Why Cybersecurity Experts Want Open Source Routers (vice.com) 177
derekmead writes: A coalition of 260 cybersecurity experts is taking advantage of a Federal Communications Commission (FCC) public comment period to push for open source Wi-Fi router firmware.
The cybersecurity experts asked the FCC on Wednesday to require router makers to open-source their firmware, or the basic software that controls its core functionality, as a condition for it being licensed for use in the US. The request comes amid a wider debate on how the FCC should ensure that Wi-Fi routers' wireless signals don't "go outside stated regulatory rules" and cause harmful interference to other devices like cordless phones, radar, and satellite dishes.
The cybersecurity experts asked the FCC on Wednesday to require router makers to open-source their firmware, or the basic software that controls its core functionality, as a condition for it being licensed for use in the US. The request comes amid a wider debate on how the FCC should ensure that Wi-Fi routers' wireless signals don't "go outside stated regulatory rules" and cause harmful interference to other devices like cordless phones, radar, and satellite dishes.
TPP... (Score:5, Informative)
Re:TPP... (Score:4, Funny)
good luck!
check out this provision in the TPP:
http://www.international.gc.ca... [international.gc.ca]
Prevents governments in TPP countries from demanding access to an enterprise’s software source code.
LOL. You conservatives crack me up.
We elected President Hope and Change - Obama. He works for *the people*, particularly those who are poor or minority (some exclusions may apply, specifically asians and pacific islanders are, for purposes of this paragraph, not a "minority"), not big corporations or Wall Street fat cats!
Wow, I can't wait to see the look on those corporation people's faces when Obama strikes down this cronyist giveaway! It'll be priceless. He'll send those Republicans back where they came from with nothing to show for it but some spanked bottoms.
Anyway, that's why we elected him. We were tired of big money making laws. See how smart we are?
Re: (Score:2)
Re: (Score:2)
I suggest we leave all of congress and the house empty for 8 years. I'll bet the country is far better off with ZERO of what those clowns call leadership.
Re: (Score:2)
So that would just leave the corporations in charge. It is pretty bloody obvious that the problem is those corporations who are too big to be allowed to exist corrupting government. Government ain't the problem, the corporations corrupting government are the problem. The symptom is corrupt government, the disease is bloated obese corporations run by psychopaths, time to put those ass hats on a rather severe diet.
Re: (Score:2)
Governments getting access to a corporation's source code doesn't make it open source. It means the government has access to it.
Re:TPP... (Score:5, Insightful)
..and given that it will be fast tracked [wikipedia.org]. This is a HUGE fuck you by Obama and the congress. For Obama, aside from the drone program, signing this is his most immoral and certainly anti-democratic act as president.
If anyone ever asks for an egregious case of government corruption in the United States, point them to the TPP. This is literally corporations writing American law-- international law-- in secret.
The TPP connection may be deeper (Score:2, Interesting)
Re:TPP... (Score:4, Insightful)
Oh no, he has signed many other highly immoral and anti american bills. Remember the fucking republicans all voted for it as well to get it to his desk.
Both sides are scumbags.
Re: (Score:3)
What your looking for is Head Money Cases, 112 U.S. 580 (1884) that said specifically that treaties do not hold special case above congress outside how they are negotiated and approved.
Re: (Score:3)
What your looking for is Head Money Cases, 112 U.S. 580 (1884) that said specifically that treaties do not hold special case above congress outside how they are negotiated and approved.
Except the Constitution places Treaties just under itself and above all other laws of the land - e.g a Treaty can only be invalid if it violates the Constitution, all other laws are subject to the Treaty on equal footing to the Constitution.
Re: (Score:3)
That is not how the supreme court interpreted it. You're correct the wording says that but the supreme court disagreed. The court was clear that treaties do not hold a privileged position over congress specifically allowing for them to pass laws to deny enforcement of, modify or repeal a treaty with nothing more than any other law.
Re: (Score:3)
That is not how the supreme court interpreted it. You're correct the wording says that but the supreme court disagreed. The court was clear that treaties do not hold a privileged position over congress specifically allowing for them to pass laws to deny enforcement of, modify or repeal a treaty with nothing more than any other law.
No, they don't hold special position over Congress because Congress has to - and in accordance with the Consitution - approve all Treaties; and only Congress has that power. The SCOTUS ruling, as described, also doesn't mean that - again as per the Constitution - Treaties are not on par with the U.S Code (law) as opposed to their Constitutional place of being between the Constitution and U.S Code. They're not special by any means.
TPP and, and especially the Iran Deal, have a fault in how they are being p
Routers are the lowest hanging fruit (Score:4, Insightful)
Exposed to the internet, never monitored, never updated, and sits between a computer and the internet, the textbook definition of a man in the middle attack..
Re: (Score:3)
I think consumers are going to need to start demanding that ALL internet-facing devices come with the ability to auto-patch themselves, and this option should default to ON. There's no way you can expect a normal consumer to be able to flash their own devices. Hell, how do they even know if they're vulnerable and *should* flash their device? We've seen what a disaster unpatched servers and PCs have been, and now we're seeing it with unpatched Android devices. Routers are starting to become prime targets
Re: (Score:2)
FTFY
Re: (Score:2)
Secure auto-patching has been a solved problem for a while now. That is, unless you've got some inside scoop that Google, Apple, Microsoft, Netscape, and a few dozen other major tech companies don't know about.
Re: (Score:2)
DNS ... ... ...
Nameservers
There is plenty of stuff that might trick you in doing an illegit autoupdate
Re: (Score:2)
Everything you mentioned is defeated by a simple TLS connection. You don't patch with a simple FTP connection, right? You use public-private key crypto via TLS to securely connect to a legitimate server and initiate the transfer. Even if you re-direct traffic, there's no way to authorize it without that private key. This is the fundamental underpinning of the entire secure web.
I know you're technically literate, so I'm a little surprised you don't seem to understand how this works. ???
Re: (Score:2)
Just read /.
There have been plenty of attacks (which actually happened) or vulnerabilities that could have let to attacks where that approach has/had failed.
Re: (Score:2)
No one who has a clue about security would buy such a device.
This will help! (Score:2)
The IRS can then help watch people more and help them form more correct political views.
The FEC can then help the Party making sure helpful people are able to help more!
Re:This will help! (Score:5, Insightful)
What's sad is that in an ideal world, the NSA *would* help and perform security audits to keep citizens, businesses and government safe from malicious actors.
But sadly, their version of help means inserting back doors and compromising security in the name of DEA parallel constructions to jail some hippie for growing pot.
Re: (Score:2)
That's because they're prioritizing the "attack" part of their mission over the "defend" part of their mission. Not unusual; defense is far less exciting.
Re: (Score:2)
Firmware is not software (Score:3, Informative)
Firmware can be extremely messy, low-level code. It may not even be written in any sort of recognizable programming language. It is frequently the digital equivalent of a set of jumper switches, just a binary blob which is meaningless if you don't have deep knowledge of the hardware it is controlling. Firmware can directly control low-level electronics and an incorrect setting can lead to physical damage to the device and potential harm to nearby humans.
It is dangerously stupid to insist that firmware be open-sourced and to allow developers to modify the firmware on devices.
Re:Firmware is not software (Score:5, Insightful)
I'm a HW engineer, I understand firmware fine. (Score:4, Informative)
You, however, seem to be confused about what firmware is because you are comparing it to "complicated software". And this has been my experience with software engineers--it is impossible to convince them that there is knowledge in this world which is not directly mappable to some sort of software.
There are parts of firmware that are just not understandable unless you have deep knowledge the specific hardware device sitting in front of you, in some cases down to the circuit level (or below, even). It is unreasonable to insist that hardware vendors document their devices down to that level and it is dangerous to allow random idiots to muck about with that firmware.
Re:I'm a HW engineer, I understand firmware fine. (Score:4, Informative)
Re:Firmware is not software (Score:4, Insightful)
and no, it wasn't finally discovered because it was OSS, but buy automated testing that works equally well on closed source
But the fix was able to be independently verified because it is OSS.
Re: (Score:3)
FTFY
Re: (Score:2)
What does heartbleed have to do with firmware?
Re: (Score:3)
That misses the point. (Score:2)
Sure a router (like a PC, btw) runs Linux and C programs, but there's also a BIOS layer below that and perhaps even a microcode layer below that. What language is the microcode written in? There are also lots of device drivers that are essentially binary blobs where some HW guy has carefully tweaked settings. Sure, C & Linux can be used to deliver the binary blobs--but they are still binary blobs.
Some of the binary blobs configure very delicate internal circuitry that establish things like transmission
Router firmware is very often Linux, or its cousin (Score:2)
The firmware in routers is very often Linux. Since Linux is open source, you can download the firmware for many routers and see for yourself. the firewall on the router is the same iptables firewall that runs on my desktop and my laptop. See OpenWRT and the *WRT distributions which are variants of the Linksys firmware for more.
Many of the manufacturers selling routers sold in big-box stores, such as Linksys, have wanted to save a couple of dollars by having a couple MB less memory, they've transitioned to
Re: (Score:3)
When did I say I wasn't familiar with firmware? (Score:2)
I'm a HW engineer--I actually know quite a bit about a lot of types of firmware and I'm extremely qualified to have these opinions.
Re: (Score:2)
Says the guy who believed a few posts back that microcode is firmware, or that firmware might contain microcode, or that microcode is 'compiled' from a differen (higher level?) language.
SORRY: it is hard to believe you have any clue at all. So forgive me that I don't take your claim seriously.
microcode is a form of firmware (Score:2)
It's a layer of firmware sitting between you and the hardware, it's written by the vendor.
I never said anything about microcode being compiled from a high-level language--I said the opposite, that the existence of microcode is evidence confirming that there is some very common 'firmware' which isn't written in any soft of recognizable programming language.
I've actually designed a lot of hardware and I've written a fair amount of firmware in my life. Have you?
Re: (Score:2)
I have written firmware, hence I know that microcode is not in the firmwhere ... you seem not to know that hence I doubt your claims about having worked on hardware and firmware.
Hint: google what microcode actually is!
I know what microcode is you dumb fuck. (Score:2)
It is a layer of 'code' which tells a processor how to execute instructions. It generally gives the processor the ability to translate one opcode in the instruction set architecture into several interal micro-operations, and it usually has very raw access to the internal processor control (in some cases directly controlling internal HW muxes and whatnot). It's frequently used to permit emulation of otherwise deprecated instructions transparently to all layers of firmware and software above it. Generally the
Re: (Score:2)
Firmware is processor instructions in a ROM loaded at boot time.
Microcode are instructions stored inside of a CPU, not in ROM outside. There are perhaps a handful or two handful hardware architectures that allow later patching of microcode. I bet my left ball that there is no router on the world that has the option to patch/burn/upgrade the microcode of any processor in it. And I doubt that that any router exists where at boot up the internal memory of the CPU is initialized with microcode from the ROM on b
modern Intel x86 processors have updatable microco (Score:2)
Have you ever heard of Intel? Microcode is a form of firmware, by definition. In fact, IBM uses those terms interchangeably.
You are possibly the stupidest person I've ever met on /., and that's saying something.
Re: (Score:2)
I don't know that I agree. IBM used to print the assembly source for their IBM PC BIOS and include it in the tech manual (I still have it - the PC and the manual).
Conceptually you are correct in the description of the firmware. But it is source code that created it. Although maybe there's a definition that is missing - one person's firmware is another's BIOS / EE-PROMs etc.
I used to have an old 8080 prototype kit. Think RaspPI of yester-year. The boot prom could be yanked out and stuck in a cradle a
Re: (Score:2)
Just a minor nitpick. The PROMs with the UV erasure window were EPROMs (Erasable Programmable ROM).
EEPROMs could be erased with voltage on a pin (Electronically Erasable Programmable ROM). EEPROM were the forerunners of flash.
Re:Firmware is not software (Score:5, Insightful)
"Firmware" has multiple meanings. The thing you're talking about is indeed called "firmware", but it is a minuscule fraction of the firmware on a typical router, which is generally a linux/unix derivative and includes everything from device drivers to configuration UI. And which is usually riddled with security vulnerabilities and other flaws.
Even the minuscule bit you're talking about still needs to be inspectable and repairable, because devices always have bugs -- often already known by the time they're shipped and purchased -- and device manufacturers have (apparently) little to no economic interest in fixing them, and it's the owner of an RF device who is legally responsible for compliance. Unless you honestly expect everyone to throw their routers away and buy new ones every few months, or you simply don't care about security, performance, or FCC compliance, field updates are a necessity.
If an RF-controlling firmware component is nothing but the equivalent of a few jumper switches, then document them thoroughly. If it's functional software (which in fact it pretty-much always is), then publish it, and do so in a form so it can be recompiled to ensure that what's on the device is the same as what was published. Volkswagen has proved beyond any reasonable person's doubt that unverifiable software is not to be trusted.
(Disclosure: co-author/signatory to the FCC letter.)
Pay more for a router that's properly supported. (Score:2)
It's that simple. Yes, throw out your old crappy routers and pay more for routers which are properly supported by the vendor. The vendor has the expertise it needs to modify the firmware in a safe way.
As I said elsewhere in this thread:
"Sure a router (like a PC, btw) runs Linux and C programs, but there's also a BIOS layer below that and perhaps even a microcode layer below that. What language is the microcode written in? There are also lots of device drivers that are essentially binary blobs where some HW
Re: (Score:2)
It's that simple. Yes, throw out your old crappy routers and pay more for routers which are properly supported by the vendor.
... okay. I guess if a router is "properly supported", that means it doesn't have any bugs, so it will never need to be field-updated under any circumstances.
Also, if it's "properly supported", that means neither the manufacturer nor anyone in the supply chain will ever insert any kind of malware, so there's no reason to allow the code to be inspected for correctness.
Also, those 11 million VW diesel owners should have paid more for a properly supported car.
Obviously it needs field updates. (Score:2)
That's exactly what "properly supported" means in this context. You are intentionally being obtuse by claiming otherwise. It needs to be field updatable by the manufacturer. It does *not* need to be field updatable by the end user--that's a recipe for disaster.
I don't have any problem with the hardware device (including its code) being made subject to inspections & audits. It doesn't need to be open sourced for that to happen, the code doesn't even need to be made public--and you certainly don't need to
Re: (Score:2)
Firmware can be extremely messy, low-level code.
Yes. There are two kinds of firmware at issue here. There's radio firmware, and there's the wifi firmware, and sadly the two are frequently one big blob especially because the wifi is commonly integrated into the SoC. However, this is not always the case. It's quite possible to permit people to update the one without permitting them to update the other, if the hardware is designed for it.
Re: (Score:2)
What the fuck are you talking about?
Firmware is not some arcane stuff, made in alchemist labs with fairy dust, mole eyes and dragon scale. Just because you cannot read it doesn't mean that it is something cryptic that nobody can possibly understand.
Yes, some parts of it require some knowledge of the hardware it controls. SOME parts. And with increasing abstraction those parts get fewer and fewer. Hell, even BIOS, which used to be the epitome of low level, talk-on-a-first-name-base-with-the-silicon code has
Re: (Score:2)
Firmware is not some arcane stuff, made in alchemist labs with fairy dust, mole eyes and dragon scale.
Maybe on your router. I didn't cheap out when I bought mine, though.
Re: (Score:2)
Since I develop hardware, I kinda do know a few bits and pieces of driver development. It ain't rocket surgery or brain science. It also has little to do with the quality of the hardware used. Actually, more expensive hardware tends to offer more functionality and usually also more and better documentation along with a more convenient communication interface.
So what's your point? (Score:2)
that hardware vendors should only be required to open-source the high-level [easily understandable and non-proprietary] parts? I wasn't claiming that all the software that runs on a given piece of hardware was deep and mysterious--but some parts of it definitely are, including parts that are of particular interest to the FCC.
Re: (Score:2)
The OSI layers exist for a reason...
That would probably also be the key to satisfy all parties. Except maybe the political ones.
Re: (Score:2)
What firmware are you talking about? The chips that provide WiFi are pretty well known and established. I'd like to know which ones you are referring to. Are they on this list? https://downloads.openwrt.org/... [openwrt.org]
How about the processor in your computer? (Score:2)
it probably runs some form of microcode which is only modifiable by the vendor. Should that vendor be required to open-source the microcode?
Re: (Score:3)
These ones match his requirements for certain.
bcm53xx
brcm2708
brcm47xx
brcm63xx
There is a reason why the FSF does not like broadcomm chipsets, and considers them FOSS un-friendly.
The drivers for these chips requires a closed binary blob, that must be harvested from a windows driver. On linux, this process is automated with a bash script which downloads a suitable driver package directly from an OEM's support site, then rips the binary blob out and places it into a special folder in /usr, iirc.(might be /etc..
Re: (Score:2)
Firmware can be extremely messy, low-level code. It may not even be written in any sort of recognizable programming language. It is frequently the digital equivalent of a set of jumper switches, just a binary blob which is meaningless if you don't have deep knowledge of the hardware it is controlling. Firmware can directly control low-level electronics and an incorrect setting can lead to physical damage to the device and potential harm to nearby humans.
It is dangerously stupid to insist that firmware be open-sourced and to allow developers to modify the firmware on devices.
I wondered where Darl McBride went.
Re: (Score:2)
an incorrect setting can lead to physical damage to the device and potential harm to nearby humans
If code can damage the hardware then the hardware design is bad, and 100mW of transmit power isn't enough to cause harm to humans; your cellphone transmits with more power than that.
That's not how the world works, jackass. (Score:2)
Most of the computers (hell, most of the electronic devices) you've used in your life have some code running at some layer which [if written incorrectly] can do some physical damage. There is code that sequences power initialization, controls the voltage levels, controls clock rates, enables/disables over-temperature sensors, controls fan speeds, yadda yadda yadda.
You are unaware that this code exists probably because you've lived your entire computer life inside a safe little virtual world created for you
Re: (Score:2)
You are unaware that this code exists probably because you've lived your entire computer life inside a safe little virtual world created for you by people who are a lot smarter than you
Let me give you a clue, since you don't seem to have one, you arrogant piece of crap: I work for the company that made the microprocessor and PCH in the computer you're spouting nonsense on. Do not presume to tell me what I do and do not know.
Now, then: If you're so gods-be-damned smart, then how come you don't seem to understand that 100mW of RF, even right next to your (apparently rock-filled) head, isn't going to cause injury or death, or more to the point: the couple watts that your cellphone, right ne
Re: (Score:2)
So what you are saying is you have no clue what firmware is.
By definition it's software that has been programmed into read only memory. Nearly nothing has write once read many storage aside from programmable fuses that tend to be used to turn bits of kit off so one chip can be sold in many configurations and in some gear to block further updates to what is flash or similar.
In this case you generally have one blob that contains one or more other blobs. The primary being a complete operating system and the
Re: (Score:2)
Then the users claims that they have no idea what went wrong with the router and since it is fried there is no way to determine what firmware it was running. The manufacturer is now on the hook for a warranty that is actually invalid.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No, but neither are the manufacturer's fault. You decide to operate machinery outside of spec, you're responsible for it.
To pull the ever popular car analogy, if I tune my car and fuel it with nitro, should I be allowed to blame Ford if it blows up?
Re: (Score:2)
The limits are different based on directional antenna vs omnidirectional antenna. You are allowed to crank the power up when using a directional antenna like a Yagi in order to get the signal to travel miles, but omnis are limited in their power output. This would make the limits impossible to implement in every situation.
Re: (Score:2)
But if I am so inclined I can at any time go out and buy a different engine for my car, and have it installed at my expense and risk.
Re: (Score:3)
Not exactly.
There is the router's OS package, which contains the radio firmware.
It has become (alarmingly) commonplace for the firmware to be stored in volatile memory inside the radio device-- Such is the case with basically *ALL* Broadcomm radios. There is a binary blob that even on linux, must be harvested from closed source driver packages. This blob is what Brannon is talking about. The FOSS linux driver harvests this firmware (which is extracted on consumer linux boxes using a package called fwcutter)
This rule also applies to PCs (Score:2)
Another security professional's comment to the FCC (Score:4, Interesting)
Below is the text of another comment a career security professional (myself) submitted to the FCC on this issue. Specifically, this is regarding the FCC's proposal to essentially outlaw open routers, by requiring that the firmware be boot-locked.
Based on 18 years of professional experience in network security, in both the private sector and government, the proposed rule causes significant concern for information security posture. There are three primary reasons. The legitimate goals of the FCC could be achieved in an alternate manner which does not cause the same widespread security vulnerabilities, by instead requiring that output power levels and any other critical parameters be limited to legal levels by a separate chip. This approach would be far superior to effectively banning proper security practice for the ENTIRE operating system and all utilities on the device, as the current proposal does.
1
The proposed rule which requires that manufacturers disallow firmware updates (other than signed manufacturer updates, typically provided for only a very short time), makes it much more difficult to prevent incidents such as the $45 million loss at TJX and the Target breach. In both cases, the victim companies were initially targeted because insecure wifi devices were in use. To reduce future occurrences of such breaches, it is imperative to be able to update devices which use wireless networking. Especially when a vulnerability such as Shellshock is discovered, it is imperative that risks be mitigated immediately.
Updates provided by the manufacturer may at first seem to be a possible solution, but are not actually a viable solution for two reasons. Manufacturers generally do not provide long-term updates, updates for devices more than about one-two years old. In many cases, no updates are offered at all to handle issues after the date of sale. It is not reasonable to anticipate that organizations and families will replace their network gear every year or two - firmware updates are needed, including for devices which are a few years old. Perhaps ESPECIALLY for devices which are a few years old.
Secondly, updates from the manufacturer are not a viable solution for more sensitive government and private organizations due to the response time required. In the first 24 hours after the release of Shellshock, thousands of systems were compromised. For many networks, it is critically important to mitigate the threat during this initial time frame. Manufacturer full updates were not available for several days to several months, as we first discussed the best long term solution and that solution propagated downstream from the authors, to the subsystem maintainers, distribution maintainers, OEM repackagers, and finally out to customers after testing at each level. In the meantime, temporary MITIGATIONS were performed on-site by network engineers and security contractors. These vital mitigations which protected sensitive networks in the interim would be illegal and prevented by manufacturer locks under the proposed rule. In simple terms, the proposal makes it illegal to manufacturer equipment which can be _quickly_ protected against new threats to our cyber security.
2
Another reason that the proposed rule is problematic is that the manufacturer default firmware, with all available features designed to be as easily accessible as possible, is not appropriate for any environment in which security is a concern. A central tenet of information security, and security in general, is that the attack surface should be as small as possible - services not needed for a particular installation should not be installed and enabled. The only software which definitely cannot be exploited is software which is not installed or not enabled. Therefore, the most secure firmware tends to be that with as many features _removed_ as possible, with only those items required for the current role installe
Re: (Score:2)
Along similar lines I proposed that certain devices be locked. I approached as a consumer. Power output strength etc. Anything that the FCC governs to protect interference.
WiFi routers can't output beyond their class governance because some kids were having fun. Esp in this age where people can download this from others without understanding the impact. One person was experimenting with friends to see if they could send a signal 30 miles across Kansas - this can't be used in the middle of a big city.
G
FCC proposal -EXPLICITLY- bans OpenWRT (Score:2)
Have you read -about- the proposal and not read the proposal itself?
The proposal specifically calls on manufacturers to prevent the use of OpenWRT, by name. OpenWRT is an operating system, not radio firmware.
FCC application: Protected from "flashing" DD-WRT (Score:2)
You've clearly thought about what would be reasonable for the FCC to do, given their mandate. You then assumed that they've done what would be reasonable. Here are the -actual- requirements which manufacturers must now include in their application for FCC approval. (Link to FCC application requirements document below). This one makes it pretty clear, doesn't it?:
2. What prevents third parties from loading non-US versions of the
software/firmware on the device? Describe in detail how the device is protected
U-NII is 5Ghz band, 802.11a and N. Beacon frames (Score:2)
U-NII is the 5Ghz band, used by 802.11a and 802.11.
Your rPi will probably need to use an old WiFi dongle because for new sales, anything that is capable of sending beacon frames is classified by the FCC as an AP and must comply. The FCC has issued special guidance clarifying that items previously treated as client devices are now APs if they can beacon.
You'd think that if the FCC tried something so ham-fisted it would be news, it would be all over the tech sites. IT IS. The instruction to manufacturers
Misleading title (Score:3, Insightful)
How about this for a title: FCC is trying to strip more of your individual freedoms away, EFF objects.
Re: (Score:3)
How about this: FAA acquires weather radio design from morons, FCC attempts to cover their ass.
Ban isp from forcing you to rent there hardware (Score:4, Interesting)
Ban isp from forcing you to rent there hardware / make them give you a true bridge mode / pure Ethernet handoff
Re: (Score:2)
Which ISPs force you to rent their WiFi Router?
Re: (Score:2)
At&t? u-verse ADSL2+ uses non standard authentication so you have to use At&t's equipment.
Afaik they charge a lease fee on residential customers.
As a business customer I get to own the modem. not really any cost savings compared to leasing though the modems burn out so quickly I have had uverse for a about 2 years now and I am on my 5th modem they have been charging me $100/ea for replacement.
comcast as well for some uses (Score:2)
comcast metro e / comcast gig pro make you rent that hardware and the basic price should have that built in.
Comcast kind of when you get cable phone
FiOS you can rent or buy there gateway.
Re: (Score:2)
You can buy it. I own my U-Verse router. I disabled the Wifi on it, and the Uverse router only connects to my WiFi router.
Re: (Score:2)
If you find a way to disable the web redirect when the router looses connection please let me know!
I'd half expect them to agree... (Score:2)
Clever wireless NIC tricks can be an actual competitive advantage; but the "Outdated kernel, busybox, and lighthttpd" s
Open Source != Freely Modifable (Score:2)
There is no conflict between the two (sensible) requirements that:
(A) The router's source code should be freely inspectable
AND
(B) The router should have strong technological measures to prevent users from using it in a way that violates the terms, for instance by transmitting on a band that is not licensed in that country.
This is also a very good model for the automotive industry -- another place where there is laughable security [wired.com] that merits some rea
Re: (Score:3)
http://www.afar.net/tutorials/... [afar.net]
How do you implement the rules listed there for antenna gain?
If your equipment is used in a fixed point-to-point link, there are two exceptions to the maximum EIRP rule above:
In the 5.8 GHz band the rule is less restrictive. The maximum EIRP allowed is 53 dBm (30 dBm plus 23 dBi of antenna gain).
In the 2.4 GHz band you can increase the antenna gain to get an EIRP above 36 dBm but for every 3dBi increase of antenna gain you must reduce the transmit power by 1 dBm. The table below shows the combinations of allowed transmit power / antenna gain and the resulting EIRP.
Transmit Power
(dBm)
Antenna Gain
(dBi)
EIRP
(dBm)
30 6 36
29 9 38
28 12 40
27 15 42
26 18 44
25 21 46
24 24 48
23 27 50
22 30 52
I don't see any way for the wifi router to tell the gain of the antenna you attach to it and automatically drop the signal strength.
The responsibility for staying within these power limits falls on the operator (or, if professionally installed, on the installer).
So if that is the case, why is this firmware lockdown even on the table, even with locked down firmware, you are responsible for staying within the power limits.
Re: (Score:2)
Being able to audit the code is not the point. Being able to fix it is the point. So no.
Re: (Score:2)
I mean, that would be great. But you have to explain to me how you are going to prevent some kid from "fixing" the ECU his car to get ten extra HP while spewing particulate matter into everyone's air.
Re: (Score:2)
I mean, that would be great. But you have to explain to me how you are going to prevent some kid from "fixing" the ECU his car to get ten extra HP while spewing particulate matter into everyone's air.
Instead of stationary emissions testing, perhaps on a dyno, revise emissions testing to be mobile and actually be based on driving in real-world conditions. Anyway, not granting code doesn't prevent that because people already just replace the PCM.
how about voting machines first? (Score:2)
Open access to the source code of consumer routers is an excellent idea. However, one of the bigger problems is that often elections take statistically bizarre turns, sometimes affecting access to other data... Why not start with mandated open access to source code of voting machines. It doesn't have to be open source per se, but at least inspectable so that outright fraud can be addressed....
stop meddling (Score:2)
Government shouldn't prohibit tinkering with firmware. It should also not require open sourcing anything. If people want routers with open source firmware (like myself), we can buy them. Other people couldn't care less.
Really people, stop proposing stupid rules.
You can see the long-term picture. (Score:3)
It happens like this:
(1) Companies write TPP and other laws to indemnify themselves and resist modifications to their buggy routers.
(2) FCC makes the problem worse by effectively requiring DRM on routers.
(3) incidence of serious hacks skyrockets as people are unable to update their routers and other network-enabled devices.
(4) legislators react to spike in online crime/tragedies not by undoing (1)-(3) but with "get tough" anti-"hacking" laws that chill research and throw people in jail for minor transgressions, research, clock-building, vulnerability disclosure, security tools, or a anything not understood that politicians and aggressive prosecutors could perceive as "hacking".
(5) The problem gets MUCH MUCH worse as a result. Bright minds are tossed into jail, open research is chilled, and online crime continues to skyrocket.
(6) GOTO 4.
No problem (Score:2)
Here is the source for my router. It's written in Z.
You need a Z compiler? Here is one.
Oh you want the source for the Z compiler? Here it is, written in Z. You just have to compile that with this binary version of the Z compiler, which has no suspicious code, I swear!
Re:No such thing as a Wi-Fi Router (Score:4, Informative)
Dedicated APs are pretty thin on the ground in cheap-consumer-shit land, even compared to discrete DSL and cable modems.
Re:No such thing as a Wi-Fi Router (Score:4, Insightful)
In a good deal of the consumer crap devices I have looked under the hood of, the device runs a crippled version of openwrt.
In such cases, the router and AP functionality comes about entirely through software, since the core OS treats both the wired interface and the wireless interface as discrete network interface cards. The wired interface is usually the one that is more interesting, as the multiple ports are treated as VIFs.
Considering the pricing point of between 50 and 100$ for most consumer grade PoS devices out there, there's a pretty good featureset under there if you can just get past the ABYSMAL driver and config script stack that the manufacturers often push on the poor things.
Often times, the "stock" firmware for these devices use drivers that have been hacked up seven ways to sunday so that they expose certain behaviors-- and have config scripts that do loopy loops to try and get the system into a state that the device maker wants it to be in. (Things like having the root password be set via script every bootup, because the stock firmware does not have a JFFS partition to store actual root credentials, and instead stores the user-defined password in the NVRAM so it can be easily reset with the reset button. On bootup, the script grabs the value from NVRAM and sets the root password. Nevermind the DUMBSHITNESS of exposing the root user this way, since it runs all the services under root.) Looking at it, it is the script equivalent of a Rube-Goldberg contraption.
OpenWRT (the REAL deal, not the hacked up dog and pony show that netgear and pals puts under the hood of their devices) boots in a fraction of the time (Stock firmwares often take over a full 2 minutes to fully finish the init script!! Open WRT becomes fully functional in typically under 30 seconds.) allows PROPER device administration (like, allowing you to set up proper service user and group accounts on the router to segregate process access requirements, set up and use jails, give you your choice of what routing and wifi supplicant package to use, what HTTP daemon to use-- if any-- etc.)
Consumer grade crap can become quite useful with a firmware update. Just that you have to treat it like what it actually is--- a small, general purpose computing platform-- and set it and configure it appropriately.
Re: (Score:2)
Yeah, no bias here. Democrats are as pure as the driven snow (rolleyes)
This is how people like Hillary and Jeb get elected, dumb people who only see (D) or (R) when they vote.
Re: (Score:2)
Only idiots believe that there will be anymore than two candidates. If you don't vote for the D or R your vote is wasted and doesn't count. That is why 70% of the population doesn't bother. When your choice is between an idiot or a moron you don't get a choice.
I don't like Hillary, sanders scares me, and every single republican wants to remove women rights, and install a theocracy in place of the president.
Now pick your candidate. Also if you don't believe the part about theocracy you are not listening
Re: (Score:2)
IF you don't vote, you vote doesn't count. If you don't vote for the winner, your vote doesn't count, The only way your vote counts (using your example) is if you vote for the winner. And as long as you think that way, nothing will change. Which is why people like you who want change, but don't actually change, can't actually change anything. So please stop spewing your "anti-change" logic and let those of us who are not tied to broken system of two parties (who are more or less the same) actually change th
Re: (Score:2)
And as we have just recently learned, if the software used isn't open source, we can't even sensibly test it or at least must not do so due to legal bullshit.