Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Communications Networking Open Source Hardware Your Rights Online

Why Cybersecurity Experts Want Open Source Routers (vice.com) 177

derekmead writes: A coalition of 260 cybersecurity experts is taking advantage of a Federal Communications Commission (FCC) public comment period to push for open source Wi-Fi router firmware.

The cybersecurity experts asked the FCC on Wednesday to require router makers to open-source their firmware, or the basic software that controls its core functionality, as a condition for it being licensed for use in the US. The request comes amid a wider debate on how the FCC should ensure that Wi-Fi routers' wireless signals don't "go outside stated regulatory rules" and cause harmful interference to other devices like cordless phones, radar, and satellite dishes.

This discussion has been archived. No new comments can be posted.

Why Cybersecurity Experts Want Open Source Routers

Comments Filter:
  • TPP... (Score:5, Informative)

    by pao93 ( 555117 ) on Thursday October 15, 2015 @12:29PM (#50736583)
    good luck! check out this provision in the TPP: http://www.international.gc.ca... [international.gc.ca] Prevents governments in TPP countries from demanding access to an enterprise’s software source code.
    • Re:TPP... (Score:4, Funny)

      by Trailer Trash ( 60756 ) on Thursday October 15, 2015 @01:31PM (#50737103) Homepage

      good luck!
      check out this provision in the TPP:

      http://www.international.gc.ca... [international.gc.ca]

      Prevents governments in TPP countries from demanding access to an enterprise’s software source code.

      LOL. You conservatives crack me up.

      We elected President Hope and Change - Obama. He works for *the people*, particularly those who are poor or minority (some exclusions may apply, specifically asians and pacific islanders are, for purposes of this paragraph, not a "minority"), not big corporations or Wall Street fat cats!

      Wow, I can't wait to see the look on those corporation people's faces when Obama strikes down this cronyist giveaway! It'll be priceless. He'll send those Republicans back where they came from with nothing to show for it but some spanked bottoms.

      Anyway, that's why we elected him. We were tired of big money making laws. See how smart we are?

      • Are you implying that the sold-out Republicans would be better than the sold-out democrats?
        • by Lumpy ( 12016 )

          I suggest we leave all of congress and the house empty for 8 years. I'll bet the country is far better off with ZERO of what those clowns call leadership.

          • by rtb61 ( 674572 )

            So that would just leave the corporations in charge. It is pretty bloody obvious that the problem is those corporations who are too big to be allowed to exist corrupting government. Government ain't the problem, the corporations corrupting government are the problem. The symptom is corrupt government, the disease is bloated obese corporations run by psychopaths, time to put those ass hats on a rather severe diet.

    • by Lakitu ( 136170 )

      Governments getting access to a corporation's source code doesn't make it open source. It means the government has access to it.

  • by Anonymous Coward on Thursday October 15, 2015 @12:41PM (#50736665)

    Exposed to the internet, never monitored, never updated, and sits between a computer and the internet, the textbook definition of a man in the middle attack..

    • I think consumers are going to need to start demanding that ALL internet-facing devices come with the ability to auto-patch themselves, and this option should default to ON. There's no way you can expect a normal consumer to be able to flash their own devices. Hell, how do they even know if they're vulnerable and *should* flash their device? We've seen what a disaster unpatched servers and PCs have been, and now we're seeing it with unpatched Android devices. Routers are starting to become prime targets

      • I think consumers are going to need to start demanding that ALL internet-facing devices come with the ability for hackers.ru to patch them, and this option should default to ON.

        FTFY

        • Secure auto-patching has been a solved problem for a while now. That is, unless you've got some inside scoop that Google, Apple, Microsoft, Netscape, and a few dozen other major tech companies don't know about.

          • DNS ...
            Nameservers ...
            There is plenty of stuff that might trick you in doing an illegit autoupdate ...

            • Everything you mentioned is defeated by a simple TLS connection. You don't patch with a simple FTP connection, right? You use public-private key crypto via TLS to securely connect to a legitimate server and initiate the transfer. Even if you re-direct traffic, there's no way to authorize it without that private key. This is the fundamental underpinning of the entire secure web.

              I know you're technically literate, so I'm a little surprised you don't seem to understand how this works. ???

              • Just read /.
                There have been plenty of attacks (which actually happened) or vulnerabilities that could have let to attacks where that approach has/had failed.

      • No one who has a clue about security would buy such a device.

  • Government intelligence agencies can help contribute to the code base.

    The IRS can then help watch people more and help them form more correct political views.

    The FEC can then help the Party making sure helpful people are able to help more!
    • Re:This will help! (Score:5, Insightful)

      by swb ( 14022 ) on Thursday October 15, 2015 @01:28PM (#50737075)

      What's sad is that in an ideal world, the NSA *would* help and perform security audits to keep citizens, businesses and government safe from malicious actors.

      But sadly, their version of help means inserting back doors and compromising security in the name of DEA parallel constructions to jail some hippie for growing pot.

      • by suutar ( 1860506 )

        That's because they're prioritizing the "attack" part of their mission over the "defend" part of their mission. Not unusual; defense is far less exciting.

      • by davecb ( 6526 )
        Canada's Communications Security Establishment used to to just that: my boss was building ruggedized PCs for External Affairs, and they helped him with a TEMPEST project. Less so these days, but we also have a very odd government in power (;-))
  • by Brannon ( 221550 ) on Thursday October 15, 2015 @12:45PM (#50736705)

    Firmware can be extremely messy, low-level code. It may not even be written in any sort of recognizable programming language. It is frequently the digital equivalent of a set of jumper switches, just a binary blob which is meaningless if you don't have deep knowledge of the hardware it is controlling. Firmware can directly control low-level electronics and an incorrect setting can lead to physical damage to the device and potential harm to nearby humans.

    It is dangerously stupid to insist that firmware be open-sourced and to allow developers to modify the firmware on devices.

    • by bradgoodman ( 964302 ) on Thursday October 15, 2015 @12:51PM (#50736767) Homepage
      Just because YOU don't understand it, it doesn't mean that there are a LOT of people that do and would. I'm not knowledgeable enough to personally audit open-source encryption software like GPG and OpenSSL, but I'm glad it's open-source so others who are more knowledgeable than me can scrutinize.
      • by Brannon ( 221550 ) on Thursday October 15, 2015 @03:32PM (#50738079)

        You, however, seem to be confused about what firmware is because you are comparing it to "complicated software". And this has been my experience with software engineers--it is impossible to convince them that there is knowledge in this world which is not directly mappable to some sort of software.

        There are parts of firmware that are just not understandable unless you have deep knowledge the specific hardware device sitting in front of you, in some cases down to the circuit level (or below, even). It is unreasonable to insist that hardware vendors document their devices down to that level and it is dangerous to allow random idiots to muck about with that firmware.

        • by bradgoodman ( 964302 ) on Thursday October 15, 2015 @04:52PM (#50738833) Homepage
          (I am an embedded systems engineer - so I understand it quite well). What might not be evident is that the people that build these routers (often/usually) don't design all the chips in them. i.e. they're made by other companies. The datasheets are available to others. People do this like crazy all the time. There was just an article the other day on how people modified the firmware in a WiFi router radio component to create a WiFi jammer.
    • Most routers are running Linux and the firmware is written in C.
      • Sure a router (like a PC, btw) runs Linux and C programs, but there's also a BIOS layer below that and perhaps even a microcode layer below that. What language is the microcode written in? There are also lots of device drivers that are essentially binary blobs where some HW guy has carefully tweaked settings. Sure, C & Linux can be used to deliver the binary blobs--but they are still binary blobs.

        Some of the binary blobs configure very delicate internal circuitry that establish things like transmission

    • The firmware in routers is very often Linux. Since Linux is open source, you can download the firmware for many routers and see for yourself. the firewall on the router is the same iptables firewall that runs on my desktop and my laptop. See OpenWRT and the *WRT distributions which are variants of the Linksys firmware for more.

      Many of the manufacturers selling routers sold in big-box stores, such as Linksys, have wanted to save a couple of dollars by having a couple MB less memory, they've transitioned to

    • It's dangerously stupid for people who aren't familiar with firmware to express opinions about why firmware shouldn't be open-sourced.
      • I'm a HW engineer--I actually know quite a bit about a lot of types of firmware and I'm extremely qualified to have these opinions.

        • Says the guy who believed a few posts back that microcode is firmware, or that firmware might contain microcode, or that microcode is 'compiled' from a differen (higher level?) language.
          SORRY: it is hard to believe you have any clue at all. So forgive me that I don't take your claim seriously.

          • It's a layer of firmware sitting between you and the hardware, it's written by the vendor.

            I never said anything about microcode being compiled from a high-level language--I said the opposite, that the existence of microcode is evidence confirming that there is some very common 'firmware' which isn't written in any soft of recognizable programming language.

            I've actually designed a lot of hardware and I've written a fair amount of firmware in my life. Have you?

            • I have written firmware, hence I know that microcode is not in the firmwhere ... you seem not to know that hence I doubt your claims about having worked on hardware and firmware.

              Hint: google what microcode actually is!

              • It is a layer of 'code' which tells a processor how to execute instructions. It generally gives the processor the ability to translate one opcode in the instruction set architecture into several interal micro-operations, and it usually has very raw access to the internal processor control (in some cases directly controlling internal HW muxes and whatnot). It's frequently used to permit emulation of otherwise deprecated instructions transparently to all layers of firmware and software above it. Generally the

                • Firmware is processor instructions in a ROM loaded at boot time.
                  Microcode are instructions stored inside of a CPU, not in ROM outside. There are perhaps a handful or two handful hardware architectures that allow later patching of microcode. I bet my left ball that there is no router on the world that has the option to patch/burn/upgrade the microcode of any processor in it. And I doubt that that any router exists where at boot up the internal memory of the CPU is initialized with microcode from the ROM on b

    • I don't know that I agree. IBM used to print the assembly source for their IBM PC BIOS and include it in the tech manual (I still have it - the PC and the manual).

      Conceptually you are correct in the description of the firmware. But it is source code that created it. Although maybe there's a definition that is missing - one person's firmware is another's BIOS / EE-PROMs etc.

      I used to have an old 8080 prototype kit. Think RaspPI of yester-year. The boot prom could be yanked out and stuck in a cradle a

      • by sconeu ( 64226 )

        Just a minor nitpick. The PROMs with the UV erasure window were EPROMs (Erasable Programmable ROM).

        EEPROMs could be erased with voltage on a pin (Electronically Erasable Programmable ROM). EEPROM were the forerunners of flash.

    • by Ethanol ( 176321 ) on Thursday October 15, 2015 @01:15PM (#50736955)

      "Firmware" has multiple meanings. The thing you're talking about is indeed called "firmware", but it is a minuscule fraction of the firmware on a typical router, which is generally a linux/unix derivative and includes everything from device drivers to configuration UI. And which is usually riddled with security vulnerabilities and other flaws.

      Even the minuscule bit you're talking about still needs to be inspectable and repairable, because devices always have bugs -- often already known by the time they're shipped and purchased -- and device manufacturers have (apparently) little to no economic interest in fixing them, and it's the owner of an RF device who is legally responsible for compliance. Unless you honestly expect everyone to throw their routers away and buy new ones every few months, or you simply don't care about security, performance, or FCC compliance, field updates are a necessity.

      If an RF-controlling firmware component is nothing but the equivalent of a few jumper switches, then document them thoroughly. If it's functional software (which in fact it pretty-much always is), then publish it, and do so in a form so it can be recompiled to ensure that what's on the device is the same as what was published. Volkswagen has proved beyond any reasonable person's doubt that unverifiable software is not to be trusted.

      (Disclosure: co-author/signatory to the FCC letter.)

      • It's that simple. Yes, throw out your old crappy routers and pay more for routers which are properly supported by the vendor. The vendor has the expertise it needs to modify the firmware in a safe way.

        As I said elsewhere in this thread:

        "Sure a router (like a PC, btw) runs Linux and C programs, but there's also a BIOS layer below that and perhaps even a microcode layer below that. What language is the microcode written in? There are also lots of device drivers that are essentially binary blobs where some HW

        • by Ethanol ( 176321 )

          It's that simple. Yes, throw out your old crappy routers and pay more for routers which are properly supported by the vendor.

          ... okay. I guess if a router is "properly supported", that means it doesn't have any bugs, so it will never need to be field-updated under any circumstances.

          Also, if it's "properly supported", that means neither the manufacturer nor anyone in the supply chain will ever insert any kind of malware, so there's no reason to allow the code to be inspected for correctness.

          Also, those 11 million VW diesel owners should have paid more for a properly supported car.

          • That's exactly what "properly supported" means in this context. You are intentionally being obtuse by claiming otherwise. It needs to be field updatable by the manufacturer. It does *not* need to be field updatable by the end user--that's a recipe for disaster.

            I don't have any problem with the hardware device (including its code) being made subject to inspections & audits. It doesn't need to be open sourced for that to happen, the code doesn't even need to be made public--and you certainly don't need to

    • Firmware can be extremely messy, low-level code.

      Yes. There are two kinds of firmware at issue here. There's radio firmware, and there's the wifi firmware, and sadly the two are frequently one big blob especially because the wifi is commonly integrated into the SoC. However, this is not always the case. It's quite possible to permit people to update the one without permitting them to update the other, if the hardware is designed for it.

    • What the fuck are you talking about?

      Firmware is not some arcane stuff, made in alchemist labs with fairy dust, mole eyes and dragon scale. Just because you cannot read it doesn't mean that it is something cryptic that nobody can possibly understand.

      Yes, some parts of it require some knowledge of the hardware it controls. SOME parts. And with increasing abstraction those parts get fewer and fewer. Hell, even BIOS, which used to be the epitome of low level, talk-on-a-first-name-base-with-the-silicon code has

      • Firmware is not some arcane stuff, made in alchemist labs with fairy dust, mole eyes and dragon scale.

        Maybe on your router. I didn't cheap out when I bought mine, though.

        • Since I develop hardware, I kinda do know a few bits and pieces of driver development. It ain't rocket surgery or brain science. It also has little to do with the quality of the hardware used. Actually, more expensive hardware tends to offer more functionality and usually also more and better documentation along with a more convenient communication interface.

      • that hardware vendors should only be required to open-source the high-level [easily understandable and non-proprietary] parts? I wasn't claiming that all the software that runs on a given piece of hardware was deep and mysterious--but some parts of it definitely are, including parts that are of particular interest to the FCC.

        • The OSI layers exist for a reason...

          That would probably also be the key to satisfy all parties. Except maybe the political ones.

    • What firmware are you talking about? The chips that provide WiFi are pretty well known and established. I'd like to know which ones you are referring to. Are they on this list? https://downloads.openwrt.org/... [openwrt.org]

      • it probably runs some form of microcode which is only modifiable by the vendor. Should that vendor be required to open-source the microcode?

      • These ones match his requirements for certain.

        bcm53xx
        brcm2708
        brcm47xx
        brcm63xx

        There is a reason why the FSF does not like broadcomm chipsets, and considers them FOSS un-friendly.

        The drivers for these chips requires a closed binary blob, that must be harvested from a windows driver. On linux, this process is automated with a bash script which downloads a suitable driver package directly from an OEM's support site, then rips the binary blob out and places it into a special folder in /usr, iirc.(might be /etc..

    • Firmware can be extremely messy, low-level code. It may not even be written in any sort of recognizable programming language. It is frequently the digital equivalent of a set of jumper switches, just a binary blob which is meaningless if you don't have deep knowledge of the hardware it is controlling. Firmware can directly control low-level electronics and an incorrect setting can lead to physical damage to the device and potential harm to nearby humans.

      It is dangerously stupid to insist that firmware be open-sourced and to allow developers to modify the firmware on devices.

      I wondered where Darl McBride went.

    • an incorrect setting can lead to physical damage to the device and potential harm to nearby humans

      If code can damage the hardware then the hardware design is bad, and 100mW of transmit power isn't enough to cause harm to humans; your cellphone transmits with more power than that.

      • Most of the computers (hell, most of the electronic devices) you've used in your life have some code running at some layer which [if written incorrectly] can do some physical damage. There is code that sequences power initialization, controls the voltage levels, controls clock rates, enables/disables over-temperature sensors, controls fan speeds, yadda yadda yadda.

        You are unaware that this code exists probably because you've lived your entire computer life inside a safe little virtual world created for you

        • You are unaware that this code exists probably because you've lived your entire computer life inside a safe little virtual world created for you by people who are a lot smarter than you

          Let me give you a clue, since you don't seem to have one, you arrogant piece of crap: I work for the company that made the microprocessor and PCH in the computer you're spouting nonsense on. Do not presume to tell me what I do and do not know.

          Now, then: If you're so gods-be-damned smart, then how come you don't seem to understand that 100mW of RF, even right next to your (apparently rock-filled) head, isn't going to cause injury or death, or more to the point: the couple watts that your cellphone, right ne

    • So what you are saying is you have no clue what firmware is.

      By definition it's software that has been programmed into read only memory. Nearly nothing has write once read many storage aside from programmable fuses that tend to be used to turn bits of kit off so one chip can be sold in many configurations and in some gear to block further updates to what is flash or similar.

      In this case you generally have one blob that contains one or more other blobs. The primary being a complete operating system and the

  • by raymorris ( 2726007 ) on Thursday October 15, 2015 @12:50PM (#50736753) Journal

    Below is the text of another comment a career security professional (myself) submitted to the FCC on this issue. Specifically, this is regarding the FCC's proposal to essentially outlaw open routers, by requiring that the firmware be boot-locked.

    Based on 18 years of professional experience in network security, in both the private sector and government, the proposed rule causes significant concern for information security posture. There are three primary reasons. The legitimate goals of the FCC could be achieved in an alternate manner which does not cause the same widespread security vulnerabilities, by instead requiring that output power levels and any other critical parameters be limited to legal levels by a separate chip. This approach would be far superior to effectively banning proper security practice for the ENTIRE operating system and all utilities on the device, as the current proposal does.

    1

    The proposed rule which requires that manufacturers disallow firmware updates (other than signed manufacturer updates, typically provided for only a very short time), makes it much more difficult to prevent incidents such as the $45 million loss at TJX and the Target breach. In both cases, the victim companies were initially targeted because insecure wifi devices were in use. To reduce future occurrences of such breaches, it is imperative to be able to update devices which use wireless networking. Especially when a vulnerability such as Shellshock is discovered, it is imperative that risks be mitigated immediately.

    Updates provided by the manufacturer may at first seem to be a possible solution, but are not actually a viable solution for two reasons. Manufacturers generally do not provide long-term updates, updates for devices more than about one-two years old. In many cases, no updates are offered at all to handle issues after the date of sale. It is not reasonable to anticipate that organizations and families will replace their network gear every year or two - firmware updates are needed, including for devices which are a few years old. Perhaps ESPECIALLY for devices which are a few years old.

    Secondly, updates from the manufacturer are not a viable solution for more sensitive government and private organizations due to the response time required. In the first 24 hours after the release of Shellshock, thousands of systems were compromised. For many networks, it is critically important to mitigate the threat during this initial time frame. Manufacturer full updates were not available for several days to several months, as we first discussed the best long term solution and that solution propagated downstream from the authors, to the subsystem maintainers, distribution maintainers, OEM repackagers, and finally out to customers after testing at each level. In the meantime, temporary MITIGATIONS were performed on-site by network engineers and security contractors. These vital mitigations which protected sensitive networks in the interim would be illegal and prevented by manufacturer locks under the proposed rule. In simple terms, the proposal makes it illegal to manufacturer equipment which can be _quickly_ protected against new threats to our cyber security.

    2

    Another reason that the proposed rule is problematic is that the manufacturer default firmware, with all available features designed to be as easily accessible as possible, is not appropriate for any environment in which security is a concern. A central tenet of information security, and security in general, is that the attack surface should be as small as possible - services not needed for a particular installation should not be installed and enabled. The only software which definitely cannot be exploited is software which is not installed or not enabled. Therefore, the most secure firmware tends to be that with as many features _removed_ as possible, with only those items required for the current role installe

    • Along similar lines I proposed that certain devices be locked. I approached as a consumer. Power output strength etc. Anything that the FCC governs to protect interference.

      WiFi routers can't output beyond their class governance because some kids were having fun. Esp in this age where people can download this from others without understanding the impact. One person was experimenting with friends to see if they could send a signal 30 miles across Kansas - this can't be used in the middle of a big city.

      G

  • Misleading title (Score:3, Insightful)

    by roman_mir ( 125474 ) on Thursday October 15, 2015 @12:51PM (#50736773) Homepage Journal

    How about this for a title: FCC is trying to strip more of your individual freedoms away, EFF objects.

    • by PPH ( 736903 )

      How about this: FAA acquires weather radio design from morons, FCC attempts to cover their ass.

  • by Joe_Dragon ( 2206452 ) on Thursday October 15, 2015 @12:52PM (#50736781)

    Ban isp from forcing you to rent there hardware / make them give you a true bridge mode / pure Ethernet handoff

    • Which ISPs force you to rent their WiFi Router?

      • by sims 2 ( 994794 )

        At&t? u-verse ADSL2+ uses non standard authentication so you have to use At&t's equipment.

        Afaik they charge a lease fee on residential customers.

        As a business customer I get to own the modem. not really any cost savings compared to leasing though the modems burn out so quickly I have had uverse for a about 2 years now and I am on my 5th modem they have been charging me $100/ea for replacement.

        • comcast metro e / comcast gig pro make you rent that hardware and the basic price should have that built in.

          Comcast kind of when you get cable phone

          FiOS you can rent or buy there gateway.

        • by sconeu ( 64226 )

          You can buy it. I own my U-Verse router. I disabled the Wifi on it, and the Uverse router only connects to my WiFi router.

          • by sims 2 ( 994794 )

            If you find a way to disable the web redirect when the router looses connection please let me know!

  • I imagine that getting the firmware that handles some of the new-hotness RF stuff that allows breathlessly advertised high data rates from those vendors would be like pulling teeth; but I wouldn't be entirely surprised if the vendors who put the 'router' together and build the firmware image would be, in part, pleased by a "we have to share ours; but so do all our competitors" situation.

    Clever wireless NIC tricks can be an actual competitive advantage; but the "Outdated kernel, busybox, and lighthttpd" s
  • There is no conflict between the two (sensible) requirements that:
    (A) The router's source code should be freely inspectable
    AND
    (B) The router should have strong technological measures to prevent users from using it in a way that violates the terms, for instance by transmitting on a band that is not licensed in that country.

    This is also a very good model for the automotive industry -- another place where there is laughable security [wired.com] that merits some rea

    • http://www.afar.net/tutorials/... [afar.net]

      How do you implement the rules listed there for antenna gain?

      If your equipment is used in a fixed point-to-point link, there are two exceptions to the maximum EIRP rule above:

      In the 5.8 GHz band the rule is less restrictive. The maximum EIRP allowed is 53 dBm (30 dBm plus 23 dBi of antenna gain).
      In the 2.4 GHz band you can increase the antenna gain to get an EIRP above 36 dBm but for every 3dBi increase of antenna gain you must reduce the transmit power by 1 dBm. The table below shows the combinations of allowed transmit power / antenna gain and the resulting EIRP.

      Transmit Power
      (dBm)
      Antenna Gain
      (dBi)
      EIRP
      (dBm)
      30 6 36
      29 9 38
      28 12 40
      27 15 42
      26 18 44
      25 21 46
      24 24 48
      23 27 50
      22 30 52

      I don't see any way for the wifi router to tell the gain of the antenna you attach to it and automatically drop the signal strength.

      The responsibility for staying within these power limits falls on the operator (or, if professionally installed, on the installer).

      So if that is the case, why is this firmware lockdown even on the table, even with locked down firmware, you are responsible for staying within the power limits.

    • Being able to audit the code is not the point. Being able to fix it is the point. So no.

      • I mean, that would be great. But you have to explain to me how you are going to prevent some kid from "fixing" the ECU his car to get ten extra HP while spewing particulate matter into everyone's air.

        • I mean, that would be great. But you have to explain to me how you are going to prevent some kid from "fixing" the ECU his car to get ten extra HP while spewing particulate matter into everyone's air.

          Instead of stationary emissions testing, perhaps on a dyno, revise emissions testing to be mobile and actually be based on driving in real-world conditions. Anyway, not granting code doesn't prevent that because people already just replace the PCM.

  • Open access to the source code of consumer routers is an excellent idea. However, one of the bigger problems is that often elections take statistically bizarre turns, sometimes affecting access to other data... Why not start with mandated open access to source code of voting machines. It doesn't have to be open source per se, but at least inspectable so that outright fraud can be addressed....

  • Government shouldn't prohibit tinkering with firmware. It should also not require open sourcing anything. If people want routers with open source firmware (like myself), we can buy them. Other people couldn't care less.

    Really people, stop proposing stupid rules.

  • by VValdo ( 10446 ) on Thursday October 15, 2015 @01:31PM (#50737105)

    It happens like this:

    (1) Companies write TPP and other laws to indemnify themselves and resist modifications to their buggy routers.

    (2) FCC makes the problem worse by effectively requiring DRM on routers.

    (3) incidence of serious hacks skyrockets as people are unable to update their routers and other network-enabled devices.

    (4) legislators react to spike in online crime/tragedies not by undoing (1)-(3) but with "get tough" anti-"hacking" laws that chill research and throw people in jail for minor transgressions, research, clock-building, vulnerability disclosure, security tools, or a anything not understood that politicians and aggressive prosecutors could perceive as "hacking".

    (5) The problem gets MUCH MUCH worse as a result. Bright minds are tossed into jail, open research is chilled, and online crime continues to skyrocket.

    (6) GOTO 4.

  • Here is the source for my router. It's written in Z.

    You need a Z compiler? Here is one.

    Oh you want the source for the Z compiler? Here it is, written in Z. You just have to compile that with this binary version of the Z compiler, which has no suspicious code, I swear!

VMS must die!

Working...