This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Harald Welte laforge at gnumonks.orgHi David, On Wed, Jul 22, 2009 at 09:22:57AM -0700, David A. Burgess wrote: > One thing we plan do at Burning Man is run an auto-provisioning system > via SMS, using the BTS itself as a SIM reader. When a handset first > tries to register, we will accept the location updating attempt and then > send a text message saying "If you want experimental service, please > reply with your telephone number." The reply to the text message then > goes into a function that creates a new entry in the provisioning > database based on the originating IMSI and the content of the message. > Then we will respond with something like "Thanks for joining our test. > This is an experimental network. WE DO NOT SUPPORT EMERGENCY CALLS. To > quit the test, reply to this message." In the US, at least, the part > about emergency calls is really important. > > I realize you don't have a lot of time left to get ready for HAR, > though. This may or may not be a simple hack, depending on the state of > your SMS software. But if it works, it will be a lot faster than > provisioning phone by hand. Yes, I was thinking about something similar, but more restrictive: * let an unknown imsi perform location update * send a SMS that this is a test network, include IMSI plus some authentication token in the SMS * send a authentication request to the phone * reject the authentication irrespective of the response This way the phone cannot stay on our network until somebody has gone to a web browser and entered imsi + auth code from that SMS. Still it's not foolproof, since anyone with airprobe could just get that imsi + auth code off the air and authenticate for somebody else :( Oh, and of course, only do that entire procedure onec for every given IMSI, so next time the location update request is rejected without any SMS, unless the auth code has been entered on the web site. I'm not sure if I can manage to implement this, but it would be the solution I would hope for. On the other hand, having to manually enter people keeps the number of users smaller and more controllable. If there's one volunteer who can take care of that, it should be fine. Regards, -- - Harald Welte <laforge at gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)