From "Happy Hacking" to "Screw You"

tquid writes "Trying to bridge the digital divide in Canada's poorest postal code, a principled group of hackers adopt "open source"-based technology spun off from an MIT project. Then the terms on the hardware are changed, and changed again, and then firmware to lock out the frustrated group's software is installed, screwing them out of their investment and many hours of development work."

Anyone know the details of the MIT agreement?

Wasn't this was originally developed as an open source project at MIT? I imagine their original agreement with MIT probably precluded this very thing (locking it down). If not, I would be very disappointed with MIT.

Re:Anyone know the details of the MIT agreement?

If they used the MIT license they're pretty much screwed...

It is a permissive license, meaning that it permits reuse within proprietary software ... [wikipedia.org]

Re:Anyone know the details of the MIT agreement?

Part of the problem is that the company (Meraki) pushed firmware upgrades to all the units, including older boxes purchased before their revised licensing model. The new firmware locks down the units, making it impossible to hack them and impossible to load custom firmware and bypass the new locks.

That's the really sleezy part--changing your licensing terms for new sales is annoying for loyal customers, but obviously can't apply retroactively to goods you've already sold. But this company is doing just that--trying to retroactively impose their new licensing and payment model onto units that were already sold under an open, permissive terms.

So even though they still have the free code, they are now blocked from loading the code onto their own purchased hardware. It's probably not impossible--a talented hacker can maybe bypass the firmware and load custom code again... but of course they shouldn't have to. It seems to me that Meraki has more or less broken into customer devices without permission and made unrequested changes--rather illegal as far as I know.

Re:Anyone know the details of the MIT agreement?

Isn't that illegal? Updating firmware to enforce a new EULA that otherwise would not have applied? Sounds Microsoftian to me.

Article text

(Article loaded very slowly for me, so it will likely be slashdotted soon.)

I've been following the development of mesh wifi technology for several years now. From the moment I first grokked what was going on with it, it struck me as a great disruptive technology. One of the most successful early projects, and one that I followed with a great deal of interest was MIT's Roofnet project [mit.edu] - an implementation of commodity hardware and open source software, built on Linux, which provides wifi coverage for MIT's campus.

In 2006 a spin-off company named Meraki [wikipedia.org] was formed to develop and commercialize the MIT Roofnet technology. At the time I was on the board of the Vancouver Community Network [vcn.bc.ca] and had been championing more development of wireless technology. We immediately ordered 9 of the first beta units to try out. The technology was cheap ($50/unit) and it worked but what prevented us from going any further with it was the pricing model that they decided to adopt - $5/node/month for access to the "dashboard" - the real-time monitoring software that they were developing for managing the networks. We decided that this cost was prohibitive for our purposes and the Merakis were shelved.

In September of 2007 I heard about a group of Vancouver community wifi enthusiasts who were getting together with the goal of setting up community wifi in Canada's poorest neighbourhood. I came out to a meeting and invited along some people whom I know are interested in any project that is about bridging the digital divide. The technology that was trumpeted at that meeting was Meraki. Since my previous brush with them they had changed their pricing structure and now they would let you run a free network (with free access to their dashboard) or a subscription (paid) network for 10% of your charges. We (the group, which came to call itself " FreeTheNet [freethenet.ca]") were unanimous that the free option was what we wanted to do and we quickly began building out a public network.

In October Meraki announced that they were changing their pricing model (yet again) and that they would be vastly raising the costs of their hardware (tripling, in fact). I remember going to their website to learn more about what they were doing and their new marketing slogan was something like "Build your business using exciting new technology where the rules of the game keep changing " How ironic; I wish I'd kept a screenshot of that! Under their new system there was no way that we could build out the network we envisioned. At roughly that point, one of our most experienced hackers said "forget Meraki", we're going to write our own firmware and dashboard and promptly started researching that. By late Novermber he was able to demostrate an open routing firmware called B.A.T.M.A.N. [wikipedia.org] running with a mesh helper inside called Robin [blogin.it], that provided the same functionality as the Meraki firmware. This could be installed in the commodity Meraki hardware which greeted you with a friendly and encouraging "happy hacking" when you logged into it via the console.

Over December and January he worked on adding features that we wanted to our network to have (and that we had previously been encouraging Meraki to build to improve their system - things like per node custom splash screen, enhancements to the dashboard to improve scalability, etc.) All of this was being tested on Meraki hardware because this is what we had spent our money on back when they supported and encouraged the kind of work we were doing.

Then in February Meraki announced a change to their EULA (End User Licence Agreement) which precluded anyone from changing any of the software that they install on their units. This meant that from that point forward we would be breaking their rules, and maybe the law, by installing our own work on their hardware. Of course this could not be applied retroactively so we were free to continue to work with the hardware that we'd already bought but we intensified our search for alternatives to the Meraki hardware.

Last week I tried installing our firmware on one of the nodes that I manage and failed 5 times in a row before I gave up. Today I learn that my failure is due to the fact that Meraki has automatically updated the software on all of the units [forumup.it] (including legacy, such as ours) so that you cannot install a different forware on it, at all.

So... in the course of six months Meraki has gone from " happy hacking - buy our equipment and use it to help poor people access the net " to " pay three times as much for our hardware and we'll install whatever we want on it, whenever we want, and you can't look under the hood to see what it's doing or install your own software on it ."

Thanks Meraki.

This is expecially bad form (and probably illegal) given that their stuff was all orginally developed under an open source licence.

Needless to say I now think Meraki are total scum and they certainly won't ever, EVER see any of my money again.

Re:I don't think they are viable

I talked to Meraki about using their mesh network fro a resort I wanted to equip, but when I asked what would happen to our investment if they went belly up, they told me it the network hardware would be unusable if that happened. I said thanks but that's not acceptable.
Who would walk a client into that sort of scenario? How many bright hopeful startups have we seen disappear without a mention? It's not like they would ever be honest and tell you they are running low on cash.
I wouldn't mind if their service was value added, billing or accounting or something, but the network could still be used in the event they vanished. If the hardware was open and I could install a Open Source version later, I might have done it.
Maybe Meraki needs to revisit their model and look at it from a customer's viewpoint.

Re:I don't think they are viable

Couldn't just get a bunch of Linksys WRT 54GLs, load OpenWRT, and setup that way?

Sounds like lawyer time

IANAL, but it sounds like time for them to find a nice CDN lawyer who would do some pro-bono work to see if they have grounds for legal action. It would seem to me tha a "Tortuous interference" claim might be valid; given the actions appear to interfere with the owners of the hardware's ability to provide services as a result of the update.

I used to work a couple blocks from there

Canada's poorest neighborhood is known as the Downtown Eastside. I used to work in nearby Gastown.

I found the contrast between most of Vancouver, which is otherwise one of Canada's most prosperous cities, and the Downtown Eastside so stark as to be completely overwhelming. There was a time when I had been one of the urban unfortunates myself, as I have a mental illness that was at one time quite severe.

I became determined to help those that I could, often buying meals for those who asked me for spare change. But it got to be more than I could bear; the stress of it put me back in the mental hospital - I was brought to St. Paul's hospital on Burrard by an ambulance, where I stayed for three weeks in their Two-South Mental Health ward.

I discuss Vancouver, and many of those who I met there, in my weblog The Vancouver Diaries [vancouverdiaries.com]. That is, the entries before June 30th, 2007, when I moved back to the US. I kept blogging at the site, as I intend to go back someday, but for now I live in Silicon Valley.

I have to say, that the company that remotely installed this firmware, breaking their project, why they have to be worse than The Grinch Who Stole Christmas. I don't think I have in my entire life met so many people who are so unfortunate as the residents of the Downtown Eastside. I hope they have a change of heart.

I was considering Meraki...

until I read this article. My building is going condo and I am considering bringing up the concept of a building wide wireless network at our first board meeting. I am even toying with the idea of sharing with the neighboring buildings. The only commercial product I have been able to find is Meraki. Does anybody have any other suggestions?
Please forgive my English, it's Monday.

Re:I was considering Meraki...

Check Open Mesh [open-mesh.com]. Just like Meraki, but open.

Open-Mesh: The Open Source Meraki Alternative

This decline was something people have foreseen for a while. There is a rapidly maturing collection of open source projects to create a real open source Meraki replacement (disclaimer: I am helping develop one of these).

ROBIN [blogin.it] is an open source mesh firmware that can run on reflashed Meraki nodes (well, I don't think it's "allowed" by Meraki anymore, since they've changed their license agreement to forbid 3rd party firmware and have made it really difficult to access the bootloader).

Open-Mesh [open-mesh.com] is the dashboard management service that ROBIN nodes are configured to use. The guy who develops this actually started working on this dashboard when Meraki was still Roofnet - compare the Open-Mesh dashboard to the Meraki dashboard, the similarity is obvious. Also, you can buy pre-flashed, fully featured ROBIN nodes from Open-Mesh.com for $50 each, the same price that Meraki sells their crippled "standard version" of their nodes.

OrangeMesh, is an open-source version of the dashboard being developed that will allow you to host your own dashboard server, completely freeing you from reliance on any third party. You can check out it's progress here. [googlecode.com]

Reflashing Merakis

The article suggests that a Meraki software upgrade has made it impossible to reflash them.

Actually, you can still easily make them revert to an earlier version which can be reflashed.

As described here:
http://robin.forumup.it/about99-15-robin.html [forumup.it]

"you can ssh into the Meraki and create edit the /storage/config.local file with whatever you want; in my case:
Code:
echo "firmware.mips.version 6-9163" > /storage/config.local"

And they'll update themselves to an earlier version.

The founders of Meraki have made huge contributions to open source software and it is good to see that others are taking advantage of their great work and making further improvements.

Re:Vendor lockin is a myth

So Meraki then does all it can do at that point, force the HW to only run the special software and try to get back into the market.

Well besides tripling the prices of units (which the company is free to do all day), the pushed firmware upgrades that crippled existing units preventing them from being hacked (which is one of the main gripes in the blog).

Re:Vendor lockin is a myth

They sold the first taste of Heroin at less than cost in the hopes of locking people into an ongoing profit stream, and their hopes didn't materialize. That's terrible. Those poor business people.

The hackers did show a lack of savvy. They were trying to help people who have no means to pay, and they put themselves in a position where they were relying on a for-profit corporation to achieve their goals. That's just stupid. Make deals with the devil, end up on fire. They should have known better than to leave themselves vulnerable to external leverage like that.

Re:Vendor lockin is a myth

What did they expect?

They probably expected to pay the list price for the quoted product.

The company is taking a loss on each box at $50.

That's the company's problem, of course. They are of course free to charge more or less for the devices whenever they want.

So Meraki then does all it can do at that point, force the HW to only run the special software and try to get back into the market.

Ah... so I see you missed the part where Meraki pushed firmware upgrades to existing units? They basically forced new software onto older units which lock them out. So, in effect, they sold a device with certain promises (namely, "open!") at a certain price, and then afterwards log into the devices and load new software to prevent the owners of the hardware from exercising the rights that were granted to them under the original contract terms. As far as I know, logging-into someone else's hardware (and then changing the software so that the hardware is now under your control) without their permission is illegal.

The hackers (especially those who put some kind of trust in "openness") are the ones who ruined the municipal network for everyone. They showed a clear lack of political savvy and it ended up turning what could have been a boon for both the city and Meraki into a political morass which ends up with no one at all happy.

I disagree. If the company was indeed selling the units at a loss, then that is their own stupidity. Customers taking advantage of what you offer ("open, hackable, access point for $50!") is their legal right and frankly is sensible. I disagree that giving into corporate demands at every turn is "political savvy". The company screwed them (and possibly broke the law), so they are warning others not to deal with that company, and it seems like they are going to try to find other hardware suppliers in the future.

Re:Vendor lockin is a myth

Don't you mean "In a fascist society like this one"?

Re:Vendor lockin is a myth

How the hell would they now whether or not the company was taking a loss on each box? Is this something I need to research on everything I buy? You seem to consider this ok? Maybe I should check out the details on my monitor, to make sure that I am not supposed to make up some of the income for the company by visiting certain websites.

If some company screws up and sells my "faulty" goods, then how is this any of my responsibility. And how does this allow them to go in and change the goods they already sold me?

I am having great difficulty understanding your logic on this one.

Re:Vendor lockin is a myth

Is it the hackers fault that Meraki instituted a poor business model? Is it the hackers fault that Meraki is incapable of finding a profit model that suits their needs? Is it the hackers fault that Meraki is retroactively applying their license by updating boxes without notice or consent?

What a company hopes for and the reality of what they get is not my problem or concern. They are from fricking MIT. If they can't do a simple business analysis to come up with a workable pricing and support model, then what the hell are they doing staying in business. This is elementary level thinking, so no, the eggheads from MIT get no sympathy from me.

G

Re:Vendor lockin is a myth

You're blaming the "hackers" for this? This was a project for a poor community with a limited, fixed budget. The hackers got involved because volunteer efforts were likely the only way this project was going to happen. The only thing that changed was that Meraki switched from one unaffordable model to a different, still-unaffordable one, and in the process alienated a group of hackers with a vested interest in helping them improve their product. Perhaps Meraki should have instead open-sourced their Dashboard code and tried to leverage the efforts of people who are able and willing to help them make it better. And at the same time take a long, hard look at their business model. Because it's threatened by a bunch of hobbyists with some spare time on their hands, they're going to be in real trouble. Rather than trying to extort (too strong a word?) subscription fees for their software, perhaps they would be better served by slightly raising the price on the hardware (which they did) and offering support/services contracts to those customers who can afford them. It's a pretty safe bet that these other customers are going to be evaluating vendors not just on the hardware and software, but also on how open their code is, how robust the user and developer communities are, and whether or not they can count on the vendor (Meraki in this case) to act in their best interests in the future.

Re:Vendor lockin is a myth

A company selling hardware at a loss trying to recover that loss with software sales is their problem. Not mine. Printer manufacturers do that, too, selling their ink printers at a loss to cash in with cartridges. Of course, third party vendors quickly tried to push their own cardridges onto the market, along with refill kits, both of which are being battled fiercly by the vendors of the printers who want to protect their business model. You now have chips in cartridges, protected by law against being duplicated... and so on.

It is a vendor lock in attempt. Try to sell the original part cheaply to win a customer, then milk the customer when he got the item and needs "fuel" to keep it running. Whenever something like this happens, you see a company get all defensive and try their utmost to keep their business model working.

This of course raises the question, why don't they just raise the price to match the cost? You offered that question yourself, why didn't they just raise the price by 70 bucks to make a profit with the original piece of hardware? The answer is simple: There's more money in milking locked in customers.

Re:Vendor lockin is a myth

The company is taking a loss on each box at $50.

And? Your point?

If they unwisely chose to sell them at a loss - TFB. They have every right to change the terms and price on new units, but IMO they have committed an outright crime (computer trespass, at the very least) by forcing new firmware on already-purchased units.


but these hackers come along and provide the service for free on the same hardware.

Any company that hasn't learned that lesson yet, deserves their fate. If your business model critically depends on something that a third party can provide cheaper (or free), your customers will use the cheaper version.


They showed a clear lack of political savvy

Riiiight - Because we engineers normally have legendary people-skills and political-prowess?

Meraki presented a problem to people who live for solving them. Politics? Gimme a break. If you add non-game rules to the puzzle, someone will find a way to take them out to achieve a better solution.

Re:So talk to them?

Have you ever tried talking technology with a lawyer? Talking nuclear physics with a pig is more rewarding.

Re:So talk to them?

There are three types of IP lawyers:

• Good, Honest IP Lawyers - These are usually unemployed, or stuck in low paying academic jobs
• IP lawyers which profit off the fear of their clients. These guys lie about the requirements and risks of various IP issues, charge dozens of billable hours to write copyright header comments for the company's source code, tell companies that if they run their product on Linux they'll be forced to open all the code, etc. They usually also dabble in helping companies file bogus patents.
• IP lawyers which help their clients come up with a fake cover for their real licensing motives. That's what we have here. They generate endless legalese to try and dissuade a company's customers from behaving in a way that is inconvenient for the company.

If you want to have a "rewarding" conversation with an IP lawyer, you need to figure out which bucket they are in so you can understand the motivation behind their selected language. If you assume "logic", or "reason" are involved you may as well just bang your head against the wall.

Re:Illegal?

Software licensing isn't the issue; updating his legacy hardware which he purchased under a specific license with specific rights without his knowledge or consent is the issue. Especially when this new firmware update (which he did not authorize but was automatically applied by Meraki despite having been sold with a different EULA) effectively bricks his hardware. This raises the question - Whose hardware is it?