News: 0184302468

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

FSF Shares Update on 'LibrePhone' and New Automated Site Monitoring Tool (fsf.org)

(Saturday July 04, 2026 @05:34PM (EditorDavid) from the sharing-the-software dept.)


At the end of 2025, the FSF launched [1]LibrePhone project, which is working to "better understand and reverse-engineer the nonfree [2]blobs used by a great majority of (if not all) system on a chip designs available today." The FSF's [3]summer newsletter shares [4]this update :

> We started with [5]researching the proprietary files in Android phones supported by the [6]Lineage project, an Android-based volunteer-led mobile phone operating system with much free software already in it. Our current, primary focus is on the radio blobs that control WiFi, Bluetooth, NFC, and cellular communications.

>

> The software freedom issues with [7]mobile computing have been around for a long time, with the most challenging issue being the baseband/modem firmware that relies heavily on proprietary software. This creates a technical and legal maze that is nearly impossible to break free from, but that doesn't mean we should ever stop working to create free systems. It certainly doesn't mean we shouldn't liberate the software that we know can be free software. Now, half a year into this project, lead developer Rob Savoye has extracted firmware from over 200 Lineage install packages, processed 85GB of files, and imported the results of these analyses into a PostgreSQL database for cross-device comparison... [M]uch of the software and blobs we need to work through are shared across multiple devices; this means even greater strides for mobile phone freedom...

>

> As insurmountable as it may seem at times, every blob we manage to free up will be progress. The FSF has proven time and time again that it can bring the [8]free software philosophy to life, not just by advocating for it, but by making it so.

The bulletin also describes how waves of botnets from "aggressive LLM scrapers, vulnerability scanners, poorly optimized CI/CD servers" inspired the FSF to create a new free-as-in-freedom [9]automated monitoring tool :

> In our efforts to combat the botnets, we optimized several detection rules to ban abusive behavior. We found the upper limit of fail2ban and replaced it with [10]reaction , an efficient alternative with our configuration that uses [11]ipset . We also split several monolithic machines into many separate machines so that when a web service is overwhelmed the other functions of the service do not go down with it... We found quite a few ways to respond to and prevent botnet attacks, but still faced a significant related challenge: communicating when a website or service is down...

>

> Uptime Kuma is a human-readable, automated monitoring addition to our systems... You can check out our recently-launched self-hosted Uptime Kuma instance at [12]https://status.fsf.org/ . When you see the page, you will also likely say, "Wow! The FSF and GNU sure do run a ton of services!" and you would be right... If you maintain websites and services, and are looking for a simple way to communicate publicly with your users, consider using Uptime Kuma or another free software solution instead of choosing a proprietary monitoring solution."

There's also an article on the state of [13]free-as-in-freedom videogame console emulators .



[1] https://librephone.fsf.org/

[2] https://en.wikipedia.org/wiki/Binary_blob

[3] https://magazine.fsf.org/2026-summer/

[4] https://www.fsf.org/bulletin/2026/summer/ensuring-freedom-one-blob-at-a-time

[5] https://librephone.fsf.org/site/files/

[6] https://wiki.lineageos.org/

[7] https://www.fsf.org/working-together/next-steps/free-software-phones

[8] https://www.gnu.org/philosophy/free-sw.html

[9] https://status.fsf.org/

[10] https://reaction.ppom.me/

[11] https://ipset.netfilter.org/

[12] https://status.fsf.org/

[13] https://www.fsf.org/bulletin/2026/summer/video-game-console-emulators-free-or-not



These mini-reactors and Mars colonies (Score:4, Funny)

by Valgrus Thunderaxe ( 8769977 )

will beat any type of FSF-made phone to the market.

Re: (Score:2)

by gweihir ( 88907 )

Especially as that is not even what they are trying to do ...

Good idea (Score:2)

by gweihir ( 88907 )

And one of the few things LLMs actually seem to be working well for (for now, until countermeasures will be put in place) is reverse engineering of binary code. Which usually is huge effort, but LLMs can probably bring it down to large effort with an expert doing it.

Re: (Score:2)

by Local ID10T ( 790134 )

The issues are legal, not technical. Knowing is not the problem. Baseband communications access is restricted by FCC regulations.

Re: (Score:2)

by sixoh1 ( 996418 )

There may be some workarounds to that statement, but the vast majority of the Semiconductor manufacturers are not incentivized to offer anything other than locked down subsystems. The FCC rules explicitly call for electronic signatures (private keys) and that's assuredly the lowest-cost pathway to getting regulatory approval. Its not the ONLY possible way however, it's just the "easiest" with the sugar-coated side-benefit of locking down the device and giving the vendor total control "because we have to".

[1]ht [ecfr.gov]

[1] https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-2/subpart-J/subject-group-ECFRd5ad3b739dbf27a/section-2.944

Re: (Score:2)

by gweihir ( 88907 )

It is actually both. The thing is that they can do a clean-room implementation based on the spec legally. But for that they need the spec. They are, again, allowed to reverse engineer binary code, _just_ to get the spec. They are not allowed to get anything else from the binary code.

Also, this may be done under EU laws, which are a lot more tolerant to making drivers and fixing bugs for hardware you own. They may run into RF restriction problems though, if those restrictions are in the driver and not the ha

Re: (Score:2)

by Local ID10T ( 790134 )

Clean-room design on a reverse-engineered spec is a red herring here. The issue is certification of the resultant firmware/hardware is required.

If you operate the device with uncertified code (and get caught) you will face charges for unlicensed operation. If you make uncertified code available to others for the purpose of illegal operation you will face charges.

I guarantee that whatever nation you are in has similar laws. This is not a USA vs EU thing.

FSF is back at it again (Score:3)

by Artem S. Tashkinov ( 764309 )

Built-in blobs are "OK", updateable blobs are "bad".

BTW, both are black boxes.

I wonder if this fear mongering is profitable or something, because I've long lost the plot.

LibrePhone (Score:1)

by Anonymous Coward

They should rather (or at the same time) lobby about the monopolists having apps exclusive for "security". What is a LibrePhone worth if your bank needs to tell you that they cannot support it because it is not closed as iOS or Stock Android.

For their mission it would be a better start to save free Android by lobbying against apps not running on rooted phones, which also paves the way to have apps running on the LibrePhone instead of calling it too insecure because the user has root privileges.

Rob Savoye is cool! (Score:2)

by bd580slashdot ( 1948328 )

He is pretty involved with open mapping to plan community gatherings like The Rainbow Gathering, which is an all volunteer totally non-commercial, consensus based gathering that happens on public land in many countries every year. Think hack-a-thon style camp out, but hippies and consensus politics. Pretty cool. I think he worked with Sun Microsystems for awhile too.

Hi Rob!

It's easier to take it apart than to put it back together.
-- Washlesky