware such as DD-WRT and OpenWRT, FCC spokesperson Charles Meisch told Ars that there is in fact no such ban. But there are restrictions that in some cases could cause a manufacturer to decide to prevent the installation of third-party firmware. In fact, disabling the installation of third-party firmware by the user may be the easiest and most straightforward way for hardware makers to comply with the FCC's guidance. ... Manufacturers could choose to achieve compliance by simply locking out any kind of third-party firmware, the FCC acknowledged."


Yes, I did mean the Ars article, my bad for not clarifying the context - and thanks for the additional commentary too!


> if there are no devices left that allow you to legally (or otherwise) install your own firmware, projects like that will die a death by a thousand cuts.

There are still major manufacturers that recognize the enthusiast and tinkerer market, and they'd be missing out if they didn't sell hardware that has a radio separated from the SoC in order to comply with the proposed regulations.

Unfortunately I can count these manufacturers with only one hand. Buffalo is one of them. Hell, they even sell their hardware with DD-WRT already installed.


This is like banning guns cause people sometimes use them illegally to kill other people. Not very American.

Just go after people who are causing illegal interference and leave the people who 'might be able to' alone.


Yeah, there is a gun problem in this country and this is a terribly flawed analogy.


A random American has a 1/10,000 chance of dying to a gun this year. Half of them are suicides. Hardly a 'gun problem' worthy of banning guns.

I have a higher chance of crashing my motorcycle and dying that way, do you support banning motorcycles too?


If you're going to lecture someone on numbers, at least get your arguments right.

1. You should separately account for "random Americans" and americans that actually own guns. I, too, would have a higher chance of crashing my motorcycle... if only I owned a one.

2. Vehicular transportation is a worldwide leading cause of death. It is a problem that is defining the beginning of the 21st century, what with self-driving autos and all. You're setting a pattern in bad analogies.

3. Do you enjoy having that extra 1 in 10k? Do you realize it's really not that high? By your already-biased numbers, there's a 3% chance that someone in your non-gun-owning household of 5 will die with more holes in their body than they were born with.


> You should separately account for "random Americans" and americans that actually own guns.

Yes, but I'm overstating the risk to parent by choosing random Americans vs. Americans who own guns. This is fine because it helps my argument the least. Consider that someone who is anti-gun like parent can easily choose not to have a gun in his home and further reduce his risk without the need for legislation.

> Vehicular transportation is a worldwide leading cause of death. It is a problem that is defining the beginning of the 21st century, what with self-driving autos and all. You're setting a pattern in bad analogies.

I don't understand what you're saying here.

> Do you enjoy having that extra 1 in 10k?

No, but I find it preferable to gun control (or the regulation in the article or any other kind of pre-emptive legislation against crimes that haven't even happened yet).


You throw the number (1/10,000 chance) like it's low but I think that's fairly high. You cite crashing motorcycles but the total US deaths by traffic accidents was close to 1/10,000 in the most recent years [1]. You ask if we want to ban motorcycles but motorcyles aren't used to murder people, we ban or heavily regulate lots of things that are more generally harmful (explosives, lead, asbestos, radium, DDT, CFCs, etc.) many of which caused fewer deaths than firearms when they were legal.

[1] https://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_i...


Firearms are not generally used to murder people, they're generally used to poke holes in suspended pieces of paper or look pretty or make the owner feel safe or hunt animals.

They're very rarely used to murder people relative to their other uses.


Not sure where you think I claimed that the only or chief use of firearms was to murder people. The main use of lead, asbestos and DDT were also not to cause health problems but they were still banned.

OTOH firearms are overwhelmingly the most common way people get murdered in the US today, so to say they're 'rarely used to murder people' is to only look at the question from one side.


...and what're the odds globally of a random person dying from a gunshot? I could ask about specific other nations with different firearms laws, but let's start with the general case.


I'm from Canada and it's not illegal or particularly difficult to own firearms yet our rate of gun violence is about 7x less than the US.

Sounds like there is a separate, bigger problem in the US besides the legality of firearms and plenty of progress can be made without going nuts and banning firearm ownership (or open-source radio firmware) outright.


Are you pro DRM? Are we going to ban open source 3D fab tools too? They will only improve. DMLS can print a 1911.


What I don't get it is, why make the software enforce certain frequencies? If the hardware should never be able to broadcast on a certain frequency, why not build the hardware with that limitation?


In the past that's exactly what they've tried to do, and this usually ends up clobbering the law-abiding users in the process. Most of these bands are pretty close to each other - the 10M HF band is right next to the CB band, the 2M band is right next to the emergency services bands and pretty close to both the aviation bands and the weather radio bands, and so on. Gear from one will pretty much just work on the nearby bands, absent some other protection. You can do filtering, but it's physically pretty hard to make an amplifier work ideally within its band and then immediately stop working when you take it outside its band.

So the FCC's response in the past was to make it illegal to produce anything that could go from [unlicensed power level] up to [licensed power level] on demand. If you wanted to make a 10M amp that could hit say 150W, you had to require at least 75W drive power because that was beyond what a legal CB radio could deliver. Kinda sucked for anyone who couldn't afford a radio with 100W of drive, and I think they eventually let off a bit because they were losing the battle to cheap Chinese junk sold over the internet. They're very proactive about enforcement, they'll get you sooner or later, but until then it's better for everyone if you're not spewing harmonics everywhere.

There are radios and amps that use a frequency analyzer to automatically cut out when operated out of their intended bands, they're just very expensive compared to most of the gear that's out there. And a lot of the Software Defined Radios and so on are actually wideband radios that are physically capable of operating across a bunch of bands. These are very concerning for the FCC, and you pretty much cannot limit these physically, it has to be built into the firmware or the controlling software. Hence the article.

There's also just different rules for different license classes. As a radio amateur, I can also use 2.4 GHz (13cm band) under my license, and I am allowed to operate with up to 1500 to 2500 watts EIRP depending on mode. That is of course subject to lots of limitations including "minimum necessary power", but there's nothing physically stopping you from taking a 13cm amp sold for radio amateurs and running wifi over it. Same frequency, how does the radio know?


> There are radios and amps that use a frequency analyzer to automatically cut out when operated out of their intended bands, they're just very expensive compared to most of the gear that's out there.

Why is that expensive? It obviously can't require fancy hardware if it can also be done in software.


Here's a contrived version of this:

Imagine trying to design a calculator that isn't allowed to display the digit '8' on its LCD display.

In software, the implementation sees if the LCD is being set to a value that contains '8' in binary and if so, ignores the input.

In hardware, you have to have a camera that is pointed at the LCD, and a hardware OCR implementation that looks for the 8, and then a circuit that when the OCR implementation sees an 8, turns off the display.


Just to fill in the context that's missing here:

1. If you have a single radio unit, you can easily do the "software" implementation where you look at what you're going to be broadcasting and cut it off if it's not legal. The problem comes when you have separate radio and amplifiers - the amplifier has no idea what whether you're feeding it 10M or CB frequncies. It will amplify either just fine, so the FCC really prefers you to build in a "hardware" type implementation there (a frequency analyzer that figures out what's going into it). It's just expensive to do so - like if you didn't already have a digital amp, you might easily add 1/4 or 1/2 to the cost just to get some dumb logic built in. And you can still probably get around it if you really try.

2. There is a disproportionate amount of cheap gear and old gear in circulation. We didn't get "smart" rigs until the late 90s at a minimum, and even so they are vastly outnumbered by stuff from the glory days of the 50s, 60s, and 70s. There has always been a relatively small amount of high-power stuff in circulation, and there's even less smart high-power stuff. A lot of the modern kit-built stuff like the Elecraft K2 focuses on QRP (effective operation on low power) instead of crazy high output.

3. This manifests as a CRAZY price curve. It's relatively easy to get an old radio from the 70s that'll do 50 or 100W (especially after factoring in weak, aging tubes, etc). A modern mini-rig that will do 25W or something is also relatively affordable. But if you want something new, powerful, or new AND powerful you can easily jump into the thousands of dollars. For the cost of a modern rig that'll do any given power level, you can afford an older rig and an amp that will put out an equally good signal with substantially more power. Or with a better antenna. And so on.

4. There's nothing wrong with the old gear and things like tubes can be fixed. If you trash your new wünder-rig it's garbage. So given that amateurs are crafty people (the proto-hacker, really) there's a strong incentive to make the old or lower-power stuff work, because it's repairable when it breaks.


Thanks for the info, cbhl and paulmd. I'm afraid I still don't quite get it, probably because I don't understand EE and radio as well as I ought to.

Why is there significant expense in putting a ROM chip between the radio and the amplifier that cuts out certain frequencies? I can see where that's not as simple as mandating software that is simply incapable of generating bad frequencies in the first place, but it intuitively strikes me as the same sort of embedded programming that goes into, say, a microwave oven--I can see it adding some cost, but not so much that it would be unfeasible in e.g. an home wifi router. What am I not understanding?


In hardware, $.15 is "significant expense" because the margins are thin and unit economics.

The list of blocked frequencies changes occasionally (like time zone definitions); if you can't update the "illegal frequency blocking" chip then it becomes illegal to use your otherwise-perfectly-good product once the rules change. Plus, it depends on what country you're in, so ideally if you move (or just go on a vacation) to another countries you don't want to have to throw away your old router/smartphone/smartwatch and buy new ones in the other country.


Chicken and Egg. If you can modify the radio (hardware/software), you can modify the protection device.

Adding a protection device merely shifts the problem (being discussed) from the radio to the protection device.

It achieves exactly nothing.


I'm not sure that follows. On the kind of wifi router that the FCC wants to ban, you can install new firmware because it's designed to allow you to to that. You could have accessible firmware whose signals have to pass through a non-accessible ROM.


You can change the frequency that a thing communicates on by changing the length of the wire in the antenna, and you can change the strength of the signal by changing the shape of the antenna, and the ROM will be none-the-wiser.

An example of the former is "homemade AM radio", where you wrap a lot of wire in a coil, and changing where you complete the the circuit along the coil allows you to "tune into" different frequencies.

An example of the latter is the cantenna, a directional antenna that can be made from a Pringles can.


The sub-ten dollar wideband SDR is a recent phenomenon.


Wideband radios are not all that new. My radio is a Kenwood TS-820S from the 70s and covers multiple bands from 160M to 10M. My cheapo Radio Shack walkie talkie from 15 years ago covers most (all?) of 6M to 2M (i.e. all kinds of serious bands that I'm not allowed to transmit on). My Yaesu VX-5R from 10 years ago can do full-on wideband receive, from 6M up to microwave.

With the help of an auto-tuner to match the SWRs there's no physical reason I can't transmit/receive bands I'm not supposed to. It's not like tweaking a VFO is really a technical challenge, they're well-understood technologies. And the frequency display on my radio is literally just a frequency counter for my own edification, the base TS-820 non-S model doesn't even have one. To find your frequency you look at the dial, there's a printed scale for your band. You know what happens if you are pushing the limit too far? The FCC tracks you down and you get a pink slip telling you that they know what you're up to.

You both underestimate what older radios can do, and overstate what newer radios can do relative to them. The reasons that you didn't see people transmitting off-band before was primarily social, not technological. As for receive, the FCC was flipping out about people intercepting cellphone calls on omniband radios - 15 years ago. Omni SDR was around 10 years ago too, with the same capabilities (see: GNU Radio), it just cost more than $10 for a rig.


I made a short reply as to one reason why I thought that the fancy radios that monitor their own output might be cheaper now or in the not too distant future. I'm grateful for the reply, but I think you've read too much into my little one-line comment.

>Wideband radios are not all that new.

No, but super cheap ones are.

>It's not like tweaking a VFO is really a technical challenge

Well, it's a little bit of a challenge for most (especially non-hams), but sure, there's no magic involved.

>The FCC tracks you down and you get a pink slip telling you that they know what you're up to.

I've heard so many scary stories about the FCC, and yet their enforcement actions page is relatively empty; and hams are always heard complaining about both persistent abusive behavior that the FCC either does little, or is powerless to stop. My impression is that violators, both abusers and unintentional get a lot of chances to correct their behavior; and that FCC enforcement is mostly a paper tiger that can do a bit of damage to someone who wants to comply (for the most part), and can do very little or nothing to stop the worst abusers.

Enforcement actions: https://transition.fcc.gov/eb/AmateurActions/Welcome.html

Warning Letters: http://transition.fcc.gov/eb/AmateurActions/Legacy.html

>You both underestimate what older radios can do, and overstate what newer radios can do relative to them.

I don't think so. I know that these features, or reasonable substitutes for them exist/have existed for some time, but I also know that their widespread use was limited, primarily due to cost. Economies of scale in manufacturing mean that since a TV tuner chip which produced in the billions can be used as an SDR, now there are lots of very inexpensive SDR units available for purchase. For higher end equipment, there is also the fact that DSP tech has advanced at a pretty incredible pace enabling things like the ~$300 dollar 100MHz oscilloscopes in my lab and also the 500MHz scopes in my lab that didn't cost more than our minivan. Sure, many (maybe even most) of the things that can be done with an SDR can also be done with solder and wires, but an SDR can do any/all of them. A super cheap (as in < $10) SDR can act as a frequency analyzer (to use GP's term) can compliment a high quality analog radio design. I suspect that one could add that kind of feature to an analog radio and keep the total additional cost under $10.

>The reasons that you didn't see people transmitting off-band before was primarily social, not technological.

I think you've hit the nail on the head here. There simply isn't any/much of a problem, and where the problems do exist the FCC is largely toothless anyway (and that's arguably a good thing). The FCC sees the potential for cheap consumer equipment that can easily be made non-compliant; they know that they haven't the resources to enforce the rules against millions of people and want to simply prevent it from happening. There is a reason that the FCC has so little enforcement is because nobody who knows them, likes them.

>FCC was flipping out about people intercepting cellphone calls on omniband radios - 15 years ago.

Another reason to dislike the FCC, they made a rule which was almost totally ineffective, and today is completely moot; because the technology prevents the problem that the rule was supposed to prevent. The cost of scanners/radios went up, and some good products were taken off the market and replaced with junk, or simply not replaced. Yay FCC.

> Omni SDR was around 10 years ago too, with the same capabilities (see: GNU Radio), it just cost more than $10 for a rig.

A lot more than $10, and you had less "SD" for your SDR because your PC and the software was simply less capable. Now, a relative noob can start from practically nothing and point and click his/her way to receiving any number of things in an afternoon.


In addition to the other answers, allowed frequencies differ in different countries/jurisdictions, so it's probably cheapest to make a single piece of hardware that can handle all frequencies in all jurisdictions, and then impose region-specific restrictions in software.


This is because this is entirely intended for software defined radio and modular radio - around which the entire point is the RF component does not contain as much signal processing logic, and that is done in software. Restricting software defined radios to specific frequencies in hardware would take away the entire point of modular/software defined radio.


Did you miss the conversation about how this fucks over people who want to install custom firmware on their routers for legitimate administration and traffic-shaping? There are plenty of uses for radio software that don't involve going outside approved frequencies.


I agree - but this rules doesn't apply to anything except SDR and modular systems that are also consumer devices - which are not most consumer devices.

That said - I am not condoning the FCC policy at all - I'm actually against it - I just don't really care that much because it impacts nothing I do and so few use cases I care about.


>"I don't care about X, because I never X."

You sure have spent a lot of time ITT explaining to everyone, advocating, practically that the FCC ruling is unimportant because you think that your own interests will be unaffected. Well, congratulations, but if we were all so short-sighted we'd eventually be reduced to only the hobbies and activities that a majority of us approve. We get it. You don't care, because you don't think it affects you.


I've actually said a few times I think it's a bad ruling - I'm just not practically impacted by it :). That said though I think being alarmist about it does not help the cause - it makes people less likely to actually listen to you once they realize you were being an alarmist. I actually agree with the points in the article - I just disagree with how they were made.

In this thread my only point is the FCC hardware restricting instead of requiring software restriction neuters SDR to begin with so is a dead end. It's all or nothing insofar as "protections" go. My view is still it should be nothing, but I don't think it is as big a deal as its being made out to be.


> this rules doesn't apply to anything except SDR and modular systems that are also consumer devices - which are not most consumer devices.

Um, what? Pretty much every device that does wifi has a SDR in it.


Does it affect cellphones? From the description I would have assumed it did, but I haven't seen much talk about that.


Even if it does apply, the radios on modern phones are already black boxes and completely detached from the rest of the phone. Some consider them a significant security threat already.


Contrary to the common interpretation, I've yet to see where in the new rules it is required that manufacturers implementing the new 5GHz U-NII device software security requirements is required to forbid 3rd-party firmware. Yes, there is an administrative document that asks questions about how such updates are prevented, but if you read the full document in context it also asks a lot of other redundant questions, and the FCC have since responded to Ars questions stating that it was not their intention to ban alt firmwares - just that the administrative processes starting up at the moment probably assumed that it would be necessary for the host device to do this to meet the new requirements. And since when does answering a regulatory compliance question in the negative mean that your application will automatically be rejected? All of the responses are used to help an FCC assessor arrive at a proper conclusion, potentially with further clarification sought on each point - it is not a hard script that you must always answer every requirement in the positive (in fact in many cases this would be impossible).

The new regs themselves do not state this requirement. It lists several possibilities for manufacturers to guarantee conformant emissions from their device, several which will continue to allow 3rd-party OS firmware.

Admittedly, the brave new world looks like region-locked devices and cheaper routers that truly are locked down in the exact ways we don't want, but that is not a hard FCC requirement, just a side-effect of the new regs on APs that have poor separation between OS and radio module.

    There are plenty of uses for radio software that don't involve going outside approved frequencies.
Except unlike ISM bands, U-NII 5GHz spectrum has been carved up with consultation of the 5GHz primary (licensed) users in each country and granted exclusively for U-NII conformant devices.

Unlike 2.4GHz ISM, nothing gives you the right to transmit on 5GHz U-NII bands (well, there's a bit that overlaps with secondary amateur spectrum) than otherwise permitted through the same FCC approvals process every device manufacturer must undergo.

That was the case before the new rules. Now the new rules are imposing sucky requirements for U-NII device software security.

However, that's been largely misinterpreted in every discussion I've seen recently.

For some context, check out https://wirednot.wordpress.com/2014/01/07/what-else-is-in-th...

You really don't want U-NII devices configured for Japan to be stomping on licensed spectrum in the US; you also need all that power negotiation, radar/interference avoidance algorithms in your radio so we don't get the same 2.4GHz mess happening in 5GHz.


This goes beyond just frequency and power conformance. There's power negotiation, interference avoidance, instantaneous occupied bandwidth, instantaneous vs average power limits, spread spectrum/freq hopping performance, radar avoidance algorithms - it took a lot of effort to carve up the 5GHz bands, each part of the world has done it differently, and so there's a lot more strings attached.


You can't. RF hardware and signal processing don't work that way... at least not for free.


You can make it difficult and very hard in practice through antenna and component design in the case of small internal radios - in radios with external antennas it becomes a great deal harder though, and in radios that are open for modifications it becomes even more difficult.

That being said though - this is meant to apply to software defined/modular radios - that is systems wherein the entire point is that it does what the software tells it instead of having hardwired components meant only to receive certain frequencies.


Perhaps because that's more costly? Sometimes the disallowed frequencies exist within a range of allowed frequencies. A hardware limitation would involve filter stages that would add cost.


This is already done in scanners to prevent scanning cellular frequencies as required by FCC regs.


A driver is not an OS, notwithstanding the legitimate and well-founded objections to driver signing as it affects open source operating systems...but I'm willing to firgive a little hyperbole in the pursuit of attention. On the other hand:

I firmly and respectfully disagree. The user always knows their life better than anyone else. Linux exists because users could modify their device. OpenWrt exists because users could modify their device. CyanogenMod exists because users could modify their device. Ultimately, a software community which believe users are fundamentally unqualified is a broken community. I trust users to take responsibility for their own lives.

Sure, philosophically I feel the same way. But as soon as I begin broadcasting, I'm not just living my life any more, I'm affecting yours, too. Probably not by much, but possibly by a lot - what if my actions impact your ability to live your life?

Externalities are an economic fact. The article itself discusses ways that ignorant or indifferent radio users could cause trouble for others. Pre-emptive regulation of the sort the FCC engages in is annoying, but what other mechanism is proposed to prevent spectrum abuse? We saw from the Marriott Hotel case that where economic incentives exist, some actors will opt to defect and collect an economic rent.


> as soon as I begin broadcasting, I'm not just living my life any more, I'm affecting yours, too

Do you have a wifi router? If so, you are already broadcasting. Have your neighbors complained that they can't use their wifi because of your broadcasting?

The huge missing piece in this whole discussion, to me, is: how much of a problem actually exists? How many people actually have problems using wifi because someone else is violating the FCC rules? My sense is that the number is very small.

> Pre-emptive regulation of the sort the FCC engages in is annoying

I think it's much worse than annoying. Perhaps you don't do any hacking on any device that has a wifi radio; if so, it might only be annoying to you. But if even a small number of people who want to innovate (and won't be doing anything that would break the rules anyway) are prevented from doing so because of pre-emptive regulation, that is a big price to pay. Particularly if, as I suggested above, the magnitude of the actual problem is small.

> what other mechanism is proposed to prevent spectrum abuse?

The article suggests two: social norms, and aggressive enforcement against actual offenders--as in the Marriott case.


My neighbors haven't complained because I'm not doing anything particularly radical with my router. But if I started swamping their signals I imagine they would be annoyed about it. I thought this context was obvious in my post above.

The article suggests two: social norms, and aggressive enforcement against actual offenders--as in the Marriott case.

And people who disagree with our perspective thought the Marriott case was a big government shakedown. I am disinclined to rely on social norms, given that there are often substantial economic rewards for flouting them.


> My neighbors haven't complained because I'm not doing anything particularly radical with my router. But if I started swamping their signals I imagine they would be annoyed about it.

But you're not swamping their signals. Neither are the vast majority of people who have routers. So the vast majority of people are not hindering each other by broadcasting. That includes many people (like me) who have routers with third party open source firmware on them (I run OpenWRT). Just saying "well, someone could swamp others' signals" isn't enough to justify pre-emptive regulation; that should require showing that enough people are swamping others' signals to make ordinary enforcement insufficient.

> people who disagree with our perspective thought the Marriott case was a big government shakedown

How do you think those people would view pre-emptive regulation by the government?

> I am disinclined to rely on social norms, given that there are often substantial economic rewards for flouting them.

I see the economic incentive in the case of a large corporation like Marriott (and that's why I mentioned them in connection with enforcement, not social norms). But for ordinary users who just want to run routers in their homes? Social norms seems like a reasonable way to regulate in that case.


Apologies for the off-topic comment, but I feel compelled to say that a #6D6D6D anchor color with a #444444 body text color on a white background is a terrible UX choice. I guess they expect me to hover over the entire paragraph to see if it contains any links.


Go ahead and ban new OSes on radio hardware. These are radios. Anyone can build them (see the ubertooth). My startup will be called "locked down radios" and our products will come with a very serious EULA instructing you to never ever ever cut that one little wire blocking you from flashing on new software.

(serious business to do now. The new Muppets show is on.)


Nitpick: a 1kW amp wouldn't be sufficient only on the AP side in order to expand your WiFi range.

You'd need a damn good RX amplifier with damn good antennas or have a 1kW TX amp on the other station, too, in order to get wide-range communication.


How is this not equivalent to a theoretical "The ATF Might Ban Specific [Gun] Operating Systems"? The ban isn't on the OS, the ban is on the gun (or in this case, high-powered radio).


Note that the FCC still hasn't stopped manufacturers from using RP-SMA connectors on their routers, despite ruling that they are "commonly available" in 2000.


Can you elaborate on why the FCC would ban a commonly used antenna connector?


Adding higher gain antennas without decreasing transmit power is a common way for people to exceed authorized transmit power. The regulatory theory was that by using a "uncommon" connector only people who know to decrease transmit power (the "professional installer") would be changing antennas: https://apps.fcc.gov/oetcf/kdb/forms/FTSSearchResultPage.cfm...


They actually ban all commonly used antenna connectors, to prevent you from exceeding ERP limits on WiFi.

The RP-SMA was introduced because it was not commonly used. Since then a large market has formed for RP-SMA antennas, so it should no-longer be allowed, however the FCC has indefinitely stayed requirements for not using them.


Do they do this because they don't have the resources to enforce the law?


Nasty. The last thing we need is FCC mandating DRM by law.


In 5 years we'll all just be using a SoC as the entire computer, so likely there will be no free operating systems considering they'll also make it illegal to tamper with any approved operating system bootloaders/firmware so can't replace anything on it.


Conjunctive mode verb ("might") in the title -> bullshit.


1. Subjunctive, not conjunctive.

2. Mood, not mode.

3. This isn't subjunctive anyway.

4. But it wouldn't make the article bullshit even if it were. (But funny enough, "were" is subjunctive.)


Did you read the article or are you just deciding it's bullshit because of the title?


Quite true under the current rules you can get done for exceeding the regs ie mod your equipment to emit more than the permitted maximums.

I have a 200mw wifi card that with a the right antenna would massively exceed the permitted power.




Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: