FCC 在 2014[1] 的一份對為 5 Ghz 影響 FAA 氣象雷達[2]的射頻規定，要求必須從硬體上限制射頻功率與頻段，造成一些誤解[7]，廠商開始封鎖第三方韌體[3][4][5]，也讓社群展開自救活動[6]。最近 FCC 與 TP-Link 和解[8]，在判決書中敘明並非封鎖第三方韌體[9]，而是要求廠商確實遵照法規做好射頻控管[10]，而非讓使用者只要更改國家設定就可以更改射頻頻段。

目前在 Linux 核心上可以用 Central Regulatory Domain Agent (CRDA)[11] 來做射頻控管，雖然這純粹是軟體解決方案，但是相關的配置需要簽章。預設核心會使用 “worldwide-safe” 的設定，如果要使用系統預設以外的射頻空間，使用者必須手動重新編譯核心並加入自己的金鑰，某種程度避免了使用者輕易的透過管理界面修改設定來濫用頻段。

[1]: https://www.fcc.gov/news-events/blog/2015/10/08/securing-rf-devices-amid-changing-technology “Securing RF Devices Amid Changing Technology | Federal Communications Commission”
[2]: https://ecfsapi.fcc.gov/file/7521096518.pdf “Report & Order in the U-NII”
[3]: http://arstechnica.com/information-technology/2016/03/tp-link-blocks-open-source-router-firmware-to-comply-with-new-fcc-rule/ “TP-Link blocks open source router firmware to comply with new FCC rule”
[4]: https://www.wired.com/2016/03/way-go-fcc-now-manufacturers-locking-routers/ “Way to Go, FCC. Now Manufacturers Are Locking Down Routers | WIRED”
[5]: http://ml.ninux.org/pipermail/battlemesh/2016-February/004379.html “[Battlemesh] Chilling effect – Lockdown (FCC/EU)”
[6]: https://libreplanet.org/wiki/Save_WiFi
[7]: https://www.fcc.gov/news-events/blog/2015/11/12/clearing-air-wi-fi-software-updates “Clearing the Air on Wi-Fi Software Updates | Federal Communications Commission”
[8]: https://www.fcc.gov/document/fcc-settlement-tp-link “FCC Settlement with TP-Link | Federal Communications Commission”
[9]: http://arstechnica.com/information-technology/2016/08/fcc-forces-tp-link-to-support-open-source-firmware-on-routers/ “FCC forces TP-Link to support open source firmware on routers | Ars Technica”
[10]: https://apps.fcc.gov/kdb/GetAttachment.html?id=zXtrctoj6zH7oNEOO6De6g%3D%3D&desc=594280%20D02%2 “Software Security Requirements for U-NII Devices”
[11]: https://wireless.wiki.kernel.org/en/developers/regulatory “en:developers:regulatory [Linux Wireless]”

#SeeedStudio 的 #ReSpeaker[1] 整合了 #MediaTek 的 MT7688[2] 作為主板以及 XMOS XVSM-2000[3] 為核心的麥克風陣列擴充板，作業系統是 LEDE, 對接 Microsoft Cognitive Servcies, PocketSphinx 等聲學、自然語言工具。預計要在 #KickStarter 上眾籌，但是程式碼[5]與主板電路圖[6]都已經公佈啦！ #可惡想要

[1]: https://respeaker.github.io/ “ReSpeaker”
[2]: http://www.mediatek.com/en/products/connectivity/wifi/home-network/wifi-ap/mt7688ka/ “MT7688K/A – MediaTek”
[3]: http://www.xmos.com/products/silicon/xcore-voice/xvsm “xCORE-VOICE Smart Microphone | XMOS”
[4]: https://github.com/respeaker/get_started_with_respeaker/wiki “Home · respeaker/get_started_with_respeaker Wiki”
[5]: https://github.com/respeaker “ReSpeaker”

聽說只要你投了超過五個 Linux kernel patches[1][2]，你就可以得到一份工作。立志想要成為 Kernel developer 的 Nick Krause 從 2012 年開始[3]就想開始貢獻，在各種不同的 subsystem[4] 中提供各種微小的修改。

雖然 GregKH 等人都抱著歡迎新手的態度[5]，但是最終封掉[6]亂入者比較可以節省社群的生產力。

[1]: https://www.linux.com/learn/it-careers-open-source-open-resume
[2]: http://www.informationweek.com/strategic-cio/team-building-and-staffing/it-careers-open-source-open-resume/d/d-id/1297734
[3]: http://marc.info/?a=135032148800004&r=1&w=2
[4]: https://lkml.org/lkml/2014/8/4/206
[5]: https://lwn.net/Articles/658231/
[6]: https://plus.google.com/+gregkroahhartman/posts/2tZKnnrNjGq “If you’ve had a frustrating experience on bugzilla.kernel.org with someone as…”
#來亂者去死 #linux #kernel

反恐行動與網路言論自由的衝折 – Facebook Messenger[1][2][3] 與 Google Allo 也開始使用 Open Whisper Systems[4] 的 Signal Protocol 的協議[5] ，而法國內政部長 Bernard Cazeneuve 則因為反恐行動想發起一個 anti-encryption campaign …

[1]: http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/ “Messenger Starts Testing End-to-End Encryption with Secret Conversations | Facebook Newsroom”
[2]: https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper-1.pdf “Messenger Secret Conversations – Technical Whitepaper”
[3]: https://whispersystems.org/blog/facebook-messenger/ “Open Whisper Systems >> Blog >> Facebook Messenger deploys Signal Protocol for end to end encryption”
[4]: https://whispersystems.org/blog/allo/ “Open Whisper Systems >> Blog >> Open Whisper Systems partners with Google on end-to-end encryption for Allo”
[5]: https://whispersystems.org/blog/the-ecosystem-is-moving/ “Open Whisper Systems >> Blog >> Reflections: The ecosystem is moving”
[6]: http://www.reuters.com/article/us-france-internet-encryption-idUSKCN10M1KB “France says fight against messaging encryption needs worldwide initiative | Reuters”

隨著越來越多 IM 使用 Open Whisper Systems Signal Protocol，原本所使用的 GPLv3 授權造成了軟體無法上架到 Apple’s Store 的問題[1][2][3][5]，於是專門為 Apple 新增了一個 Mozilla Public License version 2.0 授權[4]給 non-source executable versions，以便這些使用 Signal Protocol 的軟體仍夠順利上架。

[1]: http://www.fsf.org/news/2010-05-app-store-compliance “GPL Enforcement in Apple’s App Store — Free Software Foundation”
[2]: https://www.fsf.org/blogs/licensing/more-about-the-app-store-gpl-enforcement “More about the App Store GPL Enforcement”
[3]: http://www.openfoundry.org/tw/component/content/2385/2385?task=view “App Store 服務條款違反 GPL Apple 移除 GNU Go 遊戲”
[4]: https://whispersystems.org/blog/license-update/ “License update”
[5]: http://www.zdnet.com/article/how-to-avoid-public-gpl-floggings-on-apples-app-store/ “How to avoid public GPL floggings on Apple’s App Store”

Line 終於也在 iOS 9.3.1 之後[1]開始使用 Letter Sealing 的 e2ee 加密機制[2]了。Line 的加密協定相較起來還是比參考 Open Whisper Systems 的 The Signal Protocol[4] 設計的 WhatsApp 加密機制[3] 簡單陽春許多。雖然也是 end-to-end 加密，但是只要使用者可以拿到私鑰，就可擷聽過往與未來的對話。而不是每個對話階段都使用不同的加密金鑰。

在 Android 上，這把私鑰存在 /data/data/jp.naver.line.android/databases/e2ee 的 sqlite database 中。

在 Line Chrome App[5] 版本，私鑰則存在 IndexedDB 中，實際加密解密是在瀏覽器側實做，也代表私鑰被從手機上以某種方式傳送到瀏覽器上。但是你很難判斷透過伺服器轉送金鑰過程的過程是否安全，或是是否會遭到擷聽。

至於 WhatsApp 的 Web interface 則是透過用戶的手機實際傳送接受訊息，而不是在瀏覽器端實做。

[1]: http://developers.linecorp.com/blog/?p=3938 “The next step for even safer messaging: Letter Sealing « LINE Engineers’ Blog”
[2]: http://developers.linecorp.com/blog/?p=3679 “New generation of safe messaging: “Letter Sealing” « LINE Engineers’ Blog”
[3]: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
[4]: https://whispersystems.org/blog/whatsapp-complete/ “Open Whisper Systems >> Blog >> WhatsApp’s Signal Protocol integration is now complete”
[5]: https://chrome.google.com/webstore/detail/line/menkifleemblimdogmoihpfopnplikde “LINE”