The name that ware crowd does it again — guessed within the first few hours of being posted. Ryan Bavetta wins for being the first with the correct answer. email me to claim your prize!

Of course, I don’t have access to the ware itself so I must apply my judgment to the guesses, but I believe it’s fairly safe to say that it’s a Nokia 6120c or very closely related model (the entire 612x family has motherboards that are basically identical sans minor changes for specific regional or carrier variants; see the wikipedia page for the Nokia 6120 family).

I managed to dig up the original service manual schematics for the Nokia 6120c. There are some very curious features about the preparation of the cargo bomb package. First of all, the phone motherboard only has two wires (plus perhaps a ground strap) attached to it. I’m presuming at least one of the wires is for a battery voltage, assuming the return current is going through the metal case via the middle screw.

If this were, for example, a trigger mechanism for something, then presumably the other wire is for the trigger signal.

What makes this a little bit odd, then, is the lack of an antenna. If you look at the schematics for the device, there is a set of four leaf connectors at the top of the motherboard, X7550, X7551, X7552, and X7555 (would be on the rear right side in the photo taken by the press), which need to come in touch with an antenna for any reception worth a damn. I don’t see evidence of an antenna attached to these from the press photo, and if there was it would be pretty close to the large ground plane presented by the metal case. The sensitivity of the radio would be fairly bad, making it unreliable at best as a remotely activated trigger.

One may presume that this is simply because the creator of this package was not skilled in electronics; if that’s the case then I feel a little bit safer since the “bad guys” don’t know how to build a reliable remote bomb trigger out of a cell phone.

However, another possibility is that the motherboard didn’t even have a SIM card in it, and as a result this is just a cheeseball version of the “alarm clock” that you would see in, for example, a “movie bomb”. If they simply attached a wire to the vibrator motor terminals or the ringer/speaker connector, and set a wake-up alarm a couple days later, this would function fairly decently as a time-delay device to activate some mechanism. It’s not hard to find a used mobile phone that doesn’t work as a phone, but still works well enough to set an alarm, although if I were looking for a simple mechanism to just act as a trigger I wouldn’t pick something that has an IMEI (International Mobile Equipment Identity) or other serial numbers that can be traced through a supply chain. Then again, let’s hope that the “bad guys” aren’t smart enough to realize that mobile phones make poor event triggers if you were hoping for some kind of anonymity.

A little more browsing of the latest press releases note that there was a SIM card in the device, so presumably this was intended to receive a call to detonate the package. Glad to hear the sender of the package doesn’t know much about RF circuits and antennas. Granted, a phone can still receive a signal without an antenna, but the reliability would be poor; you’d need to be much closer to a base station so you have a high chance of failure in executing the plot. And SIM cards contain a wealth of traceable information. At the very least, someone has to call the phone to set off the trigger. If the phone is intercepted and the SIM card is put into a normal phone, the plotter would be unpleasantly surprised to find that it’s the FBI answering (and looking at your caller ID), instead of a bomb going off. Furthermore, scanning packages for suspicious devices becomes a lot easier, because you can just use a handheld RF scanner to look for radio waves in key frequency bands coming out of boxes that you would otherwise expect to be inert. In other words, a box with an active phone on the inside would advertise its presence in a detectable way to the outside world through its RF signature.

Of course, all wild speculation based on one low-res photo of a phone motherboard…

There’s been a flurry of blog posts today about the new Open Source Hardware Definition, which is currently on rev 0.3 (link), and a corresponding summit in NYC, which unfortunately I can’t attend since I’ll be on the wrong side of the world around that weekend. It’s very exciting to see the open source hardware movement maturing to the stage where there is a flourishing and fecund community of participating innovators. As many of my readers know, I’m very fond of open source hardware and it’s nice that the field is getting less lonely and more credible by the day.

Like the community of people participating in OSHW, the definition of the same is evolving. I think that the rev 0.3 definition is a good start, but it needs a little bit of broadening up to reduce friction with a large legacy of closed-source hardware components. Unlike F/OSS, it’s much harder to grow an ecosystem around hardware entirely from scratch; chip fabs cost substantial money (billions of US dollars) to make, maintain and use — unlike, for example, a compiler such as gcc.

The way the current definition is written, in order to comply with the OSHW definition, the system integrator bears the burden of choosing only components for which they can also share all required software to fulfill essential functions under an OSI-approved open source license. So, for example, there are no wifi solutions that I know of which comply to this definition — even the ubiquitous rt73 chipset, which offers open-source drivers, requires a firmware blob which is closed-source. Other interesting chips that do not comply to this definition include probably most cellular phone chipsets, bluetooth chipsets, graphics chips, camera chips, and surprisingly, most SoC CPUs. Every ARM SoC that I’ve encountered contains a small bit of internal ROM (32k or so — hey, that was a whole operating system back in the 80’s!) that’s written by the chip maker and that piece of code is closed-source (this includes the i.MX233 and the PXA168 used inside chumby products), and many ARM SoC’s have NDA-only datasheets for the register set (such as every Marvell CPU), which takes it yet another step toward closed-ness. Even the ubiquitous Intel desktop CPUs utilize microcode updates, which I believe are closed-source (there are F/OSS-friendly tools for deploying the microcode, but the actual microcode itself is distributed as a binary, afaik). Furthermore, systems that incorporate some proprietary code (like chumby, which uses a closed-source Flash licensed from Adobe), cannot release all code required to fulfill essential functions, such as playing apps.

Thus, as the OSHW definition is writ, it excludes the possibility of making any open source gadget with compelling, popular consumer features (such as wifi, cellular connectivity, chip cameras, high-performance and low power ARM CPUs) because most of the components required to achieve these features cannot comply to the OSHW definition version 0.3.

I don’t think that excluding all these devices from the OSHW definition was intentional; the intention of the software-release clause is well-meaning, but I think the definition needs some tweaking. I’d suggest that the burden of responsibility should be limited to the person or organization releasing the OSHW. Thus, one should only be responsible for sharing the source and documentation for the components developed with your own resources. For example, if you are a board or system-level OSHW provider, then the best you can do is release the schematics and layout for your design, and any code you wrote to tie the pieces together in your system; you are not required to also release code and datasheets on behalf of your chip vendors to customers in order to claim OSHW-compliance. While this is not an ideal solution in terms of open-ness, I think it finds a balance between providing featureful, useful, and modern designs to consumers while giving them a toe-hold to grab onto if they desired to modify, extend or repair their purchased hardware.

The other potential issue I have with the definition is the clause where documentation must be released “in the preferred form for which a hardware developer would modify the design”. This term was more or less borrowed directly from the GPL, and by and large that clause makes sense in the software world because ASCII text is nearly universally accepted as the form for source, and there are a multitude of interoperable text editors out there, with the single biggest problem being CR/LF translations and maybe unicode integration.

Unfortunately, in the hardware world, there is no consensus over a machine-readable intermediate schematic or circuit board layout format that also binds in all the interesting metadata you may need to quickly modify the design. In fact, the situation is much worse because a few of the biggest names in consumer electronics hardware actually have in-house proprietary schematic capture and board layout programs that don’t interoperate with anything, so they can play the game of releasing their files in their preferred form for modification and claiming OSHW compliance, which is essentially useless to the community at large since the tools are unavailable to read them.

As a result, I’m a proponent of requiring, in all cases, a minimum of a human-readable schematic provided in a common format (PDF, PNG, etc.) as the primary form for interchange, and optionally a machine readable format to the discretion of the particular designer. To me, the machine-readable format is less important than a quick human-readable format; I would prefer a PDF over an Eagle file any day (Eagle is a popular interchange format among the Arduino community), especially since I don’t use Eagle or even have a copy of it installed on my machine.

All that being said, I think it’s very exciting to see the OSHW community rally together to create a draft definition and hold a summit. This is very positive progress toward empowering individual consumers like you and me to also be innovators and the true owners of our technology — instead of our technology owning us.

I thought this was a great video; love what Kyle is doing at iFixit. I had heard about the e-waste farms in Africa but never seen footage of them, until now.

Something to think about.