kristoff

@kristoff@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨apps .. repo or not⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Hum , interesting point. If you where a hacker, would you not prefer software to be spread out everywhere so people would be even more confused what is the real source for some application?

I guess people would then just depend on their search engine
⁨Comment⁩ on ⁨apps .. repo or not⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Well, in principe I do not see that much different between ‘curl | bash’, ‘sudo apt-get install’ or installing an app on your phone. In the end, it all depends on trust.

Considering how complex software has become and on how many libraries from all over the internet any application that does more then ‘hello world’ depend, I do not see how you can do if you are not prepared to put blind trust into some things.

Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?
⁨Comment⁩ on ⁨apps .. repo or not⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Obtainium seems to have a very interesting take on this. Thanks for the link! I will check it out 👍
⁨Comment⁩ on ⁨apps .. repo or not⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
The problem is here is this: how is a user supposted to know if the official website of an application is organicmaps.app, organic-maps.app, organicmaps.org or github.com/organicmaps?

And even if she/he knows, hackers do ways to make you look the other way. The funny thing in this case is that the original author complained that the app was removed from google playstore, and did so on the fosstodon mastodon-server. Although I guess this was not at planned, he made the almost perfect social-engineering post. :-)
apps .. repo or notm.krbonne.net ↗
Submitted ⁨⁨2⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨11⁩ ⁨comments⁩
⁨Comment⁩ on ⁨If you've ever wanted to know what Open Source Software is and why it's important to our hobby, here's some of my thoughts.⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I run OpenRTX on a Retevis RT3s, which can be done without any hardware modification. (I do not know if original firmware is available somewhere -I have not checked-. If that is the case, it should be possible to reflash the stock firmware on the device).

Anycase, I must say that M17 does not run correctly on that radio. There seems to be an issue that the first 300 ms or so of the transmission is not correctly modulated (something related to the FM modulator) and also the end of the transmission is broken of halfway the end-of-transmission frame.

I am currenly at the stage of trying to understand how OpenRTX really works, and my first idea is to implement POCSAG-paging into it. (As I have the source-code for that here anyway) and I also have some ideas for APRS to want to delve in.

(OK, that is, if I have some time left next to all the other stuff I am working on :-) ).

73 kristoff - ON1ARF
⁨Comment⁩ on ⁨If you've ever wanted to know what Open Source Software is and why it's important to our hobby, here's some of my thoughts.⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Onno,

The reason I added the cfp was to show that it is not a pure technical conference like FOSDEM or GRCON. We added a non-technical part and did that on purpose. In a way, our goal is to try to start a discussion on “how do we see the amateurradio in the post-dinosaur era?”

Looking at a distance, we see a number of different evolutions:
- amateurradio is slowly starting to invert the “buy-and-use” attitude we have seen the last 20 to 30 years. Your remark on the opensourcing the firmware of radios fit into that, as does OpenRTX and similar projects.
- We also see more and more an overlap of amateurradio with other communities, like the makers, developers (think FOSDEM), SDR-experts (think GNU Radio), IoT nerds, infosecurity people, science, etc. I get the impression that these communities start to understand the value of amateurradio as a technical / scientific hobby, which is probably related to the fact that radio/wireless communication technology has become part of almost any field of technology.
- A 3th element is that the organisational structure of amateurradio is changing. The vast amount of subfields of amateurradio has shown the limits of the hierarchical ‘IARU - IARU Region - National radio-society - local radioclub’ structure. Using the internet (mailing-lists, webforums. telegram-groups, discord channels, matrix rooms, …) radioamateurs with similar interests have set up virtual communities that live next to the local radioclubs.
So, in essence, we kind-of see a return of amateurradio to a ‘I-want-to-know-how-it-works / experimenter / challenges’ hobby, probably by the evolution of radio-technology and the ‘competion’ with other scienfic and technical hobbies. In my personal opinion, that is surely a good thing.

But, to get there, there are -as I see it- two big issues:
- Knowledge. Most (technically minded) radio-amateurs have a background in standard electronics, or in ‘building systems’.
To return to your call for opensource firmware for radios, having access to the source-code is one thing, but actually understanding it and having the knowledge to modify or enhance it does require quite different knowledge that ‘standard’ analog electronics. You need knowledge of SDR and signal-processing techniques -which are much more based on math that standard electronics- plus possibly some HDL to program the FPGA and C/C++/rust for the RTOS that runs on the microcontroller inside the FPGA. Modern radio-communication equipement requires a much larger scale of knowledge then the radio-technology of 20 to 30 years ago that is the basis of the amateurradio exams (and hence courses).

Now, I see two ways to fix this:
1. Work on the knowledge-level of the amateurradio community by new and better courses that include modern radio-technology.
2. Pull in people from communities (see point 2 above) into amateurradio.
- Option 2 above looks for me the most easy option, but it does hit another big issue: how make the current amateurradio community (especially the local clubs) ready to receive these new people.
When I am at an infostand on amateurradio at -say- FOSDEM or a Makerfaire, or you meet somebody at a infosecurity conference, the most difficult question you usually have is this: “wauw. That amateurradio hobby does look interesting. How do I begin? Where do I need to go?”

I’ve had people at FOSDEM who said “I once went to the local radioclub in my city as I wanted some help on setting up a mesh network in my cities, so I thought that the radioamateur guys might be able to help me. There where just some old men and the only reply I got was that that is no real radio”. I’ve come to a point where I sometimes advice people to go to their local hackerspace and see if there are no hams overthere, instead of sending them to a radioclub.

As said, there are now these communities inside the amateurradio hobby who kind-of operate next to the local clubs, but in the end, you do still need a club for certain things -like courses, or doing an exam- and being in a local club does also include things like a local fieldday or taking part in a contest or so.

Europe has the advantage -compaired to Australie- of having a larger population concentrated in a smaller area. For us, a conference is a good option to try to advance the hobby that way. I guess that, in the end, everybody has to find out what he/she can do.

73 kristoff - ON1ARF
⁨Comment⁩ on ⁨If you've ever wanted to know what Open Source Software is and why it's important to our hobby, here's some of my thoughts.⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
(Posted this as a seperate message so not to mix multiple subjects)

As you mention “microcontrollers in the signal-chain of a transceiver”, I am currently looking into OpenRTX.

It is really a very nice example of exactly what you mention and something that has become possible to last 1 to 2 years. With these radios that support opensource firmware, It really has allowed amateurs a look of what is inside of the firmware of a “commercial-grade” handheld radio.

Two weeks ago, I helped out in an infobooth on Amateurradio at a makerfaire here in Belgium. Things like OpenRTX allow to explain to IT-people (who normally only work on computers) how “embedded software” works, how software that runs in devices we use everyday operates. In that sense, FOSS is as much an educational tool as it is “just a piece of code that does something”.

Kristoff (ON1ARF)
⁨Comment⁩ on ⁨If you've ever wanted to know what Open Source Software is and why it's important to our hobby, here's some of my thoughts.⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I completely agree with your remarks.

For people who are interested in opensource and amateurradio, I propose you have a look at the conferences on that topic.

Overhere in Europe, there are two of them
- FOSDEM (“Free and Open Source Developers European Meeting”) is a yearly event held in Brussels every 1st weekend of February. In the 2024 edition, there was a devroom (“developers room”) on SDR and Amateur-radio. fosdem.org/2024/schedule/track/radio/
The videos of the talks are online. I propose to have a look at the talks on M17 and on OpenRTX.(*) Also open source hardware is becoming more interesting.
- Next september, we will be hosting “spectrum24”, a new conference on "novel ways to use the spectrum we -as citizens- are able to use. It puts a lot of emphesis on Open-source as yes, most -if not all- of the new projects coming out in amateur-radio are open source.
For this conference, we are at the “cfp” (Call for Presentations) stage. See here: spectrum-conference.org/24/cfp

I know that Europe is the opposite side of the globe for you in Autralia. Perhaps there are similar events on your side of the world.

Kristoff (ON1ARF)
Lemmy community on disinformation
Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨0⁩ ⁨comments⁩