Forgot your password?
typodupeerror
GNU is Not Unix Cellphones Open Source

FSF Shares Update on 'LibrePhone' and New Automated Site Monitoring Tool (fsf.org) 20

At the end of 2025, the FSF launched LibrePhone project, which is working to "better understand and reverse-engineer the nonfree blobs used by a great majority of (if not all) system on a chip designs available today." The FSF's summer newsletter shares this update: We started with researching the proprietary files in Android phones supported by the Lineage project, an Android-based volunteer-led mobile phone operating system with much free software already in it. Our current, primary focus is on the radio blobs that control WiFi, Bluetooth, NFC, and cellular communications.

The software freedom issues with mobile computing have been around for a long time, with the most challenging issue being the baseband/modem firmware that relies heavily on proprietary software. This creates a technical and legal maze that is nearly impossible to break free from, but that doesn't mean we should ever stop working to create free systems. It certainly doesn't mean we shouldn't liberate the software that we know can be free software. Now, half a year into this project, lead developer Rob Savoye has extracted firmware from over 200 Lineage install packages, processed 85GB of files, and imported the results of these analyses into a PostgreSQL database for cross-device comparison... [M]uch of the software and blobs we need to work through are shared across multiple devices; this means even greater strides for mobile phone freedom...

As insurmountable as it may seem at times, every blob we manage to free up will be progress. The FSF has proven time and time again that it can bring the free software philosophy to life, not just by advocating for it, but by making it so.

The bulletin also describes how waves of botnets from "aggressive LLM scrapers, vulnerability scanners, poorly optimized CI/CD servers" inspired the FSF to create a new free-as-in-freedom automated monitoring tool: In our efforts to combat the botnets, we optimized several detection rules to ban abusive behavior. We found the upper limit of fail2ban and replaced it with reaction, an efficient alternative with our configuration that uses ipset. We also split several monolithic machines into many separate machines so that when a web service is overwhelmed the other functions of the service do not go down with it... We found quite a few ways to respond to and prevent botnet attacks, but still faced a significant related challenge: communicating when a website or service is down...

Uptime Kuma is a human-readable, automated monitoring addition to our systems... You can check out our recently-launched self-hosted Uptime Kuma instance at https://status.fsf.org/. When you see the page, you will also likely say, "Wow! The FSF and GNU sure do run a ton of services!" and you would be right... If you maintain websites and services, and are looking for a simple way to communicate publicly with your users, consider using Uptime Kuma or another free software solution instead of choosing a proprietary monitoring solution."

There's also an article on the state of free-as-in-freedom videogame console emulators.

FSF Shares Update on 'LibrePhone' and New Automated Site Monitoring Tool

Comments Filter:
  • by Valgrus Thunderaxe ( 8769977 ) on Saturday July 04, 2026 @02:58PM (#66222402)
    will beat any type of FSF-made phone to the market.
  • And one of the few things LLMs actually seem to be working well for (for now, until countermeasures will be put in place) is reverse engineering of binary code. Which usually is huge effort, but LLMs can probably bring it down to large effort with an expert doing it.

    • The issues are legal, not technical. Knowing is not the problem. Baseband communications access is restricted by FCC regulations.

      • by sixoh1 ( 996418 )

        There may be some workarounds to that statement, but the vast majority of the Semiconductor manufacturers are not incentivized to offer anything other than locked down subsystems. The FCC rules explicitly call for electronic signatures (private keys) and that's assuredly the lowest-cost pathway to getting regulatory approval. Its not the ONLY possible way however, it's just the "easiest" with the sugar-coated side-benefit of locking down the device and giving the vendor total control "because we have to".

        ht [ecfr.gov]

      • by gweihir ( 88907 )

        It is actually both. The thing is that they can do a clean-room implementation based on the spec legally. But for that they need the spec. They are, again, allowed to reverse engineer binary code, _just_ to get the spec. They are not allowed to get anything else from the binary code.

        Also, this may be done under EU laws, which are a lot more tolerant to making drivers and fixing bugs for hardware you own. They may run into RF restriction problems though, if those restrictions are in the driver and not the ha

        • Re: (Score:2, Offtopic)

          by Local ID10T ( 790134 )

          Clean-room design on a reverse-engineered spec is a red herring here. The issue is certification of the resultant firmware/hardware is required.

          If you operate the device with uncertified code (and get caught) you will face charges for unlicensed operation. If you make uncertified code available to others for the purpose of illegal operation you will face charges.

          I guarantee that whatever nation you are in has similar laws. This is not a USA vs EU thing.

          • by gweihir ( 88907 )

            Are you an idiot? I did cover the only case that certification is required. It is NOT universally required. Incidentally, the FSF may well go after getting that.

            • by tlhIngan ( 30335 )

              It is NOT universally required. Incidentally, the FSF may well go after getting that.

              That would severely limit where your device can be sold and used, though.

              Intentional emitters of signals have to be certified if using a licensed band. That is the law in basically every country around - even tin-pot dictatorships don't want you emitting RF they don't know about.

              Now, there are bands the FSF is free to use an unlicensed transmitter on - bands where the owners require licensing (i.e., the owners take on the

              • by gweihir ( 88907 )

                This is the exploration phase. They currently want to find out what the situation actually is and what their options are. Until they do, nothing is off the table.

                Obviously, if they need to write drivers with too much RF control, they need to get them certifies same as any RF part maker. But that may well be within reach. Just think of "Want to use somewhat FOSS (have to use the signed binary, but you do get sources and it is free) RF drivers in your phone? Donate here to the effort!" Certification is expens

  • Built-in blobs are "OK", updateable blobs are "bad".

    BTW, both are black boxes.

    I wonder if this fear mongering is profitable or something, because I've long lost the plot.

    • by PPH ( 736903 )

      The alternative to a non updateable blob is to have the telecoms roll their radio firmware when a vulnerability is discovered. And then block old versions of your phone model from their network.

      Think of the e-waste.

    • by evanh ( 627108 )

      Eliminating all "black boxes" is the objective. There is no distinction between mask-ROM and Flash.

  • by Anonymous Coward

    They should rather (or at the same time) lobby about the monopolists having apps exclusive for "security". What is a LibrePhone worth if your bank needs to tell you that they cannot support it because it is not closed as iOS or Stock Android.

    For their mission it would be a better start to save free Android by lobbying against apps not running on rooted phones, which also paves the way to have apps running on the LibrePhone instead of calling it too insecure because the user has root privileges.

    • They should rather (or at the same time) lobby about the monopolists having apps exclusive for "security". What is a LibrePhone worth if your bank needs to tell you that they cannot support it because it is not closed as iOS or Stock Android.

      For their mission it would be a better start to save free Android by lobbying against apps not running on rooted phones, which also paves the way to have apps running on the LibrePhone instead of calling it too insecure because the user has root privileges.

      Don't forget about the digital ID laws which will make any open-source OS illegal since they can't force them to scan your ID to connect to the Internet...

  • He is pretty involved with open mapping to plan community gatherings like The Rainbow Gathering, which is an all volunteer totally non-commercial, consensus based gathering that happens on public land in many countries every year. Think hack-a-thon style camp out, but hippies and consensus politics. Pretty cool. I think he worked with Sun Microsystems for awhile too.

    Hi Rob!

  • This is the kind of long-game persistence the FSF does best. Grinding through 85GB of extracted firmware from 200+ LineageOS packages, dumping it all into PostgreSQL for cross-device pattern matching. The baseband maze is brutal: legal certification, FCC-style signatures, carrier lock-in. Every blob they document or replace moves the needle for existing projects like postmarketOS or Replicant. ref [fsf.org]
    • I suspect not just the 5G but blobs for camera, Bluetooth, WiFi, accelerometer, GPS etc.

      Their initial target, per the article, is Fairphone 6 - using a fairly mainstream Qualcomm chip.

      [c.f. 'Open' hardware such as PinePhone which is too anaemic to run as a daily driver. ]

Use the Force, Luke.

Working...